Privacy Policy

Last updated: April 10, 2026

Fineleads GmbH ("Fineleads," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal data when you visit our website or interact with our services. We process all personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG/FADP, effective September 1, 2023), as applicable.

1. Data Controller

The data controller responsible for data processing on this website is:
Fineleads GmbH
For contact details, please see our Contact page or Impressum.

2. Information We Collect

We may collect the following categories of personal data:

  • Contact information: name, email address, phone number, and postal address provided through our contact form or lead inquiry forms.
  • Financial inquiry data: details you provide about your financial interests, product preferences, and advisory needs, used to qualify and match your inquiry with a suitable financial advisor.
  • Technical data: IP address, browser type, operating system, referring URL, pages visited, and timestamps, collected automatically when you access our website.
  • Cookies and tracking data: information collected through cookies and similar technologies to analyze website usage and optimize our digital marketing channels. See Section 7 for details.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Lead qualification: evaluating and qualifying your inquiry using our defined qualification frameworks to ensure relevance and quality.
  • Advisor matching: matching your qualified inquiry with a suitable financial advisor from our partner network to enable efficient follow-up.
  • Communication: responding to your inquiries and providing information about our services.
  • Analytics and optimization: analyzing website usage via Google Analytics 4 to improve our website and user experience.
  • Advertising: measuring the effectiveness of our advertising campaigns on Meta (Facebook/Instagram) and Google Ads, and delivering relevant advertising to prospective customers.
  • Legal compliance: fulfilling legal obligations, such as record-keeping and regulatory requirements.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Under the GDPR (applicable to individuals in the EU/EEA):

  • Consent (Art. 6(1)(a) GDPR): where you have given explicit consent, such as for analytics cookies, marketing cookies, or marketing communications.
  • Contract performance (Art. 6(1)(b) GDPR): where processing is necessary to fulfill our services, including lead qualification and advisor matching.
  • Legitimate interest (Art. 6(1)(f) GDPR): where processing is necessary for our legitimate business interests, such as ensuring website security, provided these interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): where processing is required to comply with applicable laws.

Under the Swiss nDSG (applicable to individuals in Switzerland):

  • Under Swiss law, personal data may generally be processed without a specific legal basis unless the processing violates the personality rights of the data subject (Art. 6 nDSG). However, we apply the stricter GDPR opt-in consent model for cookies and tracking across all users, regardless of location, to ensure the highest standard of protection.
  • We inform you transparently about all data processing activities, the purposes of processing, and any recipients in accordance with Art. 19 nDSG.

5. Data Sharing and Recipients

We share your personal data only in the following circumstances:

  • Financial advisors: qualified lead data is shared with selected financial advisors within our partner network for the purpose of follow-up and advisory services. We only share leads that have been qualified through our structured process.
  • Google LLC (USA): we use Google Analytics 4 for website analytics and Google Ads for advertising. When you consent to analytics and/or marketing cookies, data such as your IP address, browsing behavior, and conversion events may be transmitted to Google servers, including servers in the United States.
  • Meta Platforms, Inc. (USA): we use the Meta Pixel for advertising measurement and optimization on Facebook and Instagram. When you consent to marketing cookies, data such as your IP address, browsing behavior, and conversion events may be transmitted to Meta servers, including servers in the United States.
  • Other service providers: we may engage trusted third-party providers (e.g., hosting, CRM platforms) who process data on our behalf under data processing agreements in compliance with Art. 28 GDPR and/or Art. 9 nDSG.
  • Legal requirements: we may disclose data where required by law, regulation, or court order.

We do not sell your personal data to third parties.

6. International Data Transfers

Some of our service providers, in particular Google LLC and Meta Platforms, Inc., are based in the United States. When your data is transferred to the US, we rely on the following safeguards:

  • For EU/EEA data subjects: the EU-U.S. Data Privacy Framework (DPF) adequacy decision, and/or Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, supplemented by additional technical measures where necessary.
  • For Swiss data subjects: the Swiss-U.S. Data Privacy Framework, and/or the Swiss Federal Council's adequacy assessments under Art. 16 nDSG. Where no adequacy decision applies, we use Standard Contractual Clauses and additional safeguards in accordance with Art. 17 nDSG.

We ensure that any international data transfers provide an adequate level of protection for your personal data in compliance with applicable law.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Essential cookies are necessary for the website to function and cannot be disabled. Analytics and marketing cookies are only set after you have given your explicit consent via our cookie consent banner. You can change your preferences at any time by clicking "Cookie Settings" in the footer.

When Google Consent Mode v2 is active with consent denied, Google may still receive anonymized, cookieless signals (pings) for basic conversion modeling. These pings do not contain personal data and do not set cookies on your device.

Essential

Name Purpose Duration
fl_consent Stores your cookie consent preferences (localStorage) Persistent until cleared

Analytics (require consent)

Name Provider Purpose Duration
_ga Google Distinguishes unique visitors 2 years
_ga_* Google Maintains session state for GA4 2 years

Marketing (require consent)

Name Provider Purpose Duration
_fbp Meta Identifies browser for Meta Pixel 90 days
_fbc Meta Stores click identifier from Facebook ads 90 days
_gcl_au Google Stores conversion data for Google Ads 90 days
_gcl_aw Google Stores Google Ads click information 90 days

8. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy, or as required by applicable legal retention obligations. Lead data that does not result in a successful advisor match is typically deleted or anonymized within 12 months of collection, unless a longer retention period is required by law.

9. Your Rights

Under the GDPR (EU/EEA residents):

  • Access (Art. 15 GDPR): request confirmation of whether we process your data and obtain a copy.
  • Rectification (Art. 16 GDPR): request correction of inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR): request deletion of your data where there is no compelling reason for continued processing.
  • Restriction (Art. 18 GDPR): request restriction of processing under certain conditions.
  • Data portability (Art. 20 GDPR): receive your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21 GDPR): object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

EU/EEA residents have the right to lodge a complaint with a supervisory authority in the EU Member State of their habitual residence, place of work, or place of the alleged infringement.

Under the Swiss nDSG (Swiss residents):

  • Right of access (Art. 25 nDSG): request information about whether and how we process your personal data.
  • Right to data portability (Art. 28 nDSG): request your data in a commonly used electronic format.
  • Right to object to automated decisions (Art. 21 nDSG): request that a decision made solely by automated means be reviewed by a natural person.
  • Right to rectification and erasure: request correction or deletion of your data.

Swiss residents may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC/EDOB), Feldeggweg 1, 3003 Bern, Switzerland.

To exercise any of these rights, please contact us.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures are regularly reviewed and updated in line with current industry standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "last updated" date. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us.