Privacy Policy

Duties of information during the collection of personal data from the data subject in accordance with Article 19 et seqq. of the Swiss Data Protection Act (DSG) and in accordance with Article 13 paragraphs 1, 2, 4 and Article 21 paragraph 4 of the EU General Data Protection Regulation (GDPR).

FINAD (hereinafter “FINAD”) has published this privacy policy on the basis of the revised Swiss Data Protection Act (DSG) and the entry into force of the GDPR, the new data protection and confidentiality regulation in the European Union (EU). The GDPR is relevant to FINAD for a number of reasons, including the following:

Swiss data protection law has historically been closely tied to EU regulations, and the changes in Swiss data protection law are heavily influenced by the GDPR. In addition, the GDPR requires high data protection standards with an extraterritorial effect, and companies outside the EU are bound by these regulations under certain conditions.

Responsible handling of your personal data is an essential criterion for FINAD. We consider ourselves to be under a particular obligation to preserve and protect your privacy. For this reason, we would like to provide you with the following information on how your personal data is handled. We therefore ask you to familiarize yourself with the following information on data protection.

The following information is provided to give you an overview of how we process your personal data, and what your rights under data protection law are. Which specific data is processed and how it is used depends largely on the services requested or agreed.

If you have any questions or comments about data protection, please contact the data protection consultant (in accordance with the DSG) or the data protection officer of the data processing controller (in accordance with the GDPR) at:

FINAD AG
Talstrasse 58
CH-8001 Zurich
Schweiz
Tel: +41 44 209 70 00
E-Mail: zurich@finad.com

We process personal data that we receive from our customers as part of our business relationship. In addition, we process – to the extent necessary for the provision of our service – personal data that we legitimately obtain from publicly accessible sources or that are duly transmitted to us from other companies within the FINAD Group (this includes FINAD companies in Switzerland, Austria, and Germany) or from other third parties (e.g. the debt enforcement register, criminal records).

Relevant personal data are personal details (name, address and other contact details, date and place of birth, and nationality), identification data (e.g. ID data) and authentication data (e.g. signature sample). In addition, this can also include data from the fulfillment of our contractual obligations (e.g. transaction data from the custodian banks, background checks by KYC Spider), information about your financial situation (e.g. origin of assets), documentation data (e.g. consultation records), and other data that are comparable to the categories mentioned.

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG):

a) To fulfill contractual obligations (Art. 6 para. 3 DSG, Art. 6 para. 1 lit. b GDPR)

The processing of data for the provision of financial services takes place in the context of the implementation of our contracts with our customers or for the implementation of pre-contractual measures, which are performed on request. The purposes of data processing are primarily based on the specific product (e.g. asset management contract, investment advice contract, execution only) and can include, among other things, needs analyses, advice, asset management, and support as well as the execution of transactions. Further details on the purposes of the data processing can be found in the relevant contract documents and terms and conditions.

b) Within the scope of the balancing of interests (Art. 31 para. 2 DSG, Art. 6 para. 1 lit. f GDPR)

If necessary, to safeguard our legitimate interests or those of third parties, we process your data beyond the actual fulfillment of the contract. Examples:

• Consultation and data exchange with information centers (e.g. debt enforcement registers, background checks),
• Advertising, unless you have objected to the use of your data,
• Assertion of legal claims and defense in legal disputes,
• Ensuring IT security and IT operations of the company,
• Prevention and investigation of criminal offenses,
• Measures for business management and further development of services and products,
• Risk management in the company.

We also collect personal data from publicly available sources for the purpose of customer acquisition.

c) On the basis of your consent (Art. 31 para. 1 DSG, Art. 6 para. 1 lit. a GDPR)

If you have given us your consent to the processing of personal data for certain purposes, the legality of this processing is based on your consent. Once given, consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into effect, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the data processed up to the point of revocation.

d) Due to legal requirements (Art. 31 para. 1 DSG, Art. 6 para. 1 lit. c GDPR) or in the public interest (Art. 31 para. 1 DSG, Art. 6 para. 1 lit. e GDPR)

As an asset manager, we are also subject to various legal obligations, i.e. statutory requirements (e.g. Financial Services Act, supervisory organization, money laundering law, FINMA ordinances and circulars, tax laws).

The purposes of the processing include identity and age verification, fraud and money laundering prevention, the fulfillment of control and reporting obligations under tax law, as well as the assessment and management of risks in the company and within the group.

Within the company, those departments that need your data in order to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us can also receive data for these purposes if they maintain professional confidentiality. These are companies in the categories of banking services, IT services, printing services, telecommunications, advisory services and consulting, as well as offering and marketing.

With regard to the transfer of data to third parties outside our Group, it should first be noted that we as asset managers are obliged to maintain confidentiality about all customer-related facts and assessments of which we become aware, in accordance with Art. 69 of the Financial Institutions Act. In addition, in accordance with Art. 6 and 8 DSG, the principles also may not be violated vis-a-vis third parties. The principles of Art. 5 GDPR must also be observed. The DSG also contains a penalty clause on professional confidentiality in accordance with Art. 62 DSG. The EU sanctions can be found under Art. 83 GDPR.

This means that personal data may only be passed on if this is permitted by law, if you have given your consent (e.g. to carry out a financial transaction initiated by you) or if we are authorized to provide information. Under these conditions, recipients of personal data can be, e.g.:

• public bodies and institutions (e.g. tax authorities, law enforcement authorities) if a legal or official obligation exists.
• Other financial service institutions or comparable institutions to which we transmit personal data in order to conduct the business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, brokers, stock exchanges, information centers, IT service providers, etc.).
• Other companies within the Group, for risk control pursuant to a legal or regulatory obligation.

Other data recipients can be those offices for which you have given us your consent to data transmission, or for which you have released us from professional confidentiality in accordance with the declaration or consent.

Data transfer to locations in countries outside Switzerland (so-called third countries) does takes place, insofar as

• It is necessary for the execution of your orders (e.g. payment and securities orders)
• It is required by law (e.g. reporting obligations under tax law) or
• You have given us your consent.

Personal data is transferred abroad by us only to the extent that we can ensure compliance with Art. 16 ff. and 9 of the Swiss Data Protection Act (DSG), and that any third parties involved adhere to these principles. Additionally, we regulate our legal relationship with a data processor in accordance with Art. 28 of the General Data Protection Regulation (GDPR).

We process and store your personal data for as long as this is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a long-term obligation that is set up for years.

If the data is no longer required for the fulfillment of contractual or legal obligations, it is deleted regularly, unless the – temporary – further processing of that data is necessary for the following purposes:

Fulfillment of commercial and tax retention obligations: These include, in particular, the Swiss Code of Obligations, the Value Added Tax Act, the Federal Act on Direct Federal Taxes, the Federal Act on the Harmonization of Direct Taxes of the Cantons and Municipalities, the Federal Act on Stamp Duties, and the Withholding Tax Act.

As an asset manager, we may be subject to special retention regulations (“legal holds”), which oblige us to retain information for an indefinite period of time.

A “legal hold” is a process that an organization uses for obtaining all kinds of relevant information in the event of anticipated legal disputes.

Each data subject has the following rights:

the right of access in accordance with Article 25 DSG (Article 15 GDPR);

the right to rectification in accordance with Article 32 DSG (Article 16 GDPR);

the right to erasure in accordance with Article 6 para. 5 DSG or if the erasure is linked to one of the basic principles in accordance with Article 6 DSG, (Article 17 GDPR);

the right to restriction of processing in accordance with Articles 30, 31,32 DSG (Article 18 GDPR);

the right to object in accordance with Article 30 para. 2 Bst. b DSG (Article 21 GDPR);

the right to data portability in accordance with Article 20 GDPR;

If the standard is applicable, there is a right to lodge a complaint in accordance with Article 28 DSG with a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into effect, i.e. before May 25, 2018. Please note that the revocation can only be made with future effect. Processing that took place before the revocation is not affected.

During our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the related contractual obligations, or the data that we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract with you.

Above all, according to money laundering regulations, we are obliged to identify you by means of your identity document before establishing the business relationship and to collect and record your name, place of birth, date of birth, nationality, address, and data on your identity document. In order for us to be able to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act, and notify us immediately of any changes that arise in the course of the business relationship. If you do not provide us with the necessary information and documents, we will not be allowed to establish or continue the business relationship you have requested.

In principle, we do not use fully automated automatic decision-making under Article 22 GDPR to establish and conduct the business relationship. If we use this procedure in individual cases, we will inform you about this separately, where this is required by law.

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on the basis of Art. 6 para. 1 lit. f GDPR. Cookies are small units of information which are saved in the working memory of your computer. Randomly generated unique identification numbers are saved in a cookie, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot save any other data. You can delete any cookies which have been saved at any time by amending your browser settings.

If you do not want cookies to be used, you can block their use in your browser. It cannot be guaranteed that this will not affect the functionality of our website.

We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

Tracking

Geolocation

Analytics and third-party tools

When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done with cookies and analytics software. Your surfing behavior is usually analyzed anonymously; surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools.

Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on the basis of Art. 6 para. 1 lit. f GDPR. Cookies are small units of information which are saved in the working memory of your computer. Randomly generated unique identification numbers are saved in a cookie, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot save any other data. You can delete any cookies which have been saved at any time by amending your browser settings.

If you do not want cookies to be used, you can block their use in your browser. It cannot be guaranteed that this will not affect the functionality of our website. The cookies are automatically deleted after two weeks.

According to the DSG and GDPR, biometric data are classified as particularly sensitive personal data. Therefore, to the extent required by applicable law, your express consent, which must be obtained separately, is required in order to use your fingerprint or another biometric recognition system to access certain applications.

If FINAD performs online or video identification, the passport chip can only be viewed via the app (with a biometric passport). However, no fingerprint readout takes place.
Thank you for your acknowledgment.

In individual cases, we process your personal data in order to send direct mail. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 lit. f GDPR (data processing takes place on the basis of a weighing up of interests); this also applies to profiling based on this provision within the meaning of Art. 4 para. 4 GDPR.

If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims. We ask you to understand that in such cases we will not be able to provide services and maintain a business relationship.

The complaint can be lodged in writing with:

FINAD AG
Talstrasse 58
CH-8001 Zurich
Tel: +41 44 209 70 00

E-Mail: zurich@finad.com

As of: 01.09.2023

The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
FINAD GmbH
Dorotheergasse 6-8/L/021
AT-1010 Vienna
Tel: +43 1 513 6503 310
Fax: +43 1 513 6503 300
E-Mail: vienna@finad.com

For questions or comments regarding data protection, the Data Protection Officer of the data controller can be reached at: vienna@finad.com

Purposes and Legal Basis for Processing Personal Data

a. When visiting our website
Each time the website is visited, the following data is temporarily stored in a log file without any action on your part and is deleted after no more than 6 months:

– The IP address of the requesting computer
– The date and time of access
– The name and URL of the retrieved file
– The website from which the file was accessed
– The operating system of your computer and the browser you are using
– The name of your internet access provider

The collection and processing of this data is carried out for the purpose of enabling the use of the website (establishing a connection), ensuring the security and stability of the system in the long term, facilitating the technical administration of the network infrastructure and optimizing the website offering, as well as for internal statistical purposes, provided that this is necessary to safeguard the legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies, in particular, in defending against cyber-attacks. The IP address is only evaluated in cases of attacks on our network infrastructure and for statistical purposes. Additionally, we use cookies and web analytics services. You can find more information on this in Sections 6 and 7.

b. When applying for a job
From time to time, we post job vacancies on our website. The personal data you provide to us in the context of your application via email or phone will be processed by us solely for the purpose of handling your application, based on Art. 6 para. 1 lit. b and c GDPR. We will treat your data strictly confidentially in accordance with legal requirements. Unless you request the deletion of your data, your data will remain stored for a maximum of 6 months after the application process is completed. If we wish to retain your application longer because your profile may match a position that will be advertised in the future, we will ask for your written consent.

You have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data based on our legitimate interest or that of a third party, provided there are reasons related to your particular situation, or if the objection is directed against general or personalized direct advertising. In the latter case, you have a general right to object, which will be implemented by us without requiring any special circumstances. If you wish to exercise your right of withdrawal or objection, please send us an email or contact the data controller through other means (see Section 1).

We do not share your personal data with third parties. To provide our services, we use technical service providers (e.g., hosting providers) in the context of processing on our behalf in accordance with Art. 28 GDPR. The storage of your personal data takes place on our behalf and according to our instructions in Germany and Switzerland. For Switzerland, an adequacy decision by the EU Commission is in place, meaning the EU Commission has determined that Switzerland provides an adequate level of data protection due to national laws or international obligations regarding the protection of privacy and the rights and freedoms of individuals (Commission Decision 2005/518/EC).

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on the basis of Art. 6 para. 1 lit. f GDPR. Cookies are small units of information which are saved in the working memory of your computer. Randomly generated unique identification numbers are saved in a cookie, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot save any other data. You can delete any cookies which have been saved at any time by amending your browser settings.

If you do not want cookies to be used, you can block their use in your browser. It cannot be guaranteed that this will not affect the functionality of our website. The cookies are automatically deleted after two weeks.

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”), for web analysis based on Art. 6 para. f GDPR. Google Analytics uses “cookies,” which are text files stored on your computer, to help analyse how you use the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the USA. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings; however, we would like to point out that in this case, you may not be able to fully use all the functions of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. For more information on terms of use and data protection, visit http://www.google.com/analytics/terms/en.html and https://www.google.de/intl/en/policies/.

We would like to point out that Google Analytics has been extended with the code “anonymizeIp” on this website to ensure the anonymous collection of IP addresses (so-called IP masking). Our legitimate interests lie in the analysis, optimization, and economic operation of our website.

The general duration of the storage of your data depends on the purposes for which the data is being stored. In principle, we delete your personal data when it is no longer needed to achieve the purposes for which it was stored, unless legal retention periods prevent its deletion. Further information on the storage duration can be found in the respective sections of this privacy notice.

You have the following rights regarding the data processed by us:

• The right to access your personal data stored with us in accordance with Art. 15 GDPR
• The right to rectification of incorrect or incomplete personal data stored with us, if applicable, in accordance with Art. 16 GDPR
• The right to erasure and to be forgotten of your personal data stored with us in accordance with Art. 17 GDPR
• The right to restriction or blocking of the processing of your personal data in accordance with Art. 18 GDPR
• The right to data portability, if applicable, in accordance with Art. 20 GDPR
• The right to object to the processing of your personal data in accordance with Art. 21 GDPR
• The right to withdraw any consent given in accordance with Art. 7 para. 3 GDPR
• The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

If you have further questions regarding the processing of your personal data or wish to exercise any of the rights available to you, please feel free to contact us.

Our offer contains links to external third-party websites, over whose content we have no control. Therefore, we cannot assume any responsibility for these external contents. The respective provider or operator of the linked pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without specific indications of a legal violation. Upon becoming aware of any legal violations, we will remove such links immediately.

The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
FINAD GmbH Deutschland
Schauenburgerstrasse 61
DE-20095 Hamburg
Subsidiary of FINAD, Austria
Tel: +49 40 3600 3930
Fax: +49 40 3600 3939
E-Mail: hamburg@finad.com

For questions or comments regarding data protection, the Data Protection Officer of the data controller can be reached at: hamburg@finad.com

Purposes and Legal Basis for Processing Personal Data

a. When visiting our website
Each time the website is visited, the following data is temporarily stored in a log file without any action on your part and is deleted after no more than 6 months:

– The IP address of the requesting computer
– The date and time of access
– The name and URL of the retrieved file
– The website from which the file was accessed
– The operating system of your computer and the browser you are using
– The name of your internet access provider

The collection and processing of this data is carried out for the purpose of enabling the use of the website (establishing a connection), ensuring the security and stability of the system in the long term, facilitating the technical administration of the network infrastructure and optimizing the website offering, as well as for internal statistical purposes, provided that this is necessary to safeguard the legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR). Our legitimate interest lies, in particular, in defending against cyber-attacks. The IP address is only evaluated in cases of attacks on our network infrastructure and for statistical purposes. Additionally, we use cookies and web analytics services. You can find more information on this in Sections 6 and 7.

b. When applying for a job
From time to time, we post job vacancies on our website. The personal data you provide to us in the context of your application via email or phone will be processed by us solely for the purpose of handling your application, based on Art. 6 para. 1 lit. b and c GDPR. We will treat your data strictly confidentially in accordance with legal requirements. Unless you request the deletion of your data, your data will remain stored for a maximum of 6 months after the application process is completed. If we wish to retain your application longer because your profile may match a position that will be advertised in the future, we will ask for your written consent.

You have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data based on our legitimate interest or that of a third party, provided there are reasons related to your particular situation, or if the objection is directed against general or personalized direct advertising. In the latter case, you have a general right to object, which will be implemented by us without requiring any special circumstances. If you wish to exercise your right of withdrawal or objection, please send us an email or contact the data controller through other means (see Section 1).

We do not share your personal data with third parties. To provide our services, we use technical service providers (e.g., hosting providers) in the context of processing on our behalf in accordance with Art. 28 GDPR. The storage of your personal data takes place on our behalf and according to our instructions in Germany and Switzerland. For Switzerland, an adequacy decision by the EU Commission is in place, meaning the EU Commission has determined that Switzerland provides an adequate level of data protection due to national laws or international obligations regarding the protection of privacy and the rights and freedoms of individuals (Commission Decision 2005/518/EC).

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on the basis of Art. 6 para. 1 lit. f GDPR. Cookies are small units of information which are saved in the working memory of your computer. Randomly generated unique identification numbers are saved in a cookie, a so-called session ID. A cookie also contains information about its origin and the storage period. These cookies cannot save any other data. You can delete any cookies which have been saved at any time by amending your browser settings.

If you do not want cookies to be used, you can block their use in your browser. It cannot be guaranteed that this will not affect the functionality of our website. The cookies are automatically deleted after two weeks.

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”), for web analysis based on Art. 6 para. f GDPR. Google Analytics uses “cookies,” which are text files stored on your computer, to help analyse how you use the website. The information generated by the cookie about your use of this website is usually transmitted to and stored on a Google server in the USA. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings; however, we would like to point out that in this case, you may not be able to fully use all the functions of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. For more information on terms of use and data protection, visit http://www.google.com/analytics/terms/en.html and https://www.google.de/intl/en/policies/.

We would like to point out that Google Analytics has been extended with the code “anonymizeIp” on this website to ensure the anonymous collection of IP addresses (so-called IP masking). Our legitimate interests lie in the analysis, optimization, and economic operation of our website.

The general duration of the storage of your data depends on the purposes for which the data is being stored. In principle, we delete your personal data when it is no longer needed to achieve the purposes for which it was stored, unless legal retention periods prevent its deletion. Further information on the storage duration can be found in the respective sections of this privacy notice.

You have the following rights regarding the data processed by us:

• The right to access your personal data stored with us in accordance with Art. 15 GDPR
• The right to rectification of incorrect or incomplete personal data stored with us, if applicable, in accordance with Art. 16 GDPR
• The right to erasure and to be forgotten of your personal data stored with us in accordance with Art. 17 GDPR
• The right to restriction or blocking of the processing of your personal data in accordance with Art. 18 GDPR
• The right to data portability, if applicable, in accordance with Art. 20 GDPR
• The right to object to the processing of your personal data in accordance with Art. 21 GDPR
• The right to withdraw any consent given in accordance with Art. 7 para. 3 GDPR
• The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

If you have further questions regarding the processing of your personal data or wish to exercise any of the rights available to you, please feel free to contact us.

Our offer contains links to external third-party websites, over whose content we have no control. Therefore, we cannot assume any responsibility for these external contents. The respective provider or operator of the linked pages is always responsible for the content of these pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without specific indications of a legal violation. Upon becoming aware of any legal violations, we will remove such links immediately.