Data protection

Introdruction 

This privacy policy explains how we process personal data within the scope of the use of our website. The abbreviation “GDPR” stands for the EU General Data Protection Regulation and applies to persons in the EU who visit our site (hereafter “persons from the EU”). The abbreviation “DPA” stands for the Swiss Data Protection Act and applies to persons in Switzerland who visit our site (hereafter “persons from Switzerland”).

Name and address of the person responsible for processing

The controller within the meaning of data protection law and other similar provisions is:

IFS Independent Financial Services Ltd
Pelikanstrasse 37
8021 Zurich
Switzerland 

Web: www.ifsag.ch
E-mail: info@ifsag.ch
Tel.: +41 58 178 28 00

Your rights

Right to information
In accordance with Art. 8 DPA or Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed. If this is the case, you have the right to information about this personal data as well as further information specified in Art. 8 DPA or Art. 15 GDPR.

Right to rectification
In accordance with Art. 5 DPA or Art. 16 GDPR, you have the right to request that we rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.

Right to erasure
Persons from the EU have the right to have personal data concerning them erased without undue delay. We are obliged to erase personal data without undue delay insofar as the corresponding requirements under Art. 17 GDPR have been met. More details can be found in Art. 17 GDPR. Persons from Switzerland can also obtain erasure of data in the cases specified by law and/or if data is no longer required/necessary or consent to its processing has been revoked.

Right to restriction of processing
As specified in Art. 18 GDPR, persons from the EU have the right to request that we restrict processing of their personal data under certain circumstances.

Right to data portability
In accordance with Art. 20 GDPR, persons from the EU have the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us insofar as the processing is based on consent pursuant to Art. 6(1)a GDPR or Art. 9(2)a GDPR or on a contract pursuant to Art. 6(1)b GDPR and the processing is carried out by automated means.

Right to object
In accordance with Art. 21 GDPR, persons from the EU have the right to object to the processing of personal data concerning them which is based on Art. 6(1)e or f GDPR, including profiling based on those provisions.
Insofar as we process your personal data for direct marketing purposes, you have the right at any time to object to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, persons from the EU have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. This right exists in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
You have the right to lodge a complaint regarding our processing of personal data with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and take legal action under civil and/or public law (see Art. 15/25/27/29 DPA).

Asserting your rights
If you would like to assert one of your rights, please contact us as the controller using the contact details given above or use one of the other channels that we provide for notifying us. If you have any questions in this regard, please contact us.  

Server log files

Besides technical information on the device that you are using (operating system, screen resolution and other non-personal characteristics) and the browser (version, language settings), when you access our website the company operating it on our behalf will also process and save in particular the public IP address of the computer that you are using to visit our website together with the date and time of your access. The IP address is a unique numerical address that your device uses to send or retrieve data on the Internet. Neither we nor our service provider will usually know who is behind an IP address unless you share data with us while using our website that enables us to identify you. Users may also be identified if legal action is taken against them (e.g. in the event of attacks on our website) and we learn their identity during the investigation. In general, therefore, you do not need to be concerned that we could trace your IP address back to you.

Our service provider uses the processed data for statistical purposes on a non-personal basis to allow us to see which devices with which settings are being used to visit our website so that we can potentially optimise it for them. These statistics do not contain any personal data. This gathering of statistics is based on our interest in the improvement and economical running of our business (legal basis under the GDPR: Art. 6(1)f).

The IP address also gives you the technical capability to access and use our website and is used to detect and defend against attacks on our service provider or our website. Unfortunately, attacks designed to cause damage or loss to the operators or users of websites (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other illegal ends) are commonplace. Attacks of this kind impair the proper functionality of the data centre of the company working on our behalf, the use and/or functionality of our website and the security of visitors to our website. Your IP address and time of access are processed in order to defend against such attacks. With this processing, we are pursuing via our service provider the legitimate interests of ensuring the functionality of our website and defending against illegal attacks on us and on visitors to our website. This processing is based on our interest in the improvement and economical running of our business (legal basis under the GDPR: Art. 6(1)f).

The IP data saved is deleted if and when it is no longer required in order to detect or defend against an attack.

Cookies

To operate our website, we use cookies and similar technologies (local storage) in order to guarantee the technical functionality of our website, to understand how visitors use our website and to save pre-settings that users have changed in their browser.

A cookie is a small text file that is saved on your device when you access our website via your browser. If you access our website again later on, we will be able to read these cookies again. Cookies are stored for different lengths of time. You can specify which cookies your browser is to accept at any time; however, this may mean that our website no longer works correctly. Of course, you can also delete cookies yourself at any time. If you do not do this, we can specify how long a cookie is to remain stored on your computer when we save it. There are two different types: session cookies and persistent cookies. Session cookies are deleted from your browser when you leave our website or close your browser. Persistent cookies will be stored for however long we specify when they are saved.

We use cookies for the following purposes:

• Cookies required for technical reasons, which are essential in order to use our website’s functions (e.g. detecting whether you have logged in). Certain functions could not be provided without these cookies.
• Functional cookies, which are used for the technical implementation of certain functions that you intend to use.
• Analytical cookies, which serve to analyse your behaviour as a user.
• Cookies from third-party providers. These are stored by third parties whose functions we incorporate into our website to enable certain functions of our own. They can also be used to analyse user behaviour.
Most of the browsers that our users use make it possible to specify which cookies are to be stored and to delete (certain) cookies. Restricting the storing of cookies on certain websites or banning all cookies from third-party providers may potentially mean that you can no longer use the full scope of our website. Information on how you can change your cookie settings in the most popular browsers can be found here:
• Google Chrome (support.google.com/chrome/answer/95647?hl=en)
• Internet Explorer (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies)• Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)• Safari (https://support.apple.com/en-gb/guide/safari/sfri11471/mac)

Contact form 

If you send us a message via one of the contact methods provided, we will use the data you submit to process your enquiry. This is based on our legitimate interest in responding to your request (legal basis under the GDPR: Art. 6(1)f). Insofar as your enquiry serves to conclude a contract with us, the fulfilment of that contract will constitute a further basis for the processing (legal basis under the GDPR: Art. 6(1)b). The data will be deleted once your enquiry has been dealt with. Insofar as we are required by law to store it for longer, it will be deleted at the end of the relevant retention period.

Registration/client account

When you set up a client account, we process the data provided by you for this purpose in order to open and manage your account and enable you to make use of the services associated with it. This processing is based on your consent (legal basis under the GDPR: Art. 6(1)a). Insofar as setting up your account serves to conclude a contract with us, the fulfilment of that contract will constitute a further basis for the processing (legal basis under the GDPR: Art. 6(1)b).

This data will be stored until the client account is deleted. Insofar as we are required by law to store it for longer (e.g. to comply with accounting obligations) or entitled by law to do so (e.g. due to an ongoing legal dispute with the holder of a user account), the data will be deleted once our storage obligation or, as appropriate, our legal entitlement ceases to apply.

Transferring data when concluding contracts for services and digital content

When you purchase a service or digital content, we process the data that you provide in order to conclude and implement the contract. This involves transferring data to service providers within the requisite scope in order to dispatch your purchase and invoice you for it. This processing is based on fulfilment of the contract (legal basis under the GDPR: Art. 6(1)b).

We also process this data to detect and defend against attempted fraud (legal basis under the GDPR: Art. 6(1)f) so as to protect ourselves against fraudulent transactions.

Data that is stored in connection with a contract being concluded for the purchase of a service or digital content is deleted after the end of the statutory retention period. Insofar as the processing of a purchase contract gives rise to legal recording and retention obligations (e.g. retaining invoices under tax law), these will be applied (legal basis under the GDPR: Art. 6(1)c).

We delete or anonymise data once it is no longer required to implement the relevant contract and statutory retention obligations no longer apply.

Transferring data to third parties

As a basic principle, we do not transfer the personal data communicated to us to third parties, i.e. particularly not to third parties for advertising purposes.

However, we do work together with service providers (processors) to operate this website or provide products and services. These service providers may gain knowledge of personal data in the process. We select our service providers carefully, especially with regard to data protection and data security, and take all measures required under data protection law to ensure reliable data processing.

Data processing in Switzerland/the EU

As a basic principle, we process data in Switzerland (data transfer when a contract is concluded, server log files, contact form, registration, cookies). In its Decision 2000/518/EC, the EU established that Switzerland offers an adequate level of data protection. By contrast, our service providers, whose plugins and tools we use, process data outside the EU in some cases. This is disclosed in each case within the scope of this privacy policy in the information explaining the plugins/tools being used.

We also ensure that the provider is based in a country offering an adequate level of data protection under Swiss law (Art. 7 of the Ordinance to the Swiss Data Protection Act (DPO)) and is on the FDPIC’s list.

Google Analytics analysis tool

Under a processing arrangement, we use Google Analytics, a service from Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, in some cases via the Google Tag Manager. As the processor, Google uses a cookie for this purpose. This is a small text file that is saved on your computer via your browser. This cookie gives Google information on which website you accessed and, in particular, the following information as well: browser type/version, operating system used, technical information on the operating system and the browser, and the public IP address of the computer that you are using. We employ Google Analytics in such a way that your IP address is only used in anonymised form. According to Google, this anonymisation is carried out within the European Union or in a member state of the EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the US before being truncated there. According to Google, the anonymisation is carried out before the IP address is stored on a permanent data carrier for the first time. Details are provided in Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=en.

Google Analytics allows us to compile usage statistics for our website and demographic data on visitors and their user behaviour, all on a non-personal basis. Statistics are also compiled that help us gain a better understanding of how our website is found in order to improve our search engine optimisation and our advertising measures. With this processing, we are pursuing the legitimate interest of being able to improve our website and our advertising measures (legal basis under the GDPR: Art. 6(1)f). Information on how you can object to the use of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout?hl=en.

Google is a signatory to the Privacy Shield agreement and has concluded a processing contract for Google Analytics with us. The pseudonymous data is deleted after 14 months.

Newsletter

If you sign up for our e-mail newsletter, the data that you provide will be used to prepare and send out the newsletter and to provide evidence that you have signed up for it until such time as you cancel. This processing is based on your consent (legal basis under the GDPR: Art. 6(1)a). In order to receive the newsletter, you are required to click on the confirmation link in the verification e-mail that we send you after you have signed up in order to be able to demonstrate your consent. When you click on the corresponding link, we process the public IP address of the computer from which the link was accessed, together with the date and time this was done. We process this data in order to be able to demonstrate that you have confirmed receipt of our e-mail newsletter.

Our legitimate interest in this is the fulfilment of our obligation to provide evidence of the subscription that you have taken out (legal basis under the GDPR: Art. 6(1)f).

You can revoke your consent at any time by unsubscribing from the newsletter. You will find a corresponding link at the end of every newsletter.

We will delete your data when you unsubscribe from the newsletter. We will delete the data that we require to demonstrate that you have consented to receiving the newsletter after the end of the statutory limitation period for relevant obligations to provide evidence.

For our newsletter, we use an external service provider that works on our behalf as a processor,
namely CleverReach GmbH & Co. KG, Schafjückenweg 2, D-26180 Rastede. This company is based in Germany and is subject to European data protection law.

Personalised newsletter

We carry out profiling to determine your likely interests so that we can personalise the content of your newsletter. This uses data that we have obtained for this purpose from your interactions with previous newsletters (e.g. when and on which kind of devices you read them and which links you clicked on), with our website, with other advertising material from us (e.g. online advertising, for example on social media platforms such as Facebook, Google and Twitter), your search and order history, your profile data and profile settings, and other content that you consciously send us via the website. This profiling involves us using this data to determine your preferences so that we can customise your newsletter in such a way that we feel you might find it interesting.

We will delete this profile data if you object to this processing of your data or no longer make use of any personalised offerings from us. The legal basis for this processing is Art. 6(1)f GDPR. We process this data within the scope of our legitimate interest in improving our advertising measures and our offerings.

You have the right to object to this personalisation at any time. See the information on objection in this privacy policy for more details.

Amendments to the privacy policy

We keep this privacy policy up to date at all times. We therefore reserve the right to amend it from time to time and update how we collect, process or use your data. The latest version of the privacy policy is always available at the following address:

[www.ifsag.ch]