Data Protection & Privacy
This notice explains how TransActum SA processes personal and business data in connection with its services, in fulfilment of its transparency obligation under Art. 19 of the Swiss Federal Act on Data Protection (nFADP). It reproduces the data-protection provisions of our General Terms and Conditions (Sections 7 to 9); the full GTC remain the governing document.
7. Data Protection
7.1Each Party shall act as an independent controller with respect to Personal Data it processes for its own purposes. Where TransActum processes Personal Data exclusively on behalf of and under the instructions of the Client (e.g. when the Client provides employee or shareholder data for TEOS input), TransActum acts as a data processor and a Data Processing Agreement (DPA) shall be executed as an annex to the Mandate Agreement.
7.2TransActum processes Personal Data for the following purposes: (a) delivery of the Services; (b) operation and improvement of TEOS (subject to the anonymisation requirement of clause 6.4); (c) invoicing and contract management; (d) compliance with legal and regulatory obligations; and (e) quality assurance and internal training.
7.3TransActum relies on the following legal bases for the processing of Personal Data: (a) performance of the Agreement (Art. 6(1)(b) GDPR, where applicable); (b) legitimate interests of TransActum (Art. 6(1)(f) GDPR, where applicable), specifically the operation of TEOS, process improvement, and fraud prevention; and (c) explicit consent for any processing that constitutes High-Risk Profiling under Art. 5(g) nFADP.
7.4Personal Data is stored on secured Swiss servers. Transfers of Personal Data outside Switzerland are made only to countries that offer an adequate level of protection recognised by the Swiss Federal Council, or subject to appropriate safeguards (standard contractual clauses approved by the FDPIC, or equivalent measures).
7.5Where TransActum uses third-party AI tools or cloud service providers to process Personal Data, it shall ensure that such providers are bound by contractual data processing agreements that: (a) prohibit the use of client data for model training without explicit consent; (b) commit to data residency in Switzerland or the EEA; and (c) implement appropriate technical and organisational security measures.
7.6Data subjects whose Personal Data is processed by TransActum in connection with the Services have the following rights under the nFADP: right of access (Art. 25 nFADP); right of rectification; right of erasure (within statutory limits); right of restriction of processing; right to object to processing; and the right to request human review of automated individual decisions (Art. 21 nFADP). Requests may be directed to privacy@transactum.ch.
7.7Where a processing operation presents a high risk to the personality or fundamental rights of data subjects, TransActum shall conduct a Data Protection Impact Assessment (DPIA) pursuant to Art. 22 nFADP. If the DPIA reveals a residual high risk that cannot be mitigated, TransActum shall consult the FDPIC before commencing that processing operation.
7.8Client Data shall be retained only for as long as necessary to perform the Services, comply with legal obligations, preserve evidence for dispute resolution, or maintain operational records. Unless otherwise required by law, Client Data shall be deleted or anonymised no later than ten (10) years after termination of the engagement.
8. Automated Processing and Artificial Intelligence
8.1TEOS applies Automated Processing to Client Data to: (a) score the Client’s succession readiness across the ten orthogonal readiness dimensions (ODRL, SAFRL, GLSRL, MORL, PKTRL, FTCRL, MBVRL, PCSRL, IDRL, OTTRL); (b) identify gaps between the current state and the target readiness profile; (c) generate prioritised execution steps, task assignments, and timelines through constraint-propagation logic; (d) detect interdependencies and risks across readiness dimensions; (e) monitor progress and update scoring dynamically as conditions change; and (f) over time, improve TEOS accuracy through pattern recognition across anonymised case data.
8.2In the course of Automated Processing, TEOS may generate profiles relating to the Client’s business, its owner’s decision readiness, organisational maturity, and succession readiness. Such profiles are used exclusively for the purposes set out in clause 8.1 and are subject to the confidentiality obligations of Section 10 of the GTC.
8.3Profiling conducted by TEOS does not constitute High-Risk Profiling within the meaning of Art. 5(g) nFADP provided that it is limited to organisational and business characteristics and does not involve systematic processing of sensitive Personal Data (as defined in Art. 5(c) nFADP) without explicit consent. Where a specific engagement requires processing that would constitute High-Risk Profiling, TransActum will notify the Client and obtain explicit consent prior to commencing such processing.
8.4TEOS Outputs (including readiness scores, gap analyses, execution roadmaps, and task lists) are analytical tools that support human decision-making. They do not constitute automated individual decisions within the meaning of Art. 21 nFADP that produce legal effects or similarly significantly affect the Client. All TEOS Outputs are reviewed by qualified TransActum personnel before being communicated to the Client or Third-Party Stakeholders.
8.5TransActum shall not make decisions that produce binding legal effects on the Client based solely on automated processing without human review. Where TEOS generates outputs that materially influence a recommendation affecting the Client’s legal or financial position, a qualified TransActum professional shall review the output prior to communicating it.
8.6Upon written request, TransActum shall provide the Client with reasonable information regarding the categories of Automated Processing applied to the Client’s data and the general principles underlying TEOS scoring and prioritisation. Nothing in this clause shall require disclosure of proprietary algorithms, source code, model parameters, weighting methodologies, prompts, trade secrets, intellectual property, or confidential know-how.
8.7The Client acknowledges that TEOS Outputs are generated on the basis of the information provided by the Client and are subject to the quality of that input. TransActum does not warrant that TEOS Outputs are free from error or that succession processes managed through TEOS will achieve specific outcomes. TEOS Outputs may contain inaccuracies, omissions, assumptions, correlations, recommendations, or predictive assessments generated through Automated Processing. Such outputs are intended solely as decision-support tools and must be independently assessed before implementation.
8.8TransActum will maintain an inventory of all AI systems used in the delivery of Services, classify them by risk level, and assign responsibility for their governance. This inventory is available for inspection upon reasonable written request.
9. Recording and Storage of Communications
9.1TransActum may record oral and electronic communications (including telephone calls, video conferences, online meetings, and written correspondence) between TransActum and the Client, and between TransActum and Third-Party Stakeholders, conducted in connection with the Services ("Communications").
9.2Recordings are made for the following purposes: (a) quality assurance and process improvement; (b) training of TransActum personnel; (c) documentation of instructions, decisions, approvals, and agreements; (d) evidence preservation in the event of disputes; and (e) compliance with regulatory or legal obligations.
9.3Prior to recording any Communication, TransActum will inform all participants that the Communication is or will be recorded. Continued participation following such notice constitutes consent to the recording. Where a participant does not consent to recording, TransActum will offer alternative documentation methods (e.g. written minutes).
9.4The Client confirms, on its own behalf and on behalf of its authorised representatives who participate in Communications with TransActum, that: (a) it has been informed of and consents to the recording of Communications for the purposes stated in clause 9.2; and (b) it will inform its own personnel and Third-Party Stakeholders of this recording practice before including them in Communications with TransActum.
9.5Recordings and associated metadata are stored on secured Swiss servers for a minimum period of ten (10) years from the date of the Communication. Recordings required for pending legal proceedings or regulatory inquiries are retained until final resolution. All other recordings are securely deleted or irreversibly anonymised at the end of the applicable retention period.
9.6Access to recordings is restricted to TransActum personnel with a demonstrable operational need. Recordings are not disclosed to third parties except: (a) to subcontractors bound by equivalent confidentiality obligations; (b) as required by applicable law or a binding order of a competent authority; or (c) with the explicit consent of the Client.
9.7Recordings and their content constitute Confidential Information to the extent they contain information qualifying as such under Section 10 of the GTC.
Your rights and contact
Data subjects may exercise their rights of access, rectification, erasure, restriction, and objection, and may request human review of automated individual decisions (Art. 21 nFADP), by writing to privacy@transactum.ch.
For the complete contractual terms governing our services, see our General Terms and Conditions.