In this data protection declaration, we, INVICO AG and companies of the INVICO Group (hereinafter collectively INVICO, we or us), explain how we collect and otherwise process personal data. This is not a final description; if necessary, other data protection declarations or general terms and conditions, conditions of participation and similar documents regulate specific matters. Personal data means all information that relates to a specific or identifiable person.
If you provide us with the personal data of other people (e.g. family members, data of work colleagues), please ensure that these people are aware of this data protection declaration and only provide us with their personal data if you are permitted to do so and if this personal data is correct.
This data protection declaration is based on the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is important to us and companies outside the European Union/EEA have to comply with the GDPR in certain circumstances.
1. Controller / Data Protection Officer / Representative
INVICO AG, Kirchgasse24, 8001 Zurich is responsible for the data processing that we operate here, unless otherwise stated in individual cases.
2. Collection and processing of personal data
We primarily process the personal data (such as name, address, date of birth, AHV number, account numbers, etc.) that we receive in the course of our business relationship with our customers and other business partners from them and other people involved, or that we receive collect data from users when operating our websites, apps and other applications.
Insofar as this is permitted, we also take certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from other companies within the INVICO Group, from authorities and other third parties such as providers of background checks. Insofar as these third parties are fully or partially responsible for the processing of this data, their data protection regulations also apply.
In addition to the data you give us directly, the categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we learn in connection with official and judicial proceedings, information in connection with your professional functions and activities (so that we can, for example, conclude and process business with your employer with your help), information about you in correspondence and meetings with third parties, credit reports (insofar as we conduct business with you personally), information about you, persons from us Give your environment (family, consultants, legal representatives, etc.) so that we can conclude or process contracts with you or with your involvement (e.g. references, your address for deliveries, powers of attorney,Information on compliance with legal requirements such as combating money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners from us on the use or provision of services by you (e.g. payments made, purchases made), information from the media and the Internet about you (as far as this is indicated in a specific case, e.g. as part of an application, marketing/sales, etc.), your addresses and, if applicable, interests and other socio-demographic data (for marketing), data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).
3. Purposes of data processing and legal bases
We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of business advice, legal and tax advice, the provision of family office services, salary and HR advice, the trustee & board of directors mandates, investment reporting services, compliance services, trust & corporate administration, the automatic exchange of information and art management with our customers and the purchase of products and services from our suppliers and subcontractors, as well as our statutory to fulfill obligations at home and abroad. If you work for such a customer or business partner,
In addition, we process personal data of you and other persons, as far as permitted and it seems appropriate to us, also for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- Offer and further development of our offers, services and websites, apps and other platforms on which we are present;
- Communicating with third parties and processing their inquiries (e.g. job applications, media inquiries);
- Testing and optimization of procedures for needs analysis for the purpose of direct customer contact and collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- Advertising and marketing (including the organization of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, we will then place you on a blacklist against further advertising);
- media monitoring;
- Assertion of legal claims and defense in connection with legal disputes and governmental proceedings;
- Carrying out background checks and screening activities in relation to the customer and the persons relevant in the context of the performance of the contract;
- Prevention and investigation of criminal offenses and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
- Guarantees of our operations, especially IT, our websites, apps and other platforms
4. Data transfer and data transfer abroad
As part of our business activities and for the purposes set out in Section 3, we also disclose data to third parties, to the extent permitted and deemed appropriate, either because they process it for us or because they use it for their own purposes want. In particular, the following positions are involved:
- Our service providers (within the INVICO Group and externally, such as banks, insurance companies), including processors (such as IT providers);
- Registered Agents in countries where required by law, where we assist you in incorporating and/or administering a business in that country on your behalf;
- dealers, suppliers, subcontractors and other business partners;
- domestic and foreign authorities, official offices or courts;
These recipients are partly domestic, but can be somewhere abroad. In particular, you must expect your data to be transmitted to all countries in which the INVICO Group is represented by group companies, branches or other offices, as well as to other countries in Europe and the USA, where we work for you on your behalf or where the service providers we use (such as LexisNexis). If we transfer data to a country without adequate statutory data protection, we ensure that the relevant contracts are used as required by law (specifically on the basis of the so-called standard contractual clauses of the European Commission, which can be found at https://ec.europa.eu/info/law/ law-topic/data-protection/data-transfers-o…are available) or so-called binding corporate rules for an appropriate level of protection or rely on the statutory exceptional circumstances of consent, contract processing, the determination, exercise or enforcement of legal claims, overriding public interests, the published personal data or because it is necessary to protect the integrity of the affected persons is necessary. You can obtain a copy of the contractual guarantees mentioned at any time from the contact person named under Section 1, unless they can be accessed via the link given above. However, we reserve the right to black out copies or only deliver excerpts for data protection reasons or reasons of secrecy.
We are entitled to transfer your data to a country without adequate legal data protection without taking any of the above measures if the data transfer is necessary for the conclusion or performance of a contract between you and us or for the implementation of pre-contractual measures at your request is. We are also entitled to transfer your data to a country without adequate legal data protection without taking the above-mentioned measures if this is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person. If, in the cases mentioned, data from third parties, such as family members, must also be transmitted, you are responsible for
5. Duration of storage of personal data
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and national and international legal obligations or other purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as in accordance with the statutory retention and documentation obligations. It is possible that personal data will be stored for the time in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above purposes,
6. Data Security
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training courses, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, controls.
7. Obligation to provide personal data
As part of our business relationship, you must provide the personal data required to establish and conduct a business relationship and to fulfill the associated contractual obligations. Without this data, we will generally not be able to conclude or process a contract with you (or the body or person you represent). The website cannot be used either if certain information to ensure data traffic (such as IP address) is not disclosed. If you provide us with third-party data that we have to process on your behalf for the conclusion or fulfillment of the contract with you, you are responsible for the existence of a sufficient legal basis.
8. No Automated Decision Making
In principle, we do not use fully automated automatic decision-making (as regulated in Art. 22 GDPR) to establish and implement the business relationship or otherwise. If we use such procedures in individual cases, we will inform you about this separately, provided this is required by law and inform you about the associated rights.
9. Rights of the data subject
Within the framework of the data protection law applicable to you and to the extent provided for therein (e.g. in the case of the DSGVO), you have the right to information, correction, deletion, the right to restriction of data processing and otherwise the right to object to our data processing and to the release of certain personal data for the purpose of transmission to another location (so-called data portability). Please note, however, that we reserve the right to assert the statutory restrictions on our part, for example if we are obliged to store or process certain data, have an overriding interest in this (to the extent that we can invoke this) or you for the assertion of claims need. If you incur any costs, we will inform you in advance. About the possibility to withdraw your consent, we have already informed you in Section 3. Please note that the exercise of these rights can conflict with contractual agreements and this can have consequences such as premature termination of the contract or financial consequences. We will inform you in advance if this is not already contractually agreed.
The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your ID where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 1.
Each data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner ( http://www.edoeb.admin.ch ).
We can adjust this data protection declaration at any time without prior notice. The current version published on our website applies. Insofar as the data protection declaration is part of an agreement with you, in the event of an update we will inform you of the change by e-mail or by other suitable means.