pattern

Privacy Policy

Who is Responsible for Data processing and how can I contact them?

The unit responsible is and you can reach our company privacy officer at:

SwissOne Capital AG

Lindenstrasse 16 | 6340 Baar

Canton ZUG | Switzerland

info@swissone.capital

What sources and Data do we use?

We process personal data that we obtain from our clients in the context of our business relationship. We also process – insofar as necessary to provide our service – personal data that we obtain from publicly accessible sources, (e.g. commercial and association registers, press, internet) or that is legitimately transferred to us by other companies in Swiss One or from other third parties (KYC, DD-Provider). Relevant data is personal information (e.g. name, address and other contact details, date and place of birth, and nationality), identification data (e.g. ID card details), and authentication data (e.g. sample signature). Furthermore, this can also be order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions), origin of assets, marketing and sales data (including advertising scores), documentation data (e.g. consultation protocol), and other data similar to the categories mentioned.

What do we process your Data for (Purpose of Processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP):

For fulfillment of contractual obligations

Data is processed in order to provide financial services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific product and can include needs assessments, advice, asset management and support, as well as carrying out transactions.

In the context of balancing interests

Where required, we process your data beyond the actual fulfillment of the

contract for the purposes of the legitimate interests pursued by us or a third party. Examples:

• Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions

• Marketing or market and opinion research, unless you have objected to the use of your data

• Asserting legal claims and defense in legal disputes

• Guarantee of IT security and IT operation

• Prevention and clarification of crimes

• Measures for ensuring the right of owner of premises to keep out trespassers – Measures for business management and further development of services and products – Risk ControlaIn addition we obtain personal data from publicly available sources for client acquisition purposes.



As a result of your consent

As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of trading activities for marketing purposes), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

Due to statutory provisions or in the public interest

Furthermore, as a financial service provider, we are subject to various legal obligations, (Collective Investment Schemes Act, Anti-Money Laundering Act, FINMA ordinances and circulars, tax laws) and regulatory requirements (e.g. FINMA). Purposes of processing include identity checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks.

Who receives my data?

Within Swiss One, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain banking confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.

Will Data be transferred to a third country or an International organization?

Data transfer to units in states outside Switzerland and the EU (known as third countries) takes place so long as

• It is necessary for the purpose of carrying out your orders (e.g. payment and securities orders)

• It is required by law (e.g. reporting obligations under fiscal law),

or

• You have granted us your consent

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information

For how long will my Data be stored?

We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations. If the data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further processing is required – for a limited time – for the following purposes:

• Fulfilling obligations to preserve records according to commercial and tax law

• legal holds, which require us to keep records for an undefined period of time.

What Data privacy rights do I have?

Every data subject has the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right of object, and if applicable – the right to data portability. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority. You can withdraw consent granted to us for the processing of personal data at any time.

Am I obliged to provide Data?

In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you. In particular, anti-money laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose. In order for us to be able to comply with these statutory obligations, you must provide us with the necessary information and documents in accordance with the Anti-Money Laundering Act, and to immediately disclose any changes over the course of the business relationship. If you do not provide us with the necessary information and documents, we cannot enter into or continue the business rel/tionship you desire.

To what extent is there automated decision-making?

In establishing and carrying out a business relationship, we generally do not use any automated decision-making.

Will profiling take place?

We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance:

• Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and offenses that pose a danger to assets. Data assessments (including on payment transactions) are also carried out for this purpose. At the same time, these measures also serve to protect you.

• We use assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed – including market and opinion research.