Privacy Policy of Fidinam Group
1. Scope
This privacy policy provides information on how and for what purposes companies belonging to the Fidinam Group process Your Personal Data (hereinafter "You"). A list of the companies belonging to Fidinam Group to which this privacy policy applies can be found here (hereinafter "we" or "Fidinam").
"Personal Data" means all details and information relating to an identified or identifiable natural person.
We process Personal Data in accordance with the requirements of the Swiss Federal Data Protection Act (hereinafter "FDPA") and, if and to the extent applicable, in accordance with the EU General Data Protection Regulation (hereinafter "GDPR") and local data protection laws. Where we deem it appropriate, we may provide you with additional privacy policies.
Since Fidinam consists of different companies, the company which will be responsible for processing Your Personal Data may vary. The company of Fidinam with which you correspond or do business or which has referred you to this privacy policy in the context of an enquiry, a contract or other correspondence is responsible for processing Your Personal Data under this privacy policy.
Depending on the data processing, the companies of Fidinam may each individually or jointly be the data controller or may also assume the role of data processor.
The contact person for any queries You may have regarding data protection is, irrespective of which Fidinam company is responsible for the processing of Your Personal Data in each individual case:
Fidinam Group Holding SA
Via Maggio 1
6900 Lugano
Telephone: +41 (0)91 973 17 31
Data protection representation EEA
We have the following data protection representation pursuant to art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for requests in connection with the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
Please contact us at the above addresses with any questions regarding data protection at Fidinam.
2. Data origin and data categories
We primarily process Personal Data that we receive or collect from our customers (including their employees, shareholders, directors, etc.), website visitors, service providers, banks and other business partners in the course of our business activities. In addition, we may also process Personal Data that we have obtained from publicly accessible sources (e.g. websites or public registers such as the commercial register, etc.). Finally, we may also have received Your Personal Data from family members of Yours, from business partners of ours, from official agencies and authorities or from other third parties.
The Personal Data we process includes, as the case may be, in particular name and contact details (e.g. address, telephone number and e-mail address), identification and background information (e.g. passport number, ID-number, language, date of birth, nationality, gender, religious denomination), political data, job title and business relationship, country of residence, geographic location, origin-related data, family situation (e.g. marital status, number of children), data on criminal proceedings, financial information for payment purposes (e.g. bank account details), economic data (e.g. financial assets, origin of funds), investment related information (e.g. investment profile, risk profile, suitability test, asset allocation, investments), transaction data (e.g. payment instructions, investment instructions), information about the use of our websites and information of any kind from correspondence, contacts and interactions (e.g. photographs, videos and voice recordings) with us.
3. Processing purpose and legal basis
3.1 In connection with our business activities
We process Your Personal Data primarily in order to provide our services in connection with our business activities. In particular, we process Your Personal Data for the following purposes:
- to communicate with You, in particular to provide You with information or to process Your requests. If You contact us by e-mail/contact form, You authorise us to reply to You via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. Therefore, we ask You not to send us confidential information by e-mail. We exclude - as far as legally permissible - any liability which You may incur in particular as a result of faulty transmission, falsification of content or disruption of the network (interruptions, overloading, illegal interventions, blocking);
- to make our services and our websites available to You and to evaluate and improve them;
- to organise events and webinars and report them or make them available on our websites (e.g. in the form of texts, photographs, videos and voice recordings);
- to inform you about charity events or artistic and cultural events organized by third parties (e.g., nonprofit foundations, theater companies...);
- to send Newsletters;
- for the conclusion, administration and performance of our contractual relationships;
- to maintain and manage the business relationship with You (incl. issuing invoices);
- to inform You of recent updates or to provide You with other information about our services;
- to promote services of ours;
- for statistical purposes;
- for IT and building security measures (such as access controls, visitor lists, network and mail scanners, telephone recordings) and risk control reasons;
- for the assertion of legal claims and defence in connection with legal disputes as well as proceedings before the authorities;
- to comply with our legal obligations nationally and internationally.
We process Your Personal Data for the purposes specified above, depending on the situation, in particular on the following legal bases:
- the processing of Personal Data is necessary for the performance of an agreement with You;
- You have given Your consent to the processing of the Personal Data relating to You;
- the processing of Personal Data is necessary for the fulfilment of a legal obligation;
- the processing is necessary to protect the vital interests of the data subject or another natural person; or
- we have a legitimate interest in processing the Personal Data.
3.2 When visiting our websites or receive our newsletters or book a free demo
Each time a user accesses our website, our server collects a set of user information which is stored in the server’s log files. The information collected includes, but is not limited to, the IP address, the date and time of access, the time zone difference relative to GMT, the name and URL of the downloaded file, the website from which the access takes place, the browser used and the operating system used.
The use of this general information does not involve identification of a specific person. The collection of this information or data is technically necessary in order to display our websites to You and to guarantee its stability and security. This information is also collected in order to improve the website and to analyse its use. The legal basis for the temporary storage of the information and log files is our legitimate interest in being able to offer You our websites in sufficient quality and to continuously improve it.
In addition, we collect the necessary information when you register on the website to receive our newsletters or to book a free demo. The legal basis to send you our newsletter or to book a free demo is Your consent. At the end of every newsletter there is a link that allows you to unsubscribe from the newsletter at any time. Your possible request to opt-out with respect to our newsletter does not entail the deletion of the aforementioned personal profile from the CRM, unless you exercise your right to deletion in the manner provided for in this policy in the section entitled "Your Rights".
3.3 When you attend an event
When You attend an event organise by us or in collaboration with our partners, we collect personal data to organise and conduct the event and, if necessary, to send You additional information afterwards. We also use Your information to alert You to other events. You may be photographed or filmed by us at these events, and we may publish this footage internally or externally. The information collected includes, contact information (e.g. last name, first name, address, telephone number and email address), personal information (e.g. occupation, function, title, employer company), pictures or videos, payment information (e.g. bank details).
The legal basis for processing these Personal Data are the fulfilment of a contractual obligation with or for the benefit of the data subject including contact initiation and possible enforcement (making participation in the event possible), the safeguarding our legitimate interest (e.g. holding events, dissemination information about our event, providing services, and efficient organisations) or Your consent (e.g. to send you marketing information or to create visual materials).
3.4 Inform You about events for charitable purposes or artistic and/or cultural events
Our customers' personal data may be processed to report charity events or artistic and cultural events organized by third parties (e.g., nonprofit foundations, theater companies...). The data processed for reporting these events are e.g.: email address, address, first name, last name. The legal basis for processing this data is legitimate interest, e.g., to promote our customers' participation in artistic events or to support humanitarian causes that may be of interest to them.
Your data will not be shared with third party organizers of the events or events without your consent. If you wish not to receive communication about future events of this type, please reply to the invitation email indicating your willingness to opt out with respect to this processing purpose. Keep in mind that your request to opt out with respect to the communication of events or event organized by third parties does not result in the deletion of your personal profile from the CRM, unless you exercise your right to deletion in the manner provided in this policy in the "Your Rights" section.
3.5 Contact form, contact by e-mail and telephone and direct communication
You can contact us by using the contact form or the e-mail addresses and telephone numbers provided on our websites. The Personal Data You send us will be stored and processed by us for the purpose of processing Your request. The legal basis for this Personal Data processing is Your consent and our legitimate interest in processing Your request.
For the organisation of telephone conferences, online meetings, video conferences and/or webinars ("Online Meetings"), we use the "Zoom" or "Microsoft Teams" service. For this service, we process and store information that you upload while using the video conferencing service, provide or create, as well as metadata used to maintain the service provided. Further information on the processing of personal data by "Zoom" or Microsoft Teams can be found in the data protection declarations of these services. The legal basis for this Personal Data processing is the performance of an agreement with You, including the preparation of the agreement and its eventual implementation.
3.6 Cookies/Tools
Our websites may use so-called cookies or other technologies/tools such as pixels, tags or external services (hereinafter "Cookies" or "Tools"). Cookies are text files that are stored in or by the internet browser on the computer system or a mobile device of the user. The Cookie contains a characteristic string that allows the browser or mobile device to be identified unambiguously when the website or app is visited again.
The purpose of the use of Cookies is, on the one hand, to enable and simplify the use of our websites for users. Some functions of the websites cannot be offered without the use of Cookies (so-called technically necessary Cookies). On the other hand, we also use Cookies/Tools to analyse user behaviour on our websites, namely for range measurement and marketing purposes, including newsletters tracking.
3.6.1 Technically necessary Cookies
Technically necessary Cookies are necessary for the functioning of our websites. Therefore, these Cookies cannot be deactivated in our systems. These Cookies usually record important actions, such as the number of requests made, the editing of Your privacy settings or when You fill out forms. Although You can block these Cookies in Your browser, some parts of our websites may no longer function then.
The legal basis for the data processing when using technically necessary Cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our websites.
Name |
Description |
Duration |
Typology |
Provider |
Part |
__hs_cookie _cat_pref |
Use to keep cookie usage preferences set by user |
6 months |
Necessary |
Cloudflare |
Primary |
__cfruid |
Cloudflare sets this cookie to identify trusted web traffic. |
Session |
Necessary |
Cloudflare |
Primary |
__cf_bm |
Cloudflare set the cookie to support Cloudflare Bot Management. |
30 minutes |
Necessary |
Cloudflare |
Primary |
3.6.2 Analytical and marketing Cookies
Analytical Cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our websites and improve the user experience. They help us to identify how popular which pages are and indicate how visitors move around our websites. The information collected is aggregated and anonymous.
Marketing Cookies allow us to deliver advertising that is relevant to You. These Cookies may remember that You have visited our websites and share this information with other companies, including other advertisers.
If we use Cookies for analysis and marketing purposes, we obtain Your consent to do so. Therefore, the processing of data for analysis and marketing purposes is based on Your consent. If You give us Your consent, You may withdraw it at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of Your consent before Your withdrawal of consent. You can express Your withdrawal at any time by adjusting the Cookie settings.
You can object to the use of Cookies, for example, (i) by selecting the appropriate settings in Your browser or (ii) by using appropriate Cookie blocker software (e.g. ghostery etc.).
Name |
Description |
Duration |
Typology |
Provider |
Part |
__hstc |
This is the main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). |
6 months |
Analytics |
Hubspot |
Primary |
hubspotutk |
This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. |
6 months |
Analytics |
Hubspot |
Primary |
__hssc |
This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. |
30 minutes |
Analytics |
Hubspot |
Primary |
__hssrc |
Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
|
Session |
Analytics |
Hubspot |
Primary |
_ga* |
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
|
1 year 1 month 4 days |
Analytics |
Google |
Third Part |
_gid |
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
|
1 day |
Analytics |
Google |
Third Part |
_gat |
Used by Google Analytics to throttle request rate, which means that it limits the collection of data on high traffic sites
|
1 day |
Analytics |
Google |
Third Part |
_fbp |
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
|
3 months |
Advertisement |
Facebook |
Third Part |
3.7 Google Tag Manager
On our websites, we may use Google Tag Manager from Google. Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tool itself is a Cookie-free domain and, according to Google, does not collect any Personal Data. The Tool triggers other tags, which in turn may collect Personal Data. Google Tag Manager does not access this data. If a deactivation has been made at domain or Cookie level, this remains in place for all tracking tags implemented by Google Tag Manager. You can prevent the setting of tags at any time.
The legal basis for this is Your consent and our legitimate interests.
3.8 YouTube-Videos
We can embed videos from the YouTube platform on our websites so that they can be played directly from our websites. The YouTube videos are all embedded in "extended data protection mode", which means that no data about You as a user is transmitted to YouTube if You do not play the videos. Only when You play the videos will data about You be transmitted.
The legal basis for the processing of Your data is Your consent. Further information on the processing of Personal Data by Google Ireland Limited in connection with the playing of YouTube videos can be found at
https://policies.google.com/privacy?hl=en&gl=de.
3.9 Google Maps
We may use the Google Maps plug-in from Google Ireland Limited or Google LLC, USA, on our websites. If You use Google Maps on our websites, information about the use of our websites (incl. IP address) may be transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the precise content of the data that are transmitted nor of their use by Google. However, the data about You as a user is only transmitted to Google if You activate the content of Google Maps on our websites.
3.10 Social Media Plug-ins
We may use the social media plug-ins contained in the following table on our websites. In doing so, we use the so-called two-click solution, which means that, when You visit our websites, in principle no Personal Data are disclosed to the providers of the plug-ins. Only if You click on the selected plug-in field and activate the plug-in, provider will be informed that You have accessed our websites. In addition, the data referred to in section 3.1 of this privacy policy will be transmitted. The legal basis for the processing of Your data in connection with social media plug-ins constitutes our legitimate interest in enabling our users to use the social media plug-ins.
We have no control over the data collected and data processing operations of the plug-in providers. These are subject to the respective privacy policies of the third-party providers. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers provided below.
Plug-in |
Provider and Privacy Policy |
LinkedIn |
LinkedIn Ireland Unlimited Company:
|
Instagram |
Meta Platforms Ireland Limited:
|
Facebook |
Meta Platforms Ireland Limited:
|
3.11 Newsletter tracking
To send our newsletters, we use the software Hubspot. Newsletters can be sent and analysed with this software. We collect device and access data to carry out this analysis. The newsletter contains a pixel to collect this data. The newsletter or the websites accessible from this newsletter are also tracked with cookies. A pixel is an image file, which is stored on the recipient’s device.
With the help of these technologies, we receive information indicating whether the newsletter has arrived, whether it has been opened and which content has been clicked on. We use this information to improve our newsletter and our offers. The setting of a pixel can be prevented by deactivating HTML in the mail program (varies depending on the mail program).
The legal basis for this is (sending the newsletter and the associated measurement of success) is Your consent when you register for the newsletter.
3.12 Links to other Websites
Our website may refer to external website of other companies outside the Fidinam Group. The present Privacy policy does not extend to the website of these other companies. When using these websites, the privacy policies of these companies are to be observed as far as their data processing is concerned. Should you have any indications of possible infringements on the pages linked by us, we ask you to inform us of this so that we can prevent a possible linking.
If you click one of these links, your data may be transferred to companies in countries outside Switzerland the EU, and the EEA that do not ensure an adequate level of protection for the processing of personal data. Please remember this before you click a link and thereby trigger a possible transfer of your data.
3.13 Applications
You can submit Your application for a position with us by post or via the e-mail addresses provided on our websites. Your application documents and all Personal Data thereby disclosed to us will be treated in the strictest confidence, will not be disclosed to any third party and will only be processed for the purpose of processing Your application for employment with us. Unless You have given consent which provides otherwise, Your application file will either be returned to You after the conclusion of the application process or will be deleted/destroyed, unless it is subject to a statutory retention requirement. The legal basis for the processing of Your data is Your consent, the performance of the contract with You and our legitimate interests.
4. Disclosure of Personal Data to recipients and abroad
4.1 Disclosure of Personal Data to recipients
In addition to the transfers of data to recipients expressly mentioned in this privacy policy, we may to the extent permitted – disclose Personal Data to the following categories of recipients:
- Other companies belonging to Fidinam;
- Providers to whom we have outsourced certain services (e.g. IT and hosting providers, payment service providers, debt collection service providers, risk management and compliance providers etc.);
- Service providers, subcontractors and other business partners;
- Banks and insurance companies;
- Tax advisors, auditors, lawyers, notaries and other external professional advisors of Fidinam;
- Counterparties;
- National and foreign authorities, agencies and courts.
4.2 Disclosure of Personal Data abroad
Your Personal Data may be processed within Switzerland, the European Union or the European Economic Area (hereinafter "EU/EEA") but may also be processed in and transferred to a country outside of Switzerland, EU or EEA, for example China, Panama, Hong Kong and the USA.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or we rely on the legal exceptions of consent, the performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interests, published Personal Data or because it is necessary to protect the integrity of the data subjects. We would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws as well as official orders may require the disclosure of this data to authorities and other third parties.
5. Duration of storage
We process and store Your Personal Data only for as long as is necessary in accordance with the relevant purpose of processing or if there is another legal basis for doing so (e.g. statutory retention periods). We retain Personal Data that we hold on the basis of a contractual relationship with You for at least the duration of that contractual relationship and the statutory limitation periods for potential claims or based on contractual retention obligations. As soon as Your Personal Data are no longer required for the above-referenced purposes, they will be set inactive, deleted or anonymised as far as possible.
6. Your rights
Under the data protection law applicable to You and to the extent provided for, You have the right to information, rectification, erasure, the right to restrict data processing and otherwise to object to our data processing as well as to the handover of certain Personal Data for transfer to another location (so-called data portability). Please note, however, that we reserve the right to assert the statutory restrictions on our part, for example if we are obliged to retain or process certain data, if we have an overriding interest in this (to the extent we are entitled to rely on such interest) or if we need the data in order to assert claims. If this results in costs for You, we will inform You in advance.
If data processing is based on Your consent, after giving Your consent You may withdraw it at any time with future effect. However, this does not affect the lawfulness of the processing carried out on the basis of Your consent prior to Your withdrawal of consent.
The exercise of such rights generally requires that You clearly prove Your identity (e.g. by means of a copy of an identification document, where Your identity is otherwise unclear or cannot be verified). In order to assert Your rights, You may contact us at the address specified in Section of this privacy policy.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority may vary depending on Your place of residence or the place where the alleged infringement of the applicable data protection law takes place.
7. Data security
We take appropriate security measures in order to maintain the required security of your Personal Data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.
8. Amendments to this Privacy Policy
We expressly reserve the right to amend this privacy policy at any time. If such amendments are made, we will immediately publish the amended privacy policy on our websites. The privacy policy published on our websites, as from time to time amended, shall apply.