General data protection declaration

With this privacy statement, we, Konwave AG (hereinafter referred to as the Company, we or us), describe how we collect and process personal data. This privacy statement is not necessarily a comprehensive description of our data processing. It is possible that other privacy statements or terms and conditions, conditions of participation or similar documents may apply to specific circumstances.

In this Privacy Statement, the term “personal data” means any information that identifies, or could reasonably be used to identify, an identified or identifiable natural person (data subject).

If you provide us with personal data of other persons (e.g. family members, work colleagues), please ensure that the data subjects are aware of this Privacy Policy and that you only provide us with their data if you are authorized to do so and such personal data is accurate.

This Privacy Policy complies with the EU General Data Protection Regulation (“GDPR”) and the Swiss Data Protection Act (“DPA”). However, the application of these laws depends on the individual case.

A.        Person in charge

The “data controller” of the data processing as described in this Privacy Policy (i.e., the Responsible Individual) is:

Konwave AG

Obstmarkt 1

9100 Herisau

If you have questions about the processing of your personal data or other data protection concerns, you can contact us using these contact details.

B.        Purpose of data processing and legal basis

We use the data we collect primarily to enter into and perform contracts with our customers and business partners, particularly in connection with the provision of financial services and the purchase of products and services from our suppliers and subcontractors, and to comply with domestic and foreign legal obligations.

In addition, in accordance with applicable law and where appropriate, we may process personal data for the following purposes, which are in our or, where applicable, a third party’s legitimate interest, such as:

– Providing and developing our products, services and websites, apps and other platforms on which we operate;

– Communicating with third parties and processing their requests (e.g. applications, media inquiries);

– Advertising and marketing (including the organization of events), unless you have objected to the use of your data for this purpose (if you are part of our customer base and receive advertising, you can object at any time and we will put you on the list of persons who do not wish to receive further advertising mailings);

– Assertion of legal claims and defense in legal disputes and official proceedings;

– Preventing and investigating criminal offenses and other misconduct;

– Ensuring our operations, including our IT, websites, apps and other applications;

– Acquisition and divestment of businesses, companies or parts of companies and other corporate transactions and the related transfer of personal data, as well as corporate governance measures and compliance with legal and regulatory obligations and internal company rules.

If you have given us your consent to process your personal data for certain purposes (e.g. when registering to receive newsletters), we process your personal data within the scope of and on the basis of this consent, unless we have another legal basis, if we need one. Consent given can be revoked at any time, but this does not affect the data processed before the revocation.

C.        Collection and processing of personal data

We primarily process personal data that we receive from our customers and other business partners and from other individuals in the course of our business relationships with them or that we collect from users in the operation of our websites, apps and other applications.

To the extent we are permitted to do so, we obtain certain personal data from publicly available sources (e.g. debtors’ register, land register, commercial register, press, internet) or we obtain such information from affiliated companies, public authorities or other third parties (such as distributors, custodian banks). Apart from the data you have provided directly to us, the categories of data we receive about you from third parties include, but are not limited to, data from public registers, data we receive in connection with administrative or judicial proceedings, data relating to your professional role and activities (e.g., for the purpose of concluding and performing contracts with you), and data we receive in connection with the performance of your duties, to enter into and perform contracts with your employer), information about you in correspondence and discussions with third parties, information about you provided to us by persons associated with you (family members, consultants, legal representatives, etc.) to enter into or perform contracts with you or with your cooperation (e.g., powers of attorney), information required by law, such as for anti-money laundering, bank data, information about you that can be found in the media or on the Internet (if specified in individual cases, e.g. in connection with job applications, media reports, marketing/sales, etc.), your address, data in connection with your use of our websites (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content accessed, applications used, referring website, localization data).

In principle, we store this data for 12 months after the end of the processing purpose. This period may be longer if this is necessary for evidentiary reasons or to fulfill legal or contractual requirements. The data required for contacting us, such as e-mail address and telephone number, are stored for as long as this is necessary and reasonable for the purpose of contacting us.

D.        Cookies / tracking and other relevant information about the use of our website

Technical data

When you visit our website, your user-specific data (e.g. IP address, web browser, operating system) and technical data (e.g. URLs of accessed pages, execution of a search query) are collected and analyzed anonymously.

The aforementioned data is collected and processed for the purposes of system security and stability, error and performance analysis, as well as for internal statistical purposes, and enables us to optimize our website.

When you subscribe to our content, we process the data required to provide the requested service. Depending on the service, the following data may be processed: Email address, first name, last name, title, full address, subject and message.

If you have given us your consent to process your personal data for specific purposes (e.g. if you subscribe to our factsheet or make an inquiry), we process your per-sonal data within the scope of and on the basis of this consent, unless we have another legal basis, in which case we require one. Consent given can be revoked at any time; however, this does not affect the data processed until revocation.

In principle, we store technical data for 24 hours.

Communication data

When you contact us via the contact form, e-mail, telephone or by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we record or listen to telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will inform you of this. Such recordings may only be made and used in accordance with our internal guidelines and legal requirements.

In principle, we store this data for 5 years from the last exchange with you. This period may be longer if required for evidentiary reasons, to meet legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally retained for at least 10 years. Recordings of (video) conferences are generally retained for 5 years.

Cookies and their use

In some cases, we use “cookies” to tailor our services as closely as possible to your needs. Cookies are small files that cannot perform any actions on their own and are stored on your computer or mobile device when you visit or use one of our websites. Cookies store specific settings about your browser and data related to your interactions with the website through your browser. When a cookie is activated, it can be assigned an identification number that identifies your browser and enables the use of the information contained in the cookie. There are basically two different types of cookies: temporary cookies and permanent cookies. We use temporary coo-kies that are automatically deleted from your mobile device or computer after the browser session ends. We also use persistent cookies to store user preferences (e.g., language, auto-login), to understand how you use our services and content, and to show you customized offers and advertisements (which may also happen on other companies’ websites; should we know your identity, these companies do not learn your identity from us; they only know that the same user visiting their website has previously visited a specific website). They remain stored on your computer or mobile device for a long time after the browsing session. They are automatically deactivated after a certain time.

Nevertheless, you can set your browser to reject cookies, to save them only for one session or to delete them prematurely. Most browsers are preset to accept cookies. If you block cookies, it is possible that certain functions (such as language settings, shopping cart, order processes) will no longer be available to you.

Konwave AG allows partner companies that provide services for Konwave AG or that are integrated into our website to store cookies, provided this is necessary from a technical point of view and the use of cookies is proportionate. Konwave AG has no control over how cookies are used outside of our website.

By continuing to use our website and/or agreeing to this privacy policy, you agree that we may store cookies and thus collect, store and use personal usage data even after the browser session has ended (“permanent cookies”). You can object to this at any time by changing the default setting of your browser so that it rejects (third-party) cookies.

E.         Transfer of data to third parties and transfer of data abroad

In the course of our business activities and in accordance with the aforementioned purposes of data processing, we may transfer data to third parties to the extent that such transfer is permitted and we consider it appropriate for them to process the data for us or, as the case may be, for their own purposes. In particular, the following categories of recipients may be involved: 

– Our service providers (e.g., risk management & compliance, IT providers, host providers, auditors).

– Domestic and foreign authorities, official bodies and courts

– Other parties in potential or actual legal proceedings

Some recipients are located in Switzerland, others may be located in any country worldwide. In particular, you should expect that your information will be transferred to any country where our service providers are located (such as Microsoft).

If a recipient is located in a country without sufficient legal data protection, we require the recipient to comply with data protection (we do this using the European Commission’s revised standard contractual clauses, which you can access here:, unless the recipient is subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply, for example, in the case of legal proceedings abroad, but also in cases where there is an overriding public interest or the performance of a contract requires disclosure, if you have consented or if the data has been provided by you in general and you have not objected to the processing.

F.         Duration of data storage

Your data, which includes personal data, will only be processed and stored for as long as is necessary to fulfill our contractual and legal obligations or the purposes otherwise pursued with the processing, i.e. if necessary for the duration of the entire business relationship and beyond this due to statutory retention obligations and documentation requirements. It is possible that personal data will be retained for the period during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or if justified business interests require this (e.g. for purposes of proof and documentation). As soon as your personal data is no longer required for the aforementioned purposes, it will be deleted or anonymized as far as possible. For operational data (e.g. system protocols, logs) shorter retention periods of 30 days or less apply.

G.        Data security

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of passwords, data storage and transmission, pseudonymization and controls.

We cannot guarantee the security of data transmission over the Internet. In particular, when transmitting data by e-mail, there is a certain risk of access by third parties.

H.        Your rights

In accordance with applicable law, you have the right to access, correct and delete your personal data, the right to restrict processing or to object to our data processing, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing, as well as the right to obtain certain personal data for transmission to another controller (data portability). Please note, however, that we reserve the right to assert legal restrictions on our part, e.g. if we are obliged to retain or process certain data, have an overriding interest (insofar as we can invoke such interests) or need the data to assert claims.

We have already informed you of the possibility to object to/revoke your consent at any time. Please also note that the exercise of these rights may conflict with your contractual obligations and this may result in consequences such as premature termination of the contract and may be associated with costs. Should this be the case, we will inform you in advance, unless this has already been contractually agreed.

In general, the exercise of these rights requires that you can prove your identity (e.g. by a copy of identification documents if your identity is not otherwise apparent or can be verified by other means). To exercise these rights, please contact us using the details provided above.

In addition, any data subject has the right to assert his or her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (

I.          Profiling 

We may process some of your personal data automatically in order to evaluate certain personal aspects (profiling). In particular, profiling enables us to better inform and advise you about products that may be relevant to you. For this purpose, we may use evaluation tools that enable us to communicate with you and, if necessary, to advertise to you, including market and opinion research.

J.         Changes to this Privacy Policy

We may change this Privacy Policy at any time without prior notice. The most current version posted on our website will apply. If the Privacy Policy is part of an agreement with you, we will notify you by email or other appropriate means in the event of a change.