1. Responsible body and content of this data protection declaration
2. Contact person for questions regarding data protection
3. When visiting our Website
4. Using one of our contact options
5. In the course of providing our services
6. Conducting video conferences
7. Using e-banking
8. Using the WiFi network on our premises
9. Central data storage
10. Newsletter
11. Cookies
12. General information on tracking
13. Google Analytics
14. Google Ads
15. Google Maps API
16. jQuery
17. Monotype Web Fonts
18. Recipients of personal data
19. Disclosure of personal data abroad
20. Retention of personal data
21. Data security
22. Your rights
1. Responsible party and content of this privacy policy
We, Survista Financial Advisors AG (Stockerstrasse 12, 8002 Zurich, Switzerland), are the operator of the website www.survista.ch (“Website”) as well as the contractual partner for the services we provide and, unless otherwise stated, are responsible for the data processing listed in this privacy policy.
In order for you to know what personal data we collect from you and for what purposes we use it, please read the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (“FADP”), as well as the EU General Data Protection Regulation (“GDPR”), the provisions of which may be applicable in individual cases.
2. Contact person for questions regarding data protection
If you have any questions about data protection or would like to exercise your rights, please contact our data protection contact person by sending an e-mail to the following address: datenschutz@survista.ch.
Alternatively, you can also send your request to the following postal address:
Survista Financial Advisors AG
Data protection
Stockerstrasse 12
8002 Zürich
3. When visiting our Website
When you visit our website, the servers of our hosting provider Hostpoint AG, Neue Jonastrasse 60, 8640 Rapperswil-Jona, Switzerland store every access in a log file for a maximum period of 12 months. The following data is recorded and stored by us until automated deletion:
- The IP address of the requesting computer
- The date and time of access
- The name and URL of the file accessed
- The website from which the access was made, if applicable with the search word used
- The operating system of your computer and the browser you are using (including type, version and language setting)
- Device type in the case of access by mobile phones
- The city or region from where the access took place as well as
- The name of your Internet access provider.
This data is processed for the purpose of enabling the use of our website, ensuring system security and stability on a permanent basis and for error and performance analysis. It also enables us to optimise our website.
In the event of an attack on the website’s network infrastructure or a suspicion of other unauthorised or abusive website use, the IP address and the other data are evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.
Our legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit. f DSGVO lies in the purposes described above.
4. Using one of our contact options
If you contact us via our contact addresses and channels (e.g. by e-mail or telephone), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request will be processed. In addition, the time of receipt of the request is documented.
We process this data exclusively in order to answer your enquiry in the best possible way. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in answering your enquiry or, if your enquiry is directed towards the conclusion or performance of a contract, the performance of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO.
5. In the course of providing our services
We process your personal data as part of the initiation of a business relationship and to provide our services. This includes the following data:
- First and last name
- Company
- Contact information (e.g. address, e-mail address, telephone number)
- Information on beneficial ownership
- Identification details (e.g. copies of official identity cards, official documents)
- Contractual data (e.g. risk profiles, company structures, asset data, tax and pension data, knowledge of investment business, investment objectives, transaction data, financial circumstances)
- Data for the implementation of the KYC
- Order/service data
- Other data provided to us
We use this data to provide our services in the best possible way in terms of the execution of the contract, for the administration of the service, to carry out legally required clarifications and for billing purposes. We also need your contact details to confirm your order and for future communication with you that is necessary for the performance of the contract.
To the extent necessary for the performance of the contract, we will also pass on the required information to any third-party service providers (e.g. custodian banks, fund companies, financial service providers, FINMA, WorldCheck).
For the aforementioned processing, we use Microsoft 365 and various applications contained therein (e.g. Word, PowerPoint, Excel, Outlook, OneDrive and SharePoint) of Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399, USA) or Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) (“Microsoft”). If we should grant you direct access to Microsoft 365, the following data from you will also be processed:
- IP address used for access
- Access data (e.g. user name, data within the scope of so-called multi-factor authentication)
- Master data (e.g. surname, first name, contact data, profile pictures)
- Metadata of use (e.g. time of access, date, type of access, information on the data/files/documents accessed and all activities in connection with the use)
According to Microsoft, the data in this case is primarily stored on servers in the EU. For these data processing operations, we have concluded an order processing agreement with Microsoft, extensive technical and organisational measures that correspond to the currently applicable state of the art in IT security, as well as the EU standard contractual clauses (with further measures) with Microsoft.
In connection with the use of Microsoft 365, Microsoft also processes certain data as an independent data controller. Please note that we have no influence on Microsoft’s data processing. You can find more information on data processing by Microsoft in their privacy policy.
The legal basis for the processing of personal data for the aforementioned purposes lies in the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO, in the fulfilment of legal obligations according to Art. 6 para. 1 lit. c DSGVO as well as in our legitimate interest in the targeted and efficient support of the customer within the meaning of Art. 6 para. 1 lit. f DSGVO.
6. Conducting videoconferences
To conduct telephone/video conferences, online meetings and webinars (“Teams meeting”), we use the Microsoft Teams application. When using Microsoft Teams, various data are processed. The following data may be processed during a Teams meeting:
- User details (e.g. display name, email address, profile picture, preferred language).
- Metadata of the Teams meeting (e.g. date, time, meeting ID, telephone numbers, location, text, audio and video data)
- Authentication data, log files and protocol data
- Contents of the team meeting and data when using the chat function
- Details of incoming and outgoing telephone numbers, country name, start and end time, if you dial into the Teams Meeting by telephone
If we record teams meetings, we will inform you in advance and – where necessary – ask for your consent.
The legal basis for the processing of personal data is the implementation of pre-contractual measures and the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO, insofar as the teams meetings take place within the framework of the contractual relationship. Outside of the contractual relationship, the legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO to answer your enquiry in the best possible way.
7. Use of e-banking
On our website you have the possibility to access e-banking. To use e-banking, you need a login. For this purpose we process the following data:
- Name
- Password
- Code
- Other data stored in e-banking
We use this data to make e-banking available to you. The legal basis for processing the data for this purpose is therefore the performance of a contract in accordance with Art. 6 Para. 1 lit. b DSGVO.
For e-banking, we use AM One software from AM-One AG (Steiermärker Strasse 3-5, 70469 Stuttgart, Germany). The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in using the services of third-party providers.
To avoid misuse, you must always treat your login data confidentially and should close the browser window when you exit e-banking, especially if you share your terminal device with other persons.
8. Use of the Wi-Fi network in our premises
In our offices you have the possibility to use our guest WiFi network. The following data will be processed:
- Internet access data
- IP address
In addition to the above data, data on the location with time, date and terminal device are recorded each time the WiFi network is used. The legal basis for this processing is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO.
9. Central data storage
If it is possible to clearly identify you, we will store and link the data described in this data protection declaration, i.e. in particular your personal details, your contact details, your contract details and your surfing behaviour on our website, in a central database. This serves the efficient administration of customer data and allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in the efficient management of user data.
10. Newsletter
When you register for our email newsletter, we collect the following data, with mandatory data marked accordingly (e.g. with an asterisk):
- E-mail address*
- First and last name
By registering, you consent to the processing of this data in order to receive news from us about our company, our offers as well as related services. We will use your data to send you e-mails until you revoke your consent. You can withdraw your consent at any time by clicking on the unsubscribe link in all our email newsletters.
Our email newsletters may contain a web beacon or 1×1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter recipient. For each email newsletter sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the email, for how long and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise the e-mail newsletters in terms of frequency, timing, structure and content of the e-mails. This allows us to better tailor the information and offers in our emails to the individual interests of the recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our e-mail newsletters, please set your e-mail programme so that HTML is not displayed in messages. In the help sections of your e-mail software you will find information on how to configure this setting, e.g. here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for processing the data within the meaning of Art. 6 para. 1 lit. a DSGVO.
We use the MailChimp software from The Rocket Science Group, LLC (675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308, USA) to send the email newsletters. Therefore, your data is stored in a database of MailChimp, which allows them to access your data. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in the use of third-party services.
11. Cookies
We use so-called cookies on our website. This is a technology through which your browser or device can be identified. These are small text files that are filed and stored on the computer system via an internet browser. When a user accesses a website, a cookie may be stored on the user’s operating system. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are technically necessary for your desired use of the website. For example, cookies take over other technical functions necessary for the operation of the website, such as load balancing, i.e. the distribution of the performance load of the page to different web servers in order to relieve the servers. Finally, we also use cookies as part of the design and programming of our website, for example to enable the uploading of scripts or codes.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO in providing a user-friendly and up-to-date website.
Most internet browsers accept cookies automatically. However, when you access our website, we ask for your consent to the cookies we use that are not technically necessary, in particular when we use cookies from third-party providers for marketing purposes. You can use the corresponding buttons in the cookie banner to make your desired settings. Details of the services and data processing associated with the individual cookies can be found in the following sections of this data protection declaration.
You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.
If a cookie is not accepted by the user for application, the display of the usability of our website may be restricted for the respective user.
12. General information on tracking
We use the web analysis services listed below for the purpose of demand-oriented design and continuous optimisation of our website. In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually transmitted together with the log file data listed in section 3 to a server of the service provider, where it is stored and processed. This may also involve transmission to servers abroad, e.g. the USA.
By processing the data, we obtain the following information, among others:
- Navigation path followed by a visitor on the site (incl. content viewed and products selected or purchased)
- The length of time spent on the website or sub-page
- The sub-page on which the website is left
- The country, region or city from which the site is accessed
- End device (type, version, colour depth, resolution, width and height of the browser window) and
- Returning or new visitors
On our behalf, the provider will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage for the purposes of market research and demand-oriented website design.
The legal basis for this processing with the following tools is your consent within the meaning of Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time or refuse the processing by rejecting or switching off the relevant cookies in the settings of your web browser or by making use of the service-specific options described below.
For the further processing of the data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the provider’s data protection information.
13. Google Analytics
We use Google Analytics as a so-called web analysis or tracking technology in order to constantly improve our internet offer. Google Analytics is a web analysis service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland), a subsidiary of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”). The country of receipt of the personal data concerned is therefore the USA. To ensure an appropriate level of data protection, the standard contractual clauses of the European Commission recognised by the FDPIC are used in addition to the contractual regulation on commissioned data processing. In addition, appropriate technical and organisational measures are taken to maintain the required level of protection in accordance with applicable data protection law.
The analysis is carried out for market research as well as for advertising and marketing purposes and for the purpose of analysing, optimising and economically operating our online offer and thereby serves our legitimate interest. In addition, we obtain consent from the user of our website before using Google Analytics.
Google provides a browser add-on to deactivate Google Analytics. Google Analytics uses cookies (see above). The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google and will only pass it on to us in anonymised form.
Further information on Google Analytics can be found here and in Google’s privacy policy.
For the further processing of the data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the provider’s data protection information.
14. Google Ads
This website uses the services of Google Ireland Ltd (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for online advertising. Google uses cookies for this purpose, such as the so-called DoubleClick cookie, which enable your browser to be recognised when visiting other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States.
The legal basis for this processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. You can find options for blocking advertising here.
Further information on data protection at Google can be found here.
For the further processing of the data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the provider’s data protection information.
15. Google Maps API
We use Google Maps API (Application Programming Interface, “Google Maps”) from Google Ireland Ltd. (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website for the visual display of geographical information (maps). By using Google Maps, information about the use of our website, including your IP address, is transmitted to a Google server in the USA and stored there.
The integration of Google Maps enables us to visualise our location. This possibility constitutes our legitimate interest in processing within the meaning of Art. 6 para. 1 lit. f DSGVO.
16. jQuery
On our website, we use jQuery from StackPath LLC (2021 McKinney Ave, Suite 1100, Dallas, TX 75201, USA). jQuery serves us as a content delivery network (CDN) for the proper provision of the content of our website. jQuery helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to jQuery servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of jQuery.
The use of jQuery is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO in the secure and efficient provision and optimisation of our online offer.
Further information on how jQuery processes personal data can be found in their privacy policy.
17. Monotype Web Fonts
On our website we use the web fonts of Monotype Imaging Holdings Inc. (600 Unicorn Park Drive, Woburn, MA 01801, USA). Web fonts are used for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must establish a connection to the servers of fast.fonts.com (Monotype). This involves processing the IP address (anonymised), the project identification number of the web font, the URL of the licensed website linked to a customer number so that Fonts.com can identify the licensee and the licensed web fonts, and the URL of the previously visited page.
Monotype stores the anonymised IP address and project identification number of the web font in encrypted log files containing such data for a period of 30 days to determine the monthly number of page views. After such determination and storage of the number of page views, the log files are deleted.
The use of Monotype is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO, in a uniform and attractive presentation of our website. If your browser does not support web fonts, a standard font will be used by your computer.
For more information on how Monotype processes personal data, please refer to their privacy policy.
18. Recipients of personal data
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you. The legal basis for these disclosures is the necessity for the fulfilment of the contract within the meaning of Art. 6 Para. 1 lit. b DSGVO.
A transfer is also made to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are already explicitly mentioned in this privacy policy. These are, for example, IT service providers (such as providers of software solutions), custodian banks, fund companies, financial service providers, FINMA, WorldCheck, advertising agencies and consultancies. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO in obtaining third-party services.
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection companies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to conduct due diligence or to complete the transaction. Our legitimate interest within the meaning of Art. 6 (1) f DSGVO in safeguarding our rights and complying with our obligations or the sale of our company forms the legal basis for this data transfer.
19. Disclosure of personal data abroad
In order to comply with the legal requirements for data transfer, your personal data may also be disclosed to recipients who have their registered office outside Switzerland, the EU or the EEA in so-called third countries. If the country in question does not have an adequate level of data protection, we guarantee through contractual arrangements that your data is adequately protected at these companies.
20. Retention of personal data
We process and store personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or other purposes pursued with the processing and as long as there is a legitimate interest on our part in retaining the respective personal data.
In addition, we retain personal data that is subject to statutory retention periods or that is still required for criminal prosecution or to secure, assert or enforce legal claims.
Requirements that oblige us to retain data result from the following, among others:
- Fulfilment of commercial and tax law retention obligations, e.g. from the Swiss Code of Obligations (“OR”) and the tax laws. The periods specified there for retention or documentation are usually ten years.
- Preservation of evidence within the framework of the statutory limitation provisions, in particular pursuant to Art. 127 et seq. OR, Art. 60 OR as well as special statutory limitation periods (SVG, etc.).
21. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the fulfilment of their tasks.
We would like to point out that in the event of data being sent by e-mail, data is transmitted in an unencrypted form. Therefore, it cannot be ruled out that data may be lost en route or may be viewed by third parties. Such online transmission of personal data is therefore at your own risk.
22. Your rights
Provided that the legal requirements are met, you have the following rights as a person affected by data processing:
- Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.
- Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
- Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, particularly in the case of legal retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.
- Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
- Right to data transfer: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
- Right to object: You can object to data processing at any time.
- Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.
- Right of appeal: You have the right to lodge an appeal with a competent supervisory authority, e.g. against the way in which your personal data is processed.
To exercise these rights, please use the contact address in section 2.
Status: September 2023