Privacy notice

Last modified 11 November 2023

This privacy notice informs you how we collect, use, share, retain and dispose personal data received through the Avaloq.com family of websites (“website”), our branded social media pages (such as our LinkedIn, Facebook, Instagram, and Twitter pages) (“social media”), and our other websites or apps. In addition to this Website Privacy Notice, we may inform you about the processing of your data separately, for example in specific consent forms, terms and conditions, additional privacy notices, forms, and other notices.

Our website and social media are hereinafter jointly referred to as “online platform”.

We may occasionally update this Website Privacy Notice. We encourage you to periodically review this Website Privacy Notice to be informed of how we process your information.

1. WHO WE ARE

We are the Avaloq Group Ltd. (“we”, or “us”), a Swiss company registered at Allmendstrasse 140, 8041 Zurich, Switzerland, and a subsidiary of NEC Corporation (“NEC”). We are the data controller responsible for the processing of personal data through our online platform.

2. HOW WE OBTAIN PERSONAL DATA

We may collect and receive personal data through our online platform. Personal data means any information relating to an identified or identifiable natural person.

We collect personal data that you choose to voluntarily provide to us for your use of our online platform.

3. WHAT TYPES OF PERSONAL DATA WE MAY OBTAIN

We may collect and receive the following personal data from you:

  • Name and contact details (such as name, address, email, username, phone numbers);
  • Account details (such as username and password);
  • Personal data included in your traffic data (e.g., IP address, preferences, behavioural data on our website);
  • Personal data included in your comments;
  • Personal data of individuals included in your uploaded content (such as name and email address).

We may collect other types of personal data if required under applicable law or if necessary, for the purposes listed below.

4. WHAT ARE THE PURPOSES AND LEGAL BASES FOR PROCESSING

We may collect and process your personal data for the purposes and on the legal bases identified in the following:

Providing our online platform and delivering the services you have requested:
We may process your personal data to perform our contract with you for the use of our online platform and to fulfil our obligations under the applicable terms and conditions; if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and administer our online platform and to provide you with content you access and request.

Managing account registrations:
If you have registered for an account with us, we process your personal data by managing your user account for the purpose of performing our contract with you according to the applicable terms and conditions.

Handling contact and user support requests:
If you fill out a contact form or request user support, or if you contact us by other means including via a phone call, we may process your personal data to perform our contract with you and to the extent, it is necessary for our legitimate interest in fulfilling your requests and communicating with you.

Developing and improving our online platform:
We may process your personal data to analyse trends and to track your usage of and interactions with our online platform to the extent it is necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your valid consent.

Identifying customer opportunities:
We may process your personal data to assess new potential customer opportunities to the extent you have provided your prior consent.

  • We use HubSpot to gather your contact information and may share it with our Customer Relationship Management (“CRM”) database using Tibco integration. The CRM we use is provided by Microsoft Ireland Operations Limited (“Microsoft”) to manage and track our marketing and sales efforts. The personal data processed for these purposes may include relevant business information, such as contact data, website activity of registered users of our website, and other business information included by our employees based on their personal interactions with you. The CRM information will be transmitted and stored by Microsoft on servers in the European Union.
  • HubSpot, Inc. (“HubSpot”)- Microsoft Exchange integration transfers your personal data to Microsoft and enables us to send you our marketing communications over Microsoft Exchange servers. The information generated with the HubSpot-Exchange integration will be transmitted and stored by Microsoft on servers in the European Union.
  • If you have previously consented to a HubSpot Performance Cookie (see Section 8 “USE OF COOKIES AND SIMILAR TECHNOLOGIES”), the information that you may provide at a later point in time via our contact form may be matched with the data gathered by the cookie regarding your behaviour on our website.
  • Lead Forensics is a web analytics tool which helps us to analyse our website usage. The Lead Forensics tool uses a tracking code for identifying businesses visiting our website based on their business IP addresses available in the public domain. The Lead Forensics tool cannot be used to identify an individual visitor who has visited our website. The Lead Forensics tool does not provide us with the IP addresses. It provides us with information on what companies have visited our website, the date and duration of their visit, and the web pages that they visit. The information generated will be transmitted and stored by Lead Forensics on servers in the United Kingdom. This information allows us to analyse the use of our website and eventually contact those companies about their experience or for sales purposes.

Displaying personalized content and ads:
We may process your personal data to conduct marketing research, advertise to you, provide personalized information about us on and off our online platform and to provide other personalized content based upon your activities and interests to the extent you have provided your prior consent.

Managing our relationship with you:
We may process your personal data to send you marketing information, product recommendations and other non-transactional communications about us and our partners, including information about our products, promotions, or events to the extent you have provided your prior consent.

Managing your event registrations and attendance:
We may process your personal data to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, to perform our contract with you.

Reviewing compliance with the applicable terms and conditions; ensuring the security of our business, preventing or detecting fraud or abuses of our online platform:
We may process your personal data by tracking the use of our online platform, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and conditions to the extent it is necessary for our legitimate interest in promoting the safety and security of the online platform and in protecting our rights and the rights of others.

Complying with legal obligations:

We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our online platform, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

5. HOW WE MAY STORE AND SHARE PERSONAL DATA

We may store the personal data we collect and receive, and share it on a need-to-know basis with the following parties:

  1. Other affiliates of the Avaloq group (see here list of Avaloq group companies and locations), NEC (see here list of NEC group companies and locations) or their agents;
  2. Third-party providers that perform services for us (refer to Annex 1 “List of Subprocessors”);
  3. Our partners, only applicable if you request specific information on certain services where a respective partner is involved;
  4. Event sponsors (only if you attend an event or webinar organized by us. Refer to section 4 “Managing your event registrations and attendance”);
  5. Other users of the online platform if you choose to share your messages;
  6. Competent public authorities or other third parties (if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others).

We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need-to-know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.

We do not sell, rent, or trade your personal data.

6. HOW WE MAY TRANSFER DATA OUTSIDE THE EEA

We may transfer the personal data we collected to third parties in countries outside of Switzerland and the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. Personal data may be transferred to Singapore, the Philippines, India, Japan, Hong Kong, and the United States among others.

When we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of Switzerland or the EEA.

7. LINKS

Our online platform may contain links to other sites. We are not responsible for the content or privacy practices of such other sites. Pay attention when you leave our website and read the privacy notices of any other site that collects personal data. Your data protection and privacy rights under these third-party platforms will be governed by their respective privacy practices.

8. HOW WE MAY USE COOKIES AND SIMILAR TECHNOLOGIES

We collect certain personal data by using cookies and similar technologies when you visit the website.

Cookies are bits of text that are placed on your computer’s hard drive, browser, or mobile device when you visit the website. Cookies hold information that may be accessible by the party that places the cookie, which is either the website itself (first-party cookie) or a third party (see section 8.2 THIRD-PARTY COOKIES).

We use both session-based and persistent cookies on our website. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off.

To change your cookie settings and preferences for our website, click the “Cookie Settings” link below. You can also control the use of cookies on your device but choosing to disable cookies on your device may limit your ability to use some features on our website.

Cookie Settings

8.1 WHAT IS THE PURPOSE OF SETTING THE COOKIES AND SIMILAR TECHNOLOGIES

We categorize our website cookies and similar technologies as follows:

  1. Strictly Necessary Cookies (Category 1)
    These cookies are absolutely necessary for you to browse the website and use its features, such as accessing secure areas of the website.
  2. Performance Cookies (Category 2)
    These cookies gather website statistical data to analyse how our users use the website, such as which pages are visited, how long pages were visited, and the paths taken by visitors to our website as they move from page to page.
  3. Functional Cookies (Category 3)
    These cookies facilitate the operation and improve the functions of the website. For example, we store your language settings in functional cookies.
  4. Targeting Cookies (Category 4)
    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

8.2 THIRD-PARTY COOKIES

We may use third-party technology to track and analyse usage information to provide enhanced interactions and more relevant communications and to track the performance of our advertisements and digital channels.

Third-party Performance Cookies (Category 2):

We may use Google Analytics, Google Looker Studio and Google Optimize by Google, Lead Forensics Limited (“Lead Forensics”) and HubSpot to the extent you have provided your prior consent:

  • Google Analytics is a web analytics service which uses cookies to help analyse website usage. The information generated by the cookie about your use of our website (such as your IP address, geolocation, the URL visited, the date and time the page was viewed) will be transmitted and stored by Google on servers in the United States or any other country in which Google maintains facilities. For European Union based users Google will not log or store IP addresses, however Google will retrieve certain metadata from your IP address (e.g., continent, country, etc.) and discard the IP address immediately. Google will use this information to monitor your use of our website and to compile reports on website activity for us. We have entered into a data protection agreement with Google that also includes Controller to Processor EU Standard Contractual Clauses safeguarding the cross-border transfer of personal data.
  • Google Looker Studio is a tool that we use for our legitimate interest to visualise web data that was collected by Google Analytics and to optimize the web experience. If you block Performance Cookies in your cookie settings, then the data flow from Google Analytics to Google Looker Studio will be blocked as well. We have entered into a data protection agreement with Google that also includes Controller to Processor EU Standard Contractual Clauses safeguarding the cross-border transfer of personal data.
  • Google Optimize is used to keep track of your anonymized involvement in website experiments. an experiment could be something like an A/B split test. This is where half of the people who visit our site see one webpage and the other half see an alternative version so that we can test which version works best. For this purpose, we collect data that we analyse. Google Optimize utilizes performance cookies to target content variants to a user and a content experiment cookie to determine a user's participation in an experiment.
  • Lead Forensics is a web analytics tool which helps us to analyse our website usage. The Lead Forensics tool uses a tracking code for identifying businesses visiting our website based on their business IP addresses available in the public domain. The Lead Forensics tool cannot be used to identify an individual visitor who has visited our website. The Lead Forensics tool does not provide us with the IP addresses. It provides us with information on what companies have visited our website, the date and duration of their visit, and the web pages that they visit. The information generated will be transmitted and stored by Lead Forensics on servers in the United Kingdom. This information allows us to analyse the use of our website and eventually contact those companies about their experience or for sales purposes.
  • HubSpot is a marketing & sales platform with a web analytics service which uses cookies to track visitors to our website. The information generated by the cookies about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by HubSpot on servers in the Republic of Ireland. We use all information collected exclusively for optimizing our marketing measures and, further, if you provided your consent for it, provide you with requested information. If you have previously consented to a HubSpot Performance Cookie, the information that you may provide at a later point in time via our contact form may be matched with the data gathered by the cookie regarding your behaviour on our website.

Third-party Functional Cookies (Category 3):

  • We may use a third-party provider to display videos on our website (Vimeo). Our videos are hosted on the third parties' servers. The third-party may however implement its cookies on our website and collect and process information about you (including in the USA). You may refer to the third parties’ privacy notice for further information about how Vimeo processes your personal data. You can also manage your cookie preferences in the cookie manager center on our website. For further protection of your privacy, we have activated the “Do Not Track” option on Vimeo and entered into Standard Contractual Clauses (“Controller to Controller” variant thereof) with Vimeo.

Third-party Targeting Cookies (Category 4):

  • We may use the Google Marketing Cloud and Services such as “Google Ads” as follows:  If you consented to do so, Google Ads installs a cookie on your computer (“conversion cookie”) insofar as you came to our website via a Google ad. When you visit certain sites and the cookie is still valid, Google and we can identify that you clicked the ad and were taken to this site. Each Google Ads customer is given a different cookie. It is thus possible for cookies to track the user across the websites of Ads customers. The information gathered with the help of the conversion cookie is used to compile conversion statistics for Ads customers who have decided to use the conversion tracking service. In order to further protect your data, we signed data protection terms with Google Ireland Ltd. The information gathered by the cookie about your use of our website is usually transmitted by Google to a Google server in the USA, where it is stored. It is used to assign interest-relevant categories to your browser. These categories are used to display interest-relevant advertising.

The Google remarketing feature allows us to address users who have already visited our website. We can thus present our advertising to target groups who are already interested in our products or services.

  • We use forms provided by our subcontractor HubSpot which may use Google reCAPTCHA by Google, Inc (“Google”) to the extent you have provided your prior consent (by activating Targeting Cookies in the OneTrust cookie manager). You may withdraw your consent anytime in the cookie settings.
  • We use Google reCAPTCHA to protect the input fields used on our website contact form against improper use (spam, bots, etc.). By analysing your user behaviour on this website, it can be determined whether the user is a natural person or a bot. Some information about you like your IP address will be collected and transmitted by Google in the United States. For more information on how Google processes your data please refer to Google’s privacy terms linked in the reCAPTCHA box.
  • Google reCAPTCHA may use Google Fonts in order to track your user behaviour in statistical form as well as for their own advertising purposes. For further information on how Google may process your data, you may consult their privacy policy. You may also withdraw your consent anytime in the cookie settings.

We may use social media such as Facebook and LinkedIn advertising for re-targeting purposes. For this purpose, a pixel is set on our website and if you give your prior consent, it will generate a cookie on your web browser when you visit our webpage.

9. HOW WE PROTECT PERSONAL DATA

We maintain appropriate organizational, physical, and technical security measures designed to protect your personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use. In order to protect your data, we have – among others – implemented physical access control measures suitable for preventing unauthorized persons from gaining access to data processing systems with which personal data are processed or used. We implemented technical and organisational measures designed to prevent data processing systems from being used by unauthorized persons and measures to ensure that those authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, modified, or removed without authorization during processing, use and after storage. When feasible we pseudonymize personal data, which means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organisational measures. To secure transfer control we took different measures to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons during electronic transmission or while being transported or stored on data media, and that it is possible to verify and establish to which entities personal data are intended to be transmitted by data transmission equipment, e. g. use of VPN, logging of accesses and retrievals and provision of encrypted connections. Additionally, we ensure that personal data is protected against accidental destruction or loss (e. g. fire protection, data backups, secure storage of data media, virus protection, raid systems, disk mirroring, etc.) and that our systems are capable of rapidly restoring the availability of and access to personal data in the event of a physical or technical incident. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored are absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.

10. HOW LONG WE RETAIN PERSONAL DATA

We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law, rules, and regulations. Typically, we will retain most of the personal data for the duration of your use of the online platform, or until you have removed your account unless a longer applicable statutory retention period applies. Records retention details are established in Avaloq’s internal policies.

After expiry of the applicable retention periods, all personal data will be destroyed, anonymized, or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date, and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

11. WHAT ARE YOUR RIGHTS

You have the following rights in relation to your personal data:

  • The right to obtain, at reasonable intervals and free of charge, information on whether your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
  • The right to have your personal data rectified, blocked, or deleted if your personal data are incorrect, incomplete, inaccurate, irrelevant, outdated or processed unlawfully;
  • The right to withdraw your consent at any time;
  • The right to transfer your personal data to another controller, to the extent possible;
  • The right to object on legitimate grounds to the processing of your personal data.
  • The right to data portability;
  • The right to file a complaint and
  • The right to damages or indemnification.

To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. We will respond to your request within the applicable statutory term.

12. HOW TO CONTACT US

If you have any comments or inquiries about the information in this privacy notice, if you would like us to update your personal data, or if you want to exercise your rights, please contact our Data Protection Officer by email at dataprotection@avaloq.com.

13. CHILDREN

Avaloq understands the importance of protecting children’s privacy, especially in an online environment. Our website is not intentionally designed for or directed at children 16 years of age or younger. It is Avaloq’s practice never knowingly to collect or maintain information about anyone under the age of 16.

Annex 1: List of Subprocessors

Service Provider

Legal Basis

Processing

Country

Google Ireland Ltd.Consent

Tools provided by Google are used to support our marketing activities. For example, Google Analytics used to gather behavioural analytics on how users use our website to help improve and guide product development. We may use further tools provided by Google and as described in the present Privacy Notice such as Google Looker Studio, Google Marketing Services, Google ReCAPTCHA etc. Whenever possible we enter contracts with Google entities based in EU/EEA.

Ireland

Google LLC

Consent

Tools provided by Google are used to support our marketing activities. For example, Google Analytics used to gather behavioural analytics on how users use our website to help improve and guide product development. We may use further tools provided by Google and as described in the present Privacy Notice such as Google Looker Studio, Google Marketing Services, Google ReCAPTCHA etc. Whenever possible we enter contracts with Google entities based in EU/EEA.

United States

HetznerLegitimate Interest

Hetzner is used to host our website and has no access to personal data besides the access logs to the webserver which may contain your IP address and information about your browser. These access logs are deleted within 14 days.

Germany

HubSpot, Inc.

Consent

HubSpot is used for marketing automation, email communications, content hosting, platform analytics and data storage.

Republic of Ireland

Lead Forensics LimitedConsent

Lead Forensics is used to analyse our website usage. Under no circumstances will the data be used to personally identify an individual visitor. If IP addresses are collected, they will be anonymized immediately after collection.

United Kingdom

Microsoft Ireland Operations Limited

 Consent

·         Microsoft Dynamics 365 CRM database is used to carry out marketing campaigns, for analysis purposes and for target group-specific contact with customers and potential customers.

·         Microsoft Exchange integration is used to transfer your HubSpot data to Microsoft and enables us to send you our marketing communications over Microsoft Exchange servers.

European Union

TibcoConsent

Tibco is used to transfer data from HubSpot to Microsoft CRM using an integration.

Ireland

Vimeo

Consent

Vimeo is used for displaying videos on our website

United States