Privacy policy

PRIVACY POLICY

I. Content of this Privacy Policy

CORUM Vermögensverwaltung AG (hereinafter also referred to as “we”, “us”, “CORUM”) collects and processes personal data relating to you or other persons (so-called “third parties”). The term “data” is used here synonymously with “personal data”.

“CORUM Vermögensverwaltung AG” refers to the processing carried out by CORUM Vermögensverwaltung AG itself as well as its sister companies belonging to CORUM Holding AG.

“Personal data” refers to data relating to an identified or identifiable person, i.e. the data subject is identifiable through the data itself or by incorporating corresponding additional data.

In this privacy policy, we describe what we do with your data when you use www.corumag.ch or other websites operated by us (hereinafter collectively referred to as “Website”), when you obtain our services or products, when you are otherwise connected to us within the framework of a contract, when you communicate with us, or when you otherwise interact with us. Where applicable, we will inform you in a timely written notice of any additional processing activities not mentioned in this privacy policy. Additionally, we may inform you separately about the processing of your data, e.g. in consent declarations, contractual terms, supplementary privacy policies, forms and notices.

If you provide us with data about other persons such as family members, colleagues, etc., we assume that you are authorised to do so and that such data is accurate. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.

This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”) and the revised Swiss Data Protection Act (“revDPA”). However, whether and to what extent these laws are applicable depends on the individual case.

II. Contact Details and Responsibility

The entity responsible for data processing is:

CORUM Vermögensverwaltung AG Mainaustrasse 21 8008 Zurich T: +41 (0) 44 213 20 20 F: +41 (0) 44 213 20 25 legal@corumag.ch

III. Categories of Data Processed

We process various categories of data. The most important categories are as follows:

Technical Data: When you use our website or other electronic services (e.g. free Wi-Fi), we collect the IP address of your device and other technical data to ensure the functionality and security of these services. This data also includes logs recording the use of our systems. We generally retain technical data for 6 months. To ensure the functionality of these services, we may also assign an individual code to you or your device (e.g. in the form of a cookie, see Section XI). Technical data alone does not generally allow conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, it may be linked to other data categories (and thus potentially to your person).

Communication Data: When you are in contact with us via the contact form, by email, telephone or chat, by letter or via other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record or monitor telephone calls or video conferences, e.g. for training and quality assurance purposes, we will specifically inform you of this. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed whether and when such recordings take place, e.g. by a notification during the relevant video conference. If you do not wish to be recorded, please inform us or end your participation. If you merely wish not to have your image recorded, please switch off your camera. If we need or wish to establish your identity, e.g. in the case of a request for information submitted by you, an application for media access, etc., we collect data to identify you (e.g. a copy of an identity document). We generally retain this data for 12 months from the last exchange with you. This period may be longer where required for evidentiary purposes, for compliance with legal or contractual requirements, or for technical reasons. Emails in personal mailboxes and written correspondence are generally retained for at least 10 years. Recordings of (video) conferences are generally retained for 24 months. Chat records are generally retained for 2 years.

Master Data: Master data refers to the basic data that we require, in addition to contract data (see below), for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information e.g. about your role and function, your bank details, your date of birth, customer history, powers of attorney, signatory authorisations and consent declarations. We process your master data if you are a client or other business contact or if you act on behalf of such a person (e.g. as a contact person of a business partner), or because we wish to address you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you directly, from entities for which you work, or from third parties such as our contractual partners, associations and address dealers, as well as from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We may also process information about third parties within the scope of master data. We may also collect master data from our shareholders and investors. We generally retain this data for 10 years from the end of the contract. This period may be longer where required for evidentiary purposes, for compliance with legal or contractual requirements, or for technical reasons. For purely marketing and advertising contacts, the period is usually considerably shorter, typically no more than 2 years from the last contact.

Contract Data: This refers to data arising in connection with the conclusion or performance of a contract, e.g. information about contracts and services to be provided or already provided, as well as data from the pre-contractual phase, information required or used for performance, and information about responses (e.g. complaints or satisfaction data, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the performance of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. We generally retain this data for 10 years from the end of the contract. This period may be longer where required for evidentiary purposes, for compliance with legal or contractual requirements, or for technical reasons.

Other Data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data may arise (such as files, evidence, etc.) that may also relate to you. For health protection purposes, we may also collect data (e.g. within the framework of protection concepts). We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings and when, or who has corresponding access rights (including in connection with access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the conduct of events (e.g. general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many security cameras and usually a few weeks for contact tracing data, through visitor data which is generally retained for 3 months, to reports on events with images which may be retained for several years or longer. Data about you as a shareholder or other investor is retained in accordance with corporate law requirements, but in any case for as long as you remain invested.

IV. Data Collection

  1. From the data subject Much of the data mentioned in Section III is provided to us by you directly (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.). Subject to certain individual cases, you are not obliged to provide data. However, if you wish to enter into contracts with us or use our services, you must provide us with data within the scope of your contractual obligation under the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data.
  2. From third parties or publicly accessible sources Where permissible, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet including social media) or receive data from other companies within our group, from authorities and/or from other third parties (such as credit agencies, address dealers, associations, contractual partners, internet analytics services, etc.).

V. Purpose of Data Processing

We process your data for the purposes set out below:

  1. Communication We may process your data for purposes related to communication with you, in particular for responding to enquiries or asserting your rights. For this purpose, we use in particular communication data and master data, and in connection with services and products you use, also registration data. We retain this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up enquiries.
  2. Contractual relationships We process your data for the establishment, management and performance of contractual relationships.
  3. For advertising purposes We process data for marketing purposes and relationship management, e.g. to send our clients and other contractual partners personalised advertising for products and services from us and from third parties (e.g. advertising partners). This may take the form of newsletters and other regular contacts (electronic, by post, by telephone), via other channels for which we have contact information from you, but also in the context of individual marketing campaigns (e.g. events) and may also include complimentary services (e.g. invitations, vouchers, etc.). You may refuse such contacts at any time or refuse or withdraw consent to contact for advertising purposes. Please note that in the event of withdrawal of consent, the lawfulness of the data processing carried out on the basis of the consent until the time of withdrawal remains unaffected.
  4. Compliance with legal requirements We process personal data to comply with laws, directives and recommendations of authorities and internal regulations (“Compliance”). In certain cases, we may be obliged to carry out certain checks on clients (“Know Your Customer”) or to report to authorities. The fulfilment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax law obligations, also require or entail data processing, e.g. the fulfilment of archiving obligations and the prevention, detection and investigation of criminal offences and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communications, internal investigations or the disclosure of documents to an authority where we have sufficient reason or are legally obliged to do so. External investigations, e.g. by a law enforcement or supervisory authority or a commissioned private entity, may also involve the processing of your personal data. Furthermore, we process data for the management of our shareholders and other investors and the fulfilment of our related obligations. For all these purposes, we process in particular your master data, your contract data and communication data, and in certain circumstances also behavioural data and data from the categories of other data. The legal obligations may relate to Swiss law, but also to foreign provisions to which we are subject, as well as self-regulation, industry standards, our own corporate governance, and official instructions and requests.
  5. Risk management and corporate governance We also process data for purposes of our risk management and in the context of prudent corporate governance, including operational organisation and corporate development. For example, in the context of our financial management, we must monitor our debtors and creditors, and we must avoid becoming victims of criminal acts and abuse, which may require the analysis of data for corresponding patterns. For these purposes and for your and our protection against criminal or abusive activities, we may also carry out profiling and create and process profiles. In the context of planning our resources and organising our operations, we must evaluate and process data on the use of our services and other offerings, or exchange information about them with others (e.g. outsourcing partners), which may also include your data. The same applies to services provided to us by third parties. In the context of corporate development, we may sell or acquire businesses, business units or companies, or enter into partnerships, which may also lead to the exchange and processing of data.
  6. Administration and other purposes We may process your data for other purposes, e.g. in the context of our internal processes and administration or for training and quality assurance purposes. These further purposes include, for example, training and education purposes, administrative purposes (such as the management of master data, accounting and data archiving, and the review, management and ongoing improvement of IT infrastructure), the protection of our rights (e.g. to enforce claims in court, out of court or before authorities in Switzerland and abroad, or to defend ourselves against claims, e.g. through the preservation of evidence, legal investigations and participation in judicial or administrative proceedings) and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The protection of other legitimate interests also belongs to these further purposes, which cannot be listed exhaustively.

VI. Legal Basis for Data Processing

  1. Consent of the data subject We may process data on the basis of your consent. Where we request your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You may withdraw your consent at any time by written notice — by post or by email — to us with effect for the future; our contact details can be found in “II. Contact Details and Responsibility”. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
  2. Performance of contractual obligations We may process your data in order to fulfil our obligations arising from a contract with you. In this case, the processing of data does not go beyond what is provided for in the relevant contract serving as its basis.
  3. Compliance with legal requirements We may process your data to comply with our statutory obligations, insofar as these are not already recognised as a legal basis under the applicable data protection law.
  4. Legitimate interest We may process your data where we can demonstrate a legitimate interest in the processing, in particular to pursue the purposes described in Section V above and the associated objectives, and to implement corresponding measures.

VII. Profiling and Automated Individual Decisions

No data processing takes place for the purpose of profiling or for the issuance of automated individual decisions.

VIII. Disclosure of Personal Data

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and for the other purposes set out in Section V, we may also transmit your personal data to third parties, in particular to the following categories of recipients:

Companies of the CORUM Group: For the purpose of contract performance or to fulfil our obligations (contractual or statutory), your data may be shared with other companies within the CORUM Group. The same requirements and conditions for data processing apply to other companies within the CORUM Group as to CORUM Vermögensverwaltung AG itself.

Service Providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us under their own responsibility (e.g. IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection firms, credit agencies or address verification providers). CORUM ensures, prior to the disclosure of your personal data, that the relevant service providers have an adequate level of protection. This may be achieved through the verification of corresponding certifications or through relevant contracts (e.g. using Standard Contractual Clauses, Binding Corporate Rules, etc.).

Authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. The authorities process data about you received from us under their own responsibility.

Other Persons: This refers to other cases where the involvement of third parties arises from the purposes set out in Section V, e.g. beneficiaries, media and associations in which we participate, or where you are part of one of our publications.

All of these categories of recipients may in turn engage third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not that of other third parties (e.g. authorities, banks, etc.).

IX. Disclosure of Data Abroad

No disclosure or transfer of data to third parties abroad takes place.

X. Duration of Processing

We process your data for as long as required by our processing purposes, statutory retention periods and our legitimate interests in processing for documentation and evidentiary purposes, or where storage is technically necessary.

XI. Use of Cookies

No cookies are used at this time.

XII. Rights of Data Subjects

The applicable data protection law grants you, under certain circumstances, the right to object to the processing of your data, in particular processing for marketing purposes. To facilitate your control over the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and which data we process about you;
  • The right to have data corrected if it is inaccurate;
  • The right to request the deletion of data;
  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • The right to withdraw consent, insofar as our processing is based on your consent;
  • The right to receive, upon request, further information necessary for the exercise of these rights.

If you wish to exercise the above rights vis-a-vis us (or vis-a-vis one of our group companies), please contact us in writing, in person at our premises or, unless otherwise specified or agreed, by email; our contact details can be found in “II. Contact Details and Responsibility” on page 1. In order to rule out misuse, we must identify you (e.g. with a copy of your identity document, where this is not otherwise possible).

Please note that conditions, exceptions or restrictions may apply to these rights under the applicable data protection law (e.g. for the protection of third parties or trade secrets). We will inform you accordingly where applicable.

XIII. Amendments to the Privacy Policy

CORUM reserves the right to amend this privacy policy at any time. The version published on this website is the current version.

Last updated: 24.08.2023