This policy, issued by Aquamarine Zürich AG (“Aquamarine”, “we”, “us”) is addressed to individuals with whom we interact (irrespective of how, e.g. by phone, email, post, in person, via our website) including prospective, current or former clients, investors, employees and contractors of Aquamarine, as well as those with a general or ongoing interest in Aquamarine (together, “you”).
We take our responsibility to protect the privacy and confidentiality your personal data very seriously and this policy, which may be amended from time to time, describes how Aquamarine collects, stores, uses and discloses personal data (“processing”) according to the applicable laws and regulations. We encourage you to read this Policy carefully and regularly check the website www.aquamarinefund.com/privacy for any updates.
1. What Personal Data do we process?
Personal Data means any information relating to a person by which they may be identified, including but not limited to: your name, address, email, IP address, photograph, date of birth, nationality, employment history, family information, financial account information, social security numbers, cookie information etc.
Subject to applicable law, and only to the extent necessary for legitimate business purposes, personal data is collected or obtained in a variety of ways, including but not limited to:
- when you provide it to us (e.g. when you contact us by email, phone, in person, by registering on our website)
- in the ordinary course of conducting business with you (e.g. subscription from investors)
- from third parties authorized to provide personal data to us (e.g. a credit agency or third parties such as your legal representative)
- from the public domain, (e.g. company registry, press, internet, social media)
- from your website or email interaction when your device or browser may disclose certain information (e.g. browser type, dates and times of connecting, geolocation)
- we may create personal data by logging your interactions with us (e.g. in the contact database)
Aquamarine does not process sensitive personal data such as ethnicity, political or religious views, genetic, criminal or health records or biometric data (in some exceptional cases we might be legally required to collect passport or ID photocopies, see section 10).
2. What is the purpose and legal basis for processing Personal Data?
We only process personal data in accordance with the relevant data protection regulations.
2.1 Purposes for the processing of personal data include but are not limited to:
• Concluding a contract (e.g. subscription or redemption of invested funds)
• Communication of updates or changes to our products/services
• Legal obligations and rights
• Direct marketing and product information
• Analysis of access to websites/email to tailor content/improve usability
• Human resources
• Fiscal and Tax administration
• IT & Logistics
2.2 Legal basis for the processing of personal data fall into one of the below categories:
a. Performance of a contract: The processing of data is required to complete contracts with our customers or to carry out pre-contractual steps.
b. Based on legal obligations: As a financial service provider we are subject to various obligations, e.g. legal, regulatory or professional requirements (e.g. Collective Investment Schemes Act, Money Laundering Act, tax laws such as FATCA or CRS) as well as other financial supervisory decrees and requirements (e.g. from FINMA).
Personal data processing is necessary to comply with such obligations, which may include but are not limited to, the examination of creditworthiness, identity and age verification, fraud and money laundering prevention, the fulfillment of tax control and reporting obligations or other legal proceedings.
c. Legitimate interests: Where necessary, we may process your data based on legitimate business interests other than contracts or legal obligations. Examples based on a legitimate interest include but are not limited to:
• Client on-boarding
• Product and services provision and communication in this respect
• Marketing or prospecting
• Operation of our websites
• Research and development of products and services
• Ensuring IT security / operations
• Measures for business control, risk management, human resources or audit within Aquamarine
d. Consent: Insofar as you have given us consent to the processing of personal data for specific purposes, the processing of your personal data is based on this consent. A given consent may be revoked by you at any time. The revocation of consent does not affect the lawfulness of the data processed prior to the revocation.
3. Who receives my data?
Personal Data may be shared only based on relevant regulations. This includes but is not limited to Aquamarine affiliated companies, service providers/contractors, customer agents, government bodies, web providers.
Aquamarine affiliates may need your personal data in order to fulfill contractual, legal or tax obligations or to carry out other legitimate interests as described in point 2.2.c.
Aquamarine third-party service providers may be sent personal data to perform services on our behalf, again only insofar as justified and necessary. The involvement of service providers (especially so-called order processors or processors) is carried out in accordance with relevant regulations, both financial and data protection. Our third-party contractors (service providers) are companies offering financial services, investment fund administration, IT or cloud-based services, printing and postal/shipping services, telecommunications, consulting, sales and marketing.
Under these conditions, recipients of personal data may be, for example:
- Public authorities (e.g. law enforcement authorities, supervisory authorities such as, in particular, the Swiss Financial Market Supervisory Authority FINMA, debt collection and bankruptcy offices, inheritance authorities) if there is a legal or other juridical basis or obligation.
- Credit and financial services institutions or similar entities to which we provide personal information to conduct the business relationship with you (such as correspondent banks, custodians, brokers, exchanges, etc.).
- Aquamarine auditors, consultants, legal and professional advisers
- Customer agents or representatives (e.g. your lawyer or bank or other persons authorized by you to act on your behalf)
- Post office or mailing companies (e.g. to send annual reports)
Cookies, Google Analytics and Social Media Plug-Ins
- Our websites use so called tracking-technologies like “cookies“. These are text files that are saved on your computer and allow us to analyse the usage of the website. Cookies serve in particular to improve our website and simplify your user experience. You may prevent the installation of cookies by activating a respective option on your browser. In such case, you might not be able to fully use all functions of the website. Further information on Cookies and their way of function can be found under: http://www.allaboutcookies.org.
- Our website takes also advantage of Google Inc.‘s (“Google“) web analysis service Google Analytics. Google Analytics uses also cookies. The information about the use of our website (including your IP address) provided by cookies will be transmitted to and saved on a server of Google in the U.S.A. Google will use this information to analyse your use of our website, to generate reports about the website and to provide further services in connection with the use of the website and the internet. Google may transmit such information potentially to third parties, provided this is a legal requirement or if third parties process the data on behalf of Google. Google will not link your IP address with other data of Google. The following link informs you about the use of your data by Google: https://www.google.ch/policies/privacy/partners.
- We will not use the information and personal data compiled by Google for the identification of a person, unless we have specific indications of an illegal use.
Social Media Plug-ins
4. Is data transmitted to a third country (cross-border)?
A transfer of data to locations in countries outside your country of domicile, so-called third countries, takes place, insofar as:
- it is required to execute your orders (e.g. subscriptions or redemptions)
- it is required by law (e.g. tax reporting obligations)
- it serves a legitimate business interest (e.g. Cloud-based CRM, data storage, email-tools, web hosting); or
- you have given us your consent
If service providers in the third country are used or where personal data is shared with third-country companies, they are obliged to comply with the appropriate data protection level, e.g. EU GDPR, Swiss DPA, USA Privacy Shield.
5. How long will my data be stored and how?
- As a matter of principle, we retain personal data for as long as we need the data to fulfil the legal or legitimate purposes. By the same token, we will delete or anonymise personal data (or equivalent) once they are no longer necessary to achieve the legitimate purposes, subject however (i) to any applicable legal or regulatory requirements to store personal data for a longer period, or (ii) to establish, exercise
and/or defend actual or potential legal claims, investigations or similar proceedings, including legal holds, which we may enforce to preserve relevant information.
Information security and retention
- We use commercially reasonable physical, electronic, and procedural safeguards to protect your Personal Data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction in accordance with applicable law. Please be aware that despite our best efforts, no data security measures can guarantee 100% security all of the time. If you have online account access, we recommend that you take steps to protect against unauthorised access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your user name and password private.
6. Which data protection rights do I have?
Subject to applicable local data protection legislation, you have the:
1. right to access personal data
2. right to rectify personal data
3. right to erase personal data
4. right to restrict the processing of personal data
5. right to transfer personal data (portability)
6. right to object to the processing of personal data (see section 11 for further details)
7. right to a copy of safeguards used for cross-border transfers of your data
In addition, insofar as applicable to you, there is a right of complaint to a competent data protection supervisory authority. You may revoke your consent at any time, if consent was the basis of our processing your personal data. Please note that the revocation only is effective for the future. Data processing that took place before the revocation is not affected.
7. Is there an obligation for me to provide data?
As part of our business relationship, you must provide the personal data necessary to enter into a business relationship and perform the related contractual obligations that we are required to collect by law. Without this data we will generally be unable to conclude the contract with you or to provide the services you require or to provide products or related information.
8. To what extent does Aquamarine use automated decision-making process?
In principle, we do not use fully automated decision-making to establish and implement business relationships. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.
9. Does Aquamarine undertake profiling?
Aquamarine does not use profiling to establish and implement business relationships or for the processing of personal data. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.
10. We may collect biometric data about you
Biometric data is generally regarded as particularly sensitive personal data. Therefore, to the extent required under applicable law, your explicit consent will be obtained separately in order to use any biometric data (e.g. passport for purpose of fulfilling a contract).
11. Information on the right to object
11.1 Case-specific right to object
You have the right to object at any time for reasons arising out of your particular situation to the processing of personal data relating to you on the basis of Aquamarine’s legitimate interest; this also applies to a profiling based on these reasons. If you object, we will no longer process your personal data, unless we can prove compelling legitimate grounds for processing that outweigh your personal interests, rights and freedom, or the processing is for the purposes of asserting, exercising or defending legal claims.
11.2 Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should be directed to Aquamarine’s data protection contact listed below.
12. Who is responsible for data processing and whom can I contact?
Aquamarine Zürich AG is a data Controller and is thus responsible and accountable for how it holds and uses personal data.
Data Privacy Contact: [email protected]
Aquamarine Zürich AG
Thank you for your attention.