This privacy policy explains how we process personal data within the scope of the use of our website or the provision of our services. The abbreviation “GDPR” stands for the EU General Data Protection Regulation and applies to persons in the EU who visit our site (hereafter “persons from the EU”). The abbreviation “DPA” stands for the Swiss Data Protection Act and applies to persons in Switzerland who visit our site (hereafter “persons from Switzerland”).
The term "personal data" in this privacy statement means any information that identifies, or could reasonably be used to identify, an identified or identifiable natural person (data subject).
If you provide us with personal data of other persons (e.g. family members, work colleagues), please ensure that the data subjects are aware of this privacy policy and that you only provide us with their data if you are authorised to do so and such personal data is accurate.
The controller within the meaning of data protection law and other similar provisions is:
IFS Independent Financial Services Ltd
Brankdschenkestrasse 47
PO Box 1792
8027 Zurich
Switzerland
Web: www.ifsag.ch
E-mail: datenschutz@ifsag.ch
Tel.: +41 58 178 28 00
e-Mail: datenschutz@ifsag.ch
Tel.: +41 58 178 28 00
We primarily process personal data that we receive from our customers and other business partners as well as from other persons in the course of our business relationships with them or that we collect from users when operating our websites, apps and other applications.
To the extent we are permitted to do so, we obtain certain personal data from publicly accessible sources (e.g. debtors' register, land register, commercial register, press, internet) or we obtain such information from affiliated companies, public authorities or other third parties. Apart from the data you have provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public registers, data we receive in connection with administrative or judicial proceedings, information relating to your professional role and activities (e.g., to enter into and perform contracts with your employer), information about you in correspondence and discussions with third parties, information about you provided to us by persons connected with you (family members, advisors, legal representatives, etc.) to enter into or perform contracts with you or with your cooperation (e.g. powers of attorney),
Information relating to legal requirements such as anti-money laundering, bank details, information about you found in the media or on the internet (where specified in individual cases, e.g. in connection with job applications, media reports, marketing / sales etc.), your address and any interests and other socio-demographic data (for marketing purposes), data relating to your use of our websites (e.g., IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content viewed, applications used, referring website, localisation data).
In principle, we store this data for 12 months after the end of the processing purpose. This period may be longer if this is necessary for evidentiary reasons or to meet legal or contractual requirements.
Right to information
In accordance with Art. 25 DSG / Art. 15 GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed. If this is the case, you have the right to information about this personal data as well as further information specified in Art. 25 DPA or Art. 15 GDPR.
Right to rectification
In accordance with Art. 32 DPA or Art. 16 GDPR, you have the right to request that we rectify inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of a supplementary statement.
Right to erasure
Persons from the EU and Switzerlandhave the right to have personal data concerning them erased without undue delay. We are obliged to erase personal data without undue delay insofar as the corresponding requirements under Art. 17 GDPR have been met. More details can be found in Art. 17 GDPR. Persons from Switzerland can also obtain erasure of data in the cases specified by law and/or if data is no longer required/necessary or consent to its processing has been revoked.
Right to restriction of processing
As specified in Art. 18 GDPR, persons from the EU and Switzerland have the right to request that we restrict processing of their personal data under certain circumstances.
Right to data portability
In accordance with Art. 28, (1) DSG / Art. 20 GDPR, persons from the EU and Switzerland have the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us insofar as the processing is based on consent pursuant to Art. 28 (1) lit. b DSG /Art. 6(1)a GDPR or Art. 9(2)a GDPR or on a contract pursuant to Art. 28 (1) lit. b DSG / Art. 6(1)b GDPR and the processing is carried out by automated means.
Right to object
In accordance with Art. 21 GDPR, persons from the EU and Switzerland have the right to object to the processing of personal data concerning them which is based on Art. 6(1)e or f GDPR, including profiling based on those provisions.
Insofar as we process your personal data for direct marketing purposes, you have the right at any time to object to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, persons from the EU and Switzerland have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. This right exists in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
You have the right to lodge a complaint regarding our processing of personal data with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and take legal action under civil and/or public law (see Art. 32 (2) DPA).
Asserting your rights
If you would like to assert one of your rights, please contact us as the controller using the contact details given above or use one of the other channels that we provide for notifying us. If you have any questions in this regard, please contact us.
Besides technical information on the device that you are using (operating system, screen resolution and other non-personal characteristics) and the browser (version, language settings), when you access our website the company operating it on our behalf will also process and save in particular the public IP address of the computer that you are using to visit our website together with the date and time of your access. The IP address is a unique numerical address that your device uses to send or retrieve data on the Internet. Neither we nor our service provider will usually know who is behind an IP address unless you share data with us while using our website that enables us to identify you. Users may also be identified if legal action is taken against them (e.g. in the event of attacks on our website) and we learn their identity during the investigation. In general, therefore, you do not need to be concerned that we could trace your IP address back to you.
Our service provider uses the processed data for statistical purposes on a non-personal basis to allow us to see which devices with which settings are being used to visit our website so that we can potentially optimise it for them. These statistics do not contain any personal data. This gathering of statistics is based on our interest in the improvement and economical running of our business (legal basis under the GDPR: Art. 6(1)f).
The IP address also gives you the technical capability to access and use our website and is used to detect and defend against attacks on our service provider or our website. Unfortunately, attacks designed to cause damage or loss to the operators or users of websites (e.g. preventing access, spying on data, spreading malware (e.g. viruses) or other illegal ends) are commonplace. Attacks of this kind impair the proper functionality of the data centre of the company working on our behalf, the use and/or functionality of our website and the security of visitors to our website. Your IP address and time of access are processed in order to defend against such attacks. With this processing, we are pursuing via our service provider the legitimate interests of ensuring the functionality of our website and defending against illegal attacks on us and on visitors to our website. This processing is based on our interest in the improvement and economical running of our business (legal basis under the GDPR: Art. 6(1)f).
The IP data saved is deleted if and when it is no longer required in order to detect or defend against an attack.
To operate our website, we use cookies and similar technologies (local storage) in order to guarantee the technical functionality of our website, to understand how visitors use our website and to save pre-settings that users have changed in their browser.
A cookie is a small text file that is saved on your device when you access our website via your browser. If you access our website again later on, we will be able to read these cookies again. Cookies are stored for different lengths of time. You can specify which cookies your browser is to accept at any time; however, this may mean that our website no longer works correctly. Of course, you can also delete cookies yourself at any time. If you do not do this, we can specify how long a cookie is to remain stored on your computer when we save it. There are two different types: session cookies and persistent cookies. Session cookies are deleted from your browser when you leave our website or close your browser. Persistent cookies will be stored for however long we specify when they are saved.
We use cookies for the following purposes:
• Cookies required for technical reasons, which are essential in order to use our website’s functions (e.g. detecting whether you have logged in). Certain functions could not be provided without these cookies.
• Functional cookies, which are used for the technical implementation of certain functions that you intend to use.
• Analytical cookies, which serve to analyse your behaviour as a user.
• Cookies from third-party providers. These are stored by third parties whose functions we incorporate into our website to enable certain functions of our own. They can also be used to analyse user behaviour.
Most of the browsers that our users use make it possible to specify which cookies are to be stored and to delete (certain) cookies. Restricting the storing of cookies on certain websites or banning all cookies from third-party providers may potentially mean that you can no longer use the full scope of our website. Information on how you can change your cookie settings in the most popular browsers can be found here:
• Google Chrome (support.google.com/chrome/answer/95647?hl=en)
• Internet Explorer (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies)
• Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
• Safari (https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
If you send us a message via one of the contact methods provided, we will use the data you submit to process your enquiry. This is based on our legitimate interest in responding to your request (legal basis under the GDPR: Art. 6(1)f). Insofar as your enquiry serves to conclude a contract with us, the fulfilment of that contract will constitute a further basis for the processing (legal basis under the GDPR: Art. 6(1)b). The data will be deleted once your enquiry has been dealt with. Insofar as we are required by law to store it for longer, it will be deleted at the end of the relevant retention period.
In addition, we use plug-ins from social networks such as Linkedin on our website. LinkedIn, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
This is visible to you (typically by the respective icons). We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks can record that you are on our website, from which page you are accessing, and can use this information for their own purposes. This processing of your personal data is the responsibility of the respective operator and is carried out in accordance with their data protection regulations. We do not receive any information about you from the respective operators.
When you set up a client account, we process the data provided by you for this purpose in order to open and manage your account and enable you to make use of the services associated with it. This processing is based on your consent (legal basis under the GDPR: Art. 6(1)a). Insofar as setting up your account serves to conclude a contract with us, the fulfilment of that contract will constitute a further basis for the processing (legal basis under the GDPR: Art. 6(1)b).
This data will be stored until the client account is deleted. Insofar as we are required by law to store it for longer (e.g. to comply with accounting obligations) or entitled by law to do so (e.g. due to an ongoing legal dispute with the holder of a user account), the data will be deleted once our storage obligation or, as appropriate, our legal entitlement ceases to apply.
When you purchase a service or digital content, we process the data that you provide in order to conclude and implement the contract. This involves transferring data to service providers within the requisite scope in order to dispatch your purchase and invoice you for it. This processing is based on fulfilment of the contract (legal basis under the GDPR: Art. 6(1)b).
We also process this data to detect and defend against attempted fraud (legal basis under the GDPR: Art. 6(1)f) so as to protect ourselves against fraudulent transactions.
Data that is stored in connection with a contract being concluded for the purchase of a service or digital content is deleted after the end of the statutory retention period. Insofar as the processing of a purchase contract gives rise to legal recording and retention obligations (e.g. retaining invoices under tax law), these will be applied (legal basis under the GDPR: Art. 6(1)c).
We delete or anonymise data once it is no longer required to implement the relevant contract and statutory retention obligations no longer apply.
In the course of our business and in accordance with the aforementioned purposes of data processing, we may transfer data to third parties where such transfer is permitted and where we consider it appropriate for them to process the data for us or, where applicable, for their own purposes. In particular, the following categories of recipients may be involved:
- Our service providers (e.g. IT providers, online tools).
- Domestic and foreign authorities, official bodies and courts
- Other parties in potential or actual legal proceedings
Some recipients are located in Switzerland, others may be located in any country worldwide. In particular, you should expect that your data may be transferred to other countries in Europe and the USA where our service providers are located (such as Microsoft).
If a recipient is located in a country without sufficient legal data protection, we will require the recipient to comply with data protection (we do this using the European Commission's revised Standard Contractual Clauses (SCC), which you can access here: eur-lex.europa.eu) unless the recipient is subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. An exception may apply, for example, in the case of legal proceedings abroad, but also in cases where there is an overriding public interest or the performance of a contract requires the disclosure, if you have consented or if the data has been provided by you in general and you have not objected to the processing.
As a basic principle, we process data in Switzerland (data transfer when a contract is concluded, server log files, contact form, registration, cookies). In its Decision 2000/518/EC, the EU established that Switzerland offers an adequate level of data protection. By contrast, our service providers, whose plugins and tools we use, process data outside the EU in some cases. This is disclosed in each case within the scope of this privacy policy in the information explaining the plugins/tools being used.
We also ensure that the provider is based in a country offering an adequate level of data protection under Swiss law (Art. 8 of the Ordinance to the Swiss Data Protection Act (DPO)) and is on the FDPIC’s list.
Under a processing arrangement, we use Google Analytics, a service from Google LLC (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, in some cases via the Google Tag Manager. As the processor, Google uses a cookie for this purpose. This is a small text file that is saved on your computer via your browser. This cookie gives Google information on which website you accessed and, in particular, the following information as well: browser type/version, operating system used, technical information on the operating system and the browser, and the public IP address of the computer that you are using. We employ Google Analytics in such a way that your IP address is only used in anonymised form. According to Google, this anonymisation is carried out within the European Union or in a member state of the EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the US before being truncated there. According to Google, the anonymisation is carried out before the IP address is stored on a permanent data carrier for the first time. In these cases, we ensure that Google complies with a sufficient level of data protection through contractual guarantees, in particular by agreeing the EU Standard Contractual Clauses (SCC) and additional measures. Details are provided in Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=en.
Google Analytics allows us to compile usage statistics for our website and demographic data on visitors and their user behaviour, all on a non-personal basis. Statistics are also compiled that help us gain a better understanding of how our website is found in order to improve our search engine optimisation and our advertising measures. With this processing, we are pursuing the legitimate interest of being able to improve our website and our advertising measures (legal basis under the GDPR: Art. 6(1)f). Information on how you can object to the use of Google Analytics can be found at https://tools.google.com/dlpage/gaoptout?hl=en.
If you sign up for our e-mail newsletter, the data that you provide will be used to prepare and send out the newsletter and to provide evidence that you have signed up for it until such time as you cancel. This processing is based on your consent (legal basis under the GDPR: Art. 6(1)a). In order to receive the newsletter, you are required to click on the confirmation link in the verification e-mail that we send you after you have signed up in order to be able to demonstrate your consent. When you click on the corresponding link, we process the public IP address of the computer from which the link was accessed, together with the date and time this was done. We process this data in order to be able to demonstrate that you have confirmed receipt of our e-mail newsletter.
Our legitimate interest in this is the fulfilment of our obligation to provide evidence of the subscription that you have taken out (legal basis under the GDPR: Art. 6(1)f).
You can revoke your consent at any time by unsubscribing from the newsletter. You will find a corresponding link at the end of every newsletter.
We will delete your data when you unsubscribe from the newsletter. We will delete the data that we require to demonstrate that you have consented to receiving the newsletter after the end of the statutory limitation period for relevant obligations to provide evidence.
For our newsletter, we use an external service provider that works on our behalf as a processor,
namely CleverReach GmbH & Co. KG, Schafjückenweg 2, D-26180 Rastede. This company is based in Germany and is subject to European data protection law.
We carry out profiling to determine your likely interests so that we can personalise the content of your newsletter. This uses data that we have obtained for this purpose from your interactions with previous newsletters (e.g. when and on which kind of devices you read them and which links you clicked on), with our website, with other advertising material from us (e.g. online advertising, for example on social media platforms such as Facebook, Google and Twitter), your search and order history, your profile data and profile settings, and other content that you consciously send us via the website. This profiling involves us using this data to determine your preferences so that we can customise your newsletter in such a way that we feel you might find it interesting.
We will delete this profile data if you object to this processing of your data or no longer make use of any personalised offerings from us. The legal basis for this processing is Art. 6(1)f GDPR. We process this data within the scope of our legitimate interest in improving our advertising measures and our offerings.
You have the right to object to this personalisation at any time. See the information on objection in this privacy policy for more details.
We may process some of your personal data automatically in order to evaluate certain personal aspects (profiling). Profiling enables us in particular to better inform and advise you about products that may be relevant to you. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise to you if necessary, including market and opinion research.
We keep this privacy policy up to date at all times. We therefore reserve the right to amend it from time to time and update how we collect, process or use your data.