Compliance

Last updated: July 15, 2023

Our Commitment to Compliance

At SchaffhApp, we are committed to maintaining the highest standards of legal and regulatory compliance. We understand that when dealing with administrative processes and personal data, adherence to all applicable laws and regulations is essential for building and maintaining trust with our users.

This document outlines our compliance framework and the measures we take to ensure our services meet all relevant requirements.

Data Protection Compliance

Swiss Federal Act on Data Protection (FADP)

As a Swiss-based company, we fully comply with the Swiss Federal Act on Data Protection (FADP). Our data processing activities adhere to the principles of:

  • Lawfulness and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

General Data Protection Regulation (GDPR)

For users located in the European Economic Area (EEA), we ensure compliance with the General Data Protection Regulation (GDPR). This includes:

  • Providing clear information about how we process personal data
  • Obtaining appropriate consent where required
  • Implementing data protection by design and by default
  • Maintaining records of processing activities
  • Conducting data protection impact assessments where necessary
  • Facilitating the exercise of data subject rights

Electronic Signature Compliance

Our digital signature features comply with:

  • The Swiss Federal Act on Electronic Signatures (ZertES)
  • The EU eIDAS Regulation (for cross-border transactions)

We ensure that electronic signatures created through our platform meet the requirements for legal validity and admissibility in administrative and legal proceedings.

Financial Services Compliance

For payment processing and financial transactions, we adhere to:

  • Swiss Financial Market Supervisory Authority (FINMA) regulations
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements

We implement robust verification procedures and transaction monitoring to prevent fraud and ensure compliance with financial regulations.

Information Security

Our information security practices are aligned with international standards, including:

  • ISO/IEC 27001:2013 (Information Security Management)
  • NIST Cybersecurity Framework

We implement comprehensive security controls to protect user data, including:

  • End-to-end encryption for sensitive data
  • Multi-factor authentication
  • Regular security assessments and penetration testing
  • Continuous monitoring for security threats
  • Incident response planning

Accessibility Compliance

We are committed to making our services accessible to all users, including those with disabilities. Our platform is designed in accordance with:

  • Web Content Accessibility Guidelines (WCAG) 2.1 Level AA
  • Swiss Federal Act on the Elimination of Discrimination against People with Disabilities

Compliance Governance

Compliance Team

Our dedicated compliance team is responsible for:

  • Monitoring regulatory developments
  • Updating policies and procedures
  • Conducting internal audits
  • Providing compliance training to staff
  • Managing relationships with regulatory authorities

Regular Assessments

We conduct regular compliance assessments to ensure ongoing adherence to all applicable laws and regulations. These assessments include:

  • Internal compliance audits
  • External third-party audits
  • Vulnerability assessments and penetration testing
  • Privacy impact assessments

Certifications

SchaffhApp maintains the following certifications:

ISO/IEC 27001:2013

Information Security Management System

PCI DSS Level 1

Payment Card Industry Data Security Standard

Swiss Digital Signature Certification

Compliant with ZertES requirements

WCAG 2.1 Level AA

Web Content Accessibility Guidelines

Reporting Compliance Concerns

We encourage the reporting of any compliance concerns or potential violations. You can report issues through the following channels:

  • Email: compliance@schaffh.shop
  • Phone: +41 44 123 45 69
  • Mail: Compliance Department, SchaffhApp, Bahnhofstrasse 42, 8001 Zürich, Switzerland

All reports are treated confidentially and investigated promptly.

Contact Our Compliance Team

If you have questions about our compliance program or need further information, please contact us at:

SchaffhApp Compliance Department
Bahnhofstrasse 42
8001 Zürich
Switzerland

Email: compliance@schaffh.shop
Phone: +41 44 123 45 69

We use cookies to enhance your experience on our website. By continuing to browse, you agree to our Cookie Policy.