Privacy policy

Please read this Privacy Policy (“Privacy Policy”) carefully as it sets out how Trusty AG (“Trusty” “we” or “us”) uses your personal data. Or personal information in relation to our whistleblowing solution and any other solutions that we may provide (referred to as the “Services”). We may change this policy from time to time so please check our website from time to time for any updates. If we make material changes in the way we use your personal information, we will acknowledge that in this Privacy Policy or otherwise on our website, or by sending you an email to your email address that we are in possession of. If you have any questions about this Privacy Policy, please contact us using the contact details below:

Bösch 82, 6331 Hünenberg, Switzerland

+41 76 8053278


This Privacy Policy applies to our clients who are natural persons and any natural persons associated with our clients. Such as their employees, agents, directors, or similar personnel. Who is acting as point of contact for us and it also applies to our website visitors. Also any other data subjects whose personal data we may be processing as a controller except for our employees (“individuals”, “you” or “your”).

Although this Privacy Policy DOES NOT APPLY to whistleblowers and any personal data or information related to whistleblower reports. Or any other personal data or information which is part of the whistleblowing solution. Or any other solutions platforms provided by us where we are acting as a processor or as a service provider as applicable.


For the purposes of the EU General Data Protection Regulation (the “GDPR”) and any other applicable UK laws. Such as the UK GDPR, this Privacy Policy applies to the situations where Trusty is the controller of your data.

This Privacy Policy applies when Trusty acts as a business, aligning with CCPA and other US privacy laws.

It’s relevant under the California Consumer Privacy Act and related US privacy regulations.



2.1 We process your personal data as part of entering into a contract for the provision of the Services and performing such a contract with you.

2.2 We further process your personal data based on our legitimate interest to communicate in relation to the provision of the Services, for market research, direct marketing purposes and to make-/defend against claims.

2.3 We may ask for your consent in other cases where we process your data, as for example if we intend to use not strictly necessary cookies. Such consent can be revoked at any time by contacting us at Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal. 2.4 We may also process your personal data as required to comply with a legal. Or regulatory obligation we may be subject to.



 3.1 Your data may be collected directly from you or your device if you access our website or get in touch directly with us or via other persons such as your work colleagues or our other business partners and contractors. It may further be obtained via open internet sources.

3.2 The data gathered may comprise identifiers, such as name and contact details like email or telephone, professional or employment-related information such title and employer, location, web-site. Also, commercial information if you have purchased products or services from us. Other data may be gathered directly from you if you provide us with it.

3.3 When you visit our website, we may gather identifiers and internet or other electronic network activity information through the use of cookies. Such as data about how you access and use our websites such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions. Operating system and platform and other technology on the devices you use to access our websites, the pages you have visited on our websites and the links you have followed on them.

3.4 We may also collect inferences drawn from the information we collect when you visit our website or interact with our tools, widgets, or plug-ins. Correspondingly Information about user preferences and behavior that we collect on our website to create a profile about a user reflecting the user’s preferences, characteristics, predispositions, behavior, and abilities.



We may use your personal data for the following purposes:

perform the contract with you; administer business relationships with you in order to allow us to provide the Services, including to provide customer service; improve our Services; send important information regarding the Services, or other technical notices, updates, security alerts, and support and administrative messages; send marketing communications to you; carry out verification and security checks, and to make-/defend against claims.

No special categories of personal data in the sense of the GDPR and no sensitive information for the purposes of the CCPA are processed.



Where allowed by the applicable laws, we may use your corporate contact details for direct marketing purposes. We will provide you with the opportunity to object in each communication. You can also do it by reaching us at



Subject to the need to perform the contract with you based on the contract you enter with us and our legitimate interests. We may share your personal information as set out below:

Third-party providers assist with various business functions, including IT, automation, website development, and marketing management. They also handle data hosting, programming, and technical support as needed.

Our third-party analytics partners to analyse website traffic. Understand user or client needs and trends or our third-party marketing service providers to help us to communicate with you;

Professional advisers including lawyers, bankers, auditors and who provide consultancy, banking, legal, insurance and accounting services;

Third parties if we are required to do so by law, or if we believe that such action is necessary to: (a) fulfil a government, or regulatory authority request. (b) conform with the requirements of the law or legal process. (c) protect or defend our legal rights or property, our websites, users or clients.


We may share personal data, like your IP address and online activity, with third-party cookie providers for advertising.

This allows for cross-context behavioral advertising based on the information collected. Under CCPA, this may be seen as selling your information, but under GDPR, we require your consent. Our cookie data practices comply with GDPR, and we only process your data with your consent. For full information about the cookies that we use and the businesses that may receive your internet or other electronic network activity information, please visit our Cookie Policy. We do not knowingly sell the personal information of minors under sixteen years of age. We do not sell your financial information when you make payments to us.



When data goes outside the EEA or UK, we assess and ensure third parties secure your data and respect privacy rights. Adequate measures are taken for data protection during such transfers. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and may include:

• only transferring your personal data to countries which have been deemed to provide an adequate level of protection. For personal data by the European Commission or the ICO or the UK government. Or

• entering into specific contractual terms which have been approved by the European Commission. Also the ICO or the UK government and which give personal data the same protection as within the EEA.



8.1 We may retain your personal data for as long as we require for the purposes for which it is processed or as is otherwise required by applicable law. After our relationship ends, we may process your data for a reasonable period, as required by law. This may include addressing potential claims or other lawful purposes.

8.2 When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data. The purposes for which we are processing the data, and any applicable statutory retention or limitation periods. Once the processing of the data is no longer required, we may securely delete or anonymize your personal data.

8.3 For more details about our retention periods, please contact us at  



9.1 Under the GDPR and the UK GDPR, you are entitled to certain rights in relation to our handling of your personal data, as described below:

9.1.2 You may request from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case. Access to the personal data and some additional information about the processing.

9.1.3 If you think any personal data we have about you is incorrect or incomplete, please let us know as soon as possible. We will correct or update any information as soon as we can.

9.1.4 You have the right to erasure of your data. Under some circumstances, we may not be able to fulfill your request if your personal data is important for the establishment. Exercise or defence of legal claims, or that we need to retain in order to comply with the law.

9.1.5 You have the right to restriction of processing, in some circumstances where the data is wrongfully processed.

9.1.6 You have the right to receive the personal data concerning you, which you have provided to us. In a structured, commonly used and machine-readable format.

9.2. Under the California Consumer Privacy Act, if you are a resident of California, you have the following rights under the California Consumer Privacy Act:

9.2.1. Right to know: You can request us to disclose to you: (1) the categories and/or specific pieces of personal information we have collected about you. (2) The categories of sources for that personal information. (3) The purposes for which we use that information. (4) The categories of third parties with whom we disclose the information, and (5) the categories of information that we sell or disclose to third parties. You can make a request to know up to twice a year, free of charge. This Privacy Policy is intended to satisfy this right.

9.2.2. Right to delete: You can request that we delete your personal information that we collected from you. Also we will tell our service providers to do the same, subject to certain exceptions (such as if we are legally required to keep the information).

9.2.3. Right to opt-out of sale or sharing: You may request that we stop selling or sharing your personal information (“opt-out”). We cannot sell or share your personal information after we receive your opt-out request unless you later authorize us to do so again. Please use our Do Not Sell or Share My Personal Information form to manage your preferences. 9.2.4 Right to correct: You may ask us to correct inaccurate information that we have about you.

9.2.6 Right to limit the use and disclosure of sensitive personal information. Where we process sensitive personal information about you. You can direct us to only use your sensitive personal information for limited purposes. Mostly such as providing you with the services you requested.

9.2.7 Right to no retaliation: we will not discriminate against you because you exercised any of the consumer’s rights described above.

9.2.8 We do not offer financial incentives for the collection, or retention. Also sale of personal information and does not have financial incentive programs for you to opt into.

9.3 If you would like to exercise these rights, please write to us using the contact details. Which are provided at the beginning of this Privacy Policy or email us at  



Should you have any complaints about how we handle your personal information, please contact us at If we are unable to resolve your complaint and you wish to take your complaint further, you may do so by contacting the relevant supervisory authority. You can find a list of EU supervisory authorities here. Our appointed representatives:

• for the EU: Odvetniška družba Podjed, Kahne in partnerji o.p. – d.o.o., Štefanova ulica 13A, 1000 Ljubljana, Slovenia, tel: +386 1 43 00 310, email:; lead contact person: Mr Luka Podjed Our representatives are mandated by us to be addressed in addition to or instead of us by, in particular, supervisory authorities and data subjects. On all issues related to processing, for the purposes of ensuring compliance with respective EU or UK data privacy regulation.