For Aequitum SA, confidentiality and Privacy protection is, even before a legal obligation, an indispensable element of its identity, as are Transparency, Security and Communication with the customer. Technological developments and innovations in the legislative field are an additional incentive to continuously invest in data security and process management, especially since Aequitum SA's activity is customized and offered tailored to the needs of individual clients, whether individuals, legal entities or institutional bodies.
To the extent that one or more parts of this policy are unclear, we invite users to contact us for more details. You may contact us at email@example.com.
The following will explain the legal basis inherent in data processing, the purpose and manner of processing, and your rights in relation to such processing.
Aequitum SA offers neither financial services, nor collects sensitive data through its website, as the primary aim of the latter is providing users with general information regarding the world of finance, as well as providing timely information about the activities of Aequitum itself. Regarding the technologies on the website and the information it collects, please see the cookie section at the following link: www.aequitum.com/cookie-policy
On September 1st of last year, the new Federal Data Protection Act (LPD) came into force, which applies to the processing of data of natural persons. In contrast, the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data (GDPR), become applicable again exclusively to citizens residing in the European Union if all necessary conditions are met.
The potential applicability of the GDPR to the activities of a Swiss company must be assessed on a case-by-case basis. The following information is provided for informational purposes only and does not in any way constitute a declaration of subjectivity by AEQUITUM SA.
The law (DPA) requires the Data Controller to provide the following information (Art.19 DPA):
- The identity and contact details of the data controller;
- The purpose of the processing;
- If applicable, the recipients or categories of recipients to whom personal data are disclosed;
- If personal data are not collected from the data subject, on the categories of personal data processed;
- If personal data are transferred abroad, information about the recipient country or international organization and, if applicable, the safeguards in place.
In addition, in the event that the GDPR becomes applicable again, it also requires expressly informing about:
- The legal basis for processing;
- The manner of processing (Art. 4 GDPR);
- The object of the processing (Art. 4 GDPR);
- The rights of the person concerned .
The law also provides exceptions to the above-mentioned obligations, which are outlined in Article 20 of the LPD, to which we refer:
- Data Controller is Aequitum SA, CHE-221,870,031, Via Vegezzi 6, CH - 6900 Lugano;
- The purpose of processing personal data by Aequitum SA is to enable the company to pursue its corporate purpose, namely, the management of individual portfolios in accordance with Article 17 paragraph 1 LlsFi, and the organization and strategic consultancy for families, individuals, and legal entities, as well as offering investment advisory services, portfolio analysis, and financial services. Typically, the purpose is to fulfill the mandate given by the Client and/or to comply with legal obligations arising from its activities. The purpose may also include selecting candidates for open positions (recruiting) and managing personnel.
- Recipients are primarily credit institutions, insurance companies, third-party asset managers, and fiduciary firms, as well as Swiss supervisory authorities.
- In fulfilling legal obligations, personal data may be obtained through third-party databases, for example, for anti-money laundering checks, etc. As part of fulfilling the mandate, personal data is obtained – with the client's consent – from the third parties mentioned in point 3 above.
- Data transfer abroad only occurs for purposes necessary for executing the mandate. Communication takes place in countries where the client resides or where service providers necessary for delivering the services outlined in the mandate are located. Depending on the destination country, Aequitum SA takes the necessary measures to protect personal data and confidentiality. However, the client is informed that in some countries, the protection of privacy may not be deemed adequate by the Federal Data Protection and Transparency Commissioner (IFPDT).
- Data processing is primarily based on contractual obligations assumed by the Data Controller in the contract with the data subject and legal obligations under which the Data Controller operates during its activities. Processing may also be based on the legitimate interests of the Data Controller, such as asserting or exercising their rights in the appropriate forums. In some rare circumstances, processing may be based on the consent of the data subject.
- The processing of personal data by the Data Controller is carried out using computerized processing systems and appropriate technical and organizational measures to ensure data integrity, accuracy, security, and confidentiality. Data is retained for the duration necessary for service provision, or until the Data Controller has an obligation to retain it (e.g., for tax, control/surveillance purposes, etc.). Storage may also occur to ensure the exercise of the Data Controller's rights in connection with a legal proceeding or the risk of such a proceeding occurring;
- The subject of the processing of personal data includes personal information, including place and date of birth, biometric data, and/or data present on identification documents (passport, ID card, etc.), account numbers and banking relationships, financial, tax, and social security data, and other information that may also relate to the client's health.
- The data subject has the following rights:
- Request from the data controller access to personal data to confirm whether or not personal data concerning them is being processed and, if so, obtain all necessary information as provided and regulated by Article 15 "Right of access by the data subject" of the GDPR;
- Request the data controller to rectify inaccurate personal data concerning them, as well as to complete incomplete data as provided and regulated by Article 16 "Right to rectification" of the GDPR and Article 7, paragraph 3, letter a);
- Request the data controller to erase personal data concerning them when the data is no longer necessary for the purposes for which it was collected or otherwise processed (letter a); the data subject has withdrawn their consent or there is no legal basis for processing (letter b); the data subject has objected to processing under Article 21, paragraphs 1 or 2, and there are no overriding legitimate grounds for the processing (letter c); the processing is unlawful (letter d); the erasure of data is required by a legal obligation to which the data controller is subject (letter e); in cases provided for in Article 8, paragraph 1 (letter f), all in any case, as better provided and regulated by Article 17 "Right to erasure ('right to be forgotten')" of the GDPR and Article 7, paragraph 3, letter b);
- Obtain from the data controller the restriction of processing where the data subject contests the accuracy of personal data (in this case, for the time necessary to verify the accuracy of such data - letter a); in cases of unlawful processing, the data subject objects to erasure but instead requests a restriction on its use (letter b); regardless of whether the data controller no longer needs it for processing purposes, the data subject needs it for establishing, exercising, or defending legal claims (letter c); the data subject has objected to processing under Article 21, paragraph 1, pending the verification of whether the legitimate grounds of the data controller override those of the data subject (letter d), all in any case, as better provided and regulated by Article 18 "Right to restriction of processing."
- At any time, for reasons related to their particular situation, object to the processing of personal data concerning them, in accordance with Article 6, paragraph 1, letters e) or f), including profiling based on those provisions, as well as in the case of processing for marketing purposes, including, in this case, profiling to the extent connected with such direct marketing. All in any case, as better provided and regulated by Article 21 "Right to object to processing" of the GDPR and Article 7, paragraph 4, letters a) and b);
- Obtain data portability as better provided and regulated by Article 20 "Right to data portability."
- At any time, withdraw their consent to the processing of data without affecting the lawfulness of processing based on consent before its withdrawal. All in any case, as better provided and regulated by Article 7 "Conditions for consent."
- Lodge a complaint with a supervisory authority responsible for monitoring the application of the GDPR to protect the fundamental rights and freedoms of natural persons with regard to the processing of personal data. All in any case, as better provided and regulated by Articles 51 and following "Supervisory authority."