The controller within the meaning of the Swiss Data Protection Act (“FADP”), EU General Data Protection Regulation (“GDPR”) (if applicable) and other national data protection laws and regulations that determine the purposes and means of processing personal data is:
FE Swiss Financial AG
Gubelstrasse 11
6300 Zug
Switzerland
The data protection coordinator of the controller can be contacted at:
Telephone number: 041 562 04 00
E-mail address: privacy@xerof.com
We only process personal data if this is necessary to provide a functional website as well as our contents and services. The processing of our users' personal data is normally only carried out with your prior consent, except those cases where prior consent cannot be obtained for factual reasons and the processing of personal data is permitted by law.
If the data subject has given his/her consent to the processing of personal data, art. 6 (1) (a) GDPR serves as the legal basis for the processing.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, art. 6 (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is necessary for compliance with legal obligation to which our company is subject, art. 6 (1) (c) GDPR serves as the legal basis for the processing.
If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, article 6 (1) (d) GDPR serves as the legal basis for the processing.
If the processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject which require protection of personal data, art. 6 (1) (f) GDPR serves as the legal basis for the processing.
The personal data of the data subject will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, personal data may be stored if this has been required by regulations, laws or other provisions to which our company is subject. The personal data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
Every time you visit our website, our system automatically collects the following data and information from the computer system of the calling computer:
• Information relating to the browser type and version used
• The user's operating system
• The user’s Internet service provider
• The user’s IP address
• Date and time of access
• Websites from which the user's system reaches our website
• Websites accessed by the user's system via our website
The data is also stored in the log files of our system but is not stored together with other personal data of the user. Not affected by this are the IP addresses of the user or other data that enable the assignment of the data to a user.
The legal basis for the temporary storage of personal data and log files is art. 6 (1) (f) GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address must remain stored for the duration of the session.
The personal data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
These purposes also represent our legitimate interest in data processing within the meaning of art. 6 (1) (f) GDPR (if required).
The personal data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, the data will be deleted when the respective session has ended.
If the personal data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated so that the calling client can no longer be assigned.
The collection of personal data for the provision of our website and the storage of personal data in log files is necessary for the operation of the website. Consequently, there is no possibility of objection.
Our website uses cookies. For further information see our Cookie Policy https://xerof.com/cookie.
When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented.
When accessing our website, the user is informed about the use of cookies for analytical purposes and his or her consent to the processing of the personal data used in this context is obtained.
The legal basis for the processing of personal data using technically necessary cookies is art. 6 (1) (f) GDPR.
The legal basis for the processing of personal data using other cookies is art. 6 (1) (a) GDPR.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions concerned it is necessary that the browser is recognized even after a page change. These purposes represent also our legitimate interest to process personal data within the meaning of art. 6 (1) (f) GDPR (if required). For more detailed information see our Cookie Policy https://xerof.com/cookie.
The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer. For more detailed information see our Cookie Policy https://xerof.com/cookie.
When you subscribe to our newsletter, we collect personal data via its newsletter service provider MailChimp. This data may include:
• IP address of the calling computer
• Date and time of registration
• Name (first name and surname)
This data is collected and processed for the purpose of subscribing you to and sending you our newsletter with updates as well as ensuring the security and reliability of the newsletter service.
The legal basis for this processing is your consent (art. 6 (1) (a) GDPR) as provided in the double opt-in confirmation part of our newsletter sign-up process. This data will be stored as long as we have your consent to send you a newsletter. If you wish to unsubscribe from our newsletter, you can do so by clicking on the link at the end of each newsletter or by sending us an email. You can read more about MailChimp’s data access as well as their legitimate interests in and purposes for collecting this data here.
If you have subscribed to our newsletter, each time you receive and open a newsletter, a third-party service provider MailChimp collects data, including:
• Email address
• Date and time you opened the email
• Location, as indicated by your IP address
This data is collected and processed by us for the purpose of ensuring the security and reliability of the newsletter service as well as our legitimate interest in the effectiveness of and general user interest in our newsletter. Because our newsletter service is hosted by MailChimp, you can view more information about the data they collect and their legitimate interests in and purposes for collecting this data here.
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw the consent to the storage of personal data collected during the registration process.
On our website, we offer users the opportunity to register and open a user account by providing personal data. The data entered in the input mask is transmitted to us and stored by us. The data will not be transmitted to third parties. The following personal data is collected during the registration process:
• Title
• Name (first name and surname)
• Company name
• Language
• Address (street, zip code, city, state, country)
• Nationality
• Date of birth
• Phone number
• Email address
• Nationality
• Personal background information regarding professional activity
• Copies of passport, identity card or utility bill
• Contact details from recipient
• Photo of international passport
• Photo of you and your document of identification
• Proof of residency
• Expected trading volume
• Annual income
• Type of assets
• Origin of funds
• Virtual asset address
• Additional information which may be required by AML regulation
• User's consent to this Privacy Policy
At the time of registration, the following data is stored:
• The IP address of the user
• Date and time of registration
The data collected during registration serves to perform a contract to which the user is party or to implement pre-contractual measures and to comply with a legal obligation to which we are subject. The legal basis for the processing of the data is therefore art. 6 (1) (b) GDPR and art. 6 (1) (c) GDPR.
The registration of the user is necessary for the performance of a contract with the user or for the implementation of pre-contractual measures and to comply with AML regulations.
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
Consequently, the personal data collected during the registration process to perform a contract or to carry out pre-contractual measures are erased as soon as it is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.
As a user you have the possibility to cancel the registration and to change the data stored about you at any time.
If the personal data is necessary to perform a contract or to carry out pre-contractual measures, an early erasure of the data is only possible if neither contractual nor legal obligations prevent a deletion.
There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:
• Email address
• Company name
• First name
• Last name
• Phone number
• Address
• Message
At the time the message is sent, the following data is stored in addition:
• IP address of the user
• Date and time of registration
Your consent is obtained for the processing of the personal data within the scope of the sending process and reference is made to this Privacy Policy. Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted by email will be stored.
In this context, the personal data will not be transmitted to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data is art. 6 (1) (a) GDPR if the user has given his consent.
The legal basis for the processing of personal data transmitted in the course of sending an email is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.
The processing of personal data from the contact form serves us only for the treatment of the establishment of contact. The personal data collected in the course of sending an email represent also our legitimate interest in processing of personal data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
To offer a good user experience and to safeguard our ability to comply with our contractual obligations, we need to have access to all user communication.
To offer a good user experience and to safeguard our ability to comply with our contractual obligations, we need to have access to all user communication. Consequently, the personal data from the contact form or the personal data that is sent by email will be erased not earlier than after 10 years.
Consequently, the personal data from the contact form or the personal data that is sent by email will be erased not earlier than after 10 years.
You have the possibility to withdraw your consent to the processing of personal data concerning you at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In this case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
On our website we use Google Analytics, a web analysis service of Google Inc. ("Google"),. Google Analytics uses cookies, which are saved on the user's computer and which enable an analysis of the use of the website (for cookies see above). If individual pages of our website are accessed, the following data is stored:
• IP address of the user's calling system
• Anonymized IP address and location (city and country)
• Accessed website
• Website from which the user has accessed the accessed website (referrer)
• Sub-pages accessed from the accessed website
• Browser information
• Time spent on the website
• Frequency with which the website is accessed
• Language settings
• User ID
• Aggregated data (if ads personalization is enabled)
To ensure that any personal reference can be excluded when processing your IP address, we have activated the "_anonymizeIp()" function at Google. As a result, IP addresses are not stored completely and are only processed further in abbreviated form. As far as the data collected about you contains a personal reference, this will be excluded immediately, and the personal data will be deleted immediately.
The information generated by Google’s cookies about your use of this website is usually transferred to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. Google will shorten the user's IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser within the scope of Google Analytics is not merged with other Google data.
We have concluded a data processing agreement with Google and fully implement the strict requirements of the FDPA and the GDPR (if applicable) for the use of Google Analytics.
The legal basis for processing users' personal data is art. 6 (1) (f) GDPR.
The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the personal data within the meaning of art. 6 (1) (f) GDPR (if required). By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.
The data will be deleted as soon as it is no longer needed for our recording purposes.
Cookies are saved on the user's computer and transmitted to our site. Therefore, your Internet browsers should allow you to control the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all functions of the website in full.
Information of the third party Google:
Address:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
User conditions:
http://www.google.com/analytics/terms/de.html
Overview of data protection:
http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy policy:
http://www.google.de/intl/de/policies/privacy
We use a variety of technologies, tracking tools, web controlling technologies and analytical tools to help us design and continually improve our website, products and services. Cookies may also be used for this purpose, but only to collect and store data in a pseudonymous form. The data is not used to personally identify the user of the website and is not combined with data about the bearer of the pseudonym.
• HubSpot
On our website, we use functions of the CRM platform HubSpot, which is offered by HubSpot Inc., based in the USA. We have concluded an order data processing contract with HubSpot Inc. and fully implement the requirements of the FADP and the GDPR (if applicable) when using HupSpot. You can find more information on the handling of personal data in the HubSpot privacy policy: https://legal.hubspot.com/privacy-policy?hubs_content=www.hubspot.com/company/contact&hubs_content-cta=Privacy%20Policy.
• Google Services
In the course of our business activities, we use functions from Google (e.g. Gmail, Google Calendar, Google Chat, Google Meet, Google Drive), which is offered by Google Ireland, based in the Ireland (s. information above). We have concluded an order data processing contract with Google Ireland and fully implement the requirements of the FADP and the GDPR (if applicable) when using the services mentioned above from Google. You can find more information on the handling of personal data in the Google privacy policy: https://policies.google.com/privacy?hl=en-US.
• Telegram
In the course of our business activities, we use functions of the massaging platform Telegram, which is offered by Telegram FZ-LLC, based in Dubai. We have concluded an order data processing contract with Telegram FZ-LLC and fully implement the requirements of the FADP and the GDPR (if applicable) when using Telegram. You can find more information on the handling of personal data in the Telegram privacy policy: https://telegram.org/privacy.
• Cookiebot
On our website, we use functions of the cookie management platform Cookiebot, which is offered by Usercentrics A/S, based in Denmark. We have concluded an order data processing contract with Usercentrics A/S and fully implement the requirements of the FADP and the GDPR (if applicable) when using Cookiebot. You can find more information on the handling of personal data in the Cookiebot privacy policy: https://www.cookiebot.com/en/privacy-policy/.
• Zapier
In the course of our business activities, we use functions of the workflow automation platform Zapier, which is offered by Zapier Inc., based in the USA. We have concluded an order data processing contract with Zapier Inc. and fully implement the requirements of the FADP and the GDPR (if applicable) when using Zapier. You can find more information on the handling of personal data in the Zapier privacy policy: https://zapier.com/privacy.
In the course of our business activities, we use functions of the massaging platform WhatsApp, which is offered by WhatsApp Ireland Limited, based in Ireland. We have concluded an order data processing contract with WhatsApp Ireland Limited and fully implement the requirements of the FADP and the GDPR (if applicable) when using WhatsApp. You can find more information on the handling of personal data in the WhatsApp privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea.
• Tresorit
Cloud storage solution with end-to-end encryption for storing, syncing, and sharing confidential data.
In the course of our business activities, we use functions of the content collaboration platform Tresorit, which is offered by Tresorit AG, based in Switzerland. We have concluded an order data processing contract with Tresorit AG and fully implement the requirements of the FADP and the GDPR (if applicable) when using Tresorit. You can find more information on the handling of personal data in the Tresorit privacy policy: https://tresorit.com/legal/privacy-policy.
• Zoom
In the course of our business activities, we use functions of the communication and collaboration platform Zoom, which is offered by Zoom Video Communications Inc., based in the USA. We have concluded an order data processing contract with Zoom Video Communications Inc. and fully implement the requirements of the FADP and the GDPR (if applicable) when using Zoom. You can find more information on the handling of personal data in the Zoom privacy policy: https://explore.zoom.us/en/privacy/?_ga=2.190729195.1504448347.1697989656-1358470051.1697989656.
• Mailchimp
On our website, we use functions of the marketing management platform Mailchimp, which is offered by Intuit Inc., based in the USA. We have concluded an order data processing contract with Intuit Inc. and fully implement the requirements of the FADP and the GDPR (if applicable) when using Mailchimp. You can find more information on the handling of personal data in the Mailchimp privacy policy: https://www.intuit.com/privacy/statement/.
We do not use social media plug-ins on our website. If our website contains icons of social media providers (e.g. LinkedIn, Twitter, Telegram), we use these only for as passive links to the websites of the respective social media platforms.
In order to perform our contracts, fulfil our legal obligations, protect our legitimate interest and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:
• Group companies: For internal administrative and operational purposes.
• Offerings of third parties: To facilitate partnerships and joint ventures.
• Third-party wallets: To enable transactions and settlements within the crypto asset ecosystem.
• Service providers: To provide services on our behalf, such as customer support and technical infrastructure.
• Contractual partners including customers: To fulfil our contractual obligations and provide services.
• Legal authorities: To comply with the law and respond to lawful requests.
• Regulatory bodies: To comply with financial regulations and other legal obligations.
• Financial institutions: To facilitate financial transactions, settlements, and other financial activities.
• Auditors and consultants: For audit, compliance, and business optimisation purposes.
• Payment processors: To facilitate payments related to our services.
• Risk assessment agencies: For risk management, including credit risk and fraud prevention.
• Data analytics providers: To analyse usage patterns and improve our services.
• Security service providers: To ensure the security and integrity of our services and data.
• Marketing and advertising partners: To provide targeted offers and promotions, where permitted by law.
• Successors: In the event of a merger, acquisition, bankruptcy, or sale of some or all of our assets.
• Other third parties: As required or permitted by law, including to comply with national security or law enforcement requirements.
As we have explained above, we disclose data to other parties, not all of them located in Switzerland. Your data may be processed in the European Economic Area (EEA) and in exceptional circumstances also in countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Switzerland or the EEA and are not recognized as providing an adequate level of data protection. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses (adapted to Switzerland, if applicable).
We might analyse aspects of your individual’s personality, behaviour, interest and habits make predictions or decisions about them for the purposes laid out above, e.g. to perform statistical analysis or to prevent misuse and security risks. This analysis identifies correlations between different behaviours and characteristics to create profiles for individuals. For example, we may use profiling to determine in which products or services you might be interested. We may also use profiling to assess your creditworthiness. We do not use profiling that can produce legal effects concerning you or similarly significantly affect you without human review.
In certain circumstances, automated decision taking might be necessary for reasons of efficiency and consistency. In such cases, we will inform you accordingly and take the measures required by applicable law.
You have various rights in relation with the processing of your personal data, depending on the applicable data protection law (FDPA, GDPR, other national data protection laws or regulations). Please be aware that we reserve the right to enforce statutory restrictions as required, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
You can ask the controller to confirm whether personal data concerning you is being processed by us. You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
You have the right to obtain from the controller the rectification and/or completion of incorrect or incomplete personal data concerning you. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
You have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right, under certain conditions, to have the personal data transmitted directly from one controller to another.
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
Under applicable data protection law, you have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.
If you like to exercise the above-mentioned rights, please contact us at privacy@xerof.com or the contact details provided under Section I.1 unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, e.g. by means of a copy of your ID card or passport, unless identification is possible otherwise.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the FDPA or the GDPR (if applicable).
Due to continuous development of our website and the contents thereof, changes in law or regulatory requirements, we might need to change this privacy notice from time to time. Our current privacy notice can be found at our website.
FE Swiss Financial AG, last updated 30 October 2023.