Data privacy

1. General

This data privacy policy provides information on how CAYROS capital AG obtains and processes personal data on its own responsibility in its function as a financial institution.

CAYROS is committed to handling personal data in a transparent and customer-friendly manner, and the protection of this personal data is an important concern for CAYROS. This privacy policy gives you an overview of how CAYROS handles personal data. At the same time, you will find out what rights you have under the Data Protection Act.

Personal data refers to all information relating to an identified or identifiable natural person. This includes contact or master data such as names, telephone numbers, postal and e-mail addresses.

Processing means any handling of personal data, irrespective of the means and procedures used, the collection, storage, retention, use, modification, disclosure, archiving, erasure, or destruction of personal data.

This privacy policy is intended for interested parties, customers and persons associated with them (e.g., family members and authorised representatives).

If you provide CAYROS with personal data of other persons (e.g., family members, authorised representatives), CAYROS assumes that you are authorised to do so, and that this personal data is correct. By transmitting personal data about third parties, you confirm this. Please ensure that these persons are familiar with this data protection declaration.

2. Responsible person and contact
CAYROS is responsible for the processing of your personal data. To exercise your rights, you can contact CAYROS as follows:

CAYROS capital AG
Thiersteinerallee 29
CH-4053 Basel

T +41 61 331 5556
F +41 61 331 5558
E info@cayroscapital.com

3. Collection and processing of personal data
CAYROS primarily collects and processes personal data provided to it by the data subject, e.g., when opening business relationships, when processing contracts, when utilising products and services or on websites or other applications. It also processes personal data that is generated and transmitted in the context of the utilisation of products or services. CAYROS may obtain personal data from publicly accessible sources, authorities or other third parties, insofar as this is permitted.

4. Origin and categories of personal data

CAYROS processes personal data that you disclose to it (e.g., during a visit, in a consultation, when ordering marketing material, as part of the provision of services) and that is publicly accessible (e.g., in address books, in the commercial register).

CAYROS processes various categories of personal data. The most important categories are as follows:

Communication data (e.g., data in written, telephone or electronic communication)
Documentation data (e.g., minutes of consultations or conversations)
Master and inventory data (e.g., name, address, nationality, date of birth, information regarding account, custody account, transactions and contracts concluded, information about third parties who are also affected by data processing, such as spouses, authorised representatives, and advisors)
Financial data (e.g., creditworthiness data, information on assets and their origin, liabilities, risk, and investment profile)
Transaction or order and risk management data (e.g., information on the beneficiaries of transfers, beneficiary bank, amount of transfers, information on investment products)
Technical data (e.g., transaction numbers, IP addresses, internal and external identifiers, access records)
Communication data (e.g., contact details such as e-mail address, telephone number)

Many of these data are disclosed to CAYROS by the data subject themselves. The categories of personal data that CAYROS receives from third parties may include, in particular, information from public registers, information in connection with official and legal proceedings, creditworthiness information, information to comply with legal requirements such as fraud, money laundering and terrorism prevention and export restrictions, information from banks and other contractual partners of CAYROS for the utilisation or provision of services, information from the media and the Internet.

5. Your rights
You have the right to information, rectification, erasure, restriction, objection and – where applicable – the right to data portability. You also have the right to lodge a complaint with a competent data protection supervisory authority.

CAYROS accepts requests for information in writing, together with a legible copy of a valid official identification document (e.g., passport, identity card, driving licence). The contact details can be found in section 2.

The rights to erasure and objection are not unrestricted rights. Depending on the individual case, overriding interests may make further processing necessary. CAYROS will examine each individual case and inform you of the result.

6. Purpose of the processing
CAYROS processes personal data primarily to provide its own services, to fulfil contracts with customers and business partners and to comply with legal obligations.

In addition, CAYROS processes personal data, where permitted and indicated, for the following purposes:

Conclusion and fulfilment of contracts, execution, processing and administration of products and services (e.g., invoices, payments).
Monitoring and managing risks (e.g., investment profiles, combating money laundering, limits, market risks).
Marketing, communication, information about and review of the range of services (e.g., advertising in print and online, customer, prospective customer or other events, identification of future customer needs, assessment of customer, market, or product potential).
Fulfilment of statutory or regulatory disclosure, information or reporting obligations to courts and authorities, fulfilment of official orders (e.g., reporting obligations to FINMA and foreign supervisory authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
Preventing and investigating criminal offences or other misconduct (e.g., through internal investigations).
Safeguarding the interests and securing the claims of CAYROS, e.g., in the event of claims against CAYROS or claims of CAYROS against third parties.
Ensuring the operation, of IT, the website, and other platforms.

If consent has been given to the processing of personal data for specific purposes (e.g., when registering for a newsletter), the personal data will be processed within the scope of and based on this consent, unless another legal basis is given and necessary. Consent that has been granted can be revoked at any time, but this has no effect on data processing that has already taken place.

7. Data security
CAYROS undertakes to protect personal data for the data processing under its responsibility in accordance with the applicable laws. The protection of personal data includes appropriate technical and organisational security measures (e.g., access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, training of employees, etc.).

8. Disclosure to third parties and data transfer abroad
CAYROS discloses personal data to the following third parties (recipients) in the following cases:

For outsourcing in accordance with Section 9 and for the purpose of customer support to other service providers.
For order fulfilment, i.e., when products or services are used.
Due to legal obligations, legal justification reasons or official orders, e.g., to courts, supervisory authorities, tax authorities or other third parties.
Where necessary to protect legitimate interests, e.g., in the event of legal action threatened or initiated by customers against CAYROS, in the event of public statements, to secure claims of CAYROS against customers or third parties, for the collection of receivables, etc.
With the consent of the data subject to other third parties.

Recipients of personal data are usually in Switzerland. When using certain products or services, personal data may also be disclosed to third parties outside Switzerland (e.g., Europe).

If a recipient is in a country without an adequate level of data protection, CAYROS contractually obliges the recipient to comply with the applicable data protection law (e.g., with standard contractual clauses), unless the recipient is already subject to a legally recognised set of rules to ensure data protection or CAYROS cannot rely on an exemption clause.

9. Outsourcing of business areas and services (outsourcing)
CAYROS outsources certain business areas and services in whole or in part to third parties.

The service providers who process personal data on behalf of CAYROS for this purpose (so-called processors) are carefully selected. Whenever possible, CAYROS uses processors domiciled in Switzerland. The processors may be authorised to have certain services provided by third parties.

The processors may only process personal data received in the same way as CAYROS itself as the sole controller and are contractually obliged to guarantee the confidentiality and security of the data.

10. Use of websites and cookie policy
When a person visits the CAYROS website, the web server automatically registers details of their visit (e.g., the website from which the visit takes place, the IP address of the visitor, the content of the CAYROS website that is accessed, including the date and duration of the visit). Such tracking data serves to optimise the CAYROS website and provides information about how the visitor informs himself about the products, services and offers of CAYROS and how he uses them. As a rule, however, it does not allow any conclusions to be drawn about the identity of the visitor. In this respect, no personal data is processed.

In addition, by using the CAYROS website, a visitor agrees to the use of cookies. Cookies are small files that are stored on the visitor's computer to track the corresponding website visit and navigation between different pages and/or to save settings (e.g., selected language). Cookies are used to collect statistical data on the frequency and time of visits to individual website areas and help to design customised, useful, and user-friendly websites. The visitor can opt out of the use of cookies at any time by deleting the cookies set by the CAYROS website. Deletion is possible via the settings in the visitor's Internet browser.

11. Duration of storage
The duration of the retention of personal data depends on the purpose of the respective data processing and/or statutory retention and documentation obligations, which are five, ten or more years depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible.

12. Rights of persons concerned
Anyone can request information from CAYROS as to whether personal data relating to them is being processed. There is a right to object, a right to restriction of processing and, where applicable, a right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, if there are no legal or regulatory provisions (e.g., statutory retention obligations for business-relevant data) or technical hurdles to the contrary. The deletion of data may mean that certain services can no longer be provided. In addition, where applicable, there is a right of appeal to a competent authority. If CAYROS processes personal data based on consent, this consent can be revoked at any time. It should be noted that CAYROS reserves the right to assert the restrictions provided for by law, for example if it is obliged to store or process certain data, has an overriding interest in doing so (insofar as it may invoke this) or needs it to assert claims.

13. Amendments
This privacy policy is not part of any contract between CAYROS and you. CAYROS may amend this privacy policy at any time without prior notice. The current version published on the CAYROS website shall apply.