Privacy Notice

Legal Notice

At Hadida Tax Advisors SARL (hereinafter HadTax), we take your privacy very seriously. This privacy notice explains what personal data we collect about you, how and why we collect, store, use and share your personal data, your rights in relation to your personal data and how to contact us or make a complaint. By ‘personal data’, we mean information which relates to you as an individual and tells us something about you.

1. Privacy Notice

This privacy notice covers the following entities:

• Hadida Tax Advisors SARL, 1 Rue de la Cite, 1204 Geneve, Switzerland

(herein referred to as “HadTax”, “we”, “our”, or “us”).

HadTax adheres to high data protection standards as well as transparency of personal data collection and processing. Personal data is any information that relates to an identified or identifiable natural person (rather than to a legal entity, such as a company). This privacy notice contains information on what data is collected when visiting www.hadtax.com and the data, text, reports, templates, agreements and other materials that are made available or enabled via the Website (the “HadTax Tax Materials”). The Swiss Federal Act on Data Protection and EU General Data Protection Regulation 2016/679 ("EU GDPR") establish the legal basis for this notice.

2. Data Protection Basics

This privacy policy describes how we process personal data, specifically what personal data we collect for what purpose. It also regulates data disclosure, retention periods, and your rights. Personal data (hereinafter referred to as "data") includes all information related to a specific or identifiable individual. The term "data processing" is context-dependent and encompasses any handling of personal data, regardless of the means and methods used, including obtaining, storing, using, modifying, disclosing, archiving, or destroying data.

We collect and process personal data to fulfill our business tasks within the legally and contractually defined framework. The collection, processing, and use of personal data are subject to the applicable Swiss (Federal Data Protection Act) and, if applicable, European legal provisions (EU General Data Protection Regulation (GDPR)).

We collect personal data in a transparent manner and in accordance with the principles of proportionality and purpose limitation. Data is processed only to the extent and for the duration necessary for our tasks and obligations.

3. Purpose of the Collection and Processing of Personal Data

Under data protection law, we can only use your personal data if we have a permitted reason for doing so, for example:

• Where you have given consent :

• For the performance of our contract with you or to take steps at your request before entering into a contract

• To comply with our legal and regulatory obligations

• For our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your data, so long as this is not overridden by your own rights. We process those personal data that are necessary to ensure our service offering to be permanent, secure, and reliable. This includes, in particular:

• Handling and administration of contractual relationships with customers, employees, suppliers, etc.;

• Maintenance of contacts and communication related to service provision;

• Operation of the website;

• Ensuring security, fulfilling legal obligations, enforcing claims;

• Sending invitations and conducting events and webinars;

• Marketing actions and sending newsletters;

• Statistical surveys/evaluations.

4. What Personal Data Do We Process?

4.1 General Contact and Basic Data

Depending on the purpose of data processing, customer segment, and service areas, we collect various types of personal data, including potentially sensitive personal data. The personal data we collect about you will generally be provided by you and may include (amongst others):

• Name, date of birth, gender, contact details (telephone number, email address, postal address)

• Information about your living arrangements, marital status and dependents

• Identifying numbers (French Taxpayer Number, Social Security Number)

• Impot.gouv login details

• Bank account details and billing information

• Information about your citizenship, place of birth, place of residence/domicile, immigration status

• Information about your financial position such as your income (including from interest, investment income, pensions, royalties, alimony, benefits, inheritance), expenses/outgoings, gains/losses, assets and trusts; and gifts you have made or received

• Information about tax payments, reliefs, allowances, deductions, exemptions

• Information about your occupation (including employment, self-employment and partnership) and related income, benefits, payments and expenses

• Information about rental property owned by you and sales of real property and other assets

• Information about how you use our website (from Cookies), IT, communication and other systems.

On very rare occasions, this will include information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation or your health. This is known as ‘special category personal data’ and we will process it only with your explicit consent.

4.2 Whether Information Has to Be Provided by You, And If So, why?

The provision of your personal data is necessary primarily to enable us to provide you with our services. We do not require you to provide us with your personal data but if you choose not to, it may have an impact on our ability to provide you with our services in part or at all.

4.3 Data in Connection with Email and Phone Inquiries along with online contact inquiries

When you contact us by email or phone, your inquiry, including all resulting personal data (name, email address, phone, inquiry, etc.), is stored and processed by us for the purpose of handling your request. The processing of this data either occurs in connection with the fulfillment of an order or to carry out pre-contractual measures. In all other cases, the processing is based on your consent and/or our legitimate interests, as we have a legitimate interest in the effective processing of inquiries directed to us. The data sent to us via contact inquiries (including that information provided when completing the HadTax new client questionnaire) remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completing the processing of your request). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

4.4 Data in Connection with Direct Communication (Phone, Email, or Chat, Online Meetings, Video Conferences, and/or Webinars, etc.)

Online meetings (for example: one-on-one consultations and advisory calls), video conferences, and/or webinars organized by us are particularly conducted using Zoom/Microsoft Teams/Google Meet, etc. For direct communication via phone, email, collaboration solution, video meetings, or chat, we and our corresponding service providers, as necessary, can process the following personal data:

• General contact and basic data as outlined in section 4.1;

• Other personal data contained in email communication;

• Communication data such as IP address, time, and duration of communication;

• Recordings of video conferences (using a service such as Fathom), if necessary. We process these personal data to provide and improve our services for our customers and other interested parties.

4.5 Suppliers and Other Contractual Partners

We process the following personal data of business partners who provide services or deliveries for us:

• General contact and basic data as outlined in section 4.1;

• Financial information such as bank details;

• Information mentioned in agreements (such as data about responsible employees, consultants, information about the provided service, etc.).

We process this data in fulfillment of a contract and in accordance with the legal retention periods of commercial and tax law. If our contractual partners have access to our personal data in the fulfillment of their order (e.g., IT companies), we conclude a corresponding data processing agreement (DPA) with them.

You can configure your browser to inform you about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases, or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies and related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.

4.6 Data for Mailings and Newsletters

For the purpose of sending information about events, publications, etc. (marketing purposes) and for the dispatch of newsletters, we process the following personal data:

• General contact and basic data as outlined in section 4.1;

These data are necessary for the provision of the service, communication, or the maintenance of our customer database. To improve our services, information related to marketing, mailings, and newsletters is also statistically evaluated. You can object to the use of your personal data for marketing purposes at any time or unsubscribe from receiving the newsletter.

4.7 Data for the Organization and Conduct of Events

The following personal data are processed for the organization and conduct of events:

• General contact and basic data as outlined in section 4.1;

• Information about the employer (such as company, address, email address), participants, and speakers;

• Information about participation in further education;

• Payment information;

• Possibly images or videos.

First name, last name, address (if applicable), email address, and employer may be disclosed to other participants. It may also be possible that you are photographed or filmed at events. These data are processed for the conduct of the event as well as for networking and marketing purposes. We need the visual material for the internal documentation of the event, for inclusion in a newsletter or on our website and social media channels, for the creation of reports, and possibly to inform our members about the event. Participants can inform the photographer before or during the recordings that they do not want to appear in the corresponding visual material.

4.8 Operation, Control, and Improvement of the Website and Other Electronic Channels

4.8.1 Server Log Files

In close collaboration with our hosting provider, we strive to protect databases as much as possible from unauthorized access, loss, misuse, or forgery. When accessing our websites, the following data is stored in log files: IP address, date, time, browser request, and general information transmitted about the operating system or browser. This data forms the basis for statistical, anonymous evaluations, allowing us to identify trends to improve our offerings accordingly. The provider of this website automatically collects and stores information in so-called server log files that your web browser automatically transmits to the provider. The following information is transmitted:

• Type and version of the browser

• Operating system used

• Referrer URL

• Hostname of the accessing computer

• Time of the server request

These data cannot be directly attributed to specific individuals. The merging of this data with other data sources is not performed. We reserve the right to review this data retrospectively if we become aware of specific indications of illegal use.

4.8.2 Cookies

The website partly uses so-called cookies. Cookies do not harm your computer and do not contain viruses. They serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain on your device until you delete them. These cookies enable us to recognize your browser on your next visit. Our website uses Squarespace Analytics, a web analytics service provided by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (“Squarespace”). Squarespace Analytics uses cookies. The cookies are transferred to a server in the USA and stored there. Squarespace is certified under the EU-US Privacy Shield and is committed to complying with EU data protection standards. Squarespace uses the data to evaluate the use of the website, create reports on website activity, and facilitate the use of the website. Data collection is necessary for these purposes. Squarespace will never associate your IP address with other Squarespace data. By using the website, you consent to the processing of data by Squarespace for the purposes and objectives of creating visitor statistics and improving the website. For more information, please visit https://www.squarespace.com/privacy/.

You can configure your browser to inform you about the use of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases, or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies and related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.

4.8.3 SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4.9 Ensuring Security, Fulfilling Legal Obligations, Enforcing Claims

We may process the aforementioned personal data to ensure security and enforce your rights, if necessary, and may also disclose them to third parties, such as courts or authorities.

5. Data Collection, Retention Period, Security Measures

5.1 Data Collection

Typically, we receive the personal data mentioned in Section 4 directly from you when you use one of our services. In some cases, data may also be collected directly from the employer of the individuals concerned. For mandates, depending on the nature and scope of the mandate, data may also come from authorities, courts, or third parties. We also extract publicly available information from media and the internet, as far as this is indicated in specific cases (e.g., in the context of an application, in the selection of lecturers and speakers), as well as data related to the use of the website (see Section 4.8).

5.2 Retention Period

We retain personal data for as long as it is needed for the purpose for which it was collected or for a duration required by applicable laws, regulations, or contractual agreements, and as long as we have a predominant interest in retention. After that, the data is deleted.

5.3 Data Security

We implement appropriate technical and organizational security measures to protect personal data from unauthorized access and misuse. This includes IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training, and controls. The data is stored in the applications and software applications we use. The data is primarily stored on secure servers located in SmartVault SOC 2 certified datacenters or Canopy SOC 2 certified datacenters. Other service providers may be used. For a complete list, please contact the responsible entity and contact (see Section 8.1).

If third parties have access to our data, special measures are taken, as regulated in the data processing agreement (see Section 6). To facilitate and expedite order processing, information and data can also be exchanged electronically. It is known that data sent over the Internet cannot be reliably protected against third party access, loss, delayed transmission, or virus infection. Agreements on encryption techniques and the like can be separately agreed upon request.

6. Data Disclosure and Transmission

We may disclose personal data to third parties if you have given your consent, or if it is necessary for the provision of the respective service, the fulfillment of the contractual purpose, or the protection of our legitimate interests, or if we are legally obligated to do so. The following categories of recipients may receive personal data from us:

• Service providers (e.g., IT service providers, hosting providers, tax preparation software companies (such as CCH Axcess and ClickImpôts), client management software, suppliers, consultants, lawyers, insurers, etc.);

• Third parties within the scope of our legal or contractual obligations, authorities (such as tax authorities, social insurance authorities, etc.), government institutions, courts.

Third parties we engage with are contractually obligated to comply with data protection regulations and process the data only for the purposes we specify.

Our service providers are mainly located in Switzerland, the United States or in the EU/EEA. If data transmission to a country without an adequate level of data protection is required, it will be based on standard contractual clauses (e.g., in the case of Microsoft) or other suitable guarantees. The information you provide to us may also be anonymized for statistical analysis purposes and shared with third parties.

7. Your Rights

Every individual has the right to request information about the data processed concerning them, including its origin, recipients, and the purpose of data collection and processing. Additionally, you have the right to request correction, blocking, deletion, or transfer of your data. Data that must be retained due to legal regulations or required for business transactions cannot be deleted. If data is not subject to a legal archiving obligation or our predominant retention interest, we will delete your data upon your request. If an archiving obligation applies, we will block your data.

8. Final Provisions

8.1 Responsible Entity and Contact

We are responsible for data processing according to this privacy policy unless otherwise specified. General inquiries about data protection can be sent to us by mail or email: Jonathan Hadida, Esq. Hadida Tax Advisors SARL, 1 Rue de la Cite, 1204 Geneva - E-Mail: team@hadtax.com

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

8.2 Consent and Adjustments to the Privacy Policy

By visiting this website, you consent to the usage of your personal data as outlined in this privacy notice. HadTax reserves the right to adjust our privacy policy at any time through publication on the website.

8.3 Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

8.4 Governing Law

Hadida Tax Advisors is a limited liability company (SARL) directed by Jonathan Hadida and governed by the laws of Switzerland. It is registered in Geneva, Switzerland and its headquarters is 1 Rue de La Cite 1204 Geneva, Switzerland. Any claim relating to Hadida Tax Advisors’ web site or policy notice shall be governed by the laws of Switzerland without regard to its conflict of law provisions.

This privacy policy was last updated on January 24, 2025.