Header

EN

Data protection

Helvetic Trust AG privacy policy

Version dated 01/09/2023

We, Helvetic Trust AG (hereinafter referred to as ‘HT’, ‘we’ or ‘us’), explain in this privacy policy how we collect and process personal data. This is not an exhaustive description; where applicable, our general terms and conditions and other similar documents regulate specific matters. Personal data refers to all information relating to an identified or identifiable person.

If you provide us with personal data relating to other people (e.g. family members), please ensure that they are aware of this privacy policy and that you only share their personal data with us if you are allowed to do so and if this personal data is correct.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (‘GDPR’) and the Swiss Federal Act on Data Protection Act (‘FADP’). However, whether and to what extent these laws apply depends on the specific case.

1. Data controller

Helvetic Trust AG, Uraniastrasse, 8001 Zurich, is responsible for the data processing described here.
If you have any concerns regarding data protection, you can email us at datenschutz@h-t-p.ch

2. Collecting and processing of personal data

We primarily process personal data that we receive from our clients and other business partners as part of our business relationship with them and other persons involved, or personal data that we collect from their users when operating our website and other applications.
If permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, the internet) or receive such data from other companies, authorities and third parties. In addition to the data that you provide to us directly, we also obtain categories of personal data from third parties.

  • information from public registers;
  • information that we discover in connection with official and judicial proceedings;
  • information that we discover in connection with official and judicial proceedings;
  • information relating to professional functions and activities;
  • information regarding you in correspondence and meetings with third parties;
  • credit check information (if we conduct business with you personally);
  • information relating to you that people in your environment (family, advisers, legal representatives, etc.) provide us with so that we can conclude or process contracts with you or with your involvement (e.g. references, your address, powers of attorney, information on compliance with legal requirements such as anti-money laundering and export restrictions);
  • information from banks, insurance companies, our sales partners and other contractual partners regarding the use or provision of services by you (e.g. payments or purchases made);
  • information relating to you from the media and the internet (as far as this is appropriate in the specific case, e.g. as part of an application, press review, marketing/sales, etc.); and
  • data relating to the use of our website (e.g. IP address, MAC address for your smartphone or computer, information regarding your device and settings, cookies, date and time of visit).

3. Purpose of data processing and legal basis

We primarily use the personal data we collect to conclude and process our contracts with our clients and business partners, particularly as part of wealth management and investment advisory contracts with our clients and the use of IT solutions and services from outsourcing partners and other service providers, and to meet with our legal obligations in Switzerland and abroad. If you work for such a client or business partner, your personal data may of course also be affected in this capacity.
We also process personal data from you and others, to the extent permitted and deemed appropriate to us, for purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose.

  • the offer and further development of our offerings, services and website and other platforms on which we have a presence;
  • communication with third parties and processing of third-party enquiries (e.g. applications, media enquiries);
  • review and optimisation of procedures for needs analysis for the purpose of direct client contact and collection of personal data from publicly available sources for the purpose of client acquisition;
  • advertising and marketing (including event organisation), unless you have objected to the use of your data (if we send you advertising as an existing client, you can object to this at any time and we will then put you on a block list for further advertising);
  • assertion of legal claims and defence in connection with legal disputes and governmental proceedings;
  • prevention and resolution of crimes and other misconduct (e.g. conducting internal investigations, carrying out data analysis to combat fraud);
  • to guarantee our operations, in particular IT, our website and other platforms; and
  • purchase and sale of business areas, companies or parts of companies and other corporate transactions and the related transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations and internal regulations.

If you have consented to us processing your personal data for specific purposes (for example when carrying out a background check), we will process your personal data as part of and based on this consent, unless we have another legal basis and require such another legal basis. Any consent that has been given can be withdrawn at any time, but this has no effect on data processing that has already taken place.

4. Technologies in connection with the use of our website

When you visit the website, temporary cookies (small text files that are saved on your computer when you visit this website) are used to make navigation easier (e.g. for language selection). These ‘session cookies’ do not contain any personal data and expire at the end of the session. You can fully or partially disable cookies via your browser settings at any time. If cookies are disabled, you may no longer be able to use all of the functions of this website.

We use Google Analytics on our website. This is a service provided by Google, which may be located in any country in the world (in the case of Google Analytics, this is Google Ireland [based in Ireland]; Google Ireland uses Google LLC [based in the US] as the data processor [both referred to as ‘Google’], www.google.com), which we use to measure and evaluate the use of the website (not personal data). Permanent cookies saved by the service provider are also used for this purpose. We have turned off the ‘Data sharing’ and ‘Signals’ settings. Although we may assume that the information we share with Google is not personal data for Google, it is possible that Google may use this data for its own purposes, draw conclusions about the identity of visitors, create personal profiles and link this data to these people’s Google accounts. If you have personally registered with the service provider, the service provider will also recognise you. The processing of your personal data by the service provider is then the responsibility of the service provider, in line with its data protection regulations. The service provider only tells us how our website is used (which does not include any information regarding you personally).

SSL encryption
Our website uses SSL encryption for security reasons and to protect the transmission of data you send to HT. You can tell that a connection is encrypted when the browser address bar changes from ‘http://’ to ‘https://’ and a lock symbol is displayed in your browser bar.

This website is hosted by METANET AG on web servers in Switzerland. When you access our website, the following data is stored in log files: IP address (i.e. the unique address that identifies your computer on the internet), date, time, browser request and general information transmitted regarding your operating system or browser. According to the Federal Act on the Surveillance of Post and Telecommunications (SPTA), there is a legal obligation to retain connection data from the last six months. This data is used exclusively for statistical purposes and for troubleshooting.

5. Data sharing and transmission in Switzerland and abroad

As part of our business activities and the purposes set out in section 3, we may also share data with third parties, to the extent permitted and deemed appropriate to us, either because they process it for us or because they intend to use it for their own purposes.

  • service providers such as banks, insurance companies, including commissioned processors (e.g. IT providers in the context of outsourcing);
  • national and foreign authorities, official bodies or courts on official or judicial orders;
  • other parties in potential or actual legal proceedings based on an official or court order; and

    all common recipients.

    These recipients are mostly located in Switzerland, but may also be located in EU or EEA countries. Further exceptions abroad may apply if legal proceedings have to be carried out abroad.

    If a recipient is located in a country that does not have adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection regulations (we use the European Commission’s revised standard contractual clauses for this purpose, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?) unless they are already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. Such an exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such sharing, if you have given your consent or if the data is data that you have made generally accessible and you have not objected to it being processed.

6. Personal data retention period

We process and store your personal data for as long as it is necessary to meet our contractual and legal obligations or for other purposes pursued by the processing, i.e. for the duration of the entire business relationship, for example (from initiation and processing to termination of a contract) and in line with legal retention and documentation obligations. It is possible that personal data will be stored for the period in which claims can be asserted against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymised as far as possible. Shorter retention periods of 12 months or less apply to operational data (e.g. system protocols and logs).

7. Data security

We take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse.

8. Obligation to provide personal data

As part of our business relationship, you must provide the personal data necessary for the establishment and implementation of a business relationship and the fulfilment of the related contractual obligations (you generally are not legally obliged to provide us with data). Without this data, we are generally unable to enter into or process a contract with you (or the entity or person you represent). It is also not possible to use the website if specific information required to ensure data traffic (e.g. IP address) is not shared.

9. Rights of the data subject

As part of the data protection law applicable to you and to the extent provided for therein, you have a right of access and a right to rectification, erasure, restriction of data processing and otherwise a right to object to our data processing operations and other legitimate interests in processing, and to the release of certain personal data for the purpose of transfer to another location (‘data portability’). However, please note that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on this) or need it to assert claims. If this will result in you incurring costs, we will inform you of this in advance. We have already provided information about the option to withdraw your consent in section 3. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or costs. We will inform you of this in advance if this is not already contractually agreed.

The exercise of such rights usually requires you to clearly prove your identity (e.g. a copy of your ID, where your identity is otherwise unclear or cannot be verified). You can contact us at the address given in section 1 to assert your rights.

Data subjects also have the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

10. Changes

We may make changes to this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any changes by email or via other appropriate means.

Based on DSAT.ch