Privacy Policy – Virtual Office Zug

1

Who We Are

Virtual Office Zug is a brand owned by Hevea Investment, a company incorporated in Hong Kong. All services are delivered exclusively from our four registered offices in Canton Zug, Switzerland.

We provide a complete suite of services for businesses establishing a legal presence in Switzerland: virtual office domiciliation, mail handling & scanning, Swiss resident director, GmbH & AG formation, business banking, accounting & fiduciary, VOZ Vault (secure document storage), VOZ Docs, VOZ AI Assistant, and VOZ Voice (AI phone receptionist).

Where your data lives. Your personal data is processed and stored in Switzerland. Swiss law — including the Federal Act on Data Protection (nLPD) — governs all our data protection obligations. Hevea Investment acts as the legal data controller, but your relationship is with our Swiss operations.

4 offices in Canton Zug

Baar · Cham · Steinhausen · Zug City

Data stored in Switzerland

Swiss nLPD applies. No data held in Hong Kong.

Swiss commercial register

All addresses registered on ZEFIX, publicly verifiable.

Swiss law governs

OR · DBG · GwG/AMLA · nLPD — full Swiss legal framework.

2

Data We Collect

Account data

When you register or place an order:

Full legal name and email address
Company name, registered purpose, and desired commune
Mailing address (for correspondence)
Identity verification documents (passport or national ID) where required by Swiss law

Payment data

All payment processing is handled by Stripe, Inc. We never store your card number, CVV, or full payment credentials on our servers. We retain only the transaction reference, amount, currency, date, and anonymised last-four-digit card fragment for invoicing purposes.

Usage data

We may collect anonymised data about how you use this website via Plausible Analytics (see Section 7).

Communications

If you contact us via email or our support portal, we retain the content of that correspondence to respond to and manage your request.

3

How We Use Your Data

Purpose	Data used
Service delivery & onboarding	Account data, identity documents
Processing & recording payments	Stripe transaction data
Legal & regulatory compliance (AML/KYC)	Identity documents, company information
Transactional communications	Email address, order details
Customer support	Account data, support communications
Improving our services (aggregated)	Anonymised usage data

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without human review.

4

Legal Basis

Contract performance — processing necessary to deliver the services you have purchased (Swiss OR Art. 394 et seq.).
Legal obligation — processing required to comply with Swiss AML/KYC regulations, cantonal requirements, and Hong Kong company law.
Legitimate interest — security of our systems, fraud prevention, and improving our services, where these interests are not overridden by your rights.
Consent — where we have obtained your explicit consent, for example for optional marketing communications. You may withdraw consent at any time.

5

Data Retention

We retain personal data for as long as your account is active. After account closure, we retain data for the periods set out below:

Data type	Retention period	Reason
Account & contract data	10 years after contract end	Swiss law (OR Art. 958f)
Identity documents (KYC)	10 years after closure	Swiss Anti-Money Laundering Act
Payment records	10 years	Swiss accounting law
Support communications	3 years after resolution	Legitimate interest
Anonymised usage analytics	Indefinite (anonymised)	No personal data retained

6

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Request correction of inaccurate or incomplete data.

Erasure

Request deletion of your data, subject to legal retention obligations.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interest grounds.

Restriction

Request that we limit processing in certain circumstances.

Withdraw consent

Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact support@virtual-office-zug.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

7

Cookies

Essential cookies

We use essential cookies strictly necessary for the website to function, including session management, shopping cart state, and security tokens (WordPress nonces). These cannot be disabled.

Analytics

We use Plausible Analytics — a privacy-first platform that does not use cookies, does not track individuals across sites, and does not transfer personal data to the United States. All analytics data is anonymised and aggregated. We do not use Google Analytics or any tracking-cookie-based service.

No advertising or tracking cookies. We do not place advertising cookies, social media tracking pixels, or cross-site tracking technologies on this website.

8

Data Transfers

Where data is transferred outside Switzerland or the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards:

Processor	Purpose	Location	Safeguard
Stripe, Inc.	Payment processing	United States	EU SCCs
Notion Labs	Internal document management	United States	EU SCCs
n8n (self-hosted)	Workflow automation	Switzerland (our server)	No transfer
VOZ Suite (self-hosted)	Digital office tools — VOZ Vault, VOZ Docs, VOZ Voice, VOZ AI Assistant	Switzerland (our server)	No transfer — Swiss only
Plausible Analytics	Anonymised analytics	European Union	No personal data

9

Security

We implement appropriate technical and organisational measures to protect your personal data:

All data in transit is encrypted using TLS 1.2 or higher
Data at rest is stored on encrypted volumes
Access to personal data is restricted to authorised personnel
Passwords are hashed using industry-standard algorithms — plaintext passwords are never stored
We conduct periodic reviews of access controls and third-party security practices

Despite these measures, no system is completely immune to attack. In the event of a data breach that creates a risk to your rights, we will notify you and the relevant authorities as required by applicable law.

10

Contact

If you have questions about this policy, wish to exercise your rights, or have concerns about how we handle your data:

Privacy & Data Protection

Virtual Office Zug — Canton Zug, Switzerland

support@virtual-office-zug.com

We aim to respond to all privacy requests within 30 calendar days.