General Privacy Notice

General Privacy Notice

of Turicum Advisory AG

General Privacy Notice of Turicum Advisory AG

In this Privacy Notice, we, Turicum Advisory AG (“Turicum”), explain how we collect and process your personal data to ensure a transparent and lawful data processing and to provide you with the information you need to assert your rights under the Federal Act on Data Protection (FADP). If you have any further questions regarding the processing of your personal data, please do not hesitate to contact us.

1. Identity and contact details of the controller

The “controller” of data processing as described in this Privacy Notice (i.e., the responsible person) is Turicum Advisory AG, Auf der Mauer 8, 8001 Zurich. You can send your data protection-related questions and/or requests to the following address: info@turicumadvisory.ch.

2. Collection and processing of personal data

2.1 Definition of personal data

The term “personal data” refers to all information relating to an identified or identifiable natural person (“data subject”).

2.2 Direct collection from data subjects

We primarily process personal data that we receive in the course of initiating, assessing or carrying out a business relationship with you or your employer or others represented by you, or that we collect from you as a user of our website and, where applicable, apps and other applications. This is information that we need to pursue the purposes set forth in Section 3 (e.g., name, contact address, telephone number, date of birth, nationality, information about your family, work and financial situation, etc.).

If you provide us with personal data of other persons (e.g. family members, work colleagues etc.), please make sure that these persons are aware of this Privacy Notice and only share their personal data with us if you are allowed to do so and if this personal data is correct.

2.3 Indirect collection from third parties

To the extent permitted, we obtain certain personal data from publicly accessible sources (e.g. debt collection register, land register, commercial register, press, internet) or we obtain such information from public authorities or other third parties (e.g. custodian banks as well as databases and credit agencies).

Apart from the personal data that you disclose to us directly (Section 2.2), the categories of personal data that we receive about you from third parties include, but are not limited to, information

  • from public registers (e.g. information from the commercial register on your function within the company and your authority to sign for the company you represent);
  • in connection with any administrative or judicial proceedings;
  • in connection with your professional role and activities (e.g., to enter into and perform contracts with your employer);
  • from correspondence and conversations with third parties (if we assess, enter into or conduct a business relationship with you); 
  • provided to us by persons associated with you (e.g. family members, consultants, agents, etc.) for the purpose of assessing, entering into or performing contracts with you (e.g. references, powers of attorney); 
  • concerning compliance with legal requirements such as those relating to fraud, anti-money laundering, terrorism, and export restrictions;
  • from banks, insurance companies and distributors and other contractual partners of Turicum for the use or provision of services by you (e.g. payments, purchases etc.); 
  • from media and internet about your person (as far as this is indicated in the concrete case, e.g. in the context of an application, marketing/sales, press review etc.); 
  • about your address and, if applicable, your interests and your other socio-demographic data (esp. for marketing and market research); 
  • in connection with the use of third-party websites and online offers where such use can be attributed to you.

Please note that our web server automatically logs every visit to our website in a temporary log file. User-specific data (e.g. information about your browser and your IP address) as well as technical data (e.g. name and URL of the referring website) are logged for the purpose of establishing the connection and optimizing the website visit, for which purpose “cookies” may be used (Section 5).

3. Purposes of the data processing

We process your personal data primarily for the conclusion and performance of contracts with our clients and business partners, in particular in connection with the provision of asset management and investment advisory services as well as the procurement of products and services from our suppliers and other business partners. Your personal data is also processed to fulfil legal and regulatory obligations in Switzerland and abroad (e.g. in the area of anti-money laundering).

In addition, we may process personal data about you and other persons, to the extent permitted and as we deem appropriate, in particular for the following purposes in which we (and, as the case may be, third parties) have a legitimate interest:

  • providing and further developing our products, services and websites, apps and other platforms on which we are present; 
  • communication with third parties and processing of their requests; 
  • reviewing and optimizing needs assessment procedures for direct customer contact and obtaining personal data from publicly available sources for customer acquisition; 
  • marketing, unless you have objected to the use of your data for this purpose. If you are part of our customer base and receive our advertising, you may object at any time by sending an e-mail to the address indicated in Section 1; 
  • statistics, conducting market and opinion research;
  • assertion of legal claims and defence in connection with legal disputes and proceedings; 
  • prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
  • ensuring the functionality and security of our operations, in particular IT, our websites, any apps and other platforms; 
  • video surveillance to safeguard domiciliary rights and other measures for IT, building and facility security as well as for the protection of our employees, customers and other persons as well as assets belonging to or entrusted to us (e.g. by means of visitor lists, access controls, network and mail scanners, telephone recordings);
  • acquisition and sale of business divisions, companies or parts of companies and other transactions and the related transfer of personal data as well as measures for the business management of Turicum.

4. Cookies in relation to the use of our website

We only use technically necessary cookies (codes temporarily stored in your browser) on our website in order to be able to guarantee you a flawless browsing experience on our website. These are exclusively so-called session cookies, which are deleted after the end of your website visit. You have the option at any time to configure your browser so that cookies are blocked or deleted prematurely. However, this may affect the functions of the website. Please note that if you click on a third-party link, we are not responsible for the subsequent processing of your data, and you must comply with the relevant third-party provider.

5. Recipients of personal data

We may disclose your personal data to third parties in the course of our business activities and in pursuit of the purposes described in Section 3. These third parties process your data either on our behalf and according to our instructions (“processors”) or on their own responsibility. These third parties include the following:

  • financial institutions that are involved in the provision of our services to our customers (e.g. domestic and foreign banks); 
  • service providers (e.g. accountants, compliance, IT providers, web hosting agencies); 
  • audit firms; 
  • consultants and law firms; 
  • brokers, suppliers, subcontractors; 
  • customers and business partners;
  • domestic and foreign government agencies, authorities or courts; 
  • associations, organizations and other entities; 
  • potential acquirers of our companies or parts thereof;
  • parties and other involved persons in legal or regulatory proceedings in Switzerland and abroad.

together “recipients“.

6. Data abroad

The recipients pursuant to Section 5 are generally located in Switzerland, but in exceptional cases may be located abroad, where in particular custodian banks as well as our service providers may be located. If we disclose your personal data to a recipient in a country without adequate statutory data protection, we will ensure adequate data protection by means of appropriate contracts (standard contractual clauses which the Federal Data Protection and Information Commissioner [FDPIC] has approved, issued or recognized in advance) and – if necessary – additional protective measures or rely on a legal exception (e.g. your consent, necessity for contract performance or for the establishment, exercise or enforcement of legal proceedings or an overriding public interest).

7. Duration of the retention of personal data

We process and retain your personal data as long as it is necessary for the fulfilment of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing (Section 3), for example, for the duration of the entire business relationship (i.e. from the initiation, during the performance of the contract until to its termination) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data will be retained for the time during which claims can be asserted against our company or if other legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as the purposes and/or laws no longer require it, your data will be deleted or made anonymous.

8. Data security

We take appropriate technical and organizational measures to protect your data from loss and unauthorized access and misuse. These include employee training, IT and network security solutions, access controls and restrictions, pseudonymization of personal data (e.g., when disclosing personal data to service providers), and regular checks.

9. Automated individual decision-making

Generally, we refrain from automated individual decision-making, i.e. decisions which are based exclusively on automated processing (without human influence) and which are associated with a legal consequence for you (e.g. refusal to enter into a contract) or which significantly affect you in some other way. Should we exceptionally make such decisions, you will be informed of this in each individual case.

10. Your rights

You can revoke consent you may have given to the processing of your personal data at any time with effect for the future by writing to the address given in section 1.

You have the right to access, rectification and erasure as well as the right to receive certain personal data for the purpose of transfer to another controller. Please note that we reserve the right to invoke the restrictions provided for by law, for example if we are obliged to retain or process certain data, if we have an overriding interest or need the data to assert claims.

The exercise of such rights usually requires that you clearly prove your identity by providing us with a copy of your ID. To exercise your rights, you can contact us at the address indicated in Section 1.

As a data subject, you also have the right to enforce your claims in court or to file a complaint with the competent data protection authority. The competent data protection authority is the Federal Data Protection and Information Commissioner.

11. Amendments

We may amend this Privacy Notice at any time without prior notice. The current version published on our website shall apply.

Version valid from September 1, 2023