Data Protection Declaration
1. Who is responsible for processing your data?
The following company is the "responsible party", i.e. the party primarily responsible under data protection law (also "we"), for data processing in accordance with this data protection declaration:
True Wealth AG
T: +41 44 508 70 17
2. How do we process data in connection with our services?
If you make use of our services, we process data for the preparation of the conclusion of the contract and for the execution of the corresponding contract, in particular an asset management contract. Our services are aimed at persons or companies domiciled in Switzerland.
We process data in connection with our services as follows:
- If we are in contact with you regarding a contract (e.g. an asset management contract, for a test account or other contracts), we process data that you, your bank or third parties provide to us. This includes information about your financial circumstances and bank details and your risk capacity and risk appetite. We also identify you as part of the online onboarding process to comply with legal requirements under the Federal Act on Combating Money Laundering and Terrorist Financing. For this purpose, we collect and document the data required by law. As part of our duties, we also carry out sanctions and comparable checks on our clients or their management bodies and beneficial owners and obtain data for this purpose from the relevant databases and from publicly available sources, including identification data, information on economic and political connections and on sanctions. This may also include sensitive personal data.
- When opening an account, we process the data from the lead-up to the conclusion of the contract and information on the conclusion of the contract itself (e.g. the conclusion date and the subject matter of the contract). We also process personal data during and after the term of the contract. This concerns, for example, disclosures on asset management (e.g. information on personal and financial situation as well as questions on financial risk tolerance and appetite and other investment preferences, asset portfolio, investment mix, transactions, return and deposits and withdrawals, information on the beneficial ownership and origin of the assets to be deposited and on the tax status), on our management fees, payments, contacts with us, mutual claims, on the termination of the contract and – if disputes should arise in connection with the contract – also on these and corresponding proceedings.
- If you participate in the True Wealth client referral or pooling programme, your personal data regarding name, title and e-mail address will be disclosed to the new client or pooling member you have referred. In the case of client referrals, we also disclose whether you are invested with us or not, and in the case of pooling, your average assets under management by us (excluding pillar 3a).
- We also use your data to comply with legal and regulatory clarification, disclosure, information, reporting and other obligations (e.g. in the context of the automatic exchange of information) and to comply with court or official orders (e.g. in connection with the Money Laundering Act).
- When you use our online platform, we also process personal data, in particular information about your actions and their timing when you use the platform, as well as login data and other data; you can find more information about this under section 5.
- We also process the aforementioned data for statistical evaluations for marketing and market research purposes.
We also process data relating to our suppliers and partners, such as custodian banks, in connection with contracts with them. In the case of companies, we process less personal data because data protection law only covers data of natural persons. However, we do process information about the contact persons with whom we are in contact.
It may be that you provide us with data that also relates to other persons (e.g. authorised representatives, deputies, advisors, beneficiaries of transfers, beneficial owners, contacts, relatives, friends). In this case, we assume that this data is correct and that you are allowed to transmit this data to us. Since we often have no direct contact with these persons and cannot inform them directly about our data processing, we ask you to inform these persons on your part about our data processing (e.g. by referring to this data protection declaration).
Incidentally, you are not obliged to disclose data to us, with the exception of individual cases (e.g. if you have to fulfil a contractual obligation and this involves disclosing data to us). However, we must process data for legal and other reasons when we conclude and execute contracts. The use of our website is also not possible without data processing.
3. How do we process data in connection with advertising?
We also process personal data to promote our services:
- Newsletters: We send electronic information and newsletters that also contain advertising for our offers. We ask for your consent beforehand, except when we promote certain offers to existing customers.
- Refer a friend: Our customers can register the name and e-mail address of a friend via our website, to whom we then send a message with information about our services. If they do not decide to use our services, we delete their data after 90 days at the latest. If the referred friend uses our services, he can decide whether the previous customer is informed about the conclusion of the contract.
- Online advertising: We may also advertise our services on partner websites. You will find further details on this under point 6.
- Calls: We may call our customers and, in individual cases, also potential customers and, in doing so, process the relevant data about our call partners and, where applicable, associated persons at the called company.
- Market research: We also process data to improve services and develop new products, e.g. information about product experiences or your reaction to newsletters or information from customer surveys and polls or from social media, media monitoring services and public sources.
4. How do we disclose data?
We may disclose personal data to various bodies in the course of our business. These include:
- persons associated with you (see section 2 above);
- partners such as custodian banks;
- offices, authorities and courts within the scope of our legal duties and in connection with proceedings in which we are a party or third party affected;
- third parties, for example in connection with the acquisition or sale of assets by us;
- service providers, especially providers of IT services (examples are providers of hosting services and other applications), of administration and consulting services; also services of banks, the postal service, etc. You will find details of service providers for our website under point 6. These service providers may also process personal data to the extent necessary.
These recipients of data are not only located in Switzerland. This applies in particular to service providers. They also have locations in the EU or EEA, but also in other countries around the world, especially via their subcontractors and in turn their subcontractors (e.g. we use services from Amazon and Google; both have a location in Ireland, but may in certain circumstances involve subcontracted processors who may also be located in other countries). These may also process personal data in certain circumstances. We may also transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings (see section 7). Not all of these countries have adequate data protection. We compensate for the lower level of protection through appropriate contracts, in particular the so-called standard contractual clauses of the European Commission, which can be accessed here. In certain cases, we may also transfer data without such contracts in accordance with data protection requirements, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the performance of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
5. How do we process data on the internet?
5.1. What data is collected when using our website?
For technical reasons, every time you use our website, certain data is collected and temporarily stored in log files (log data), in particular the IP address of the end device, information about the Internet service provider and the operating system of your end device, information about the referring URL, information about the browser used, the date and time of access and the content accessed when visiting the website.
We use log data and data collected via cookies and similar technologies to enable our website to be used, to ensure system security and stability, to optimise our website and for statistical purposes. Cookies and other technologies may also come from third party companies that provide us with certain functions. You will find more information on this below.
You can configure your browser in the settings so that it blocks certain cookies or similar technologies, or deletes cookies and other stored data. You can find out more about this in the help pages of your browser (usually under the keyword "Data protection").
5.2. How do our service providers process data for our website?
Cookies and similar technologies from third parties allow them to provide analytics and analysis for us so that we can understand how our website is used and optimise our online offering, or so that we can offer features such as videos. In addition, these third parties may target you with individualised advertising on websites and social networks operated by these third parties or their partners and measure how effective advertisements are (e.g. whether you arrived at our website via an advertisement and what actions you then take on our website).
These third-party providers may record the use of the website and combine their recordings with further information from other websites. In this way, they can record user behaviour across several websites and end devices in order to provide us with statistical evaluations on this basis. The providers can also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person.
We use, for example, Google Ad Manager (further information: here; opt-out: here) and Microsoft Advertising (further information: here; opt-out: here) for advertising on partner sites. Two other examples of our service providers are Google and Facebook. We may also use other third party service providers who generally process personal and other data in a similar way.
Google Analytics is an analysis service provided by Google LLC (Mountain View, USA) and Google Ireland Ltd (Dublin, Ireland). Google collects certain information about the behaviour of users on the website and about the end device used. The IP addresses of visitors are shortened in Europe before being forwarded to the USA. Google provides us with analyses based on the recorded data, but also processes certain data for its own purposes. You can find information on the data protection of Google Analytics here, and if you have a Google account yourself, you can find further details here.
Facebook Pixel by Facebook, Dublin, Ireland is used to display advertisements on Facebook and on partners cooperating with Facebook when they have shown an interest in us. It also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users have been redirected to our website after clicking on a Facebook ad. We share responsibility (but not further processing) with Facebook for displaying advertising information that matches users' interests, improving ad delivery and personalising features and content. We have therefore entered into a corresponding supplementary agreement with Facebook. Users can therefore address requests for information and other data subject requests related to shared responsibility directly to Facebook.
5.3. How do we process data via social media?
We operate our own presences on social networks and other platforms (e.g. on LinkedIn, Twitter, Instagram, YouTube). If you communicate with us there or comment on or disseminate content, we collect information that we use primarily for communication with you, for marketing purposes and for statistical analyses. We can also delete comments there or report them to the provider in the event of a breach of usage guidelines. Please note that the provider of the platform also collects and uses data itself (e.g. on user behaviour), possibly together with other data known to it (e.g. for marketing purposes or to personalise the platform content).
6. Are there other processings?
Yes, because a lot of processes are not possible without processing personal data, including common and even unavoidable internal processes. This cannot always be precisely determined in advance, nor the extent of the data processed in the process, but you will find details of typical (though not necessarily frequent) cases below:
- Communication: When we are in contact with you, we process communication content information about the nature, timing and location of the communication. For your identification, we may also process details of proof of identity.
- Compliance with legal requirements: We may disclose data to authorities as part of legal obligations or powers and to comply with internal regulations.
- Prevention: We process data for the prevention of crime and other infringements, e.g. as part of the fight against fraud or internal investigations.
- Legal proceedings: Insofar as we are involved in legal proceedings (e.g. court or administrative proceedings), we process data e.g. about parties to the proceedings and other persons involved, such as witnesses or respondents, and disclose data to such parties, courts and authorities, possibly also abroad.
- IT security: We also process data for monitoring, controlling, analysing, securing and checking our IT infrastructure, but also for backups and archiving data.
- Competition: We process data about our competitors and the market environment in general (e.g. the political situation, the association landscape, etc.). We may also process data about key persons, especially name, contact details, role or function and public statements.
- Transactions: If we sell or acquire receivables, other assets, business units or companies, we process data to the extent necessary to prepare and carry out such transactions, e.g. information on customers or their contact persons or employees, and also disclose corresponding data to buyers or sellers.
- Other purposes: We process data to the extent necessary for other purposes such as training and education, administration (e.g. contract management, accounting, enforcement and defence of claims, evaluation and improvement of internal processes, preparation of anonymous statistics and evaluations; acquisition or disposal of receivables, businesses, parts of businesses or companies and safeguarding other legitimate interests.
7. How long do we process personal data?
We process your personal data for as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), for as long as we have a legitimate interest in storing it (e.g. if in order to enforce legal claims, for archiving and or to ensure IT security) and for as long as data is subject to a statutory retention obligation (for certain data, for example, a ten-year retention period applies). After these periods have expired, we delete or anonymise your personal data.
8. Are there any other points that need to be considered?
Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but for example under the European General Data Protection Regulation (GDPR), insofar as it applies. As we focus our services on clients in Switzerland, this is only the case in exceptional circumstances. Here, the processing of your personal data is based on the fact that it is necessary for the preparation and execution of contracts (section 3), that it is necessary for the legitimate interests of us or third parties, e.g. for statistical evaluations (section 3) or for marketing purposes (section 4), that it is required or permitted by law or that you have separately consented to the processing. You will find the relevant provisions in Art. 6 and 9 GDPR.
9. What are your rights?
You have certain rights under the conditions and within the framework of the applicable data protection law, which you can exercise at any time and in principle free of charge:
- You can request a copy of your personal data and further information about our data processing;
- You can object to our data processing, especially in connection with direct marketing. However, if we are obliged to continue processing or if there are interests in doing so that outweigh your interest in having them stopped, we may continue to process data to the appropriate extent;
- You can have incorrect or incomplete personal data corrected or completed;
- You can receive personal data that you have provided to us in a structured, common and machine-readable format or have it transferred to a third party, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract;
- If we process data on the basis of your consent, you can revoke this consent at any time. The revocation is only valid for the future and we reserve the right to continue to process data on a different basis in the event of a revocation.
- The parents (or legal representative) of persons under the age of 16 may request cancellation or deregistration at any time.
If you wish to make use of such a right, please contact us (point 2). As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority, in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).
Zurich, Sep 1, 2023, Version 1.5