Data protection policy
Valvest Partners AG

We respect your privacy and your personal sphere. The protection and lawful collection, processing and use of your personal data is therefore a very important concern for Valvest Partners AG.

Data protection at a glance

In this privacy policy, we, Valvest Partners AG (hereafter referred to as "we" or "us"), explain how we collect and otherwise process personal data. The description contained herein is not exhaustive. Other privacy policies (or general terms and conditions, participation conditions, and similar documents) may regulate specific circumstances. Personal data refers to all information that relates to a specific or identifiable person.

If you provide us with personal data of other people (e.g., family members, work colleagues), please en-sure that these people are aware of this privacy policy and only share their personal data with us if you are allowed to do so and if the data is accurate.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DSG"), and the revised Swiss Data Protection Act ("re-DSG"). Whether and to what extent these laws apply depends on the individual case.

Version of September 1, 2023






Responsibility

Responsible for the data processing is Valvest Partners AG, Dufourstrasse 1, 8008 Zurich, Switzerland. If you have data protection concerns, you can communicate them to us at the following contact address::

Valvest Partners AG
Dufourstrasse 1
8008 Zurich
Switzerland
E-Mail: info@valvest.ch




Data protection officer and representatives

Data protection according to GDPR

Within the company, the Compliance & Risk Officer performs the role of the Data Protection Officer according to the GDPR.

We have the following data protection representation in accordance with Article 27 of the GDPR in the European Economic Area (EEA), including the European Union (EU) and the Principality of Liechtenstein, as an additional point of contact for supervisory authorities and affected individuals for inquiries related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
E-Mail: info@datenschutzpartner.eu

Data protection according to DSG

The Compliance & Risk Officer is also a data protection advisor in accordance with Art. 10 DSG.




Collection and processing of personal data

We primarily process the personal data that we receive from these and other people involved as part of our business relationship with our customers and other business partners or that we collect from their users when operating our websites, apps and other applications.

To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, internet) or receive such data from other companies, authorities and other third parties. In addition to the data about you that you give us directly, the catego-ries of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings in connec-tion with your professional functions and activities, information about you in correspondence and meet-ings with third parties, credit information (insofar as we conduct business with you personally), information about you that people in your environment (family, advisors, legal representatives, etc.) provide to us .) so that we can conclude or process contracts with you or with your involvement (e.g. references, your ad-dress for deliveries, powers of attorney, information on compliance with legal requirements such as anti-money laundering, information from banks, insurance companies, sales - and other contractual partners of ours for the use or provision of services by you (e.g. payments made, purchases made), information from the media and the Internet about you (if this is appropriate in the specific case, e.g. as part of an application, press review, Marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).




Purposes of data processing and legal basis

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of asset management with our customers and to comply with our legal obligations at home and abroad. In particular, we process personal data in accordance with the applicable legal provisions for the purpose of the customer acceptance procedure and customer relationship management.

In addition, we process personal data of you and other persons, as far as permitted and as we deem appropriate, also for the following purposes, in which we (and sometimes also third parties) have a legiti-mate interest corresponding to the purpose:

  • Offer and further development of our offers, services and websites, apps and other platforms, on which we are present;
  • Complaints and communication with third parties and processing of their requests (e.g. applica-tions, media inquiries);
  • Testing and optimization of procedures for needs analysis for the purpose of direct customer con-tact as well as collection of personal data from publicly accessible sources for customer acquisi-tion;
  • Advertising and marketing (including conducting events), as long as you have not objected to the use of your data (if we send you advertising as an existing customer of ours, you can object at any time, we will then put you on a blacklist against further advertising mailings);
  • Media monitoring;
  • Assertion of legal claims and defense in connection with legal disputes and official proceedings;
  • Compliance and risk management and/or prevention, to comply with our ongoing obligations under regulatory and compliance obligations (e.g. legal regulations of the financial industry and to prevent money laundering and tax laws), among others in relation to the recording and monitoring of communication, application of a risk classification to ongoing business relationships, disclosure of data to tax authorities, financial supervisory authorities and other regulatory and governmental bodies;
  • Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
  • Ensuring our operations, in particular the IT, our websites, apps and other platforms;
  • Video surveillance to protect the house rules and other measures for IT, building and plant security and protection of our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
  • Purchase and sale of business units, companies or parts of companies and other corporate trans-actions and related transfer of personal data as well as measures for business management and as far as necessary to comply with legal and regulatory obligations as well as internal regulations of Valvest Partners AG.

As far as you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters or conduct a back-ground check), we process your personal data within the scope and based on this consent, unless we have another legal basis and we need one. A given consent can be revoked at any time, but this has no effect on data processing that has already taken place.

As far as we process particularly sensitive personal data about you, we do so because:

  • The processing is necessary for the assertion, exercise or defense of legal claims;
  • The processing relates to personal data that you have obviously made public; or
  • You have expressly consented to the processing of this information (if legally permissible).



Cookies / Tracking and other technologies related to the use of our website

The following domains are part of our website:
www.valvest.ch
The following information is related to and valid for the above mentioned domain.

We typically use “cookies” and similar techniques on our websites, which allow your browser or device to be identified. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you visit this website again, we can recognize you, even if we don’t know who you are. In addition to cookies that are only used during a session and deleted after your website visit (“session cookies”), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (“permanent cookies”). However, you can set your browser to reject cookies, store them only for one session or delete them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to save your user settings (e.g. language, auto-login), to better understand how you use our offers and content, and to show you offers and advertising tailored to you. This can also happen on websites of other companies; however, they do not learn from us who you are, if we even know that ourselves, because they only see that the same user is on their website who was also on one of our pages. Some of the cookies are set by us, some by contractual partners with whom we work together. If you block cookies, it may happen that some functionalities no longer work.

We sometimes embed visible and invisible image elements in our newsletters and other marketing emails, as far as permitted, which allow us to determine whether and when you opened the email, so that we can also measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are preset to do so.

By using our website and consenting to receive newsletters and potentially other marketing emails, you agree to the use of these techniques. If you do not want this, then you must set your browser or email program accordingly.

We sometimes use Google Analytics or similar services on our websites. This is a service of third parties, which can be located in any country on earth (in the case of Google Analytics it is Google Ireland (based in Ireland), Google Ireland relies on Google LLC (based in the USA) as a data processor (both “Google”), www.google.com), with which we can measure and evaluate the use of the website (not personally identifiable). For this purpose, permanent cookies are also used, which are set by the service provider. If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider according to its privacy policy. The service provider only tells us how our respective website is used (no information about you personally).

We also use so-called plug-ins from social networks such as Facebook, Twitter, Youtube, Pinterest or Instagram on our websites. This is visible to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its privacy policy. We do not receive any information about you from him.




Data sharing and data transfer abroad

We disclose data within the scope of our business activities and the purposes according to para. 5, as far as permitted and as we deem appropriate, also to third parties, either because they process them for us or because they want to use them for their own purposes. This concerns in particular the following recipients:

  • Our service providers (such as banks, insurance companies, trustees), including processors (such as IT providers);
  • Other business partners;
  • Domestic and foreign authorities, offices or courts;
  • Industry organizations, associations, organizations and other committees;
  • Other parties in possible or actual legal proceedings;
  • Other companies or subsidiaries of Valvest Partners AG;
hereinafter collectively referred to as «Recipients».

These recipients are partly in Switzerland, but can also be abroad. You must expect in particular that your data will be transferred to all countries where the service providers and other business partners we use are located (such as Microsoft, FileMaker etc.).

If a recipient is located in a country without adequate legal data protection, we oblige the recipient contractually to comply with the applicable data protection (for this purpose we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless he or she is already subject to a legally recognized framework for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular in legal proceedings abroad, but also in cases of overriding public interests or if a contract execution requires such disclosure, if you have consented or if it concerns data that you have made generally accessible and have not objected to their processing.




Duration of retention of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, execution to the termination of a contract) and beyond in accordance with the legal retention and documentation obligations. It is possible that personal data will be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized as a matter of principle and as far as possible. For operational data (e.g. system logs, logs), shorter retention periods may apply in principle.




Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, controls. By default, the processing of personal data is limited to the minimum necessary for the purpose of use, e.g. in terms of the amount of personal data collected, the extent of their processing, the storage period or the accessibility.




Obligation to provide personal data

In the context of our business relationship, you must provide the personal data that is necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations. Without this data, we will generally not be able to conclude or execute a contract with you (or the entity or person you represent). The website cannot be used either if certain information to ensure data traffic (such as IP address) has not been disclosed.




Profiling (and automated decision making)

We process some of your personal data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice about products. We use evaluation tools that enable us to conduct needs-based communication and advertising, including market and opinion research. In principle, we do not use fully automated decision-making to establish and implement the business relationship or otherwise (as regulated in Art. 22 GDPR). If we use such procedures in individual cases, we will inform you about this separately and inform you about the associated rights, if this is required by law.




Rights of the data subject

Within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular that for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing as well as the release of certain personal data for the purpose of transferring it to another location (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so or need it to assert claims. If you incur any costs, we will inform you in advance. We have already provided information about the possibility of revoking your consent in Section 5. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already contractually stipulated.

The exercise of such rights usually requires that you provide clear proof of your identity (e.g. through a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us as follows:

  • By Post to: Valvest Partners AG, Dufourstrasse 1, 8008 Zurich, Switzerland
  • By E-Mail to: info@valvest.ch

Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).




Changes to your personal information

In order to keep your personal information properly up to date, we will periodically ask you to review and confirm your personal information and/or notify us of any changes to your personal information. Proactive reporting of changes is welcome.




Changes to this Privacy Policy

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, in the event of an update we will inform you of the change by email or in another appropriate manner.