Terms of service
Data Protection Policy of Swiss Investment AG
In this Data Protection Policy we, Swiss Investment AG and companies of the Swiss Investment Group (hereinafter together Swiss Investment, we or us), describe how we collect and process personal data. This is not an exhaustive description; where appropriate, other data protection policies or general terms and conditions, conditions of participation and similar regulations may apply to specific circumstances. The term “personal data” is here deemed to include all information referring to an identified or identifiable person.
If you provide us with personal data of other persons (e.g. family members or work colleagues), please make sure that these persons are aware of this Data Protection Policy, and provide us with their personal data only if you are allowed to do so and such personal data is correct.
This Data Protection Policy is in line with the Swiss Federal Act on Data Protection Act (FADP) and the EU General Data Protection Regulation (GDPR). Although the GDPR is a European Union regulation, it is relevant for us and companies outside the European Union and the EEA must also comply with the GDPR in certain cases.
1. Controller / Data Protection Officer / Representative
Unless specifically otherwise indicated, Swiss Investment AG, Bahnhofstrasse 24, 8001 Zurich, Switzerland is the “controller” of data processing carried out by us. If you have data protection related concerns, you can inform us regarding all companies of the Swiss Investment Group using the following contact details: Swiss Investment AG, Datenschutzbeauftragter (Data Protection Officer), Bahnhofstrasse 24, 8001 Zurich, Switzerland, Website: www.investera-capital.com.
Our data protection representative in the EU to be addressed in accordance with Art. 27 GDPR by supervisory authorities and data subjects for all matters in connection with EU data protection legislation is: VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany.
2. Collection and Processing of Personal Data
We primarily process personal data (such as name, address, date of birth, national insurance number, account numbers, etc.) that we obtain from our clients and other business partners as well as other individuals in the context of our business relationship with them or that we collect from users when operating our websites, apps and other applications.
To such a degree as it is permitted to us, we also obtain certain data from publicly accessible sources (e.g. debt registers, land registries, commercial registers, press, internet) or we may receive such information from affiliated companies of Swiss Investment, from the authorities or other third parties, such as the providers of background checks. Insofar as these third parties are themselves wholly or partly responsible for the processing of these data, their data protection regulations apply additionally (e.g. the data protection regulations of LexisNexis, available at https://www.lexisnexis.com/global/privacy/de/article-14-bis.page).
Apart from data you provided to us directly, the categories of personal data that we receive about you from third parties include, but are not limited to: information from public registers, data received in connection with administrative or court proceedings, information in connection with your professional role and activities (e.g. in order to conclude and carry out contracts with your employer with your assistance), information about you in correspondence and discussions with third parties, credit rating information (where we conduct business activities with you personally), information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney), information regarding legal regulations such as anti-money laundering and export restrictions, bank details, information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g. payments made, previous purchases), information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with a job applications, marketing/sales, etc.), your addresses and any interests and other socio-demographic data (for marketing purposes), data in connection with your use of the website (e.g. IP address, MAC address of your smartphone or computers, information about your device and settings, cookies, date and time of your visit, site and content retrieved, applications used, referring website, localisation data).
In case that Swiss Investment and/or its affiliates administer or provide services to structures/entities that were to be classified as Financial Institutions (FI) according to the Automatic Exchange of Information under the Common Reporting Standard (CRS) and/or as Foreign Financial Institutions (FFI) under the Foreign Account Tax Compliance Act (FATCA), information such as the following about the relevant account holders and controlling persons may be subject to reporting to the relevant tax authorities:
· name, address, tax residency, TIN, date of birth
· account number
· overall balance
· gross payments
3. Data Transfer and Transfer of Data Abroad
In the context of our business activities and in line with the purposes of the data processing set out in Section 3, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, either in order for them to process data for us, or for their own purposes. In particular, the following categories of recipients may be concerned:
· our service providers (within Swiss Investment, or externally, e.g. banks, insurance companies), including processors (e.g. IT providers);
· registered agents in countries in which they are prescribed by law, provided we are supporting you at your request in the country in question in connection with the incorporation and/or administration of a company;
· dealers, suppliers, sub-contractors and other business partners;
· clients;
· domestic and foreign authorities, government offices or courts;
· the media;
· the public, including users of our websites and social media;
· competitors, industry organisations, associations, organisations and other bodies;
· acquirers or parties interested in the acquisition of business divisions, companies or other parts of Swiss Investment;
· other parties in possible or actual legal proceedings;
· other companies in the Swiss Investment Group;
all together Recipients.
Certain Recipients may be within Switzerland but can be anywhere in the world. In particular, you must anticipate your data to be transferred to all countries in which Swiss Investment is represented by affiliates, branches or other offices, as well as in other countries in Europe and the USA where we are acting on your behalf or where our service providers (e.g. LexisNexis) are located. If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by using appropriate contracts (in particular based on the “standard contractual clauses” of the European Commission, which can be accessed at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en) or binding corporate rules or we rely on the statutory exceptions of consent, performance of the contract, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of the persons concerned. You can obtain a copy of the mentioned contractual guarantees at any time from the contact person named in Section 1 above, if they are not available under the above-mentioned link. However, we reserve the right to redact copies for data protection reasons or reasons of secrecy or to provide excerpts only.
We are entitled to transfer your data to a country that does not have adequate legal data protection without implementing one of the above-mentioned measures if the transfer of the data is necessary for the conclusion or fulfilment of a contract between you and us, or for the implementation of pre-contractual measures at your request. We are likewise entitled to transfer your data to a country that does not have adequate legal data protection without implementing the above-mentioned measures if this is necessary for the conclusion or fulfilment of a contract between us and an individual or legal entity that is in your interest. Where data of third parties, such as e.g. family members, has to be transferred in the above-mentioned cases, you are responsible for obtaining any consent required from these third parties.
4. Retention Periods for Your Personal Data
We process and retain your personal data as long as required for the performance of our contractual and national and international legal obligations or for other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. It is thus possible that personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so, or if legitimate business interests require further retention (e.g. for evidential and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymised, to the extent possible.
5. Data Security
We have taken appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, inspections.
6. Obligation to Provide Personal Data to Us
In the context of our business relationship you must provide us with any personal data that are necessary for the commencement and carrying out of a business relationship and the performance of the contractual obligations relating to it. Without this data, we will usually not be in a position to enter into or conclude a contract with you (or the office or person that you represent). In addition, the website cannot be used unless certain information to ensure data traffic (e.g. IP address) is disclosed. Where you provide third-party data to us which we have to process on your behalf for the conclusion or performance of the contract with you, you bear the responsibility for the existence of an adequate legal basis.
7. No Automated Decision Making
In establishing and carrying out a business relationship, and also in other situations, we generally do not use any fully automated individual decision-making (such as pursuant to Art. 22 GDPR). Should we use such procedures in certain cases, we will inform you separately about this and advise you of your rights in this connection.