Data Protection Declaration
For Sound Capital AG (“Sound Capital”) it is important to protect the privacy of visitors of the Sound Capital website, its clients and other contracting parties and to treat personal data in accordance with the law.
This data protection declaration informs how Sound Capital processes personal data. The term “Personal Data” means all information relating to a particular or identifiable natural person or legal entity. The term “Processing” means any use of personal data, whatever means and procedures may be employed, in particular the procurement, storage, use, amendment, notification, archiving, erasure or destruction of personal data.
2. Types of personal data
Sound Capital processes the following types of personal data. In every case, as few items as possible of personal data will be processed.
- Personal information (e.g. name, address and other contact data, date and place of birth, nationality, tax number, e-mail address, phone number, identification data).
- Further master and inventory data (e.g. information about an account, custody account, transactions and contracts executed, information about third parties who are affected by data processing, e.g. spouses, authorised representatives and consultants).
- Data in connection with the fulfilment of contractual obligations, order and risk management data (e.g. stock exchange orders, risk and investment profile, data relating to remuneration).
- Technical data (e.g. business numbers, IP addresses, internal and external identifications, access recording).
- Marketing data (e.g. preferences, needs).
3. Legal grounds and purpose of data processing
Sound Capital processes data in accordance with the provisions of the Swiss Federal Act on Data Protection (FADP). Data is processed for the fulfilment of contractual obligations, to preserve legitimate interests of Sound Capital or for its own purposes or for those prescribed by law. The processing is based on the law or on consent.
In particular it can be used for the following purposes:
- Closure and performance of contracts, implementation, processing and management of products and services (e.g. invoices, account openings, payments, investments).
- Monitoring and control of risks (e.g. investment profiles, prevention of money laundering, market, credit or operational risks).
- Measures for business management and further development of services and products (e.g. development of new services or analysis of existing services, products, processes, technologies).
- Marketing, communication, information about the service offering and its verification (e.g. newsletter distribution, print and online advertising, events for clients and prospects or other events, ascertaining client’s future needs).
- Ensuring the security and operation of the IT.
- Performance of statutory or regulatory information or reporting obligations to courts and public authorities, implementation of official instructions (e.g. reporting obligations to supervisory authorities, orders of criminal prosecution offices in connection with money laundering and the financing of terrorism).
- Assertion of legal claims and defence in case of legal disputes.
4. Origin of personal data
Sound Capital may acquire personal data from the following sources in order to perform the purposes set out in cipher 3:
- Personal data which are notified to Sound Capital, e.g. when opening business relations, for the performance of contracts, when products and services are used or on websites.
- Personal data which occur when products or services are used and are transferred to Sound Capital by the technical infrastructure or by work-sharing processes, e.g. for payment transactions, on websites or in connection with cooperation with other financial or IT service providers.
- Personal data from third party sources, e.g. authorities or sanctions lists, data from public registers (such as the commercial register) and from third party providers.
5. Data transfer / Disclosure of data
Within Sound Capital access to the personal data is given to the units that need it in order to fulfil the contractual and legal obligations. Personal data can only be communicated if legal provisions demand this, if the consent is given or if Sound Capital is authorised to issue the information. Under these conditions, recipients of personal data may be, for instance:
- Public entities and institutions (e.g. courts, supervisory authorities, criminal prosecution authorities) for reasons of statutory justification or because of official orders.
- Other financial service institutions or similar entities to which personal data is communicated in order to carry out a business relationship with clients (depending on the contract, for instance, custodian banks, brokers, stock exchanges, data collection agencies).
- Other service providers in case of outsourcing pursuant to cipher 6 and for the purpose of comprehensive client care.
- As far as it is necessary to safeguard the justified interests of Sound Capital (e.g. for public statements, to safeguard Sound Capital’s claims against clients or third parties, to collect Sound Capital claims).
- To other third parties with the consent of the persons affected.
Service providers and vicarious agents employed by Sound Capital may also receive data for these purposes, provided they maintain professional secrecy. These are companies in the categories of IT services, logistics, printing services, telecommunications, collections, advisory and consulting services as well as sales and marketing.
The service providers who process personal data for this purpose on behalf of Sound Capital (known as order processors) are chosen carefully. The order processers may only process personal data received by them to the same extent as Sound Capital does so itself and they are contractually required to safeguard the confidentiality, professional secrecy and security of the data. Outsourcing by Sound Capital is effected in compliance with the legal and regulatory requirements.
7. Automated data processing
Sound Capital reserves the right to effect in the future automated processing of personal data where necessary, for example, to comply with the legal and regulatory requirements imposed to combat money laundering, terrorist financing and asset-endangering crimes. Furthermore, client data may be processed, in particular, to identify important personal features of the client, to predict developments and prepare client profiles (e.g. risk profile). This serves in particular to verify and develop offers and optimise the provision of services.
8. Data security
Sound Capital takes the protection of the personal data very seriously and treats the personal data confidential and in accordance with the applicable legal and regulatory requirements and this data protection declaration.
For that purpose, Sound Capital takes appropriate technical and organisational security measures to ensure that personal data processed within the IT environment controlled by Sound Capital is protected against unauthorised access, misuse, loss and/or destruction (e.g. access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, employee training).
To protect the privacy Sound Capital uses a secure connection for the Sound Capital website, which can be seen from the ‘https’ (https stands for Hypertext Transfer Protocol Secure) at the very beginning of the address bar in the browser. In this way, the connection is encrypted via SSL/TSL and the data cannot be intercepted by third parties.
9. Use of websites / Transmission of data via an open network
When a person visits the Sound Capital website (“visitor”), the webserver automatically records details of that visit. Such details are e.g. type/version of browser used, referrer URL, host name of the accessing electronic device, date and time of server request, IP address and device-specific information.
Such tracking data serve to optimise the Sound Capital website and indicate how the visitor is informed of the services of Sound Capital and makes use of them. However, as a rule they do not enable the visitor’s identity to be determined. To that extent no personal data are processed.
Sound Capital would like to draw the attention to the fact that if visitors use the Sound Capital website via an open network, this may allow third parties (e.g. app stores, network providers or the manufacturer of the visitor’s device), wherever they are located, to access and process the data. Open networks are beyond Sound Capital’s control and can therefore not be regarded as a secure environment. Any transmission of data via such open network cannot be guaranteed to be secure or error-free as data may be intercepted, amended, corrupted, lost, destroyed, arrive late or incomplete, contain viruses or may be monitored. In particular, data sent via an open network may leave the country – even where both sender and recipient are in the same country – and may be transmitted to and potentially processed in third-party countries, where data protection requirements may be lower than in the country of residence.
Where data is transmitted via an open network, Sound Capital cannot be held responsible for the protection of this data and Sound Capital accept no responsibility or liability for the security of the data during transmission. Sound Capital, therefore, recommends avoiding the transmission of any confidential information via open networks.
11. Duration of storage
Sound Capital only processes and stores personal data for as long as is necessary for the fulfilment of contractual and legal obligations.
12. Rights of affected individuals
Every affected individual has the right to information according to Article 8 FADP, the right to correction according to Article 5 FADP, the right to erasure according to Article 5 FADP (as long as e.g. legal and regulatory requirements or technical obstacles to not prevent it), the right to restrict processing according to Articles 12, 13, 15 FADP, the right of objection according to Article 4 FADP, and – if applicable – the right to data portability. Furthermore, if applicable to the affected individual, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority.
The consent given for the processing of personal data can be withdrawn at any time. The revocation is only effective for the future. Processing carried out prior to the revocation will not be affected.
14. Contact form / newsletter
If a visitor makes personal data available, e.g. by completing a contact form or notification field for newsletters, Sound Capital may additionally use such data for the following purposes:
- for client and user administration;
- to inform the visitor about services and products;
- for marketing purposes (e.g. to despatch newsletters);
- for technical “hosting” and for the further development of Sound Capital websites.
Therefore, processing of such entered data is based on the consent of the visitor.
Sound Capital reserves the right to change this data protection declaration at any time. This data protection declaration does not constitute any contractual or other formal legal relationship.
Sound Capital is responsible for processing the personal data. The contact details of Sound Capital are as follows:
Sound Capital AG
Phone: +41 44 206 25 25