General information

This Privacy Policy describes how FibuMaxRat processes personal data collected through its website and in the course of providing accounting advisory services to small companies. FibuMaxRat operates from Schomattenstrasse 13, 9630 Wattwil, Switzerland and is registered under Business ID CHE-086.256.812. The policy explains which categories of data we collect, the purposes of processing, legal bases, data retention and your rights. Our approach is focused on data minimisation, documented handling and practical safeguards to protect client information while enabling professional advisory services.

05-04-2026 FibuMaxRat, Business ID CHE-086.256.812, Schomattenstrasse 13, 9630 Wattwil, Switzerland Schomattenstrasse 13, 9630 Wattwil, Switzerland [email protected]

Definitions

For clarity, the following definitions apply throughout this policy: 'personal data' refers to information relating to an identifiable natural person; 'processing' means any operation performed on personal data; 'user' means individuals who interact with our site or services; 'service' refers to FibuMaxRat advisory and online offerings.

Personal data means any information that identifies or can identify a natural person, such as name, contact details, job title, company registration identifiers when linked to a person, and transactional records that relate to an identifiable individual.
Processing covers collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, erasure and destruction of personal data.
User refers to prospective and existing clients, website visitors, suppliers and other individuals who provide information to FibuMaxRat in the context of our services or through the website.
Service denotes the advisory, bookkeeping and reporting services provided by FibuMaxRat, including client portals, communications and related digital features offered through fibumaxrat.pro.
Cookies are small data files placed on a device to store site preferences and usage information. They help deliver functionality and analytics for website operation and improvement.

What data we collect

We collect personal data from users in three main ways: data you provide directly, data collected automatically when using our site, and data obtained from third-party sources where necessary to provide services.

Data you provide

When you engage with FibuMaxRat we collect information you submit to create accounts, request services, or for billing and communication purposes.

  • Contact details: name, email address, telephone number.
  • Company information: business name, Business ID/VAT number, address and role within the company.
  • Identification and verification documents when required for onboarding or compliance checks (copies of IDs, proof of address).
  • Business and accounting documents submitted for bookkeeping, reporting or advisory purposes (invoices, bank statements, payroll data where applicable).
  • Communications: messages, meeting notes and email platform relevant to the provision of services.
  • Payment details supplied to payment processors for billing (bank account or card details handled via third-party payment providers).

Data collected automatically

When you visit the website or use online features, certain technical and usage data are collected automatically to operate and improve the service.

  • Technical data: IP address, device type, browser and operating system.
  • Usage data: pages visited, time spent on pages, click patterns and feature interactions.
  • Location data derived from IP address to support language and regional settings.
  • Analytics and performance data used to diagnose issues and improve user experience.
  • Cookies and similar identifiers stored on the device as set out in our cookie section.
  • Access and error logs maintained for operational maintenance and security monitoring.

Third-party sources

We may receive personal data about you from trusted third parties to facilitate service delivery or comply with legal obligations.

  • Payment processors and banking partners to process client billing.
  • Accounting and payroll software providers when clients integrate their systems with our services.
  • Legal and tax advisors engaged to support specific client matters.

Purposes of processing

We process personal data for clearly defined operational purposes necessary to deliver advisory services, maintain business relationships, meet legal obligations and improve our offerings.

  • To provide accounting advisory, bookkeeping and reporting services requested by clients.
  • To manage client accounts, schedule meetings and communicate important updates.
  • To process billing, payments and business records in line with contractual obligations and statutory requirements.
  • To comply with legal and regulatory obligations, including tax and anti-funds-laundering checks where applicable.
  • To detect and prevent fraud, misuse or security incidents affecting our services.
  • To analyse service usage and performance in order to improve features and operational processes.
  • To respond to enquiries, requests to exercise data subject rights, and disputes.
  • To provide marketing communications where consent has been obtained and recipients have not opted out.

Legal bases for processing

We rely on appropriate legal bases for processing personal data depending on the purpose and context, including contractual necessity, compliance with legal obligations, consent and legitimate interests.

  • Contract performance: processing necessary to deliver services and fulfill contractual obligations to clients.
  • Legal obligation: processing required to comply with statutory duties such as tax law and record retention.
  • Consent: where law requires consent (for example some marketing communications or cookies), processing is based on the user’s explicit consent.
  • Legitimate interests: processing for fraud prevention, direct communications regarding service delivery and operational improvement when balanced against individuals’ rights.

Data protection and GDPR

Where the GDPR applies to individuals in the European Union, FibuMaxRat respects the protections afforded by the regulation and implements compatible controls. This policy summarises the main rights and remedies available under applicable data protection laws.

  • Right of access: you may request confirmation of whether we process your personal data and request a copy.
  • Right of rectification: you can request correction of inaccurate or incomplete personal data.
  • Right to erasure: subject to legal and contractual limitations, you may request deletion of certain personal data.
  • Right to data portability: where processing is based on consent or contract, you may request a structured, machine-readable copy of your data.
  • Right to restriction of processing: you may request limitation of processing in specific circumstances.
  • Right to object: you can object to processing based on legitimate interests or direct marketing where applicable.

Cookies and similar technologies

We use cookies to operate the website, remember preferences and collect analytics. Cookies help ensure functionality and improve performance.

Cookies used include session cookies, persistent cookies and third-party cookies associated with analytics and embedded services.

Categories: strictly necessary cookies, performance and analytics cookies, functional cookies and targeting cookies. Necessary cookies are essential for site operation; others are used with consent where required.

You can control cookie preferences via the cookie banner and through browser settings to delete or block cookies. Disabling certain cookies may limit functionality of the site.

Detailed cookie policy

Sharing of data

FibuMaxRat shares personal data only with parties necessary to deliver services or when legal obligations require disclosure. Third parties are contractually required to protect data to standards consistent with this policy.

  • External accounting and payroll software providers integrated at client request.
  • Payment processors and banks for billing and reconciliation.
  • Cloud hosting and IT service providers that support our digital infrastructure.
  • Professional advisers such as tax or legal consultants engaged on client matters.
  • Competent authorities or tax authorities when required by law or to respond to lawful requests.
  • Prospective acquirers or advisors in the event of a business restructuring, subject to confidentiality protections and applicable law.

International transfers

Personal data may be transferred to service providers located outside Switzerland or the European Economic Area (EEA) for operational reasons. Where transfers occur, we apply appropriate safeguards to ensure an adequate level of protection.

Safeguards include use of data processing agreements, standard contractual clauses or relying on adequacy decisions where available. We evaluate international vendors for security and regulatory compliance.

Data retention

We retain personal data only as long as necessary for the purpose of processing and to meet legal and regulatory obligations applicable to our services.

Account and client engagement records are kept for the duration of the business relationship and retained further as required by law; accounting and statutory documents are retained in accordance with Swiss requirements (commonly up to ten years for accounting records).

Communications, emails and support messages are retained for the period necessary to resolve matters and handle disputes, typically a minimum of three to seven years depending on the context and legal requirements.

Operational logs and access records are retained for security and operational troubleshooting; typical retention periods are 12 to 24 months unless longer storage is justified for contribute or legal purposes.

When retention periods expire or when a valid deletion request is accepted, personal data will be deleted or anonymised unless retention is required to satisfy legal obligations or legitimate business needs.

Security measures

FibuMaxRat applies technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration and loss. Measures are reviewed periodically and include secure infrastructure, access controls, staff training and incident response procedures.

  • Encryption of personal data in transit and at rest, role-based access controls and regular security audits.
  • Role-based access control limiting data access to authorized personnel with regular reviews of privileges.
  • Regular encrypted backups stored in secure Swiss data centers and periodic restoration testing to ensure data integrity.

Your rights

As a data subject in Switzerland you have a set of rights regarding personal data we process on behalf of FibuMaxRat. Below is a summary of those rights and how you can exercise them. Requests should include a clear description of the information or action you seek to enable an efficient response.

  • Right to access: request a copy of personal data we hold about you and information on processing purposes.
  • Right to rectification: request correction of inaccurate or incomplete personal data.
  • Right to erasure: request deletion of personal data where processing is no longer necessary or consent is withdrawn and no other legal basis applies.
  • Right to restriction of processing: request limitation of processing when accuracy is contested or processing is unlawful.
  • Right to data portability: where applicable, receive personal data in a structured, commonly used and machine-readable format.
  • Right to object: object to processing based on legitimate interests or direct marketing; we will review and respond in accordance with applicable law.
  • Right to withdraw consent: when processing is based on consent you may withdraw consent at any time without affecting processing prior to withdrawal.
  • Right to lodge a complaint: if you believe your rights are not respected you can contact Swiss supervisory authorities for data protection.

How to submit a privacy rights request

To exercise your rights, send a written request including your name, contact details, and a clear description of the request via the contact options below. We may request additional information to verify your identity before fulfilling the request. Direct requests help us process inquiries efficiently.

[email protected]

We typically respond to verified requests within 30 days. Complex requests or those requiring coordination with third parties may take longer; in such cases we will inform you of the expected timeframe and any lawful reasons for extension.

Marketing communications and preferences

FibuMaxRat processes contact details for marketing only with a lawful basis, such as consent or legitimate interest. Communications are relevant to accounting advisory services for small companies in Switzerland. You will receive only the categories of communications you agreed to.

You can opt out of marketing communications at any time via the unsubscribe link in emails or by contacting us. Unsubscription requests are processed promptly and will not affect transactional messages related to services you use.

Children and minors

Our services are intended for businesses and adults. We do not knowingly collect personal data of minors for the purpose of providing accounting advisory services. If we become aware that we have collected personal data of a minor without appropriate consent, we will take steps to delete that data where required by law.

Third-party links and services

Our website and communications may contain links to third-party sites or integrate services operated by external providers. Those third parties have their own privacy practices. FibuMaxRat is not responsible for third-party content or policies; review their terms before providing personal data.

Changes to this privacy policy

We review and update our privacy policy periodically to reflect operational, legal or regulatory changes. Material updates will be posted on FibuMaxRat.pro with the effective date. Continued use of our services after changes indicates acceptance of the revised terms.