ARX Capital AG
Sihlstrasse 378001 Zurich
If you have any questions regarding how your personal data is processed or any other data protection concerns, you can contact our Data Protection Officer at the following eMail address: firstname.lastname@example.org
We use the information we collect in various ways, including to:
We primarily use collected data to enter into and fulfil contracts with our clients and business partners, particularly in relation to providing financial services to our clients and procuring products and services from our suppliers and subcontractors. We also process personal data to comply with domestic and foreign legal obligations.
Additionally, in accordance with the applicable law and where appropriate, we may process personal data for the following purposes:
· Providing and developing our products, services and websites, apps and other platforms in which we are involved.
· Communication with third parties and handling their requests (e.g., job applications, media inquiries).
· Advertisement and marketing (including event organization), provided that you have not objected to the use of your data for this purpose (if you are part of our client base and you receive advertisement, you may object at anytime, and we will add you to a blacklist to stop further advertising mailings).
· Asserting legal claims and defending against legal disputes and official proceedings.
· Prevention and investigation of criminal offenses and other misconduct.
· Ensuring the smooth operation of our IT systems, websites, apps, and other devices.
· Acquisition and sale of business divisions, companies, or parts of companies, and other corporate transactions involving the transfer of personal data. This includes measures for business management and compliance with legal and regulatory obligations, as well as internal company regulations.
If you have provided us with your consent to process your personal data for specific purposes (for example when registering to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis if one is required. You have the right to withdraw your consent at any time, but this does not affect the processing of data that occurred prior to the withdrawal.
We primarily process personal data that we obtain from our clients, business partners, and individuals in the context of our business relationships. Additionally, we collect data from users when operating our websites, apps, and other applications.
Where permitted, we may acquire certain personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or receive such information from affiliated companies of ARX Capital, authorities, or other third parties (such as e.g., distribution agents, custodian banks). In addition to the data provided directly by you, the categories of data we receive from third parties include, but are not limited to: information from public registers, data received in administrative or court proceedings, information related to your professional role and activities (e.g., to conclude and fulfil contracts with your employer), information from correspondence and discussions with third parties, information provided by individuals associated with you (family, consultants, legal representatives, etc.) to conclude or process contracts with your involvement (e.g. powers of attorney), information regarding legal regulations such as anti-money laundering, bank details, information about you from media or internet sources (in specific cases, e.g. job applications, media reviews, marketing/sales, etc.), your address, interests and other socio-demographic data (for marketing purposes), and data related to your use of our websites (e.g., IP address, MAC address of your smartphone or computer, device and settings information, cookies, date and time of visit, accessed content and sites, used applications, referring website, localization data). In principle, we retain this data for 12 months after the completion of the processing purpose. However, this retention period may be extended if necessary for evidentiary reasons or to comply with legal or contractual obligations.
When you visit our website, we collect and evaluate user-specific data (e.g. IP address, web browser, operating system) and technical data (such as URLs of accessed pages, execution of search queries) in an anonymous manner.
The mentioned data is collected and processed for system security, stability, error and performance analysis, as well as for internal statistical purposes. This allows us to optimize our website.
For subscribing to our content or when submitting a contact form/customer login, we process the necessary data to provide the requested service. Depending on the specific service, the following data may be processed: email address, first name, last name, salutation, full address, subject matter, and message.
If you contact us via the contact form, e-mail, telephone, chat, letter, or any other means of communication, we collect the exchanged data between you and us, including your contact details and relevant communication details. If we record or listen to telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will inform you of this practice. Any recordings will be made and used in accordance with our internal guidelines and applicable laws.
Generally, we retain this data for 12 months from the last interaction with you. However, this retention period may be extended if necessary for evidentiary reasons, to comply with legal or contractual requirements or for technical reasons. E-mails in personal mailboxes and written correspondence are generally retained for at least 10 years. Recordings of (video) conferences are usually retained for 24 months. Chats records are typically retained for 2 years.
We use «Cookies» in some cases to customize our offering to better suit your needs. Cookies are small files that are stored on your computer or mobile device when you visit or use our websites. These cookies cannot perform any operations on their own. They save specific settings through your browser and collect data related to your interaction with the website. When a cookie is enabled, it is assigned an identification number that identifies your browser and allows the information stored in the cookie to be utilized. There are two primary types of cookies: temporary cookies and permanent cookies. We use temporary cookies, which are automatically deleted from your mobile device or computer at the end of the browser session. We also use permanent cookies to save user settings (e.g. language, auto-login), understand how you use our services and content, and show you personalized offers and advertisements (including on websites of other companies; please note that such companies will not receive your identity from us; they will only know that the same user who visited their website had previously visited a specific website). Permanent cookies remain saved on your computer or mobile device for an extended period but are automatically disabled after a predetermined time.
Despite the above, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are preset to accept cookies. However, if you choose to block cookies, certain functions (such as, e.g., language settings, shopping basket, ordering processes) are no longer available to you.
Under the CCPA, among other rights, California consumers have the right to:
Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business delete any personal data about the consumer that a business has collected.
Request that a business that sells a consumer's personal data, not sell the consumer's personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
In the context of our business activities and in line with the purposes of the data processing outlined above, we may transfer data to third parties, insofar as such a transfer is permitted and deemed appropriate for them to process the data on our behalf or for their own purposes. In particular, the following categories of recipients may be concerned:
· Our service providers (e.g. Risk Management & Compliance, IT-Provider, CRM-System)
· Domestic and foreign authorities, official bodies and courts
· Other parties involved in potential or ongoing legal proceedings
Certain Recipients are located within Switzerland, but others may be located in any country worldwide. In particular, you must anticipate your data to be transmitted to other countries in Europe and the USA where our service providers are located (such as Microsoft).
If a recipient is located in a country without adequate statutory data protection, we require the recipient to commit to data protection compliance (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here, unless the recipient is subject to a legally accepted set of rules to ensure data protection, or unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, overriding public interest, contractual disclosure requirements, your consent, or if data has been publicly available and you have not objected to its processing.
Your data, which includes personal data, will be processed and stored only for as long as necessary to fulfil our contractual and legal obligations or for the purposes stated in the data processing activities. This may include the entire duration of the business relationship and beyond, based on legal retention requirements and documentation obligations. It is possible that personal data will be retained for the time in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so, or if legitimate business interests require it (e.g. for evidence and documentation purposes). Once your personal data is no longer required for the above-mentioned purposes, it will be erased or anonymized, to the extent possible. For operational data (e.g. system protocols, logs), shorter retention periods of 30 days or less apply.
We have taken appropriate technical and organizational security measures to protect your personal data against unauthorized access and misuse. These measures include issuing instructions, training, IT and network security solutions, access controls and restrictions, encrypting passwords, data storage devices and transmissions, pseudonymization and controls.
We cannot guarantee the security of data transmission over the internet. When transmitting data by email, there is acertain risk of access by third parties.
In accordance with and as far as provided by applicable law, you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing in addition to right to receive certain personal data for transfer to another controller (data portability).Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data or if we have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
We have already informed you of the possibility to object/withdraw consent at any time. Please be aware that exercising your rights may have implications for your contractual obligations and this may result in consequences such as premature contract termination or associated costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In general, exercising these rights requires that you are able to proof your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us via the details provided above.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority ofSwitzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
We may partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). In particular, profiling allows us to inform and advise you about products possibly relevant for you more accurately.For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as required, including market and opinion research.
When the ARX Capital application is installed and used, only ARX Capital AG has capacity to access, process, communicate, and use some of customers' personal and confidential data so that the application can operate properly and as intended.
For the general public and prospect customers using the ARX Capital application requires provision of a working email address for authentication and log in. We ask customers to self-report the first and last name, contact preference and type of their investment experience (classified as institutional, professional, and retail only), country of residence, in order to complete their profile in our internal client management system of ARX Capital AG and further use this information for marketing purposes. For the existing clients of ARX Capital AG wishing to track their actual portfolios of investments, we would not use the ARX Capital application to collect any information about them as we already possess this information through our asset management activities outside the ARX Capital application and overall financial regulatory obligations with the exception of our communication history with customers through the chat in the ARX Capital application.
ARX Capital AG complies with the Swiss data protection legislation as a duly-incorporated asset management company in Switzerland. Customers agree that their personal data may be communicated to third parties if necessary to safeguard the legitimate interests of ARX Capital AG and its contractual partners. This shall apply, in particular, in instances in which ARX Capital AG is required to meet obligations to provide information in an event of a legal dispute.
Version updated 31 August 2023