Privacy notice

Last modified 12 May 2023

This privacy notice informs you how we collect, use, share, retain and dispose personal data received through the Avaloq.com family of websites (“website”) and our branded social media pages (such as our LinkedIn, Facebook, Instagram and Twitter pages) (“social media”). Our website and social media are hereinafter jointly referred to as “online platform”.

We may occasionally update this privacy notice. We encourage you to periodically review this privacy notice to be informed of how we process your information.

1. WHO WE ARE

We are the Avaloq Group Ltd. (“we”, or “us”), a Swiss company registered at Allmendstrasse 140, 8041 Zurich, Switzerland. We are the data controller responsible for the processing of personal data through our online platform.

2. HOW WE OBTAIN PERSONAL DATA

We may collect and receive personal data through our online platform. Personal data means any information relating to an identified or identifiable natural person.

We collect personal data that you choose to voluntarily provide to us for your use of our online platform.

3. THE TYPES OF PERSONAL DATA WE MAY OBTAIN

We may collect and receive the following personal data from you:

  • Name and contact details (such as name, address, email, username, phone numbers);
  • Account details (such as username and password);
  • Personal data included in your traffic data;
  • Personal data included in your comments;
  • Personal data of individuals included in your uploaded content (such as name and email address).

We may collect other types of personal data if required under applicable law or if necessary, for the purposes listed below.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

We may collect and process your personal data for the purposes and on the legal bases identified in the following:

Providing our online platform and delivering the services you have requested:
We may process your personal data to perform our contract with you for the use of our online platform and to fulfil our obligations under the applicable terms and conditions; if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and administer our online platform and to provide you with content you access and request.

Managing account registrations:
If you have registered for an account with us, we process your personal data by managing your user account for the purpose of performing our contract with you according to the applicable terms and conditions.

Handling contact and user support requests:
If you fill out a “contact-us” form or request user support, or if you contact us by other means including via a phone call, we may process your personal data to perform our contract with you and to the extent, it is necessary for our legitimate interest in fulfilling your requests and communicating with you.

Developing and improving our online platform:
We may process your personal data to analyze trends and to track your usage of and interactions with our online platform to the extent it is necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your valid consent.

Identifying customer opportunities:
We may process your personal data to assess new potential customer opportunities to the extent you have provided your prior consent.

  • We use Customer Relationship Management (“CRM”) database by Microsoft Ireland Operations Limited (“Microsoft”) to manage and track our marketing and sales efforts. The personal data processed for these purposes includes relevant business information, such as contact data, website activity of registered users of our website, and other business information included by our employees based on their personal interactions with you. The CRM information will be transmitted and stored by Microsoft on servers in the European Union.
  • HubSpot, Inc. (“HubSpot”)- Microsoft Exchange integration transfers your personal data to Microsoft and enables us to send you our marketing communications over Microsoft Exchange servers. The information generated with the HubSpot-Exchange integration will be transmitted and stored by Microsoft on servers in the European Union.

Displaying personalized content and ads:
We may process your personal data to conduct marketing research, advertise to you, provide personalized information about us on and off our online platform and to provide other personalized content based upon your activities and interests to the extent you have provided your prior consent.

Managing our relationship with you:
We may process your personal data to send you marketing information, product recommendations and other non-transactional communications about us and our partners, including information about our products, promotions or events to the extent you have provided your prior consent.

Managing your event registrations and attendance:
We may process your personal data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you.

Reviewing compliance with the applicable terms and conditions; ensuring the security of our business, preventing or detecting fraud or abuses of our online platform:
We may process your personal data by tracking the use of our online platform, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and conditions to the extent it is necessary for our legitimate interest in promoting the safety and security of the online platform and in protecting our rights and the rights of others.

Complying with legal obligations:
We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our online platform, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

5. HOW WE MAY SHARE PERSONAL DATA

We may share the personal data we collect and receive on a need-to-know basis with the following parties:

  1. Other affiliates of the Avaloq group or its agents;
  2. Third-party providers that perform services for us;
  3. Event sponsors (only if you attend an event or webinar organized by us. Refer to section 4 “Managing your event registrations and attendance”);
  4. Other users of the online platform if you choose to share your messages;
  5. Competent public authorities or other third parties (if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others).

We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.

We do not sell, rent or trade your personal data.

6. DATA TRANSFERS OUTSIDE THE EEA

We may transfer the personal data we collected to third parties in countries outside of Switzerland and the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. Personal data may be transferred to Singapore, the Philippines and the United States among others.

When we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of Switzerland or the EEA.

7. LINKS

Our online platform may contain links to other sites. We are not responsible for the content or privacy practices of such other sites. Pay attention when you leave our website and read the privacy notices of any other site that collects personal data. Your data protection and privacy rights under these third-party platforms will be governed by their respective privacy practices.

8. USE OF COOKIES AND SIMILAR TECHNOLOGIES

We collect certain personal data by using cookies and similar technologies when you visit the website.

Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit the website. Cookies hold information that may be accessible by the party that places the cookie, which is either the website itself (first-party cookie) or a third party (see section 8.2 THIRD-PARTY COOKIES).

We use both session-based and persistent cookies on our website. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off.

To change your cookie settings and preferences for our website, click the “Cookie settings” link below. You can also control the use of cookies on your device but choosing to disable cookies on your device may limit your ability to use some features on our website.

Cookie Settings

8.1 THE PURPOSE OF SETTING THE COOKIES AND SIMILAR TECHNOLOGIES

We categorize our website cookies and similar technologies as follows:

  1. Strictly Necessary Cookies (Category 1)
    These cookies are absolutely necessary for you to browse the website and use its features, such as accessing secure areas of the website.
  2. Performance Cookies (Category 2)
    These cookies gather website statistical data to analyze how our users use the website, such as which pages are visited, how long pages were visited, and the paths taken by visitors to our website as they move from page to page.
  3. Functional Cookies (Category 3)
    These cookies facilitate the operation and improve the functions of the website. For example, we store your language settings in functional cookies.
  4. Targeting Cookies (Category 4)
    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

8.2 THIRD-PARTY COOKIES

We may use third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications and to track the performance of our advertisements.

Third-party Performance Cookies (Category 2):

We may use Google Analytics and Google Optimize by Google, Inc (“Google”), Lead Forensics Limited (“Lead Forensics”) and HubSpot to the extent you have provided your prior consent:

  • Google Analytics is a web analytics service which uses cookies to help analyze website usage. The information generated by the cookie about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Google on servers in the United States or any other country in which Google maintains facilities. Your IP address will be masked by setting the last octet of your IP address to zero before it is stored by Google. Google will use this information to monitor your use of our website and to compile reports on website activity for us.
  • Google Optimize is used to keep track of your anonymized involvement in website experiments. an experiment could be something like an A/B split test. This is where half of the people who visit our site see one webpage and the other half see an alternative version so that we can test which version works best. For this purpose we collect data that we analyze. Google Optimize utilizes performance cookies to target content variants to a user and a content experiment cookie to determine a user's participation in an experiment.
  • Lead Forensics is a web analytics tool which helps us to analyze our website usage. The Lead Forensics tool uses a tracking code for identifying businesses visiting our website based on their business IP addresses available in the public domain. The Lead Forensics tool cannot be used to identify an individual visitor who has visited our website. The Lead Forensics tool does not provide us with the IP addresses. It provides us with information on what companies have visited our website, the date and duration of their visit, and the web pages that they visit. The information generated will be transmitted and stored by Lead Forensics on servers in the United Kingdom. This information allows us to analyze the use of our website and eventually contact those companies about their experience or for sales purposes.
  • HubSpot is a web analytics service which uses cookies to track visitors to our website. The information generated by the cookies about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by HubSpot on servers in the Republic of Ireland. We use all information collected exclusively for optimizing our marketing measures.

Third-party Functional Cookies (Category 3):

We may use Neos by Neos Foundation e.V. (“Neos”) to store a limited number of user preferences, such as language to the extent you have provided your prior consent:

  • Neos is an enterprise technology we host our website on. The information generated by the cookie about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Neos on servers in Germany.

Third-party Targeting Cookies (Category 4):

We may use Google reCAPTCHA by Google, Inc (“Google”) to the extent you have provided your prior consent:

  • We use Google reCAPTCHA to protect the input fields used on our website contact form against improper use (spam, bots, etc.). By analyzing your user behavior on this website, it can be determined whether the user is a natural person or a bot. Your IP address will be transmitted to Google in the United States.

9. HOW WE PROTECT PERSONAL DATA

We maintain appropriate organizational, physical and technical security measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to protect your data we have – among others – implemented physical access control measures suitable for preventing unauthorized persons from gaining access to data processing systems with which personal data are processed or used. We implemented technical and organisational measures designed to prevent data processing systems from being used by unauthorized persons and measures to ensure that those authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, modified, or removed without authorization during processing, use and after storage. When feasible we pseudonymize personal data, which means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organisational measures. To secure transfer control we took different measures to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons during electronic transmission or while being transported or stored on data media, and that it is possible to verify and establish to which entities personal data are intended to be transmitted by data transmission equipment, e. g. use of VPN, logging of accesses and retrievals and provision of encrypted connections. Additionally, we ensure that personal data is protected against accidental destruction or loss (e. g. fire protection, data backups, secure storage of data media, virus protection, raid systems, disk mirroring, etc.) and that our systems are capable of rapidly restoring the availability of and access to personal data in the event of a physical or technical incident. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored are absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.

10. HOW LONG WE RETAIN PERSONAL DATA

We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law, rules and regulations. Typically, we will retain most of the personal data for the duration of your use of the online platform, or until you have removed your account unless a longer applicable statutory retention period applies. Records retention details are established in Avaloq’s Record Retention Policy and Schedules.

After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

11. YOUR RIGHTS

You have the following rights in relation to your personal data:

  • The right to obtain, at reasonable intervals and free of charge, information on whether your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
  • The right to have your personal data rectified, blocked or deleted if your personal data are incorrect, incomplete, inaccurate, irrelevant, outdated or processed unlawfully;
  • The right to withdraw your consent at any time;
  • The right to transfer your personal data to another controller, to the extent possible;
  • The right to object on legitimate grounds to the processing of your personal data.
  • The right to data portability;
  • The right to file a complaint and
  • The right to damages or indemnification.

To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. We will respond to your request within the applicable statutory term.

12. HOW TO CONTACT US

If you have any comments or inquiries about the information in this privacy notice, if you would like us to update your personal data, or if you want to exercise your rights, please contact our Data Protection Officer by email at dataprotection@avaloq.com.

Annex 1: Subprocessors

Service Provider

Legal Basis

Processing

Country

Google LLCConsentGoogle Analytics is used to gather behavioural analytics on how users use our website to help improve and guide product development. We only use Google Analytics with IP anonymization activated.United States

HubSpot, Inc.

Consent

HubSpot is used for email communications and content hosting.

Republic of Ireland

Lead Forensics LimitedConsentLead Forensics is used to analyse our website usage. Under no circumstances will the data be used to personally identify an individual visitor. If IP addresses are collected, they will be anonymized immediately after collection.United Kingdom

Neos Foundations e.V.

Legitimate interest

Neos is used to host our website.

Germany

Microsoft Ireland Operations Limited ConsentMicrosoft Dynamics 365 CRM database is used to carry out marketing campaigns, for analysis purposes and for target group-specific contact with customers and potential customers.European Union

Microsoft Ireland Operations Limited

Consent

Microsoft Exchange integration is used to transfer your HubSpot data to Microsoft and enables us to send you our marketing communications over Microsoft Exchange servers.

European Union