3. General terms
This data protection declaration explains how we process personal data.
“Personal data“ means all details related to a specific or identifiable natural or legal person.
„Processing“ means all ways of dealing with personal data, irrespective of the means and procedures used, in particular procuring, storing, using, revising, disclosing, archiving and destroying of personal data.
In connection with specific kinds of data processing, e.g. the entry into contracts, additional provisions might apply. Such provisions are available in the respective contracts.
2. Data security
We undertake to protect your privacy in accordance with the applicable laws, especially the code of conduct and data protection law. For this reason, we take a number of precautions, such as implementing technical and organizational security measures (e.g. access restrictions, firewalls, personal passwords such as encryption and authentication technologies, staff training).
3. Categories of personal data
We can process the following categories of personal data while limiting the processing to the necessary minimum.
Client data such as:
- Master data and data on holdings (e.g. name, address, nationality, date of birth, information about accounts, custody accounts, concluded transactions and contracts, information about third parties who are also affected by the data processing, such as spouses, authorized representatives and advisors).
- Transaction data, order data, and risk management data (e.g. data regarding beneficiaries of payments, the beneficiary’s bank, the amount of payments, data on risk and investment profiles, investment products).
- Technical data (e.g. business numbers, IP addresses, internal and external identifiers, records of access).
- Marketing data (e.g. preferences, needs).
Data of interested parties and visitors (i.e. our visitors or visitors of our website) such as:
- Master data and data on holdings (e.g. name, address, date of birth).
- Technical data (e.g. IP addresses, internal and external identifiers, records of access).
- Marketing data (e.g. preferences, needs). Supplier data such as:
- Master data and data on holdings (e.g. name, address, date of birth, concluded transactions and contracts).
- Technical data (e.g. IP addresses, internal and external identifiers, records of access).
4. Origin of personal data
For the purposes of section 5, we can collect personal data from the following sources:
- Personal data given to us, e.g. for the entering into a business relationship, the execution of contracts, or our products and
- Personal data necessary for the use of products or services and transmitted to us via the technical infrastructure or complex
- Personal data from third parties, g. authorities or UNO/EU sanction lists.
5. Purposes of data processing
We can process personal data for the provision of own services and for own or legally prescribed purposes. In particular, the purposes of our data processing are the following:
- Entering into and executing of contracts, processing and managing products and services (e.g. payments, investments).
- Monitoring and managing risks (e.g. investment profiles, combating of money laundering, limits, market risks).
- Planning, business decisions (e.g. developing of new or assessing of existing services and products).
- Marketing, communication, information about and review of the range of services (e.g. advertisements in print and online; events for clients and interested parties as well as other events, determination of future client needs).
- Compliance with legal or regulatory disclosure, notification or reporting obligations to courts and authorities, fulfilment of official orders (e.g. reporting obligations towards FINMA and foreign supervisory authorities, orders of prosecution departments in connection with money laundering and terrorist financing).
- Protecting our interests and securing our rights in case of claims against us or own claims against third
6. Disclosure to third parties, categories of recipients
We may disclose client data to the following third parties in the following cases:
- For outsourcing activities according to section 7 and for the purpose of comprehensive customer service to third party service
- For the execution of orders, i.e. when using third party products and services (e.g. to Aquila AG in connection with compliance reviews).
- Based on legal obligations, legal justifications or official orders, e.g. to courts, supervisory authorities, tax authorities, or other third
- Where necessary, to protect our legitimate interests, e.g. with respect to any legal action threatened or initiated against us by clients, in case of public statements, to safeguard our claims against clients or third parties, or for debt collection
- With the consent of the person concerned, to other third
In particular in connection with certain products or services, personal data must also be disclosed to third parties domiciled in countries which do not have an appropriate level of data protection (e.g. the United States). If data has to be transferred to such a country, we will take measures for a continuous appropriate protection of personal data.
7. Outsourcing of business units or services
We are outsourcing certain business units and services, wholly or partially, to third parties, in particular to Aquila AG (such as legal and compliance, accounting, CRM system, IT).
We carefully select any contractors who process personal data on our behalf. Where possible, we use service providers domiciled in Switzerland. The service providers might be entitled to outsource certain services to other third parties.
The services providers are only permitted to process the data received to the extent that we do ourselves. Additionally, they are contractually required to guarantee confidentiality and the security of personal data.
8. Automated individual decisions in specific cases, including profiling
We reserve the right to process client data in the future in an automated manner, in particular to identify significant personal characteristics of the clients, to predict developments and to create client profiles.
This is used, in particular, to review and develop our offering and to improve our services.
Client profiles may, in the future, also lead to automated individual decisions (e.g. automated receipt and execution of client orders in our CRM system).
We ensure that a suitable contact person is available to the client if the client wishes to express a view on any automated individual decision where such opportunity to express a view is required by law.
9. Use of our website and cookie policy
When a person is visiting our website, our web server automatically records certain details of the visit (e.g. the website the person is visiting us from, the visitor’s IP address, the specific areas of the website the person is visiting, including the date and duration of the visit). Such tracking data is used to optimize our website and provide information on how the visitor of the website learns about our products and services and how he/she uses them. However, it does not allow the identification of the visitor. In so far, no personal data is being processed in this respect.
When visiting our website, the visitor’s data is transmitted over the internet, an open network accessible to everyone. The electronic transmission of data (including via email) prohibits an effective protection of the data against third party interventions. This bears the risk that the data is being disclosed or altered, that the identity of the sender (e.g. email address) or the content of the data is imitated or otherwise manipulated by unauthorized third parties, that viruses are released, that technical transmission errors, delays or interruptions occur, that information is transmitted abroad including countries whose data protection laws are not comparable to those of Switzerland etc.
When visiting our website, the visitor explicitly agrees to this data protection declaration and the mentioned risks.
Furthermore, a visitor of our website can agree to the use of cookies. Cookies are small files that are saved on the computer of the visitor of our website in order to follow the website visit if the visitor navigates between different pages or to save settings (e.g. selected language). Cookies help to collect statistical data on how often and how long people visit specific areas of the website and help to develop customized websites that are more useful and user- friendly. The visitor may decide to stop the use of cookies at any time by deleting the cookies created by our website. This can be done by deleting all cookies via the settings in the visitor’s web browser.
This data protection declaration only applies to data we receive due to visits of our website. It is not applicable to third party websites (including linked websites). The content and privacy practices of any (linked) third party website is beyond our control and responsibility.
10. Duration of storage
The duration of storage for personal data depends on the purpose of the data processing and/or statutory storage provisions (depending on the applicable legal basis, five, ten or more years).
11. Rights of the affected persons
You can ask us whether personal data about you is being processed. You have the right to object to the data processing, the right to restriction of processing, and, if applicable, the right to data portability. You also have the right of rectification and, provided that there are no compelling statutory or regulatory requirements (such as storage provisions) or technical barriers, the right to erasure. The erasure of your personal data may lead to the result that we cannot provide certain services any longer. Furthermore, if applicable, there is also a right to lodge a complaint with an appropriate data privacy supervisory authority. Where we process personal data based on your granted consent, you may revoke your consent at any time.
To help us reply to your request, please send us a clear message. We will examine your issue and reply in good time.
12. Contact data
We are responsible for the processing of personal data. If you have any questions relating to data protection, please contact the following address:
Aquila AG Bahnhofstrasse 43
8001 Zürich compliance@aquila.ch