“Personal data" means all information relating to an identified or identifiable natural person. “Processing" means any handling of personal data, irrespective of the means and procedures applied, in particular the collection, storage, retention, use, revision, disclosure, archiving, deletion or destruction of personal data.
It is possible that any other documents, such as conditions of participation or similar declarations, regulate specific data processing.
Regardless of whether the Partner is solely or with Aquila jointly responsible for data processing, you may contact the Partner for data protection concerns:
+41 58 680 62 10
The Partner as well as the Joint Controller primarily obtain and process personal data that is provided to them by the data subject, e.g. when opening a business relationship, in the context of the execution of contracts, the use of products and services or on websites or other applications. They also process personal data which is collected in the context of the use of products or services and is transmitted to the Partner or Joint Controller. The Partner as well as the Joint Controller may, to the extent permitted, obtain personal data from publicly accessible sources, from authorities or from other third parties.
The Partner and the Joint Controller process various categories of personal data. The most important categories are the following:
Many of these data are disclosed to the Partner by the data subject himself/herself. The categories of personal data that the Partner and the Joint Controller receive from third parties include, in particular, information from public registers, information obtained in connection with official and legal proceedings, creditworthiness information, information on compliance with legal requirements such as those relating to combating fraud, combating money laundering and terrorism financing or export restrictions, information from banks, insurance companies, distribution and other contractual partners of the Partner or Joint Controller relating to the use or provision of services, information from the media and the internet, address and, where applicable, other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed to the data subject.
The Partner processes personal data primarily to provide its own services, to process contracts with clients and business partners and to comply with legal obligations. Aquila supports the Partner within the framework of the Aquila Partner Model with central services in the areas of Legal, Compliance & Risk, Fiduciary & Accounting, as well as IT and Administration. As part of these services, Aquila processes personal data together with the Partner as Joint Controller for the purpose of providing these management, coordination and control functions.
In addition, the Partner or the Joint Controller process personal data, where permitted and appropriate, for the following purposes:
Insofar as consent has been given to process personal data for specific purposes (e.g. when registering for a newsletter), the personal data will be processed within the scope of and based on this consent, insofar as no other legal basis is given and necessary. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
The Partner undertakes to protect personal data for the data processing’s for which it is responsible in accordance with the applicable laws. Where Aquila is jointly responsible, it shall ensure the protection of personal data together with the Partner. The protection of personal data includes appropriate technical and organisational security measures (e.g. access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, training of employees, etc.).
The Partner or Joint Controller disclose personal data to the following third parties (recipients) in the following cases:
Recipients of personal data are usually in Switzerland. Particularly when using certain products or services of the Joint Controller, personal data may also be disclosed to third parties outside of Switzerland (e.g. Europe or the USA).
Where a recipient is located in a country without an adequate level of data protection, the Partner or the Joint Controller shall contractually oblige the recipient to comply with the applicable data protection (e.g. with standard contractual clauses), unless the recipient is already subject to a legally recognised set of rules to ensure data protection or the Joint Controller cannot rely on an exemption provision.
The Partner as well as the Joint Controller outsource certain business areas and services in whole or in part to third parties.
The service providers who process personal data on behalf of the Partner or the Joint Controller for this purpose (so-called processors) are carefully selected. Whenever possible, the Joint Controller uses processors domiciled in Switzerland. The processors may be entitled to have certain services provided by third parties.
The processors may only process personal data received in the same way as the Partner as sole controller or the Joint Controller themselves and are contractually obliged to ensure the confidentiality and security of the data.
The Partner as well as the Joint Controller reserve the right to process personal data automatically in the future, in particular in order to identify essential personal characteristics of the customer, to predict developments and to create customer profiles. This serves in particular the assessment and further development of offers and the optimization of the provision of services.
In the future, customer profiles may also lead to automated individual decisions (e.g. automated acceptance and execution of customer orders in CRM). In such cases, it is ensured that a contact person is available if a data subject wishes to comment on an automated individual decision and such a possibility to comment is provided for by law.
When a person visits the Partner's websites, the web server automatically records details of their visit (e.g. the website from which the visit takes place, the visitor's IP address, the content of the website that is accessed, including the date and duration of the visit). Such tracking data is used to optimise the websites visited and provide information on how the visitor informs himself about and uses the products, services and offers. As a rule, however, it does not allow any conclusions to be drawn about the identity of the visitor. In this respect, no personal data is processed.
However, if the visitor provides personal data, e.g. by filling in a registration form or message field for newsletters etc., the Partner may use this data in particular for the following, in addition to the purposes set out in section 5:
When visiting the websites, the visitor's data is transported via the internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. This entails the risk that data may be disclosed or its content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message is faked or manipulated in some other way by unauthorised persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, that data may be transmitted uncontrolled abroad, where data protection requirements may be lower than in Switzerland, etc. The risk of such manipulation may also arise.
The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal retention and documentation obligations, which amount to five, ten or more years depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it is deleted or made anonymous as far as possible.
Anyone can request information from the Partner as to whether personal data about him/ her is being processed. There is a right of objection or restriction of processing and, where applicable, the right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, unless legal or regulatory obligations (e.g. legal retention obligations of business-relevant data) or technical hurdles prevent this. The deletion of data may have the consequence that certain services can no longer be provided. In addition, where applicable, there is a right of appeal to a competent authority. Where the Partner or Joint Controller process personal data on the basis of consent, this consent may be revoked at any time. It should be noted that the Partner or Aquila AG reserve the right invoke the restrictions provided for by law on their part, for example if they are obliged to retain or process certain data, have an overriding interest in doing so (insofar as they are entitled to rely on this) or require it for the assertion of claims.
In order to support the Partner in responding to your request, we ask for a corresponding, comprehensible message. We will review and respond to the concerns within a reasonable period of time.
The Partner alone as well as together with Aquila AG may amend this data protection declaration at any time without prior notice. The current version published on the website of the Partner or Aquila AG shall apply.