Privacy Policy

Last updated: April 2026

1. Controller

Premtrace AG, Switzerland (“Premtrace”, “we”, “us”) is the controller responsible for the processing of your personal data as described in this policy.

Data Protection Contact: privacy@premtrace.ch

2. Data We Collect

2.1 Website Visitors

When you visit our website, we may collect:

  • IP address (anonymised)
  • Browser type and operating system
  • Pages visited and referral source
  • Date and time of visit

2.2 Contact Form

When you submit our contact form, we collect:

  • Full name
  • Company name
  • Work email address
  • Role/title (optional)
  • Message content

2.3 Customers

When you become a customer, we additionally process:

  • Billing information (processed by Stripe)
  • Employee data you upload for screening (names, roles, locations)
  • Screening results and Intelligence Digests

3. Purpose and Legal Basis

We process your data for the following purposes:

  • Website operation: Legitimate interest in providing and improving our website
  • Contact requests: Performance of pre-contractual measures
  • Service delivery: Performance of our contract with you
  • Compliance: Legal obligations under Swiss and EU law

4. Data Storage and Security

All data is processed and stored exclusively on servers located in Switzerland and the European Union. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

5. Third-Party Processors

We use the following third-party processors:

  • Vercel: Website hosting (EU region)
  • Stripe: Payment processing
  • Resend: Transactional email delivery

Each processor is bound by a Data Processing Agreement and processes data only as instructed.

6. Employee Screening: Consent Framework, Data Retention, and Rights under nFADP

This section applies to individuals who are subject to screening by a Premtrace customer (the “controller”) as part of a fit-and-proper attestation programme. Premtrace acts as a processor on behalf of the customer organisation.

6.1 Consent and transparency

Before any screening is conducted, the customer is required to provide the individual with a transparency notice in accordance with nFADP Art. 19. This notice must specify: the identity of the controller; the purpose of processing (fit-and-proper assessment under applicable regulatory requirements); the categories of public sources accessed; the retention period; and the individual’s rights. Premtrace provides a standard-form notice template for this purpose. Signed consent records are stored within the platform and are accessible to the customer for audit purposes.

6.2 Data minimisation and source limitation

Premtrace accesses only publicly available information. No password-protected content, private social media accounts, or purchased data is accessed. Screening queries are constructed from the minimum data set required to identify the individual: full name, professional role, and employer. No sensitive categories of data (health, religion, political views) are sought. Findings that incidentally surface sensitive data are flagged and handled in accordance with nFADP Art. 5(c) heightened protection requirements.

6.3 Retention periods

Screening reports and associated findings are retained for the period specified in the Data Processing Agreement between Premtrace and the customer, subject to a default maximum of five years from the date of the screening. Consent records are retained for the same period as the screening to which they relate. Customers may configure shorter retention periods within their account settings, and may request deletion of specific records at any time.

6.4 Rights of screened individuals

Individuals who are subject to screening have the following rights under nFADP and, where applicable, GDPR:

  • Right of access (nFADP Art. 25): You may request confirmation that screening data concerning you is held, and receive a copy of that data.
  • Right to rectification (nFADP Art. 32): You may request correction of inaccurate data.
  • Right to erasure (nFADP Art. 32): You may request deletion of your data, subject to the customer’s regulatory retention obligations.
  • Right to object (nFADP Art. 30): You may object to processing where it is based on legitimate interest rather than legal obligation. The customer will assess whether an overriding interest exists.
  • Right to lodge a complaint: You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

To exercise these rights, contact the customer organisation that commissioned the screening. For requests directed to Premtrace as processor, contact privacy@premtrace.ch. We will respond within 30 days and liaise with the relevant customer controller as necessary.

7. Rights of Website Users and Customers

Under nFADP and GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact privacy@premtrace.ch.

8. Cookies

Our website uses only essential cookies required for the website to function. We do not use advertising or tracking cookies. Analytics, if enabled, use a privacy-first solution that does not use cookies.

9. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available on this page with the date of last update.

10. Contact

Premtrace AG
Rue Terrassière 39
1207 Geneva, Switzerland
privacy@premtrace.ch