1. general

This privacy policy provides information on how we process personal data.

Personal data" means all information relating to an identified or identifiable natural or legal person. Processing" means any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, use, modification, disclosure, archiving, deletion or destruction of personal data.

For certain data processing, e.g. in the context of concluding contracts, further regulations exist. These are available in the corresponding contracts.

2. data security

We are committed to protecting personal data and privacy in accordance with applicable laws, in particular the Code of Professional Conduct and data protection law. To this end, we take various technical and organizational security measures (e.g. access restrictions, firewalls, personalized passwords as well as encryption and authentication technologies, training of employees, etc.).

3. categories of personal data

We process the following categories of Personal Data. We always process as little Personal Data as possible.

Customer data, such as:

Master and inventory data (e.g. name, address, nationality, date of birth, information regarding account, custody account, concluded transactions and contracts, information about third parties who are affected by data processing, such as spouses, authorized representatives and advisors).
Transaction or order and risk management data (e.g. information on beneficiaries of transfers, beneficiary bank, amount of transfers, risk and investment profile, information on investment products).
Technical data (e.g., business numbers, IP addresses, internal and external identifiers, records of access).
Marketing data (e.g., preferences, needs).
Visitor and Prospect Data (e.g., our visitors or visitors to our website), such as:

Master and Inventory Data (e.g., name, address, date of birth).
Technical data (e.g. IP addresses, internal and external identifiers, records of access).
Marketing data (e.g., preferences, needs).
Supplier data, such as:

Master Data and Inventory Data (e.g., name, address, date of birth, information about completed transactions and contracts).
Technical data (e.g. IP addresses, internal and external identifiers, records of access).

4. origin of personal data

In order to fulfill the purposes set forth in Section 5, we may collect Personal Data from the following sources:

Personal Data that is disclosed to us, e.g., when opening business relationships, in the context of the execution of contracts or the use of products and services.
Personal data that accrue in the context of the use of products or services and are transmitted to us by the technical infrastructure or by processes based on the division of labor.
Personal data from third-party sources, e.g. from authorities or sanctions lists of the UN and the EU.

5. purposes of processing

We may process personal data to provide our own services and for our own purposes or those provided for by law. In particular, this includes the following:

Conclusion and fulfillment of contracts, execution, processing and management of products and services (e.g. invoices, investments).
Monitoring and managing risks (e.g. investment profiles, anti-money laundering, limits, utilization figures, market risks).
Planning, business decisions (e.g. development of new or evaluation of existing services and products).
Marketing, communication, information about and review of service offerings (e.g. print and online advertising, customer, prospect or other events, identification of future customer needs).
Fulfillment of legal or regulatory obligations to provide information or to report to courts and authorities, fulfillment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
Safeguarding our interests and securing our claims, e.g. in the event of claims against us or claims by us against third parties.

6. disclosure to third parties, categories of recipients

We disclose customer data to the following third parties in the following cases:

To other service providers for outsourcing pursuant to Section 7 and for the purpose of comprehensive customer support.
For order execution, i.e. when products or services are used (e.g. to Aquila AG in the context of compliance reviews).
Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
To the extent necessary to protect our legitimate interests, e.g. in the event of legal action threatened or initiated against us by customers, in the event of public statements, to secure our claims against customers or third parties, in the event of debt collection, etc.
With the consent of the persons concerned to other third parties.
In particular, when using certain products or services, personal data may also have to be disclosed to third parties in countries where there is no adequate level of data protection (e.g. USA). If a transfer to such a country is necessary, we will, if possible, take appropriate precautions to continue to protect personal data adequately.

7. outsourcing of business areas or services (outsourcing)

We outsource certain business areas and services in whole or in part to third parties, in particular Aquila AG (such as legal and compliance; accounting; CRM system).

The service providers who process Personal Data on our behalf for this purpose (so-called order processors) are carefully selected. Whenever possible, we use order processors domiciled in Switzerland. The order processors may be entitled to have certain services provided by third parties.

The order processors may only process personal data received in the same way as we ourselves do and are contractually obliged to guarantee the confidentiality and security of the data.

8 Automated decisions in individual cases including profiling

We reserve the right to process customer data automatically in the future, if necessary, in particular in order to identify essential personal characteristics of the customer, to predict developments and to create customer profiles. This serves in particular to review and further develop offers and to optimize the provision of services.

In the future, customer profiles may also lead to automated individual decisions (e.g. automated acceptance and execution of customer orders in the CRM system).

We ensure that a contact person is available if a data subject wishes to comment on an automated individual decision and such a possibility to comment is provided for by law.

9. use of our website and cookie policy

When a person visits our website, the web server automatically records details of their visit (e.g. the website from which the visit is made, the visitor's IP address, the content of the website that is accessed, including the date and duration of the visit). Such tracking data serve to optimize our website and provide information on how the visitor informs himself about and uses our products, services and offers. As a rule, however, they do not allow any conclusions to be drawn about the identity of the visitor. In this respect, no personal data is processed.

When visiting our website, the visitor's data is transported via the Internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. This entails the risk that the data may be disclosed or its content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message may be faked or otherwise manipulated by unauthorized persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, that data may be transmitted uncontrolled abroad, where data protection requirements may be lower than in Switzerland, etc. The risk of such manipulation is not excluded.

By using our website, a visitor confirms his or her express agreement with this privacy policy and the risks mentioned.

In addition, a visitor may agree to the use of cookies when using our website. Cookies are small files that are stored on the visitor's computer to track the corresponding website visit and navigation between different pages and/or to save settings (e.g. selected language). Cookies are used to collect statistical data on the frequency and time of visits to individual website areas, and help to design tailored, useful and user-friendly websites. The visitor can decide against the use of cookies at any time and delete the cookies set by our website. Deletion is possible via the settings in the visitor's Internet browser.

This privacy policy only applies to data that we receive as a result of the use of our website. It is not applicable to third-party websites, even if the visitor reaches them via links on our website. We have no influence on the content and data protection practices of third-party websites and cannot accept any responsibility for them.

10 Duration of storage

The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal retention obligations, which are five, ten or more years depending on the applicable legal basis.

11. rights of the persons concerned

Anyone can request information from us as to whether personal data about him or her is being processed. There is a right of objection, restriction of processing and, where applicable, a right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, unless legal or regulatory requirements (e.g. legal retention obligations of business-relevant data) or technical hurdles prevent this. The deletion of data may result in us no longer being able to provide certain services. In addition, where applicable, there is a right of appeal to a competent authority. Where we process personal data on the basis of consent, this consent can be revoked at any time.

In order to assist us in responding to your request, we ask that you provide us with an appropriate comprehensible notice. We will review and respond to your request within a reasonable period of time.

12. contact

We are responsible for processing your personal data. Requests can be sent to the following address:

Aquila AG
Bahnhofstrasse 43
8001 Zurich