ServicesTeamFAQContact

data protection

1. General information

This privacy policy provides information on how Aquila Ltd's partner ("Partner") obtains and processes personal data on its own responsibility in its capacity as a financial institution or within the framework of the Aquila Partner model in joint responsibility with Aquila AG ("Aquila," together with the Partner, "Joint Controllers").

"Personal data" refers to all information relating to an identified or identifiable natural person. "Processing" refers to any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion, or destruction of personal data.

It is possible that other documents, such as terms and conditions of participation or similar declarations, may regulate specific data processing.

If the data subject provides personal data of other persons (e.g., family members, work colleagues, or employees) to the partner or jointly responsible party, the data subject must ensure that these persons are aware of this privacy policy. Their personal data may only be disclosed to the responsible parties if the data subject is authorized to do so and this personal data is accurate.

2. Responsible party and contact details

The partner who provided you with this privacy policy or brought it to your attention in the context of an inquiry or correspondence, a customer relationship, or other contractual relationship is generally responsible for processing your personal data. The partner and Aquila may be responsible for data processing either individually or jointly. Aquila may also act as a data processor for the partner.

Regardless of whether the partner is solely or jointly responsible with Aquila for data processing, you can contact the partner regarding data protection issues:

Aquila Investment Partner Ltd
Bahnhofstrasse 43
8001 Zurich

+41 58 680 63 23

3. Collection and processing of personal data

The partner and the jointly responsible parties primarily collect and process personal data that is provided to them by the data subject, e.g. when establishing business relationships, in the context of contract processing, when using products and services, or on websites or other applications. They also process personal data that is generated in the context of the use of products or services and transmitted to the partner or jointly responsible parties. The partner and jointly responsible parties may, to the extent permitted, obtain personal data from publicly accessible sources, from authorities, or from other third parties.

4. Categories of personal data

The partner and those sharing responsibility process various categories of personal data. The most important categories are as follows:

  • Master and inventory data (e.g., name, address, nationality, date of birth, information regarding accounts, securities accounts, transactions and contracts concluded, information about third parties who are also affected by data processing, such as spouses, authorized representatives, and advisors)
  • Technical data (e.g., business numbers, IP addresses, internal and external identifiers, access records)
  • Transaction, order, and risk management data (e.g., details of transfer beneficiaries, beneficiary bank, transfer amount, details of investment products)
  • Financial data (e.g., credit rating data, information on assets, liabilities, risk and investment profile)
  • Visitor and prospect data (e.g., users of the partner's websites)
  • Marketing data (e.g., preferences, needs)
  • Communication data (e.g., contact details such as email address, phone number)
  • Other data (e.g., video or audio recordings, access data)

Much of this data is disclosed by the data subject to the partner itself. The categories of personal data that the partner and its co-responsible parties receive from third parties include, in particular, information from public registers, information obtained in connection with official and court proceedings, credit reports, information on compliance with legal requirements such as fraud, money laundering, and terrorism prevention, and export restrictions, information from banks, insurance companies, distributors, and other contractual partners of the partner regarding the use or provision of services, information from the media and the internet, address and, where applicable, interests and other socio-demographic data (especially for marketing and research), and data related to the use of third-party websites and online offerings where this use can be attributed to the data subject.

5. Purposes of processing

The partner processes personal data primarily for the purpose of providing its own services, executing contracts with customers and business partners, and complying with legal obligations. Aquila supports the partner within the framework of the Aquila partner model with central services in the areas of legal, compliance & risk, fiduciary & accounting, as well as IT and administration. As part of these services, Aquila processes personal data together with the partner as joint controllers for the purpose of performing these management, coordination, and control functions.

In addition, the partner or jointly responsible parties process personal data, insofar as permitted and appropriate, for the following purposes:

  • Concluding and fulfilling contracts, implementing, processing, and managing products and services (e.g., invoices, payments, financial planning, investments, pensions, insurance).
  • Monitoring and controlling risks (e.g., investment profiles, anti-money laundering, limits, utilization ratios, market risks).
  • Planning, business decisions (e.g., development of new services and products or evaluation of existing ones).
  • Marketing, communication, information about the range of services and review thereof (e.g., advertising in print and online, customer, prospect, or other events, identification of future customer needs, assessment of customer, market, or product potential).
  • Compliance with statutory or regulatory disclosure, information, or reporting obligations to courts and authorities, compliance with official orders (e.g., reporting obligations to FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
  • Prevention and investigation of criminal offenses or other misconduct (e.g., through internal investigations).
  • Protecting the interests and securing the claims of the partner, if necessary Aquila Ltd, e.g. in the case of claims against the partner or claims of the partner against third parties.
  • Ensuring the operation of IT, the website, and other platforms in particular.
  • Preparation and execution of transactions relating to the purchase or sale of companies or parts of companies or other corporate law transactions.

If consent has been given to process personal data for specific purposes (e.g., when registering for a newsletter), the personal data will be processed within the scope of and based on this consent, unless another legal basis exists and is necessary. Consent that has been given can be revoked at any time, but this has no effect on data processing that has already taken place.

6. Data security

The partner undertakes to process data for which it is responsible in accordance with the applicable laws on the protection of personal data. Where Aquila shares responsibility, it shall ensure the protection of personal data together with the partner. The protection of personal data includes appropriate technical and organizational security measures (e.g., access restrictions, firewalls, personalized passwords, encryption and authentication technologies, employee training, etc.).

7. Disclosure to third parties and transfer of data abroad

The partner or jointly responsible parties disclose personal data to the following third parties (recipients) in the following cases:

  • For outsourcing in accordance with Section 8 and for the purpose of customer service to other service providers.
  • For order fulfillment, i.e., when using products or services.
  • Due to legal obligations, legal justifications, or official orders, e.g., to courts, supervisory authorities, tax authorities, or other third parties.
  • To the extent necessary to protect the legitimate interests of those jointly responsible, e.g., in the event of legal action threatened or initiated by customers against Aquila or its partner company, in the event of public statements, to secure claims of Aquila or its partner company against customers or third parties, in the collection of receivables, etc.
  • With the consent of the persons concerned, to other third parties.

Recipients of personal data are usually located in Switzerland. However, when certain products or services provided by the joint controllers are used, personal data may also be disclosed to third parties outside Switzerland (e.g., in Europe or the USA).

If a recipient is located in a country without an adequate level of data protection, the partner or jointly responsible parties shall contractually oblige the recipient to comply with the applicable data protection regulations (e.g., with standard contractual clauses), unless the recipient is already subject to a legally recognized set of rules for ensuring data protection or the jointly responsible parties can rely on an exemption provision.

8. Outsourcing of business areas or services

The partner and those sharing responsibility outsource certain business areas and services in whole or in part to third parties.

The service providers who process personal data on behalf of the partner or the jointly responsible parties for this purpose (so-called contract processors) are carefully selected. Whenever possible, the jointly responsible parties use contract processors domiciled in Switzerland. The contract processors may be entitled to have certain services performed by third parties on their behalf.

The order processors may only process personal data received in the same way as the partner as the sole controller or the joint controllers themselves and are contractually obliged to ensure the confidentiality and security of the data.

9. Automated decisions in individual cases, including profiling

The partner and those jointly responsible reserve the right to process personal data automatically in the future, in particular to identify key personal characteristics of the customer, predict developments, and create customer profiles. This serves in particular to review and further develop offers and optimize the provision of services.

In future, customer profiles may also lead to automated individual decisions (e.g., automated acceptance and execution of customer orders in CRM). In such cases, it will be ensured that a contact person is available if a data subject wishes to comment on an automated individual decision and such a comment is provided for by law.

10. Use of websites and cookie policy

When a person visits the partner's websites, the web server automatically records details of their visit (e.g., the website from which the visit originates, the visitor's IP address, the content of the website that is accessed, including the date and duration of the visit). Such tracking data is used to optimize the websites visited and provides information about how visitors find out about and use the products, services, and offers. However, it does not usually allow any conclusions to be drawn about the identity of the visitor. In this respect, no personal data is processed.

However, if the visitor provides personal data, e.g., by filling out a registration form or message field for newsletters, etc., the partner may use this data in addition to the purposes specified in Section 5, in particular for the following:

  • for customer and user administration;
  • to inform visitors about services and products;
  • for marketing purposes (e.g., sending newsletters);
  • for technical hosting and further development of the websites.

When visiting websites, visitor data is transported via the Internet, which is an open network accessible to everyone. Data transmitted via electronic media (including email) cannot be effectively protected against access by third parties. Among other things, this carries the risk that the data may be disclosed or its content altered, that the identity of the sender (e.g. e-mail) and the content of the message being falsified or manipulated in some other way by unauthorized persons, that viruses are released, that technical transmission errors, delays, or interruptions occur, that data is transferred abroad in an uncontrolled manner, where data protection requirements may be lower than in Switzerland, etc.

By using the websites, visitors confirm their express agreement with this privacy policy and the risks mentioned.

Furthermore, by using the partner's websites, visitors agree to the use of cookies. Cookies are small files that are stored on the visitor's computer in order to track the corresponding website visit and navigation between different pages and/or to save settings (e.g., selected language). Cookies are used to collect statistical data on the frequency and duration of visits to individual website areas and help to design customized, useful, and user-friendly websites. Visitors can opt out of the use of cookies at any time by deleting the cookies set by the website. Deletion is possible via the settings in the visitor's Internet browser.

Occasionally, the Partner uses third-party components (such as plug-ins) to improve the user experience and online advertising campaigns. These components may also use cookies for similar purposes. Neither these third parties nor the joint controllers have access to the data collected by the other party via cookies. Finally, the Partner also uses cookies in connection with advertisements on third-party websites with which the Partner has marketing relationships. If third parties collect anonymized information about the use of the websites and other websites, the Partner may use this anonymized data to improve the effectiveness of advertising.

This title of the present privacy policy applies only to data that the partner receives based on the use of its website. It does not apply to third-party websites, even if the visitor accesses them via links on a partner's website. Neither the partner nor those jointly responsible have any influence on the content and data protection practices of third-party websites and cannot accept any responsibility for them.

11. Duration of storage

The duration of storage of personal data depends on the purpose of the respective data processing and/or statutory storage and documentation obligations, which may be five, ten, or more years, depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and as far as possible.

12. Rights of data subjects

Anyone can request information from the partner about whether personal data about them is being processed. There is a right to object, restrict processing and, where applicable, a right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, provided that this does not conflict with legal or regulatory requirements (e.g., legal retention obligations for business-related data) or technical obstacles. The deletion of data may result in certain services no longer being able to be provided. In addition, where applicable, there is a right of appeal to a competent authority. Where the partner or joint controllers process personal data on the basis of consent, this consent may be revoked at any time. It should be noted that the partner or Aquila Ltd reserve the right to assert the restrictions provided for by law, for example if they are obliged to store or process certain data, have an overriding interest in doing so (insofar as they are entitled to invoke this) or need it to assert claims.

In order to assist our partner in responding to your inquiry, we ask that you provide us with clear and relevant information. We will review your inquiry and respond within a reasonable period of time.

13. Changes

The partner alone or together with Aquila AG may amend this privacy policy at any time without prior notice. The current version published on the website of the partner or Aquila AG applies.

Get in touch for a personal exchange.

A personal consultation often serves as the most effective means to achieve clarity. We actively listen, comprehend your specific situation, and present transparent solutions.

Schedule a meeting

Aquila Investment Partner Ltd.
Bahnhofstrasse 43
8001 Zurich

+41 58 680 63 23
info@aivp.ch‍

ServicesTeamFAQContact
Data ProtectionImprintLegal NoticeClient Information FIDLEG
© AIVP