Privacy Notice of Conduct AG

I. General Information

Conduct AG, Freigutstrasse 16, 8002 Zürich, (also «we», «us») appreciate you visiting our website and your interest in the products and services we offer. Protecting your personal data is very important to us. In this Privacy Notice, we explain how we collect your personal data when you use our website, obtain products or services from us, interact with us in relation with a contract, communicate with us or otherwise deal with us, what we do with your personal data, for what purposes and on what legal foundation we do so, and what rights you have on that basis. When appropriate we will provide just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, we may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices. We use the word «data» here interchangeably with «personal data».

  • «Personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; «sensitive personal data» is a subset of personal data and revealing e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health data or data concerning a natural person’s sex life or sexual orientation.
  • «Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

If you provide information to us about any person other than yourself, contact person of your organization, your employees, counterparties, your advisers or your suppliers, you must ensure that the data is accurate and that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

II. Name and Address of the Controller

The responsible person for processing your data under this Privacy Notice («Controller») unless we tell you otherwise in an individual case is:

Conduct AG
Freigustrasse 16
www.conduct.swiss
info@conduct.swiss

You may contact us regarding data protection matters and to exercise your rights at:

info@conduct.swiss

III. Categories of Data we Process

The processing of personal data is limited to data that is required to operate a functional website and for the provision of content, products and services. The processing of personal data of our users is based on the purposes agreed or on a legal basis. We only collect personal data that is necessary to implement and process our tasks and services or if you provide data voluntarily.
If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data (see below), as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data cannot be avoided. Depending on the reason and purpose of the processing, we process different data about you:

  • Technical Data

We do not store Technical Data and do not use Cookies.

  • Newsletter and Registration Data

Some of our services can only be used with a registration (newsletter resp. «Notes on Wealth Planning»). Such data will be kept for a maximum of 12 months from the date of using the services or unsubscribing from the newsletter.

Newsletter registration data includes

  • First Name
  • Last Name
  • E-mail
  • Communication Data

When you get in contact with us via e-mail, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. We generally keep this data for 12 months from the last exchange between us. This period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.

Communication data includes

  • Your name and contact details,
  • The means, place and time of communication and usually also its contents (i.e. the contents of e-mails, letters, chats, etc.). This data may also include information about third parties.
  • Master Data

Master data is the basic data that we need, in addition to contract data (see below), for the performance of our contractual and other business relationships, or for marketing and promotional purposes. We generally keep master data for 10 years from the last exchange between us but at least from the end of the contract. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.

Master data is not comprehensively collected for all contact. Rather, the collection of master data depends on the individual case and purpose of the processing. In general, it may include:

  • Your name
  • Address
  • E-mail address
  • Telephone number and other contact details
  • Gender
  • Date of birth
  • Nationality
  • Data about related persons
  • Data about powers of attorney
  • Data that is processed in relation with administrative or judicial proceedings
  • Websites
  • Social media profiles
  • Photos and videos
  • Copies of ID cards or other means of identification
  • Details of your relationship with us (e.g. prospect, client, supplier, visitor, service provider or service recipient, etc.)
  • Details of your status, allocations, classifications and mailing lists
  • Details of interactions with you reports
  • Official documents (e.g. excerpts from the commercial register, permits)
  • Payment information (e.g. bank details, account number)
  • Declarations of consent and opt-out information
  • Know Your Customer (KYC) data, Know Your Business (KYB) data and data required with regard to the prevention of and combating of money laundering (AML) and terrorist financing such as but not limited to transaction data, business relationships relevant for AML purposes, declarations of beneficial ownership, etc. including further data required for the whitelisting process.
  • As regards customers, suppliers and partners, master data also includes information about the role or function in the company, qualifications and information about superiors, co-workers and information about interactions with these persons.
  • Contract Data

We collect contract data in relation with the conclusion or performance of a contract. We generally keep this data for 10 years from the last contract activity but at least from the end of the contract. This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons.

Contract data includes:

  • Know Your Customer (KYC) data, Know Your Business (KYB) data and data required with regard to the prevention of and combating of money laundering (AML) and terrorist financing such as but not limited to transaction data, business relationships relevant for AML purposes, declarations of beneficial ownership, etc. including further data required for the whitelisting process
  • Information about the conclusion of the contract, about your contracts, for example, the type and date of conclusion and its duration
  • The performance and administration of the contracts, for example information in relation with billing, customer service, technical assistance and the enforcement of contractual claims
  • Information about deficiencies, complaints and changes of a contract as well as customer satisfaction information
  • Financial data, such as credit information (meaning information that allows to draw conclusions about the likelihood that receivables will be paid), information about reminders and debt collection. We receive this data partly from you (for example when you make payments) but may also receive it from credit agencies and debt collection companies and from public sources (for example a commercial register).
  • Other Data

We also collect data from you in other situations. The retention period for this data depends on the processing purpose and is limited to what is necessary. This ranges from one or two days for many of the security cameras, to usually a few weeks in case of data for contact tracing and visitor data that is usually kept for 3 months to several years or longer for reports about events with images.

As far as it is not unlawful, we may also collect data from public sources or receive data from public authorities and from other third parties (such as credit agencies, address brokers, associations, contractual partners, internet analytics services, etc.).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we receive in relation with administrative and legal proceedings, information in relation with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your assistance), information about you in correspondence and meetings with third parties, credit information (where we conduct business with you in a personal capacity), information about you that persons related to you (family, advisors, legal representatives, etc.) share with us so that we can conclude or perform contracts with you or involving you (for example references, your delivery address, powers of attorney, information about compliance with legal requirements such as those relating to fraud prevention and the combating of money laundering and terrorist financing and Know Your Customer (KYC) data, Know Your Business (KYB) data, sanctions, export restrictions, information from banks, insurance companies, sales and other contractual partners of us about your use or provision of services (for example payments, purchases, etc.), information from the media and the internet about the use or provision of services by you (for example payments made, purchases made, etc.), information from the media and the internet about you (where appropriate in a specific case, e.g. in the context of an application, marketing/sales, press review, etc., your address and potentially interests and other socio-demographic data.

IV. Purposes of the Processing

We process your data for the purposes explained below. These purposes and their objectives represent interests of us and potentially of third parties. You can find further information on the legal basis of our processing in Section V.

  • Communication

We process your data for communication purposes, in order to communicate with you, in particular, when you contact us in order, to respond to your queries or when you exercise your rights. For this purpose, we use in particular communication data, master data and registration data to enable us to communicate with you and provide our services or respond to requests. We keep this data to document our communication with you, for training purposes and quality assurance.

  • Performance of a Contract

We process your data for entering into a contract with you and perform and administer it. In particular, we process communication data, master data, registration data and contract data about you. This might include data about third parties, e.g. if you order services for the benefit of a third party. This also includes data about potential customers, that we receive from communication with you, on a trade fair or any other business event. As regards the conclusion of a contact, we use this data to open up a business relationship with you. Administering and performing the contract with you might involve third parties, such as logistic companies, banks, lawyers and other advisors, insurance companies or credit information providers in order to provide our services to you.

  • Marketing and Relationship Management

We process your data for marketing and relationship management purposes (e.g. newsletters). Marketing and relationship management might include contacting you via e-mail, telephone or other channels for which we have contact information from you. We send e-mails for marketing purposes (e.g. newsletter) if and to the extent you give your consent to us if required under applicable law. You can object to such marketing activities or withdraw your consent at any time (please see Section X and XI).

As regards relationship management, we may use a customer relationship management system («CRM») to store and process your data as described in this Privacy Notice (e.g. about contact persons, products and services provided to you, interactions, interests, marketing measures, newsletters, invitations to events and other information).

  • Safety or Security Reasons

We process your data to protect our IT and other infrastructure (e.g. buildings). For example, we process data for monitoring, analysis and testing of our networks and IT infrastructures including access controls. We might also use surveillance systems, e.g. cameras for security purposes. In such a case, we will inform you at the relevant locations separately.

  • Compliance with Law

We process your data to comply with legal requirements, e.g. health security concepts, money laundering and terrorist financing, tax obligations etc. and we might have to request further information from you to comply with such requirements («Know Your Customer», “KYC”) or as otherwise required by law and legal authorities.

  • Risk Management, Corporate Governance and Business Development

We process your data as part of our risk management and corporate government to protect us from criminal or abusive activity. As part of our business development, we might sell businesses, parts of businesses or companies to others or acquire them from others or enter into partnerships and this might result in the exchange and processing of data based on your consent, if necessary.

V. Legal Basis for Processing your Data

Your Consent

Where we asked for your consent (e.g. for receiving newsletters), we process your data based on such consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient), see our contact details in Section II. Withdrawal of your consent does not affect the lawfulness of the processing that we have carried out prior to your withdrawal, nor does it affect the processing of your data based on other processing grounds.

Where we did not ask for your consent, we process your data on other legal grounds, such as

  • A contractual obligation
  • A legal obligation
  • A vital interest of the data subject or of another natural person
  • To perform a public task
  • A legitimate interest, which includes compliance with applicable law and the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.

VI. Disclosure of Data to Third Parties and Social Plug-ins

In order to perform our contracts, fulfil our legal obligations, protect our legitimate interest and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:

  • Service Providers

We may share your information with service providers and business partners around the world with whom we collaborate to fulfil the above purposes (e.g. IT provider, shipping companies, advertising service provider, security companies, banks, insurance companies, telecommunication companies, credit information agencies, address verification provider, lawyers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.

  • Legal Authorities

If legally obliged or entitled to make disclosures or if it appears necessary to protect our interests, we may disclose your data to courts, law enforcement authorities, regulators, government officials or other legal authorities in Switzerland or abroad, e.g. in criminal investigations and legal proceedings including alternative dispute resolution as well as to prevent and combat money laundering and terrorist financing (e.g. duties in the event of a suspicion of money laundering, duty to report to Money Laundering Reporting Offices Switzerland or abroad) or due to further reporting duties.

  • Social Plug-ins

We do not use social media plug-ins on our website. If our website contains icons of social media providers (e.g. name of social media providers with icons of company’s website), we use these only for as passive links to the websites of the respective social media platforms.

VII. Transfer of Data Abroad

As we have explained in Section VI, we disclose data to other parties, not all of them located in Switzerland. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses (adapted to Switzerland, if applicable).

VIII. How Long We Keep your Personal Data

We only process your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon the expiry of the applicable retention period, we will securely destroy your data in accordance with applicable laws and regulations.

IX. Security of your Personal Data

We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
However, we and your personal data can still become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity including but not limited to viruses, forgeries, malfunctions and interruptions which is out of our control and responsibility.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

X. Your Rights

You have various rights in relation to our processing of your personal data, depending on the applicable data protection law:

  • Right of Access

You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.

  • Right to Rectification

We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes so that we can keep your personal data up to date.

  • Right to Erasure

You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.

  • Right to Restriction

You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Right to Data Portability

You have the right to ask that we transfer the personal information you gave us to another controller or to you, in certain circumstances.

  • Right to Withdraw Consent

Where we process data based on your consent, you have the right to withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.

  • Complaints

If you believe that your data protection rights might have been breached, please let us know or contact the applicable supervisory authority. The Federal Data Protection and Information Commissioner is the competent data protection authority in Switzerland. The contact details are available here: www.edoeb.admin.ch.
If you are residing in the European Union, you also have the right to complain to your local data protection supervisory authority. You can find some contact details of the respective authorities of the Member States of the European Union here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

XI. Right to Object

Under applicable data protection law, you have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.

If you like to exercise the above-mentioned rights, please contact us at info@conduct.swiss or the contact details provided under Section II unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, e.g. by means of a copy of your ID card or passport, unless identification is possible otherwise.

XII. Newsletter

If you subscribe to one of our newsletters, you may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.

XIII. Cookies

We do not use cookies on our website.

XIV. Updating and changing this Privacy Notice

Due to the continuous development of our website and the contents thereof, changes in law or regulatory requirements, we might need to change this privacy notice from time to time. Our current privacy notice can be found on our website.