Privacy Policy

February 13, 2019

This Privacy Policy ("Policy") describes how We, 42matters AG, a company registered in Switzerland under the company number CHE-224.961.109 and having its registered office at Rötelstrasse 84, 8057 Zürich, Switzerland ("42matters", "We", or "Us") handle personal data of natural persons ("You" or "User") collected or otherwise processed when using Services (as defined below) of 42matters.

Our data processing activities can be divided into two application areas:

  • In connection with the Website, We process Data of visitors or users that are exchanged between their internet-capable devices and the server operated by Us, as well as other data communicated to Us in the context of the use of the Website. Details can be found under Part B of this Privacy Policy.
  • For the purpose of the performance or initiation of contracts, we process customer‘s Data or Data of interested parties or business partner that are necessary for this purpose. You can find more information on this under Part C of this Privacy Policy.

A. General Information on Data Protection and Data Subject‘s Rights

1. Meaning of Terms Used in this Privacy Policy

  • When this Policy uses the term “Data” "Information" or "Personal Information" in capital letters, we mean information that identifies a particular individual, such as your full name, email address or IP Address.

  • When this Policy uses the term "Website", We mean the content provided under the URL and

  • When this Policy uses the term "Account", We mean the user interface on the Website where You can register. Such registration is a prerequisite to subscribe to Our Commercial Services.

  • When this Policy uses the term "Commercial Services", We mean any Service provided by Us against the payment of fees, when we speak of "Services" we refer to all of what we provide to our Users free of charge or against remuneration, i.e. the Website and our Commercial Services.

2. Who Determines the Purposes and Means of the Processing of Your Personal Data and Whom Can You Contact?

Responsible authority for the data processing:

42matters AG, Rötelstrasse 84, 8057 Zürich, Switzerland

Tel: +41 44 586 77 42


Contact person at 42matters: Andrea Girardello

If you have any question or inquiry relating to Our use of Your personal data or in case You want to issue a request for access, rectification, restriction on processing, portability, objection to processing, or deletion of personal information, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), You may contact us as identified in Part E below.

3. What Rights Do You Have With Regard To Your Data?

You may have at any time the rights to information, correction, deletion or restriction of the processing of Your Data, a right to object to the processing as well as a right to data transfer and a right of complaint in accordance with the requirements of the applicable data protection laws. If You wish to exercise any of the above rights against Us, please contact Us at the address given under A.1. In case of doubt, We may request additional information to confirm Your identity.

3.1) Right To Information

You can request information from Us if and to what extent We process Your Data.

3.2) Right To Rectification

If we process Data that is incomplete or inaccurate, You may request that We correct or complete it, at any time.

3.3) Right To Erasure

You can demand that We delete your Data if We process it not in accordance with applicable laws, or if the processing disproportionately interferes with Your legitimate interests. Please note that there may be reasons that prevent an immediate deletion of Your Data, e.g. if We have to fulfill legally applicable storage obligations.

Irrespective of the exercise of Your right to deletion, We will delete Your Data immediately and completely, unless there is a legal or statutory retention period to the contrary.

3.4) Right To Restriction of Processing

In the following cases You can request Us to restrict the processing of Your Data:

  • If You dispute the accuracy of Your Data stored with Us, We usually need time to verify this. For the duration of the check, You have the right to demand that we restrict the processing of Your Data.
  • If the processing of Your Data has taken place against applicable law, You can demand the restriction of data processing instead of deletion.
  • If We do not need your Data any longer, but You need it for the exercise, defence or assertion of legal claims, You have the right to demand the restriction of the processing of Your Data instead of deletion.
  • If You have filed an objection in accordance with Art. 21 section 1 GDPR, Your interest must be weighed against ours. As long as it is not yet clear whose interests predominate, You have the right to demand that the processing of Your Data will be restricted.

If You have restricted the processing of Your Data, such Data may not be processed - apart from its storage - without Your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest.

3.5) Right To Data Portability

You have the right to have Data, which We process automatically on the basis of Your consent or in fulfilment of a contract, handed over to You or to a third party, in a standard, machine-readable format. If You request the direct transfer of Data to another responsible person, this will only be possible as far as it is technically feasible.

3.6) Right To Object

If We process Your Data for a legitimate interest within the meaning of Art. 6 section 1  lit. f GDPR, You may object to this Data processing at any time for reasons arising from Your particular situation; this also applies to profiling based on these provisions. If You file an objection, We will no longer process Your Data concerned, unless We can prove important reasons justifying the further processing, which outweigh Your interests, rights, and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

If Your Data is processed for the purpose of direct advertising, You have the right to object at any time to the processing of your Data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If You object, Your Data will no longer be used for direct marketing purposes. You can object to the processing of Your Data for the purpose of direct marketing at any time without stating reasons.

3.7) Right To Withdraw Consent

Some data processing operations are only possible with Your express consent in the sense of Art. 6 section 1 lit. a GDPR. You can revoke an already given consent at any time with effect for the future. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

3.8) Right to Lodge a Complaint with a Supervisory Authority

If You are of the opinion that We violate national or European data protection laws when processing Your Data, please contact Us so that We can clarify any questions You may have. Of course, You also have the right to contact the responsible supervisory authority.

The right of complaint exists without prejudice to other possible administrative or judicial remedies.

4. Which Data is Processed and From Which Sources Does This Data Originate?

We process Data that We receive from You in the course of initiating and maintaining a business relationship. On the one hand, Your data is collected when You are communicating it to Us in direct contact.

On the other hand, We process Data that We have obtained from third parties like for example credit agencies, creditor protection associations, from publicly accessible sources, from companies with which We have a long-term business relationship or from authorities.

Via Our Website, We process Data that We receive during Your visit to the Website or that You actively communicate to us when using the Website, e.g. by entering a contact form. Other Data is automatically collected by Our IT systems when You visit the Website. This is mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically when You enter our Website.

The Data that we process regularly includes in particular your master/contact data such as:

  • First name and surname, address, contact data (e.g. e-mail address, telephone number, fax), date of birth, data from a submitted proof of identity (copy of identity card), bank data.
  • as a corporate customer or supplier: designation of their legal representative, company, commercial register number, VAT ID number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data

In addition, We also process the following types of Data:

  • Information on the type and content of our business relationship, such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
  • Information about your financial status (e.g. creditworthiness data),
  • Advertising and sales data,
  • Documentation data (e.g. consulting protocols)
  • Information from your electronic dealings with us (e.g. IP address, log-in data),
  • Other data that We have received from You in the context of our business relationship (e.g. in discussions with customers),
  • Documentation of the declaration of consent

5. For What Purposes And On What Legal Basis Do We Process Data?

We process Your Data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the national regulations based thereon. For example:

5.1) To Fulfil (Pre-)Contractual Obligations (Art. 6 section 1lit.b GDPR)

Your Data is processed for the sale and distribution of Our goods and services and for customer administration purposes. The Data will be processed in particular during the initiation of business transactions and the execution of contracts with You, for example in the following cases:

  • Creating and maintaining a customer account or a supplier account
  • Managing customer relations
  • Sending of information

5.2) To Fulfil Legal Obligations (Art. 6 section 1lit.c GDPR)

The processing of Your Data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the commercial laws or tax regulations.

5.3) To Safeguard Legitimate Interests (Art. 6 Section 1 lit.f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfillment of a contract, in order to safeguard Our legitimate interests or the legitimate interests of third parties. Data processing to safeguard legitimate Our interests are carried out in the following cases, for example:

  • Consultation of and Data exchange with credit agencies and creditor protection associations to determine creditworthiness data and maintenance of creditworthiness database to identify the risks of financial losses
  • Advertising or marketing
  • Measures for business management and further development of our Services;
  • Maintaining a customer database to improve our offering
  • In the context of a lawsuit

5.4) Within The Scope of Your Consent (Art. 6 section 1 lit.a GDPR)

If You have given Us Your consent to process Your Data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. A given consent, e.g. for the sending of our newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the person named under A 2.

The Data collected from You will only be used for the purpose for which You provided Your Data to us or for the processing of which You have given Us Your consent. After the end of Our processing activities, your Data will only be stored as long as it is necessary due to tax and commercial law retention periods. After these periods have expired, however, the Data will be deleted unless You have expressly consented to their further or other use. You can also assert rights during the retention periods, such as blocking Your Data. See also A 3.

6. Who Receives My Data?

Your Data will not be transferred to third parties for purposes other than those listed below. We will only pass on Your Data to third parties if:

  • You have given Your explicit consent to do so in accordance with Art. 6 section 1 lit. a GDPR
  • The disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that You have an overriding legitimate interest not to disclose Your Data pursuant to Art. 6 section 1 lit. f GDPR,
  • There is a legal obligation to pass on Data to third parties pursuant to Art. 6 section 1 lit. c GDPR, and
  • This is legally permissible for Our business purposes and required for the execution of contractual relationships with You pursuant to Art. 6 section 1 lit. b GDPR.

Your Data will be forwarded to other companies for the purpose of initiating or processing a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 Section 1 lit. b GDPR or - depending on the type of specific contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 Section 1 lit. f GDPR, in particular to companies which we regularly use to provide our Services or to process the contract, for example: Brokers, advertising partners, insurance companies, banks, IT service providers, payment service providers, shipping service providers, credit agencies, tax and legal advisors, translation agencies.

For example, therefore We share Your Information with business partners on an as needed basis to render the Services, i.e. our payment provider for collecting fees payable for our Commercial Services, Our accounting service provider, and Our mail provider We use to stay in contact with You. The Information We share with these business partners is limited to Your name and email address and, with respect to our payment solution providers and accounting provider, Your postal address.

If We use a service provider for the purpose of data processing to be carried out on behalf of 42matters, in accordance with Art. 28 GDPR, We shall nevertheless remain responsible for the protection of Your Data. Insofar as required by law, such service providers are contractually obliged by means of a Data Processing Agreement ("DPA") (Art. 28 GDPR) to treat Your Data confidentially and to process it only within the scope of providing the service. The processors contracted by Us will receive Your Data only insofar as they need the Data to perform their respective tasks.

Your Data will only be transferred to state institutions and authorities (foreigners authorities, residents' registration offices, health insurance funds, tax offices, embassies) or collected for this purpose within the framework of mandatory national legal provisions. For example, if We are required to respond to subpoenas, court orders or other legal processes your Information may be disclosed pursuant to such subpoena, court order or legal process, which may be without notice to You.

In the event that We sell our business, i.e. all or substantially all of our assets are sold or transferred to or merged with another party, all Information that has been collected and stored may be one of the business assets we transfer on the basis of our legitimate interests pursuant to Art. 6 Para. 1 S.1 lit. f GDPR.

7. How Long Will My Data Be Stored?

Your Data will be deleted or blocked by us as soon as the purpose of storage no longer applies. We process your Data in principle only until the end of the business relationship or until the expiry of the applicable guarantee, warranty, statute of limitations and statutory retention periods; furthermore until the end of any legal disputes in which the Data is required as evidence.

8. When Personal Data Are Transferred to a Third Country?

The Data of a user may be transferred to, and stored at, a destination outside the European Economic Area. It may also be processed by staff operating outside the EEA who works for 42matters or for one of its suppliers. A transfer of Data to a third country without an adequate level of protection of natural persons will only take place on a case-by-case basis and on the basis of a European Commission adequacy decision, standard contractual clauses, appropriate safeguards or your explicit consent.

B. Use of Our Website

1) What Information We Collect When You Visit Our Website
1.1) We collect the following Information by using cookies (a small text file that is stored on a user's computer or mobile device for record-keeping purposes) and web beacons (electronic images that deliver cookies and help to count visits): browser type and browser language, Your Internet Protocol ("IP") address, and the actions you take on the Website (such as the Web pages viewed and the links clicked).
1.2) We use both session ID cookies and persistent cookies on the Website. We use session cookies to make it easier for you to navigate the Website. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive or mobile device for an extended period of time. Most web browsers (including mobile web browsers) are set to accept first-party cookies by default. However, some web browsers (including mobile web browsers) are set to not accept third-party cookies by default. You can typically remove or reject cookies by following directions provided in your Internet browser's help file or in the "Settings" of your mobile device. However, removing cookies may not allow you to take full advantage of all features on the Website.
1.3) The Website may also contain third party tracking tools from third party service providers, which may enable these third parties to analyze User information. While these third parties may have access to your personal information in connection with the performance of services for 42matters, they will not be permitted to use such information for any purpose other than providing their services.
1.4) The Website uses Google Analytics and Facebook to help Us analyze how visitors use the Website and to improve Our Services. Google Analytics and Facebook use cookies to collect standard internet log information and visitor behavior Information. The Information generated by Google Analytics and Facebook cookies about Your use of Our Website is transmitted respectively to Google and Facebook. This information is then processed to compile statistical reports on website activity or retargeting.
1.5) When you are on the Website you could be directed to other sites beyond our control. For example, if you "click" on a link or an icon provided on our Website, the "click" may take you off the Website onto a different site. These other sites may send their own cookies to you, independently collect data or solicit Information and may or may not have their own published privacy policies. If you visit such a site that is linked to our Website, you should consult that site's privacy policy before providing any Information. We are not responsible for their information on data protection or other contents
1.6) This Privacy not cover the practices of companies we don’t own or control, or people that we don’t manage. We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information internally in connection with our Services, including to personalize, provide, and improve our services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third parties, but only as described below. As noted in the Terms of Use (, we do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at

2) Information You Submit to Register an Account
2.1) If you register an Account on our Website which is a prerequisite to subscribe to Our Services, We request you sign in with your Facebook account. We collect this Information to be able to verify your account and contact you and to send you information relating to the use of our Services.
We receive and store any information you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect Personal Information such as your name, email address, and third-party account credentials (for example, your Facebook account Id or other third party sites). If you provide your third-party account credentials to us or otherwise sign in to the Services through a third party site or service, you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy; for example, your previous Facebook ads campaign content. Certain information may be required to register with us or to take advantage of some of our features.

We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by writing to or using the unsubscribe link in each email.

2.2) We may share and disclose information (including Your personal information) to third party services in order to help operate our Services. With these third party services we share the minimum amount of Information (as mentioned in Paragraph 2.1) required to provide you with our Services, offer you support and other business activities related to our Services. We provide your information to such third party service providers to enable us to fulfill our contractual duties as per Art. 6 para 1. A a), on the basis of our legitimate interests according to Art. 6 para. 1 f) GDPR and, where necessary, subject to the conclusion of data processing agreements according to Art. 28 Para. 3 S. 1 GDPR. The primary third party services we use are:

3) Information You Submit to Subscribe to Our Commercial Services
3.1) If you wish to subscribe to one or more of our Commercial Services, we request your billing address as well as your VAT ID (optional) in order to be able to invoice You correctly. Your payment records will be stored for the term requested by mandatory law applicable to us.

a) We use a third party payment provider (Stripe, USA - Privacy Policy - Certified under the EU-US Privacy Shield) and a third party payment management tool (Chargebee Inc, USA - Privacy Policy - Certified under the EU-US Privacy Shield) to collect credit card payments to be made for our fees and refer you during the payment process to these third parties. The only Information we share with these third parties is your e-mail address, postal address, Your name, invoice amount and currency, along with the information provided during the order process. Any additional information, such as credit card details, will be requested from You directly from the payment provider and provided by You directly to the payment provider. We have no access to such data and do not store your credit card details. Your data will only be passed on for the purpose of payment processing.

4) Information Collected Automatically
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. Our advertising partners may also transmit cookies to your browser or device when you click on ads that appear on the Services. Also, if you click on a link to a third party website or service, such third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices. We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible. ‍
We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we may share your Personal Information with third parties as described in this section: Information that’s no longer personally identifiable. We may anonymize your Personal Information so that you are not individually identified, and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual.

4.1) Google Adwords

Based on Our legitimate interests (Art. 6 section 1 lit. f GDPR) this website uses Google AdWords and, in doing so, its “Conversion Tracking” feature as well, from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to advertise our website on Google Search and displayed through ads. In addition, we use Google Analytics to statistically analyze data from Google Adwords. If you entered our website via a Google ad, a cookie is saved on your computer. These so-called conversion cookies are valid for a maximum of 30 days and cannot be used to identify you as a person. If you visit our website again and the cookie has not yet expired, we and Google will know that you clicked one of our ads before and came back to our site. The information collected by conversion cookies helps Google to create statistics on visits to our website. We learn about the total number of visitors that clicked on our ads, and which pages these visitors saw. We, or any other advertisers that use Google Adwords, do not receive any information that allows us to personally identify the visitors. The legal basis for data processing with Google AdWords is Art. 6, para. 1, lit. f) GDPR. In the context of this clause, our interest to measure the effectiveness of advertising campaigns is considered legitimate. You can prevent the conversion cookie from being saved on your computer in your browser settings, either via a setting that prevents all cookies from being saved or by specifically blocking cookies from the domain Google’s related privacy policy can be found here:,

4.2) LinkedIn Plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Section 1 lit. f. GDPR) Plugins offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated into Our Website. Such Plugins may include, for example, content such as images, videos or texts, and buttons with which users can express their appreciation of the content, subscribe to the authors of the content or our contributions. If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above contents and functions to the profiles of the users there. Privacy Policy of LinkedIn: LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law ( Privacy Policy:, Opt-Out:

4.3) Advertisers

Based on Our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR We allow advertisers and/or merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements and/or promotional offers and you agree that we may provide any of the information we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.

4.4) Affiliated Businesses

In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service based on our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR. One such service may include the ability for you to automatically transmit Third Party Account Information to your Services profile or to automatically transmit information in your Services profile to your third party account; for example, the list of your Facebook advertising account, your name, and country. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.

4.5) Agents

Based on Our legitimate interests (Art. 6 section 1 lit. f GDPR) or for the fulfillment of a contractual relationship (Art. 6 section 1 lit. b GDPR) or on the basis of Art. 28 GDPR We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we currently use a payment processing company called Stripe to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.

4.6) User Profiles and Submissions

Certain user profile information, including your name and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services (For example, the team administrator can see other team members’ names when using the team management page). Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.

5) Hosting, Data Rentention and Security

5.1) We use, on the basis of our legitimate interests according to Art. 6 para. 1 f) GDPR and, where necessary, subject to the conclusion of data processing agreements according to Art. 28 Para. 3 S. 1 GDPR, the following third party services to host Our Websites, Services, data (including Personal Information) and files:

5.2) We only retain Personal Information for as long as the related account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, security, and enforce our agreements as follows:

  • The contents of closed accounts are deleted within 30 days of the date of closure
  • Backups are kept for 30 days
  • Billing information is retained for a period of 7 years as of their provision in accordance with 42matters' local accounting and taxation laws

5.3) We use reasonable organizational, technical and administrative measures to protect Personal Information within our organization (for example: data transfer encryption over HTTPS, and account authentication and data rest encryption for our computer and databases storing Personal Information). Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of Your account has been compromised), please contact us immediately by way of e-mail to the following address:

6. Business Transfers

Based on our legitimate interests (Art. 6 section 1 lit. f GDPR), We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

7. Protection of 42matters and Others

Based on our legitimate interests (Art. 6 section 1 lit. f GDPR) We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of 42matters, our employees, our users, or others.

C. Contract Relationships with Business Partners

1. Am I Obliged to Provide Data?

If You contact Us with questions about Our Services and products, enter into contract negotiations with Us, place orders and/or have contractual agreements with Us, We process Data You provide in this context. Which Data is processed in detail, depends decisively on the relevant services and products which You obtain from Us or which You request.

The processing of Your Data is necessary to conclude or fulfill your contract with Us. If You do not provide Us with this Data, we will generally have to refuse the conclusion of the contract or the performance of the order or will no longer be able to perform an existing contract and will therefore have to terminate it. However, You are not obliged to give your consent to Data processing with regard to Data which is not relevant for the performance of the contract or which is not required by law.

In general, We obtain the necessary data from You ourselves. In some cases it may be necessary from time to time to process Data that originates from other companies, authorities, public bodies or institutions or other third parties (e.g. credit agencies, tax offices).

2. Communication

You can contact Us either by telephone, post or alternatively via our e-mail address or via the personal e-mail addresses of Our employees provided to You. In this case, Data transmitted with the e-mail will be stored. Please note that e-mail communication usually is not encrypted, due to technical reasons.

In this context, Data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 Section 1  lit. c GDPR. Your Data will be used exclusively for the processing of the conversation. The processing of Data from the input mask of a contact form or an email sent to us will be used only to process the establishment of contact. In the event of a contact being established, this also constitutes the necessary legitimate interest in the processing of Data in accordance with Art. 6 section 1 lit. f GDPR. On that basis, also other Data processed during the sending process will be used to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Data Processing Within the Framework of the Fulfilment of Contracts

The processing of Data is carried out in order to provide our contractually owed services and related services, in particular to execute our contracts or pre-contractual measures with you and the execution of your orders, as well as all activities required in this connection with the operation and administration of our company.

Further details for the purpose of data processing can be found in the respective contract documents and terms and conditions.

If necessary, We process Your Data in connection with the sale of our Services beyond the actual performance of the contract to protect Our legitimate interests (Art. 6 section 1 lit. f GDPR) such as in the following cases:

  • Consultation and data exchange with credit agencies to determine creditworthiness and default risks
  • Examination and optimization of procedures for needs analysis and direct customer contact
  • Measures for business management and further development of Services and related products
  • advertising or market research, provided that you have not objected to the use of your data for these purposes
  • Assertion of legal claims and defense in legal disputes
  • IT security
  • Prevention and investigation of criminal offenses or money laundering

D. Misc

Due to the further development of our Website and Services or due to changed legal or regulatory requirements, it may become necessary to amend this Privacy Policy from time to time. You can check and print out the then current Privacy Policy at any time on the Website.

E. Contact Us

If You have any questions about this Privacy Policy, please contact us at, using our web form, or at:

42matters AG
Rötelstrasse 84
8057 Zürich