Privacy Policy of Raptor Compliance GmbH

Raptor Compliance GmbH constantly strives to guarantee you the highest level of confidentiality and security. As a B2B software company we only offer our services and software to businesses. Therefore mainly the Swiss Federal Data Protection Act applies to our processing. However, in order to provide you with the highest level of transparency we have included additional information in this Privacy Policy. Unless otherwise provided, the provision of your personal information is not required by law or contract. You are not required to provide the data. The exact amount of processing as well as the applicable law may vary due to the services you use, ie. not all of the processing and the associated rights listed in this statement may apply.

Responsible body

The responsible company for this website is:
Raptor Compliance GmbH

Postal Address:
Technoparkstrasse 1
8005 Zürich

Fon: +41 44 586 97 90

Represented by:
Dr. Dominic N. Staiger
Philipp A. Staiger
Oliver Stutz

Registered at
Handelsregisteramt des Kantons Zürich
Company Number: CHE‑211.830.805
Tax ID Number

Representative in the EU:
SIDD Datenschutz Deutschland UG (haftungsbeschränkt)
Schellingstr. 109a
80798 Munich

Categories of affected persons

Depending on the desired services, some individuals may be partially or fully covered by the scope of this Privacy Policy. The affected groups include:

  • Visitors to our websites
  • Candidates
  • Corporate customers and their employees
  • Prospective corporate customer and their employees

In the following, the persons concerned will be collectively referred to as "users".

Purpose of the processing

The purposes of the processing of personal data on our websites include:

  • Providing the online offer, its functions and contents
  • Answering contact requests and communicating with users
  • Safety measures
  • Audience measurement / Marketing

Legal basis

Generally, the provision of the Swiss Federal Data Protection Act (FDPA) apply to our processing. This includes in particular Art. 4 et. seq. As a legal basis for the processing of personal data, our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR (if applicable) lies in the implementation of our business processes and the targeted information of potential customers. This includes the regularly expected use of cookies which enable users to display interesting content to users. Furthermore, based on our legitimate interests, we process users' information for spam detection. You have the right for reasons that arise from your particular situation, at any time in accordance with Art. 6 para. 1 lit. f GDPR (if applicable) to object to the processing of your personal data.

The consent is obtained in accordance with Art. 6 para. 1 lit. a GDPR (if applicable) for sending newsletters In the context of the performance of the contract and its initiation, Art. 6 para. 1 lit. b GDPR (if applicable) is the legal basis. When contacting us (e.g., by contact form, e-mail, telephone or via social media), information of the user is processed to answer the contact request in accordance with. Art. 6 para. 1 lit. b GDPR (if applicable). In rarer cases, we process personal data to fulfill our legal obligations in accordance with Art. 6 para. 1 lit. c GDPR (if applicable).

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR (if applicable) is the legal basis. However, in most cases the FDPA applies to the processing including Art. 12 and Art. 13.

Retention period

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage has expired or a storage is no longer required. Personal data is also kept for the time in which claims against our company can be asserted.

In addition, storage may take place if regulations, laws or other regulations require longer storage. Corresponding proof and retention obligations arise, among other things, from the Commercial Code. The storage periods are thereafter normally ten years. The storage of personal usage data and cookies incl. IP addresses are limited to the period of time necessary for the fulfillment of the purpose.

Transfer to 3rd countries

In most cases, your personal data will only be processed within Switzerland and the EU. If, however, in individual applications processing takes place in non-EU countries, a transfer takes place in accordance with the requirements in Art. 44 ff. GDPR (if applicable) or Art. 6 DSG. The processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").


With every access to our website, user data is transmitted through your internet browser and stored in log data (server log files). This stored data includes e.g. Name of page accessed, date and time of retrieval, amount of data transferred and the requesting provider as well as IP addresses. These data are processed under the legal basis of our legitimate interests and serve exclusively to ensure the trouble-free operation of our website.

Webhosting Amazon Web Services

Amazon Web Services (AWS) is designed to host data and files in order to manage and use this site. In addition, these offers may provide a ready-made infrastructure that handles specific functions or entire components of this website.

Amazon Web Services (AWS) (Amazon Web Services, Inc.), is a web hosting and backend service provided by Inc. Personal data collected: various types of data, as stated in thePrivacy Policy of the Service. Processing location: Germany. Amazon Web Services is certified under the Privacy Shield.

Collection and processing using the contact form

When using the contact form, we collect your personal data (name, e-mail address, message text) only in the scope provided by you. The data processing serves the purpose of establishing contact and initiating a contractual relationship. Processing is based on Art. 6 para. 1 lit. f GDPR (if applicable). Our legitimate interests lies in efficient communication and if contractually relevant under Art. 6 para. 1 lit. b GDPR (if applicable). We use your e-mail address to process your inquiry or the later processing of contractual services.

Customer Account

When opening a customer account, we collect your personal data in the scope indicated there. The purpose of data processing is to improve your shopping experience and simplify order processing. Processing is based on Art. 6 para. 1 lit. b GDPR (if applicable) for performance of the contract. Further provision of the user account takes place after completion of the transaction under our legitimate interests in accordance with Art. 6 (1) lit. f GDPR (if applicable) to simplify future purchasing processes and to enable you to view old orders. These legitimate interests only apply if we process your data outside of the fulfillment of the contract.

Collection, processing and use of personal data for orders

When placing an order, we collect and use your personal data only insofar as this is necessary for the fulfillment and processing of your order and for the processing of your requests. The provision of the mandatory data in the fields is required for the conclusion of the contract. Non-provisioning means that no contract can be concluded. Processing is based on Art. 6 para. 1 lit. b GDPR (if applicable).

A transfer of your data to third parties without your express consent does not take place. Excluded from this are only our service partners, which we need to process the contractual relationship or service providers of which we use in the context of order processing. In addition to the recipients named in the respective clauses of this privacy policy, these are, for example, recipients of the following categories:

  • Payment service
  • ERP/CRM service
  • Service provider for order processing
  • Web host, IT service provider
  • Marketing service provider

In all cases we strictly observe the legal requirements. Appropriate data processing contracts have been concluded with the processors to ensure privacy.

Newsletter & Tracking

Regardless of the contract, we use your e-mail address solely for our own advertising purposes to send out our newsletter, if you have expressly consented to this. Processing is based on Art. 6 para. 1 lit. a GDPR (if applicable) with your consent. You can revoke your consent at any time without affecting the legality of the processing carried out on the basis of your consent until your revocation. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your e-mail address will then be removed from the mailing list.

If you register for an e-mail newsletter, we will electronically record and store the personal data and information you provide us with. The purpose of this processing is initially the implementation of the so-called double-opt-in procedure, with which you can agree to the regular receiving of the e-mail newsletter. This means that after submitting your data and information, we will send you an e-mail to the e-mail address you have provided and ask you in this e-mail for confirmation that you wish to receive the newsletter. If there is no confirmation of your registration, your data will be deleted.

After your confirmation we will store your IP address and the time of the confirmation. The purpose of this procedure is to prove your registration for the e-mail newsletter and, if necessary, to detect and prevent possible misuse of your personal data. The legal basis for this is the aforementioned legitimate interests as well as a legal obligation (UWG).

Our newsletter is sent using Mailjet, an e-mail marketing software provided by Mailjet SAS, Rue de l'Aubrac 75012 Paris, France. The e-mail addresses of the recipients of our newsletters, as well as the data described in these notes, are located on the servers of Mailjet in data centers in France and possibly in Belgium, Germany and Great Britain. Mailjet uses this information to send and evaluate the newsletters on our behalf. Furthermore, Mailjet may use this data to optimize or improve its own services, e.g. for the technical optimization of shipping and the presentation of the newsletter. Mailjet's e-mail marketing cloud security concept is ISO 27001 certified. Further information can be found directly under

We point out that we evaluate the behavior of the readers of our e-mail newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. These web beacons or tracking pixels are one-pixel image files stored on our website. For the evaluation, we link the web beacons or tracking pixels with your e-mail address and an individual ID.

With the data obtained in this way, we create a user profile to tailor the newsletter to your interests. In doing so, when you read the newsletter, we record which links you click on in the newsletter and deduce your interests from it. We link this data to the actions you take on our websites. The purpose of this processing is to improve the quality of the newsletter, to optimize our offers and to delete recipients who do not read our newsletters. The legal basis for processing is Art. 6 (1) lit. f GDPR (if applicable).

This tracking will not occur if you have disabled the display of images by default in your e-mail program. In this case the newsletter will not be displayed completely and you may not be able to use all the features. As soon as you have the pictures displayed, the just described tracking is activated.


Our website uses cookies. Cookies are small text files that are stored in the Internet browser or the Internet browser on the computer system of a user. When a user visits a website, a cookie may be stored on the user's device. The cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies for the purpose of making our offer more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and offer you services. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

In addition, we use cookies on our website for the purpose of enabling an analysis of the surfing behavior of our site visitors. With this we can improve our offer for the visitor. Furthermore, we use cookies for the purpose of addressing site visitors on other websites with targeted, interest-based advertising.

Processing is based on Art. 6 para. 1 lit. f GDPR (if applicable) on the basis of the legitimate interest in the above-mentioned purposes. The data collected by you in this way will be pseudonymised by technical means. An assignment of the data to your person is therefore not directly possible. The data will not be stored together with other personal data of you.

You have the right for reasons that arise from your particular situation, at any time based on Art. 6 Abs.1 lit. f GDPR (if appliable) to object to the processing of your personal data.

Cookies are stored on your computer. Therefore, you have full control over the use of cookies. By selecting appropriate technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data contained therein. Already saved cookies can be deleted at any time. We point out, however, that you may not be able to use all the features of this website in full.

The links below will tell you how to manage (and disable) cookies on major browsers:

Google Ireland Limited
Google Analytics

On our website, we use the Google Analytics tool from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

For this purpose, a data processing contract with Google was signed.

The locations of Google's data centers can be viewed here:

A transfer of data to third countries outside the EU or Switzerland takes place i.a. under the Privacy Shield. Google Ireland Limited is certified under the Swiss-U.S. Privacy Shield Framework and the EU-US. Privacy Shield Framework. The active certification can be found here:

With Google Analytics we collect information about the visitors of our website to present relevant offers.

The legal basis for this is the legitimate interest in providing the customer with targeted offers that meet their needs and minimize the amount of irrelevant and unwanted advertising.

Google Analytics captures website cookies, device or browser data, IP addresses, and website or app activity. This is to measure user interactions on websites and apps that use Google Analytics, as well as report on them.

Our user analysis also uses Universal Analytics. This allows us to obtain information about the use of our offers on different devices ("Cross Device"). We use a pseudonymised user ID with the help of the cookie technology, which contains no personal data and does not transmit this to Google. The data collection and storage can be rejected at any time with effect for the future through a browser plugin from Google ( This opt-out must be performed on all systems that you use, for example, in another browser or on your mobile device.

By linking different Google functions within the Google Analytics service with the Google Ads (formerly Google AdWords) service, we are additionally able to operate retargeting (also known as remarketing) using pseudonymized identification numbers. Hereby we can provide you advertising after leaving our site on different pages of our Publishing Partners.

Opt-Out: You can opt-out with one click on this Link and prevent Google Analytics from collecting information about you from this site. By clicking on the link above you download an "opt-out cookie". Your browser must allow the storage of cookies in principle. If you delete your cookies on a regular basis, you will need to click on the link each time you visit this website.

You can also deactivate Google Analytics permanently via plugin. Here you will find the plugin:

Terms and Conditions:

Privacy Policy:

In addition, we have activated the function IP Anonymization, which ensures that your IP address is anonymized. For this Google uses so-called IP masks. Before the anonymization, Google uses the IP to record the land and city data. At no time do we have access to your IP address via Google Analytics.

Google Ads (previously Google AdWords)

On our website we use Google Ads from Google (see above). This service allows us to show ads in Google's search results as well as Google AdSense and Publishing Partner's display networks. The aim is to use our advertising materials (so-called Google Ads) to draw attention to our offers on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We are interested in showing you advertisements that are of interest to you, to make our site more interesting to you and to allow you to calculate advertising costs.

The legal basis for this is the legitimate interest (Article 6 (1) (f) GDPR - if applicable) in the efficient marketing of our services.

Our websites use the features of Google Analytics in conjunction with the cross-device capabilities of Google Ads.

This feature allows the Google Analytics generated ad groups to be linked to the cross-device capabilities of Google Ads. In this way, interest-based, personalized advertising messages adapted to you based on your past usage and browsing behavior on one end device (e.g., cell phone) may also be displayed on another of your end devices (e.g., tablet or PC).

For this purpose, a cookie is set by means of a remarketing tag, which includes every visitor to the website (pseudonymised) in a list.

If you access our website through a Google ad, Google Ads will store a cookie on your computer. The unique cookie ID, the number of ad impressions per placement (Frequency), the last impression (relevant to post-view conversions), and opt-out information (marking that) are usually considered as analysis values the user does not want to be addressed) stored

These cookies allow Google to recognize your internet browser. If a user visits certain pages on a Google Ads customer's site and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page.

You can prevent participation in this tracking process in several ways:

  • by setting your browser software accordingly - the suppression of third-party cookies will result in you not receiving any third-party ads.
  • By disabling the cookies for conversion tracking by setting your browser to block cookies from the domain ( this setting will be deleted when you delete your cookies.
  • by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign through the link this setting will be deleted when you delete your cookies
  • by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link We point out that in this case you may not be able to use all features of this offer in full.

Tag Manager

We also use Google Tag Manager to manage the usage-based advertising services. The Tag Manager tool itself is a cookie-free domain and does not collect personal information. Rather, the tool provides for the resolution of other tags, which in turn may capture data.


Chargebee, Chargebee Inc.'s service (340 S Lemon Avenue, # 1537, Walnut, California 91789, USA, "Chargebee"), uses some personal information for billing purposes.

Our portals allow you to initiate booking transactions. As far as this is necessary for the fulfillment of the contract, data will also be handed over to our payment service providers or the credit institution commissioned with the payment processing. The scope of the data is limited to the minimum required for the purpose of contract execution.

We process this data for the purpose of processing your order or to answer your request. The legal basis for the data processing is Art. 6 para. 1 p. 1 b. GDPR (if applicable).

A data processing contract with Chargebee has been signed. Chargebee is certified under the Privacy Shield Agreement, providing a guarantee to ensure the level of protection afforded by European data protection law (

Rights of the data subject

As the data subject, you are entitled to the following rights in accordance with the GDPR.

Information rights

You may ask the person responsible for a confirmation as to whether personal data concerning you is being processed. If such processing is available, you may request information from the person responsible in accordance with Article 15 of the GDPR (if applicable) regarding information about the data stored about you. This includes:

  • the processing purposes;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
  • if possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration;
  • the existence of a right to rectification or erasure of the personal data relating to him or to a restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data are not collected from the data subject, all available information on the source of the data;
  • the existence of automated decision-making including profiling according to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

If personal data are transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Article 46 of the GDPR in connection with the transfer.

Right to revoke the declaration of consent

You have the right to revoke your data protection consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Right to rectification

According to Art. 16 GDPR (if applicable), you have a right of correction and / or completion, if the processed personal data concerning you are incorrect or incomplete. The controller must make the correction without delay.

Right to delete

You may request that the personal data concerning you be deleted immediately in accordance with Art. 17 GDPR (if applicable) if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • They revoke their consent, to which the processing according to Article 6 paragraph 1 lit. a or Article 9 paragraph 2 lit. a GDPR and there is no other legal basis for the processing.
  • In accordance with Article 21 (1) GDPR, you object to the processing and there are no legitimate reasons for the processing, or you object to the processing according to Article 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of your personal data is necessary to fulfill a legal obligation under EU or national law
  • The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.

Right to restriction of processing

According to Art. 18 GDPR (if applicable), you may demand the restriction of the processing of your personal data under the following conditions. If:

  • the accuracy of your personal information is disputed by you. The restriction applies to the period during which the person responsible can verify the accuracy of the personal data.
  • the processing is unlawful and you refuse the deletion of personal data and instead demand the restriction of the use of personal data;
  • the controller no longer needs the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, or
  • You have objected to the processing in accordance with Article 21 paragraph 1 GDPR, as long as it is not certain whether the legitimate reasons of the person responsible over you prevail.
  • If the processing of personal data concerning you has been restricted, this data may be (with the exception of its storage) only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

Right to data portability

According to Art. 20 GDPR (if applicable), you have the right to receive the personal data that you have provided us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible, provided that

  • the processing is based on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 12 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR and
  • the processing is done by automated methods.

Right to object

You have the right according to Art. 21 GDPR (if applicable), for reasons that arise from your particular situation, at any time to object against the processing of your personal data, which, is based on Art. e or lit. f GDPR.

We no longer process your personal information about you unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in connection with the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Automated decision in individual cases

You have the right not to be subjected to a decision based solely on automated processing (including profiling), which has legal effect on you or, in a similar manner, significantly affects you. This does not apply if the decision

  • is required for the conclusion or fulfillment of a contract between you and us,
  • is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
  • with your express consent.

Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR (if applicable).