Last modified 15 May 2024
This privacy notice informs you of how we collect, use, share, retain and dispose of personal data received:
In addition to this privacy notice, we may inform you about the processing of your data separately, for example, in specific consent forms, terms and conditions, additional privacy notices, forms and other notices. Our website and social media are hereinafter jointly referred to as “online platform”.
We may occasionally update this privacy notice and therefore recommend that you check it regularly to stay informed about how we process your data.
We are Avaloq Group Ltd (“we” or “us”), a Swiss company registered at Allmendstrasse 140, 8041 Zurich, Switzerland, and a subsidiary of NEC Corporation (“NEC”). We are the data controller responsible for the processing of personal data through our online platform.
We may collect and receive personal data when communicating with you through communication channels, carrying out services for you, delivering our products to you, through our online platform or otherwise interacting with you. Personal data means any information relating to an identified or identifiable natural person.
We also collect personal data that you choose to provide to us voluntarily or that we request from you
Contact data
We may collect basic data about you (in addition to contract data, see below) that we need to fulfil our contract or other business relationship, for marketing and promotional purposes or for any other reason reflected in this privacy notice. Such data may include:
Contact data is not collected comprehensively for all contacts. The data collected in each individual case mainly depends on the purpose of the processing activity.
We process your contact data if you are a customer or other business contact, or work for one (for example as the contact person for a business partner), or because we wish to communicate with you for our own purposes or those of a contractual partner (for example as part of marketing and advertising measures or to send you event invitations, newsletters, etc.).
Website usage data
We may collect and receive the following personal data from you:
We may collect other types of personal data if required under applicable law or if necessary for the purposes listed below.
We may collect and process your personal data for the purposes and on the legal bases identified in the following:
We process your data for purposes related to communication with you, in particular based on our legitimate interest in relation to contractually agreed services, responding to enquiries and the exercising of your rights (Section 11) and to enable us to contact you in case of any other types of queries. We keep your data in order to document our communication with you and for training purposes, quality assurance and follow-up enquiries.
We process data for the implementation of pre-contractual measures (such as performing internal pre-contractual compliance checks, creating contracts, etc.) and for the conclusion, administration, billing/payment and fulfilment of contractual relationships. Where we do not ask for consent, the processing of your personal data is based on the necessity to process it for the initiation or fulfilment of a contract with you (or the entity you represent) or on our legitimate interest or that of a third party in the respective processing, in particular in the pursuit of the purposes specified in Section 4 and the implementation of related measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection law.
We may process your personal data in order to fulfil our contract with you for the use of our online platform and to comply with our obligations under the applicable terms and conditions. If we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and manage our online platform and to provide you with the content you access and request.
If you fill out a contact form or request user support, or if you contact us by other means including via telephone, we may process your personal data in order to fulfil our contract with you and to the extent necessary for our legitimate interest in fulfilling your requests and communicating with you.
We may process your personal data to analyse trends and track your usage of and interactions with our online platform to the extent necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your valid consent.
We may process your personal data to conduct marketing research, advertise to you, provide personalized information about us on and off our online platform and to provide other personalized content based on your activities and interests insofar as you have provided your prior consent.
If Avaloq obtains your contact data during a business event sponsored by Avaloq or others, or at a business meeting (e.g., when business cards are exchanged) or in the context of a project, we use this contact data (particularly name, address and email address) to manage our business contacts. We do this by transferring your contact data to our CRM (customer relationship management) system. Such processing is conducted based on a legitimate interest of Avaloq. Avaloq has a legitimate economic interest in cultivating business contacts beyond the initial contact and using them to build a customer relationship and stay in touch with its business contacts. This also includes the marketing of our products and services, an interest in better understanding our markets, and the safe and efficient management and further development of our company, including its operations.
We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to the extent that this requires the processing or disclosure of personal data in order to protect our rights, or where it is necessary for our legitimate interest in protecting against the misuse or abuse of our online platform, protecting personal property or safety, pursuing legal remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, responding to lawful requests or for auditing purposes.
We may store the personal data we collect and receive, and share it on a need-to-know basis with the following parties:
We may also transfer your personal data on a need-to-know basis if we sell or transfer all or part of our business or assets. If such a sale or transfer occurs, we will use reasonable efforts to direct the transferee to use the personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.
We do not sell, lease or trade your personal data.
We may transfer the personal data we collect to third parties in countries outside of Switzerland and the European Economic Area (EEA). The laws in these countries may not provide an adequate level of data protection. Personal data may be transferred to the United States, among other countries.
If we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as applying the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of Switzerland or the EEA.
We collect certain personal data by using cookies and similar technologies when you visit the website.
Cookies are small text files that are stored on your computer’s hard drive or browser or your mobile device when you visit the website. Cookies store information that can be accessed by the party that places the cookie. This is either the website itself (first-party cookie) or a third party (see Section 8.2 “Third-party cookies”).
We use both session-based and persistent cookies on our website. Session-based cookies only exist during a single session and disappear from your device when you close your browser or switch off the device. Persistent cookies remain on your device after you close your browser or switch off your device.
To change your cookie settings and preferences for our website, click on the “Cookie settings” link below. You can also control the use of cookies on your device, but if you choose to disable them, you may have limited use of some features on our website.
We categorize our website cookies and similar technologies as follows:
These cookies are necessary for you to browse the website and use its features, such as accessing secure areas of the website.
These cookies gather statistical data to analyse how our users use the website, such as which pages are visited, how long pages are visited for, and the routes taken by website visitors as they move from page to page.
We may use third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications and to track the performance of our advertisements and digital channels.
Third-party performance cookies (category 2):
We may use Google Analytics if you have given your prior consent.
Google Analytics is a web analytics service that uses cookies to analyse website usage. The information generated by the cookie about your use of our website (such as your IP address, location, the URL visited, the date and time the page was viewed) will be transmitted to and stored by Google on servers in the United States or any other country in which Google maintains facilities. For users located in the European Union, Google will not log or store IP addresses, but will retrieve certain metadata from your IP address (e.g. continent, country, etc.) and delete the IP address immediately. Google will use this information to analyse your use of our website and to compile reports on website activity for us. We have concluded a data protection agreement with Google, which also includes the EU Standard Contractual Clauses that govern cross-border data transfers between controllers and processors.
We implement appropriate organizational, physical and technical security measures to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These include physical access control measures to prevent unauthorized persons from gaining access to data processing systems that use or process personal data. We have also implemented technical and organizational measures to prevent data processing systems from being used by unauthorized persons. Further measures are in place to ensure that those authorized to use a data processing system can only access the data permitted in accordance with their authorization level and that personal data cannot be read, copied, modified or removed without authorization during processing and use or after storage. Where feasible, we pseudonymize personal data by processing it in such a way that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is stored separately and is subject to appropriate technical and organizational measures. To secure transfer control, we have implemented various measures to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons during electronic transmission or while being transported or stored on data carriers. We have also made it possible to verify and determine to which entities personal data is to be sent by data transmission equipment, e. g. through the use of VPN, access and retrieval logging, and the provision of encrypted connections. Additionally, we ensure that personal data is protected against accidental destruction or loss (e.g. fire protection, data backup, secure storage of data carriers, virus protection, raid systems, disk mirroring, etc.) and that our systems are capable of rapidly restoring the availability of and access to personal data in the event of a physical or technical incident. However, due to the inherently open nature of the internet, we cannot guarantee that communications between you and us or the personal data stored are completely secure. We will notify you of any data breach that is likely to have adverse consequences for your privacy in accordance with the applicable law.
We retain personal data for as long as is necessary to fulfil the purposes for which it is collected or received, except if required otherwise by applicable law, rules and regulations. In general, we will retain most of your personal data for the duration of your use of the online platform or our services, or until you have removed your account, unless a longer statutory retention period applies. Specifications regarding record retention are established in Avaloq’s internal policies.
After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable to delete entirely from our systems due to technical reasons, we will implement appropriate measures to prevent any further use of such data.
You have the following rights in relation to your personal data:
To exercise these rights, please contact us at the email address specified below. We may request a copy of your ID card or other proof of identity. We will respond to your request within the applicable statutory period.
If you have any comments or enquiries about the information in this privacy notice, you would like us to update your personal data or you wish to exercise your rights, please contact our data protection officer by email at dataprotection@avaloq.com.
Avaloq understands the importance of protecting children’s privacy, especially in an online environment. Our website is not intentionally designed for or directed at children under the age of 16. It is Avaloq’s practice never to knowingly collect or maintain information about anyone under the age of 16.
Annex 1: List of subprocessors
| Service provider | Legal basis | Processing | Country |
|---|---|---|---|
| Google Ireland Ltd. | Consent | Tools provided by Google are used to support our marketing activities. For example, Google Analytics is used to gather behavioural analytics on how users use our website to help improve and guide product development. Whenever possible, we conclude contracts with Google entities based in the EU/EEA. | Ireland |
| Google LLC | Consent | Tools provided by Google are used to support our marketing activities. For example, Google Analytics is used to gather behavioural analytics on how users use our website to help improve and guide product development. Whenever possible, we conclude contracts with Google entities based in the EU/EEA. | United States |
| Microsoft Ireland Operations Limited | Legitimate interest | Microsoft products are used for the following purposes among others:
|
European Union |