Privacy notice

8.1 THE PURPOSE OF SETTING THE COOKIES AND SIMILAR TECHNOLOGIES

We categorize our website cookies and similar technologies as follows:

1. Strictly Necessary Cookies (Category 1)
   These cookies are absolutely necessary for you to browse the website and use its features, such as accessing secure areas of the website.
2. Performance Cookies (Category 2)
   These cookies gather website statistical data to analyze how our users use the website, such as which pages are visited, how long pages were visited, and the paths taken by visitors to our website as they move from page to page.
3. Functional Cookies (Category 3)
   These cookies facilitate the operation and improve the functions of the website. For example, we store your language settings in functional cookies.
4. Targeting Cookies (Category 4)
   These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

8.2 THIRD-PARTY COOKIES

We may use third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications and to track the performance of our advertisements.

Third-party Performance Cookies (Category 2):

We may use Google Analytics and Google Optimize by Google, Inc (“Google”), Lead Forensics Limited (“Lead Forensics”) and HubSpot to the extent you have provided your prior consent:

• Google Analytics is a web analytics service which uses cookies to help analyze website usage. The information generated by the cookie about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Google on servers in the United States or any other country in which Google maintains facilities. Your IP address will be masked by setting the last octet of your IP address to zero before it is stored by Google. Google will use this information to monitor your use of our website and to compile reports on website activity for us.
• Google Optimize is used to keep track of your anonymized involvement in website experiments. an experiment could be something like an A/B split test. This is where half of the people who visit our site see one webpage and the other half see an alternative version so that we can test which version works best. For this purpose we collect data that we analyze. Google Optimize utilizes performance cookies to target content variants to a user and a content experiment cookie to determine a user's participation in an experiment.
• Lead Forensics is a web analytics tool which helps us to analyze our website usage. The Lead Forensics tool uses a tracking code for identifying businesses visiting our website based on their business IP addresses available in the public domain. The Lead Forensics tool cannot be used to identify an individual visitor who has visited our website. The Lead Forensics tool does not provide us with the IP addresses. It provides us with information on what companies have visited our website, the date and duration of their visit, and the web pages that they visit. The information generated will be transmitted and stored by Lead Forensics on servers in the United Kingdom. This information allows us to analyze the use of our website and eventually contact those companies about their experience or for sales purposes.
• HubSpot is a web analytics service which uses cookies to track visitors to our website. The information generated by the cookies about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by HubSpot on servers in the Republic of Ireland. We use all information collected exclusively for optimizing our marketing measures.

Third-party Functional Cookies (Category 3):

We may use Neos by Neos Foundation e.V. (“Neos”) to store a limited number of user preferences, such as language to the extent you have provided your prior consent:

• Neos is an enterprise technology we host our website on. The information generated by the cookie about your use of our website (such as your IP address, the URL visited, the date and time the page was viewed) will be transmitted and stored by Neos on servers in Germany.

Third-party Targeting Cookies (Category 4):

We may use Google reCAPTCHA by Google, Inc (“Google”) to the extent you have provided your prior consent:

• We use Google reCAPTCHA to protect the input fields used on our website contact form against improper use (spam, bots, etc.). By analyzing your user behavior on this website, it can be determined whether the user is a natural person or a bot. Your IP address will be transmitted to Google in the United States.

9. HOW WE PROTECT PERSONAL DATA

We maintain appropriate organizational, physical and technical security measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. In order to protect your data we have – among others – implemented physical access control measures suitable for preventing unauthorized persons from gaining access to data processing systems with which personal data are processed or used. We implemented technical and organisational measures designed to prevent data processing systems from being used by unauthorized persons and measures to ensure that those authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, modified, or removed without authorization during processing, use and after storage. When feasible we pseudonymize personal data, which means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to appropriate technical and organisational measures. To secure transfer control we took different measures to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons during electronic transmission or while being transported or stored on data media, and that it is possible to verify and establish to which entities personal data are intended to be transmitted by data transmission equipment, e. g. use of VPN, logging of accesses and retrievals and provision of encrypted connections. Additionally, we ensure that personal data is protected against accidental destruction or loss (e. g. fire protection, data backups, secure storage of data media, virus protection, raid systems, disk mirroring, etc.) and that our systems are capable of rapidly restoring the availability of and access to personal data in the event of a physical or technical incident. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored are absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.

10. HOW LONG WE RETAIN PERSONAL DATA

We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law, rules and regulations. Typically, we will retain most of the personal data for the duration of your use of the online platform, or until you have removed your account unless a longer applicable statutory retention period applies. Records retention details are established in Avaloq’s Record Retention Policy and Schedules.

After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

11. YOUR RIGHTS

You have the following rights in relation to your personal data:

• The right to obtain, at reasonable intervals and free of charge, information on whether your personal data are being processed and to receive the personal data that is being processed in an intelligible form;
• The right to have your personal data rectified, blocked or deleted if your personal data are incorrect, incomplete, inaccurate, irrelevant, outdated or processed unlawfully;
• The right to withdraw your consent at any time;
• The right to transfer your personal data to another controller, to the extent possible;
• The right to object on legitimate grounds to the processing of your personal data.
• The right to data portability;
• The right to file a complaint and
• The right to damages or indemnification.

To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. We will respond to your request within the applicable statutory term.

12. HOW TO CONTACT US

If you have any comments or inquiries about the information in this privacy notice, if you would like us to update your personal data, or if you want to exercise your rights, please contact our Data Protection Officer by email at dataprotection@avaloq.com.

Annex 1: Subprocessors