1. General information
This data protection declaration provides information on how personal data is processed in our company.
Personal data" means all information relating to an identified or identifiable natural or legal person. Processing" means any handling of personal data, irrespective of the means and procedures used, in particular the acquisition, storage, use, modification, disclosure, archiving, deletion or destruction of personal data.
For certain data processing operations, for example when concluding contracts, there are additional rules which are listed in the corresponding documents.
2. Data security
We are committed to protecting personal data and privacy in accordance with the applicable regulations, in partic-ular the Code of Professional Conduct and data protection law. To this end, we take various technical and organiza-tional security measures (e.g. access restrictions, firewalls, personalized passwords as well as encryption and au-thentication technologies, training of employees, etc.).
3. Categories of personal data
We process the following categories of personal data. We always process as few personal data as possible.
Customer data, such as:
- Master and portfolio data (e.g. name, address, nationality, date of birth, information on account, custody account, concluded transactions and contracts, information on third parties affected by data processing, such as spouses, authorized representatives and advisors).
- Transaction or order and risk management data (e.g. details of beneficiaries of transfers, beneficiary's bank, amount of transfers, risk and investment profile, details of investment products).
- Technical data (e.g. business numbers, IP addresses, internal and external identifiers, access records).
- Marketing data (e.g. preferences, needs).
Visitor and prospective customer data (e.g. our visitors or visitors to our website), such as:
- Master and inventory data (e.g. name, address, date of birth).
- Technical data (e.g. IP addresses, internal and external identifiers, access records).
- Marketing data (e.g. preferences, needs). Besucher- und Interessentendaten (z.B. unsere Besucher oder Besucherinnen unserer Webseite), wie etwa:
Supplier data, such as:
- Master data and inventory data (e.g. name, address, date of birth, information about completed transac-tions and contracts).
- Technical data (e.g. IP addresses, internal and external identifiers, access records).
4. Origin of personal data
We may collect personal data from the following sources in order to fulfil the purposes set out in section 5:
- Personal data that is disclosed to us, e.g. when opening a business relationship, in the context of the execution of contracts or the use of products and services.
- Personal data that accrue in the context of the use of products or services and are transmitted to us through the technical infrastructure or through processes based on the division of labour.
- Personal data from third-party sources such as authorities or sanctions lists of the UN and the EU.
5. Purposes of the revision
We may process personal data to provide our own services and for our own purposes or those provided for by law. In particular, this includes the following:
- Conclusion and fulfilment of contracts, implementation, processing and administration of products and services (e.g. invoices, investments).
- Monitoring and managing risks (e.g. investment profiles, anti-money laundering, limits, utilisation figures, market risks).
- Planning, business decisions (e.g. development of new or evaluation of existing services and products).
- Marketing, communication, information about and review of service offerings (e.g. print and online advertising, client, prospect or other events, identification of future client needs).
- Fulfilment of legal or regulatory obligations to provide information or to report to courts and authorities, fulfilment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, orders from public prose-cutors in connection with money laundering and terrorist financing).
- Safeguarding our interests and securing our claims, e.g. in the event of claims against us or claims by us against third parties.
6. Disclosure to third parties, categories of recipients
We disclose customer data to the following third parties in the following cases:
- To other service providers for outsourcing in accordance with section 7 and for the purpose of comprehensive customer care.
- Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
- To the extent necessary to protect our legitimate interests, e.g. in the event of legal action threatened or initiated against us by customers, in the event of public statements, to secure our claims against customers or third parties, in the event of debt collection, etc.
- With the consent of the persons concerned to other third parties.
Particularly when using certain products or services, personal data may also have to be disclosed to third parties in countries where there is no appropriate level of data protection (e.g. USA). If a transfer to such a country is neces-sary, we take suitable precautions, if possible, to continue to protect personal data appropriately.
7. Outsourcing of business areas services (outsourcing)
We outsource certain business areas and services in whole or in part to third parties (e.g. legal; accounting; CRM system).
The service providers who process personal data on our behalf for this purpose (so-called order processors) are carefully selected. Whenever possible, we use order processors domiciled in Switzerland. The order processors may be entitled to have certain services provided by third parties.
The order processors may only process personal data received in the same way as we ourselves do and are con-tractually obliged to guarantee the confidentiality and security of the data.
8. Automated decisions in individual cases including profiling
We reserve the right to process customer data in the future, if necessary also automatically, in particular in order to identify important personal characteristics of the customer, to predict developments and to create customer pro-files. This serves in particular to review and further develop offers and to optimize the provision of services.
In future, customer profiles may also lead to automated individual decisions (e.g. automated acceptance and exe-cution of customer orders in the CRM system).
We ensure that a contact person is available if a data subject wishes to comment on an automated individual deci-sion and such a possibility to comment is provided for by law.
9. Duration of storage
The duration of the storage of personal data depends on the purpose of the respective data processing and/or stat-utory retention obligations, which amount to five, ten or more years depending on the applicable legal basis.
10. Rights of the data subjects
Anyone can request information from us as to whether personal data about them is being processed. There is a right of objection, restriction of processing and, where applicable, a right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data may be requested, unless legal or regulatory provisions (e.g. legal storage obligations of business-relevant data) or technical obstacles prevent this. The deletion of data may result in us no longer being able to provide certain services. Furthermore, where applicable, there is a right of ap-peal to a competent authority. Where we process personal data on the basis of consent, this consent can be re-voked at any time.
In order to assist us in responding to your request, we kindly ask you to inform us in an understandable manner. We will examine and respond to your request within a reasonable period of time.
11. Contact
We are responsible for processing your personal data. Requests can be sent to the following address:
Chefinvest Ltd. Limmatquai 1 8001 Zurich Switzerland
Phone: +41 (0)43 288 18 00
E-Mail: info@chefinvest.com