Swiss-Hosted & GDPR Compliant

Security & Data Protection

Your data never leaves Switzerland. We apply bank-grade encryption, strict access controls and full GDPR compliance to every piece of information you share with us.

TLS 1.3 Encryption

Hosted in Switzerland

GDPR Compliant

No Data Sold to Third Parties

Protection

How We Keep Your Data Safe

TLS 1.3 / HTTPS Everywhere

All data transmitted between your browser and our servers is encrypted with TLS 1.3, the latest and most secure transport layer standard. HTTP connections are automatically redirected to HTTPS.

Swiss Data Hosting

Your data is stored exclusively on servers located in Switzerland, subject to Swiss data protection law (nDSG) and GDPR. We do not use data centres outside the European Economic Area.

AES-256 Data Encryption at Rest

Sensitive fields (identity documents, beneficial owner data, contract files) are encrypted at rest using AES-256. Encryption keys are managed separately from the data they protect.

Strict Access Controls

Your client file is accessible only to authorised VOZ staff on a need-to-know basis. We use role-based access control (RBAC) with full audit logging of all access events.

Security Monitoring

Our infrastructure is monitored 24/7 for intrusion attempts, anomalous access patterns and vulnerability exposure. Critical patches are applied within 24 hours of release.

Data Minimisation

We collect only the data required to provide our services and fulfil legal obligations. Documents are retained for the legally required period and then securely deleted.

Infrastructure

Swiss Data Hosting

We host all client data with a certified Swiss data centre provider. This means your information is subject to Swiss law — one of the world's most protective data jurisdictions — and is never transferred to US cloud providers subject to CLOUD Act jurisdiction.

ISO 27001-certified data centre
Physical access controls and CCTV monitoring
Daily encrypted backups with 30-day retention
No data transfers outside Switzerland / EEA
Covered by Swiss nDSG and EU GDPR simultaneously

Encryption Standards

End-to-End Encryption

From the moment you upload a document to the moment it is stored, your data is encrypted in transit and at rest. We apply defence-in-depth: multiple encryption layers so that no single failure exposes your information.

TLS 1.3 for all data in transit
AES-256 for sensitive data at rest
Bcrypt hashing for passwords (never stored plain)
HSTS headers enforced (max-age 1 year)
Separate key management for encryption keys

GDPR & nDSG

Your Rights as a Data Subject

Under GDPR and Swiss nDSG, you have the following rights over your personal data. To exercise any right, contact privacy@virtual-office-zug.com.

Right of Access

Request a copy of all personal data we hold about you, free of charge, within 30 days.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

Request deletion of your data where it is no longer necessary, subject to legal retention obligations.

Right to Restriction

Ask us to restrict processing while a dispute is resolved or an objection is pending.

Right to Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

Right to Object

Object to processing based on legitimate interests, including direct marketing at any time.

We Never Sell Your Data

Your personal information is used exclusively to provide the services you subscribe to. We do not sell, rent, trade or share your data with advertisers or data brokers — ever. Third parties receive only the data legally required (e.g. Swiss Commercial Register) or technically necessary to deliver a specific service.

Questions About Data Protection?

Our privacy team responds within 2 business days.