Privacy

General data protection declaration

With this privacy policy we, Konwave AG (hereinafter the Company, we or us), describe how we collect and further process personal data. This privacy policy is not necessarily a comprehensive description of our data processing. Other privacy policies or general terms and conditions, participation conditions or similar documents may apply to specific circumstances.

The term “personal data” in this privacy policy refers to all information that identifies or could reasonably be used to identify a specific natural person (data subject).

If you provide us with personal data of other individuals (e.g. family members, colleagues), please ensure that the data subjects are aware of this privacy policy and only share their data with us if you are authorised to do so and the personal data is accurate.

This privacy policy complies with the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“FADP”). The applicability of these laws depends, however, on the individual case.

A. Controller

The “controller” of the data processing described in this privacy policy (i.e. the responsible entity) is:

Konwave AG
Obstmarkt 1
9100 Herisau
info@konwave.ch
www.konwave.ch

If you have any questions about the processing of your personal data or other privacy concerns, please contact us using these details.

B. Purpose of data processing and legal bases

We primarily use the data collected to conclude and perform contracts with our clients and business partners, particularly in connection with the provision of financial services and the procurement of products and services from our suppliers and subcontractors, as well as to comply with domestic and foreign legal obligations.

Furthermore, in accordance with applicable law and where appropriate, we may process personal data for the following purposes, which are in our legitimate interest or, where applicable, in the legitimate interest of a third party, such as:

If you have given us consent to process your personal data for specific purposes (e.g. when subscribing to newsletters), we will process your personal data within the scope and on the basis of this consent, unless we have another legal basis and require such. You may revoke consent at any time, although this does not affect data processed prior to the revocation.

C. Collection and processing of personal data

We primarily process personal data that we receive from our clients and other business partners, as well as from other individuals in the context of our business relationships with them, or that we collect from users when operating our websites, apps and other applications.

Where permitted, we obtain certain personal data from publicly accessible sources (e.g. debt registers, land registers, commercial registers, press, internet) or receive such data from affiliated companies, authorities or other third parties (such as distribution partners, custodian banks). In addition to the data you provide directly, the categories of data we receive from third parties about you include information from public registers, data obtained in connection with administrative or legal proceedings, information relating to your professional role and activities (e.g. to conclude and perform contracts with your employer), information concerning you contained in correspondence and discussions with third parties, information provided to us by persons associated with you (family members, advisers, legal representatives, etc.) for concluding or executing contracts with you or with your involvement (e.g. powers of attorney), information required by legal provisions such as anti-money laundering regulations, banking details, information about you found in the media or on the internet (where indicated in individual cases, e.g. in connection with applications, press reports, marketing/sales, etc.), your address, and data relating to your use of our websites (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content viewed, applications used, referring website, location data).

As a rule, we store such data for 12 months after the processing purpose has been fulfilled. This period may be longer if required for evidentiary reasons or to comply with legal or contractual obligations. Contact data such as email address and telephone number are retained for as long as necessary and appropriate for the purpose of making contact.

D. Cookies / tracking and other relevant information about the use of our website

Technical data

When you visit our website, your user-specific data (e.g. IP address, web browser, operating system) and technical data (e.g. URLs of pages accessed, execution of search queries) are collected and evaluated anonymously.

The aforementioned data is collected and processed for the purposes of system security and stability, error and performance analysis, internal statistical purposes, and to enable us to optimise our website.

When subscribing to our content, we process the data required to provide the desired service. Depending on the service, this may include: email address, first name, surname, salutation, full address, subject and message.

If you have given us consent to process your personal data for specific purposes (e.g. when you subscribe to our factsheet or submit a request), we will process your personal data within the scope and on the basis of this consent, unless we have another legal basis and require such. You may revoke consent at any time; however, this does not affect data processed up to the revocation.

As a rule, we store technical data for 24 hours.

Communication data

If you contact us via contact form, email, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. If we record or monitor telephone calls or video conferences, e.g. for training and quality assurance purposes, we will inform you. Such recordings may only be made and used in accordance with our internal policies and legal requirements.

As a rule, we store these data for five years from the last exchange with you. This period may be longer if required for evidentiary reasons, to comply with legal or contractual obligations, or for technical reasons. Emails in personal mailboxes and written correspondence are usually retained for at least 10 years. Recordings of (video) conferences are generally retained for five years.

Cookies and their use

In some cases we use “cookies” to tailor our offering to your needs as accurately as possible. Cookies are small files that cannot execute any actions by themselves and are stored on your computer or mobile device when you visit or use one of our websites. Cookies store specific settings related to your browser and data concerning interaction with the website via your browser. When a cookie is activated, it can be assigned an identification number that recognises your browser and permits the use of the information contained in the cookie. There are two main types of cookies: session cookies and persistent cookies. We use session cookies, which are deleted automatically from your mobile device or computer when you end the browser session. We also use persistent cookies to store user settings (e.g. language, auto-login), to understand how you use our services and content, and to show you tailored offers and advertising (which may also occur on websites of other companies; if your identity is known to us, these companies will not learn it from us; they only know that the same user who visited their site previously visited a particular site). These remain stored on your computer or mobile device for a long time after the browser session. They are automatically deactivated after a specific period.

Nevertheless, you can set your browser to reject cookies, to allow cookies for a single session only, or to delete them prematurely. Most browsers are preset to accept cookies. If you block cookies, certain functions (such as language settings, shopping carts, ordering processes) may no longer be available.

Konwave AG allows partner companies providing services for Konwave AG or integrated into our website to store cookies if technically required and proportionate. Konwave AG has no control over how cookies are used outside our website.

By continuing to use our website and/or consenting to this privacy policy, you agree that we may store cookies and thereby collect, store and use personal usage data even after the browser session (“persistent cookies”). You may object at any time by changing your browser’s default settings to reject (third-party) cookies.

E. Disclosure of data to third parties and transmission of data abroad

In the course of our business activities and in line with the purposes of data processing mentioned above, we may disclose data to third parties, insofar as such disclosure is permitted and we deem it appropriate, so that they can process the data for us or, where applicable, for their own purposes. The following categories of recipients may be affected in particular:

Our service providers (e.g. risk management and compliance, IT providers, hosting providers, auditors)
Domestic and foreign authorities, government bodies and courts
Other parties in potential or actual legal proceedings
Some recipients are located in Switzerland; others may be in any country worldwide. In particular, you should expect your data to be transmitted to any country where our service providers are located (such as Microsoft).

If a recipient is located in a country without adequate data protection, we will oblige the recipient to comply with data protection (we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally recognised framework ensuring data protection, and we cannot rely on an exemption. An exemption may apply, for example, in the case of foreign legal proceedings, where there is an overriding public interest, or where the fulfilment of a contract requires the disclosure, if you have consented, or if the data is generally available and you have not objected.

F. Duration of data storage

Your data, including personal data, is processed and stored only for as long as necessary to fulfil our contractual and legal obligations or the purposes pursued with the processing, i.e. where applicable for the duration of the entire business relationship and beyond due to legal retention and documentation obligations. Personal data may also be stored for the period during which claims may be asserted against our company and where we are otherwise legally obliged or our legitimate business interests require it (e.g. for evidentiary and documentation purposes). Once your personal data is no longer needed for the aforementioned purposes, it will be deleted or anonymised, where possible. For operational data (e.g. system logs), shorter retention periods of 30 days or less apply.

G. Data security

We have implemented appropriate technical and organisational security measures to protect your personal data against unauthorised access and misuse. These measures include issuing instructions, providing training, deploying IT and network security solutions, and enforcing access controls and restrictions, together with encryption of passwords, data storage and transfers, pseudonymisation and monitoring.

We cannot guarantee the security of data transmission over the internet. In particular, when data is transmitted by email there is a certain risk of third-party access.

H. Your rights

Subject to applicable law, you have the right to access, rectify and delete your personal data, to restrict processing or to object to our data processing, in particular for direct marketing purposes, profiling for direct marketing and other legitimate interests in processing, as well as the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory limitations on our side, for example where we are obliged to store or process certain data, have an overriding interest (to the extent we may rely on such interests) or require the data to assert legal claims.

We have already referred to your right to object or withdraw consent at any time. Please also note that exercising these rights may conflict with your contractual obligations and may result in consequences such as early termination of the contract and associated costs. Should this arise, we will inform you in advance, unless already contractually agreed.

As a rule, exercising these rights requires proof of your identity (e.g. by providing a copy of identification documents if your identity cannot otherwise be established or verified). To exercise these rights, please contact us using the details provided above.

Furthermore, every data subject has the right to enforce their rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

I.Profiling

We may process your personal data partially by automated means in order to evaluate certain personal aspects (profiling). Profiling enables us in particular to provide you with more tailored information about products that may be relevant to you and to advise you accordingly. For this purpose, we may use analytical tools that allow us to communicate with you and, where necessary, to promote you, including market and opinion research.

J. Amendments to this privacy policy

We may amend this privacy policy at any time without prior notice. The version published on our website is the applicable version. If the privacy policy forms part of an agreement with you, we will notify you of any changes by email or in another suitable manner.