Imprint & Data Protection

SWIC Digital Gateway AG
Mainaustrasse 21
8008 Zürich

Privacy Policy of SWIC Digital Gateway AG

I. Content of the Privacy Policy
SWIC Digital Gateway AG (hereinafter also referred to as "we," "us," "SWIC") collects and processes personal data that concerns you or other individuals (so-called "third parties"). The term "data" here is synonymous with "personal data."The "SWIC Digital Gateway AG" includes processing by the SWIC Digital Gateway AG itself and its sister companies belonging to the CORUM Holding AG."Personal data" refers to information relating to specific or identifiable individuals, meaning that the data subject can be identified directly or indirectly through related additional data.In this privacy policy, we describe what we do with your data when you use or other websites from us (hereinafter collectively referred to as the "Website"), avail our services or products, interact with us within the scope of a contract, communicate with us, or otherwise engage with us. We may inform you of additional processing activities not mentioned in this privacy policy through timely written notifications. Additionally, we may inform you separately about the processing of your data, for example, through consent statements, contract conditions, additional privacy policies, forms, and notices.If you provide us with data about other persons, such as family members, colleagues, etc., we assume that you are authorized to do so and that this data is accurate. By providing data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.This privacy policy complies with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Data Protection Act ("DSG"), and the revised Swiss Federal Data Protection Act ("revDSG"). However, the applicability of these laws depends on the individual case.

II. Contact Details and Responsibility
Responsible for the processing is:SWIC Digital Gateway AGMainaustrasse 218008 ZurichT: +41 (0) 44 218 50 80F: +41 (0) 44 218 50

III. Categories of Processed Data
We process various categories of data. The main categories include:Technical Data: When you use our website or other electronic offers (e.g., free Wi-Fi), we collect the IP address of your device and other technical data to ensure the functionality and security of these offers. These data also include logs recording the usage of our systems. We usually retain technical data for 6 months, but no longer than 5 years. To ensure the functionality of these offers, we may assign you or your device an individual code (e.g., in the form of a cookie, refer to section XI). On their own, technical data do not typically reveal your identity. However, in the context of user accounts, registrations, access controls, or contract processing, they may be linked to other data categories (and thus, potentially to your person).Communication Data: When you communicate with us through contact forms, email, telephone, chat, letter, or other communication means, we record the data exchanged between you and us, including your contact details and communication metadata. If we record telephone calls or video conferences, e.g., for training and quality assurance purposes, we explicitly notify you. Such recordings are made and used only according to our internal guidelines. You will be informed about the occurrence and timing of such recordings, e.g., through a notification during the relevant video conference. If you do not wish to be recorded, please inform us or terminate your participation. If you wish to avoid the recording of your image, please turn off your camera. If we need to establish or verify your identity, e.g., for an information request made by you or a media access application, we collect data to identify you (e.g., a copy of an ID). We generally retain this data for 12 months from the last interaction with you. This period may be longer for evidential or compliance purposes or due to technical reasons. Emails in personal mailboxes and written correspondence are typically retained for at least 10 years after the termination of the contractual relationship.Basic Data: We refer to basic data as the core data required for processing our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, information about your role and function, your bank details, date of birth, customer history, powers of attorney, signing authorities, and consent declarations. We process your basic data if you are a customer or another business contact or if we want to address you for our own purposes or those of a contractual partner (e.g., within marketing and advertising, with event invitations, vouchers, newsletters, etc.). We obtain basic data from you directly, from the organizations you represent, or from third parties such as our contractual partners, associations, address dealers, and from publicly available sources such as public registers or the internet (websites, social media, etc.). We may also process information about third parties within the context of basic data. Basic data may also be collected from our shareholders and investors. We generally retain this data for 10 years after the end of the contract. This period may be longer for evidential or compliance purposes or due to technical reasons. In the case of pure marketing and advertising contacts, the period is usually much shorter, typically not exceeding 2 years since the last contact.Contract Data: These are data related to contract conclusion or contract processing, e.g., information about contracts and the services to be or already provided, as well as data from the pre-contractual phase necessary for processing or used in the contract's execution, and information about reactions (e.g., complaints or satisfaction details, etc.). We generally collect this data from you, our contractual partners, involved third parties in contract execution, as well as from third-party sources (e.g., credit information providers) and publicly available sources. We usually retain this data for 10 years after the contract ends. This period may be longer for evidential or compliance purposes or due to technical reasons.Other Data: We also collect data in various other situations. For instance, data may arise in connection with administrative or judicial procedures (such as files, evidence, etc.) that may relate to you. For health protection reasons, we may also collect data (e.g., within protection concepts). We may receive or create photos, videos, and audio recordings in which you may be recognizable (e.g., at events, through security cameras, etc.). We may also collect data about who enters specific buildings or has corresponding access rights (including access controls, based on registration data or visitor lists, etc.), who participates in events or activities (e.g., competitions), or who uses our infrastructure and systems. Lastly, we collect and process data about our shareholders and other investors; besides basic data, this includes information for the respective registers, the exercise of their rights, and the organization of events (e.g., general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many security cameras and typically several weeks for visitor data for contact tracing, which is usually kept for 3 months, to reports about events with images that may be retained.

IV. Data Collection
From the data subjectMany of the data mentioned in this section III. are provided by you (e.g., through forms, in the course of communication with us, in connection with contracts, when using the website, etc.). Except for specific cases, you are not obligated to provide this data. However, if you intend to enter into contracts with us or avail yourself of services, you must provide us with data within the scope of your contractual obligations, as stipulated in the relevant contract, particularly basic, contractual, and registration data. When using our website, the processing of technical data is unavoidable. If you wish to access specific systems or buildings, you must provide us with registration data.Through third parties or from publicly available sourcesTo the extent permissible, we extract data from publicly available sources (e.g., debt collection registers, land registers, commercial registers, media, or the internet, including social media) or receive data from other companies within our group, authorities, and/or other third parties (such as credit agencies, address vendors, associations, contracting partners, internet analysis services, etc.).

V. Purpose of Data Processing
We process your data for the purposes outlined below:CommunicationWe may process your data for purposes related to communication with you, particularly for responding to inquiries or asserting your rights. For this, we primarily use communication data and basic data and, in connection with services and offers used by you, registration data. We retain this data to document our communication with you, for training purposes, quality assurance, and for follow-ups.Contractual relationshipsWe process your data for initiating, managing, and executing contractual relationships.For advertising purposesWe process data for marketing purposes and maintaining relationships, such as sending personalized advertising about our products and services, as well as those from third parties (e.g., advertising contracting partners) to our customers and other contracting parties. This can occur in the form of newsletters and other regular contacts (electronically, via mail, by phone), through other channels where we have contact information from you, and as part of individual marketing activities (e.g., events), and may also include complimentary services (e.g., invitations, vouchers, etc.). You can refuse such contacts at any time or deny or revoke consent to contact for advertising purposes. Please note that revoking consent does not affect the lawfulness of data processing until the time of revocation.Compliance with legal requirementsWe process personal data to comply with laws, directives, and recommendations from authorities and internal regulations ("Compliance"). In certain cases, we may be obligated to conduct specific investigations regarding customers ("Know Your Customer") or report to authorities. Fulfilling obligations regarding information, disclosure, or reporting duties, for example, in connection with supervisory and tax obligations, necessitates or involves data processing, such as fulfilling archiving obligations, preventing, detecting, and investigating crimes and other violations. This includes receiving and processing complaints and other reports, monitoring communications, internal investigations, or disclosing documents to authorities when we have sufficient reason to do so or are legally obligated. External investigations by law enforcement or supervisory authorities or a contracted private entity might also involve the processing of your personal data. Additionally, we process data to assist our shareholders and other investors and fulfill related obligations. For all these purposes, we process primarily your basic data, contractual data, and communication data, but potentially also behavioral data and data from other categories. Legal obligations may stem from Swiss law as well as foreign regulations that apply to us, as well as self-regulations, industry standards, our own corporate governance, and instructions and requests from authorities.Risk management and corporate governanceWe process data for purposes of risk management and as part of prudent corporate governance, including operational organization and corporate development. For instance, within our financial administration, we must monitor our debtors and creditors, and we must prevent becoming victims of crimes and abuses, which may require evaluating data for specific patterns. For these purposes and for your and our protection against criminal or abusive activities, we might conduct profiling, create and manage profiles. In planning our resources and organizing our operations, we need to evaluate and process data related to the use of our services and other offers or exchange information with others (e.g., outsourcing partners), which may also involve your data. The same applies to services provided to us by third parties. In the course of corporate development, we might sell businesses, parts of operations, or companies to others or acquire them or enter partnerships, which may also involve the exchange and processing of data.Administration and other purposesWe may process your data for additional purposes, such as within our internal processes and administration or for training and quality assurance purposes. These additional purposes encompass training and educational purposes, administrative purposes (such as managing basic data, accounting, data archiving, and evaluating, managing, and continuously improving IT infrastructure), protecting our rights (e.g., enforcing claims judicially, out-of-court, or before authorities nationally and internationally or defending against claims, including evidence gathering, legal investigations, and participating in judicial or administrative procedures), and evaluating and improving internal processes. We might use recordings of (video) conferences for training and quality assurance purposes. Preserving further legitimate interests is also part of these additional purposes, which cannot be exhaustively named.

VI. Basis of Data Processing
Consent of the Data SubjectWe may process data based on your consent. Where we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke consent at any time by written notification – via post or email – to us, effective for the future; our contact details can be found in "II. Contact Details and Responsibility." Once we receive notice of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis. Revoking your consent does not affect the lawfulness of the processing carried out based on the consent until revocation.Fulfillment or Execution of Contractual ObligationsWe may process data from you to fulfill our obligations arising from a contract with you. In this case, the data processing does not go beyond what is stipulated in the relevant contract serving as the basis.Compliance with Legal RequirementsWe may process data from you to comply with legal obligations imposed on us, provided that these are not already recognized by the applicable data protection law as a legal basis.Legitimate InterestWe may process data from you if we can demonstrate a legitimate interest in the processing. This is particularly aimed at pursuing the purposes described above under section V. and associated goals and being able to take corresponding measures.

VII. Profiling and Automated Individual Decisions
There is no data processing for the purpose of profiling or making automated individual decisions.

VIII. Disclosure of Personal Data
In connection with our contracts, the website, our services and products, our legal obligations, or otherwise to protect our legitimate interests and the other purposes listed in section V., we may also disclose your personal data to third parties, especially to the following categories of recipients:CORUM Group Companies: For the purpose of contract fulfillment or to fulfill our obligations (contractual or legal), your data may be shared with other companies within the CORUM Group. In this case, the data processing by another company within the CORUM Group is subject to the same requirements and conditions as for SWIC Digital Gateway AG itself.Service Providers: We collaborate with service providers both domestically and internationally, who process data about you on our behalf or jointly responsible with us or receive data about you from us in their own capacity (e.g., IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, collection agencies, credit agencies, or address validators). SWIC ensures, before disclosing your personal data, that the relevant service providers have an adequate level of protection. This can be achieved through the verification of relevant certificates or through appropriate contracts (e.g., by using Standard Contractual Clauses; Binding Corporate Rules; etc.).Authorities: We may disclose personal data to authorities, courts, and other authorities both nationally and internationally if legally obligated or authorized to do so or if necessary to protect our interests. The authorities independently process data about you that they receive from us.Other Persons: This includes cases where involving third parties results from the purposes according to section V., e.g., service recipients, media, and associations in which we participate or if you are part of any of our publications.All these categories of recipients may also involve third parties, thereby making your data accessible to them. We may restrict the processing by specific third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks, etc.).

IX. Disclosure of Data Abroad
We primarily process your data in Switzerland or in a country with an adequate level of data protection. Transmission of data abroad for purposes other than those listed in this privacy statement does not occur. Should the level of data protection abroad not correspond to the Swiss level, we ensure compliance with the Swiss level of data protection through contractual agreements or require explicit consent from you.

X. Duration of Processing
We process your data as long as our processing purposes, legal retention periods, and our legitimate interests in processing for documentation and evidentiary purposes demand it or storage is technically necessary.

XI. Use of Cookies
To ensure the function and performance of our website, so-called cookies are placed on our website. Cookies are small text files that are stored on the local computer of the user when visiting a website and sent back to the server on subsequent visits to the page. This enables the provider of the page to analyze the user's behavior and guarantee an optimal user experience. Cookies can be distinguished by the type of the respective cookie, i.e., in terms of the function performed by the cookie and whether the cookie is placed by the operator of the website itself (so-called "First Party Cookies") or by a third party (so-called "Third Party Cookies"). In terms of functionality, cookies can be distinguished as follows:Necessary Cookies: Some cookies are necessary for the functioning of the website itself or certain functions. They ensure, for example, that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies exist only temporarily ("Session Cookies"). If you block them, the website may not function properly. Other cookies are necessary for the server to store decisions or entries made by you beyond a session (i.e., a visit to the website) if you utilize this function (e.g., chosen language, granted consent, the function for automatic login, etc.). These cookies have an expiration date of up to 24 months.Performance Cookies: To optimize our website and related offers and better align them with the users' needs, we use cookies to record and analyze the use of our website, possibly even beyond a session. We do this by using analysis services from third-party providers listed below. Before employing such cookies, we ask for your consent. You can revoke this at any time via the cookie settings here. Performance cookies also have an expiration date of up to 24 months. Details can be found on the websites of the third-party providers.Marketing Cookies: We and our advertising contracting partners have an interest in steering advertising to specific target groups, i.e., showing ads only to those we want to reach. We and our advertising contracting partners – if you consent – also use cookies that can record accessed content or concluded contracts. This allows us and our advertising contracting partners to display ads that we believe will interest you on our website but also on other websites that display ads from us or our advertising contracting partners. These cookies have a duration depending on the situation, ranging from a few days to 24 months. If you consent to the use of these cookies, you will see corresponding ads. If you do not consent, you will see randomly selected other ads.

XII. Use of Third-Party Providers
Currently, we use services from the following third-party providers:Audienzz: We use online marketing services from Audienzz to display advertisements on our website. The company aims to provide services in the media sector, particularly in the mediation and marketing of advertising spaces in online media and the development of related software. Audienzz is a Swiss company located at Falkenstrasse 10 in Zurich. By consenting to this service, you also consent to the use of cookies placed by this provider on our website.Fundinfo: FE fundinfo (Switzerland) AG is a Swiss company located at Staffelstrasse 12 in Zurich. We use this service for the download of prospectuses, reports, and factsheets when searching for specific funds.Google Analytics: Google Ireland (based in Ireland) provides the "Google Analytics" service and acts as a data processor. Google Ireland relies on Google LLC (based in the USA) as its data processor (both "Google"). Google, through performance cookies (see above), tracks visitor behavior on our website (duration, frequency of pages visited, geographical origin of access, etc.) and generates reports for us based on this data. We have configured the service so that the IP addresses of visitors to Google in Europe are truncated before being sent to the USA and thus cannot be traced back. We have turned off the "Data Sharing" and "Signals" settings. While we may assume that the information we share with Google is not personal data for Google, it is possible for Google to draw conclusions about the identities of visitors from this data for its own purposes, create personal profiles, and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (especially usage data for the website and app, device information, and individual IDs) to the USA and other countries. Information on Google Analytics' privacy can be found here: Google Analytics Privacy Policy. If you have a Google account, you can find further information on processing by Google here: Google Partner Sites.Google Maps: Google Ireland (based in Ireland) provides the "Google Maps" service and acts as a data processor. By using Google Maps, we can provide better and more accurate location information. We use this service to display provider addresses and event locations on a map. The processing of data by this service is subject to Swiss data protection law. By consenting to this service, you also consent to the use of cookies placed by this provider on our website. For more information on the privacy policy of Google Maps, please visit the following link: Google Maps Privacy Policy.Google reCAPTCHA: Google Ireland (based in Ireland) provides the "Google reCAPTCHA" service and acts as a data processor. The use of Google reCAPTCHA is intended to ensure that the visitors to our website are indeed humans and not computer programs or bots. This is done through small tasks that are very easy for a human to solve but pose significant challenges for a machine. Depending on the version of reCAPTCHA, the user may also be prompted to check a box confirming that they are not a robot. This service is used on our website during registration or when filling out contact forms. By consenting to this service, you also consent to the use of cookies placed by this provider on our website. For more information on the privacy policy of Google reCAPTCHA, please visit the following link: Google reCAPTCHA Privacy Policy.Infomaniak: Infomaniak is a large Swiss web hosting company located in Les Acacias in Geneva. We use Infomaniak as a host for our website. Information about Infomaniak's privacy policies can be found at the following link: Infomaniak Privacy Policy.Mailchimp: Mailchimp is a marketing automation and email marketing platform based in Atlanta, Georgia, USA. We use this service provider when you sign up for our newsletter to send you emails. Information on European data transfers can be found at the following link: Mailchimp European Data Transfers. Information on Mailchimp's privacy policy can be found here: Mailchimp Privacy Policy.YouTube: YouTube is a video-sharing platform founded in 2005 by the US-based company YouTube, LLC, a subsidiary of Google LLC since 2006, headquartered in San Bruno, California. YouTube allows users to view, rate, comment on, and upload video clips for free. We use YouTube on our website to display videos. By consenting to this service, you also consent to the use of cookies placed by this provider on our website. As a subsidiary of Google LLC, the same privacy policies apply to YouTube as to Google. For more information, please visit the following link: YouTube Privacy Policy.

XIII. Rights of the Data Subject
The applicable data protection law grants you, under certain circumstances, the right to object to the processing of your data, especially for marketing purposes. To facilitate your control over the processing of your personal data, you have the following rights in connection with our data processing, depending on the applicable data protection law:The right to request information from us about whether and what data we process about you;The right to have data corrected if it is inaccurate;The right to request the deletion of data;The right to request us to provide certain personal data in a common electronic format or to transfer it to another controller;The right to revoke consent, insofar as our processing is based on your consent;The right to receive further information necessary to exercise these rights upon request.If you wish to exercise the above-mentioned rights (or against one of our group companies), please contact us in writing, in person, or where not otherwise specified or agreed, by email; our contact details can be found in "II. Contact Details and Responsibility" on page 1. To prevent misuse, we must identify you (e.g., with a copy of an ID if not otherwise possible).Please note that certain conditions, exceptions, or limitations apply to these rights under applicable data protection law (e.g., for the protection of third parties or trade secrets). We will inform you accordingly if necessary.

XIV. Changes to the Privacy Policy
SWIC reserves the right to adjust this privacy policy at any time. The version published on this website is the current version.Last updated on: 15.12.2023