With this data protection declaration, we, Corecam AG (hereinafter we or us), describe how we collect and process personal data. This data protection declaration is not necessarily a comprehensive description of our data processing. It is possible that other contractual documents, in particular our terms and conditions are applicable in certain circumstances.

In this data protection declaration, the term “personal data” refers to all information that identifies a specific or identifiable natural person (“affected person”) or that could reasonably be used to identify a natural person.

If you provide us with the personal data of other people (e.g., family members, work colleagues), please ensure that the persons concerned are aware of this data protection declaration and that you only provide us with their data if you are authorized to do so and this personal data is correct.

This data protection declaration relies on the Swiss Data Protection Act (“DSG”) and the EU General Data Protection Regulation (“GDPR”). The applicability of these laws depends on the individual case.

A. Responsible

The responsible for the data processing as described in this privacy statement (i.e. the Responsible Person) is:

Corecam AG
Todistrasse 5
8002 Zurich
Contact Us via the Contact Form found  in Our Locations page.

Should you have any questions about the processing of your personal data or other data protection concerns, you can contact us using these contact details.

B. Purpose of Data Processing and Legal Basis

We use the collected data primarily to conclude and fulfil contracts with our customers and business partners, in particular in connection with the provision of financial services to our clients, as well as to comply with domestic and, in some cases, foreign legal obligations.

In addition, we may, in accordance with applicable law and to the extent appropriate, process personal data for the following purposes:

• Furnishing of products and services to our clients;
• Communicating with third parties and processing their inquiries;
• Advertising and marketing (including the organization of events), unless you have objected to the use of your data for this purpose;
• Assertion of legal claims and defense in legal disputes and official proceedings;
• Prevention and investigation of crime and other wrongdoing;
• Ensuring our operations, including our IT platform and its applications;

If you have given us your consent to process your personal data for specific purposes (e.g., when registering to receive newsletters), we will normally process your personal data within the scope and on the basis of this consent, unless there is an alternative legal basis. A given consent can be revoked at any time, but this does not affect the data processed before the revocation.

C. Collection and Processing of Personal Data

We primarily process personal data that we receive from our clients and other business partners, as well as from other people as part of our business relationships with them, or that we collect from users when operating our websites, apps, and other applications.

As far as we are permitted, we obtain certain personal data from publicly accessible sources (e.g. list of debtors, land register, commercial register, press, Internet) or we receive such information from affiliated companies within the Corecam Group, from authorities or other third parties (e.g. custodian banks). Apart from the data that you have provided to us directly, the categories of data that we receive from third parties about you include, but are not limited to, data from public registers, data that we receive in connection with administrative or judicial proceedings, data in connection with your professional role and activity (e.g., for the conclusion and implementation of contracts with your employer), information about you in correspondence and in discussions with third parties, information about you that we have received from people associated with you (family members, consultants, legal representatives, etc.) to conclude or process contracts with you or with your participation (e.g. powers of attorney), information on legal regulations such as combating money laundering, bank details, information about you that can be found in the media or on the Internet (if specified in individual cases, e.g. in connection with applications, media reports, marketing/sales, etc.), your address and any interests and other socio-demographic data, data in connection with your use of our websites (e.g. IP address, MAC address of your smartphone or computer, information about your device and your settings, cookies, date and time your visit, pages and content viewed, applications used, referring website, localization
data).

We store this data for a maximum of 12 months after the purpose of processing has ended. This period can be longer if this is necessary for reasons of evidence or to fulfill legal or contractual requirements.

D. Cookies / Tracking and Other Relevant Information About the Use of Our Website

Technical Data

When you visit our website, your user-specific data (e.g. IP address, web browser, operating system) and technical data (e.g. URLs of pages accessed, execution of a search query) are collected and evaluated anonymously.

The data mentioned are collected and processed for the purposes of system security and stability, error and performance analysis as well as for internal statistical purposes and enable us to optimize our website.

When subscribing to our content or sending a contact form/customer login, we process the data required to provide the desired service. Depending on the service, the following data can be processed: e-mail address, first name, last name, salutation, full address, subject and message.

Communication Data

If you contact us via the contact form, by e-mail, telephone or chat, by letter or by other means of communication, we collect the data exchanged between you and us, including your contact details. If we record or listen to telephone conversations or video conferences, for example for training and quality assurance purposes, we will point this out to you. Such recordings may only be made and used in accordance with our internal guidelines and the legal requirements.

In principle, we store this data for at least 10 years. This period can be longer if this is necessary for reasons of evidence, to fulfill legal or contractual requirements or for technical reasons.

“Cookies” In some cases we use “cookies” to tailor our offer as closely as possible to your needs. Cookies are small files that cannot take any action by themselves and are stored on your computer or mobile device when you visit or use one of our websites. Cookies store specific settings about your browser and data related to exchanges with the website via your browser. When a cookie is enabled, it may be assigned an identification number that identifies your browser and enables the information contained in the cookie to be used. We may use both temporary and permanent cookies. We cannot identify you personally with these cookies; we only know that the same user who visits our website has previously visited, and the user’s preferences. These remain stored on your computer or mobile device for a long time after the browser session. They are automatically deactivated after a certain period of time.

By continuing to use our website and/or agreeing to this data protection declaration, you agree that we can store cookies and thus collect, store and use personal usage data even after the end of the browser session (“permanent cookies”). You can object to this at any time by changing the standard setting of your browser so that it rejects (third-party) cookies. Most browsers are preset to accept cookies. If you block cookies, it is possible that certain functions (such as language settings) will no longer be available to you.

Google Analytics and Similar Services We may use Google Analytics or similar services on our website with the aim and intention of designing our website to meet needs and continuously optimizing it. These are third-party services that can be based in any country in the world (in the case of Google Analytics, Google Ireland Ltd. (based in Ireland), Google Ireland uses Google LLC (based in the USA) as a subprocessor (both “Google”), www.google.com) and which enable us to measure and evaluate the use of our website (on an anonymous basis). Permanent cookies set by the service provider are used for this purpose. Although we can assume that the information, we pass on to Google is not personal data for Google, it may be possible for Google to use the data collected to draw conclusions about the identity of the visitor, create personal profiles and use this data to link the Google accounts of these people for their own purposes. If you have registered with the service provider, the service provider also knows your identity. In this case, your personal data will be processed by the service provider in accordance with its data protection regulations. The service provider only provides us with data about the use of our website (but no personal information about you).

E. Transfer of Data to Third Parties and Transfer of Data Abroad

As part of our business activities and in line with the aforementioned purposes of data processing, we may transfer data to third parties, insofar as such transfer is permitted and we deem it appropriate, so that they process the data for us or, if necessary, for their own purposes. In particular, the following categories of recipients may be affected:

• Our service providers (e.g. risk management & compliance, IT provider, CRM system)
• Domestic and foreign authorities, official bodies and courts
• Other Parties in Potential or Actual Legal Proceedings

Some recipients are located in Switzerland, others can be located in any country worldwide. In particular, you should expect your data to be transferred to any country in which the Corecam Group has other offices (Switzerland, Singapore, Vietnam, UAE), as well as to other countries in Europe and the USA, where our service providers are located.

If a recipient is located in a country without adequate legal data protection, we oblige the recipient to comply with data protection (we use the revised standard contractual clauses of the European Commission, which you can access here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?) , unless the recipient is subject to a legally recognized privacy policy and we cannot rely on an exception. An exception may apply, for example, in the case of court proceedings abroad, but also in cases in which there is an overriding public interest or the performance of a contract requires disclosure if you have consented or if the data has been made generally available by you and you have not objected to the processing.

F. Duration of Data Storage

Your data, which also includes personal data, will only be processed and stored for as long as is necessary to fulfill our contractual and legal obligations or the purposes otherwise pursued with the processing, i.e. possibly for the duration of the entire business relationship and beyond legal retention and documentation requirements. It is possible that personal data will be retained for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or if legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will be deleted or made anonymous as far as this is possible. Shorter retention periods apply to operational data (e.g. system protocols, logs).

G. Data Security

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of passwords, data storage and transmission, pseudonymization and controls. We cannot guarantee the security of data transmission on the Internet. There is a certain risk of access by third parties, especially when data is transmitted by e-mail.

H. Your Rights

In accordance with the applicable law, you have the right to information, correction and deletion of your personal data, the right to restrict processing or to object to our data processing, in particular for direct advertising purposes, profiling for direct advertising purposes and other legitimate interests in processing as well as the right to receive certain personal data for transmission to another person responsible (data portability). However, please note that we reserve the right to assert legal restrictions on our part, e.g. if we are obliged to store or process certain data, have an overriding interest (to the extent that we can invoke such interests) or the data to assert of legal claims.

We have already pointed out that you may object to / revoke your consent at any time. Please also note that the exercise of these rights may conflict with your contractual obligations and this may result in consequences such as premature contract termination and associated costs. If this is the case, we will inform you in advance, unless this has already been contractually agreed.

In general, the exercise of these rights is subject to being able to prove your identity (e.g. by a copy of identification documents if your identity cannot otherwise be ascertained or verified). To exercise these rights, please contact us using the details provided above.

In addition, each affected person has the right to assert their rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

I. Profiling [and Automated Individual Decision Making]

When initiating and implementing a business relationship, we generally do not use fully automated individual decision-making (such as, for example, in accordance with Article 22 GDPR). If we resort to such procedures in certain cases, we will inform you of this separately and inform you of your rights in this regard, insofar as this is required by law.

J. Changes to this Privacy Policy

We may change this privacy policy at any time without prior notice. The most current version published on our website applies. If the privacy policy forms part of an agreement with you, we will notify you of a change by email or other appropriate means.

Dear Clients

We, Corecam AG (hereinafter: the company), hereby would like to share some essential information about your personal data that we are collecting and processing as part of our contractual relationship with you.

We are sharing this information against the backdrop of a new Swiss data protection law (“DSG”) be-coming effective on September 1, 2023. This document also considers the EU General Data Protection Regulation (“GDPR”) and thereby aims to fulfill our company’s information obligations vis-à-vis various client groups. The application of the specific laws depends on the individual case.

Identity and contact details of the person responsible for data processing

Corecam AG
Tödistrasse 5
8002 Zürich
Switzerland
Contact Us via the Contact Form found  in Our Locations page.

A. Collection and processing of personal data

Personal data is all information that relates to a specific or determinable, identified or identifiable natural person. As part of its mandate, the Company collects several types of personal data from you.

These include in particular:

• Personal information (e.g. name, address, date of birth, marital status)
• KYC information (e.g. origin of wealth, profession, transaction details)
• Bank account information (e.g. IBAN)

Furthermore, we also collect any other information you may provide us with in the course of our business relationship.

As far as legally permitted, we may as well receive personal data about you from affiliated companies, from authorities or other third parties (such as custodian banks). The categories of data that we may receive about you from third parties include – in addition to the data that you have provided us with directly – data from public registers, data that we have received in connection with administrative or judicial proceedings, data about you from discussions with third parties, information about you that we have from persons associated with you (family members, consultants, legal representatives, etc.) for the purpose of concluding or processing contracts with you or with your participation (e.g. powers of attorney), information about legal regulations such as combating money laundering, information about you that can be found in the media or on the internet.

In principle, we store this data for at least 10 years. This period can be longer if this is necessary for reasons of evidence or to fulfill legal or contractual requirements.

B. Purpose of data processing and legal basis

We use the data collected primarily to provide the agreed services to our clients as well as to comply with domestic and foreign legal obligations.

In addition, we may, in accordance with applicable law and to the extent appropriate, process personal data for the following purposes:

• Furnishing of products and services to our clients;
• Communicating with third parties and processing their inquiries;
  Advertising and marketing (including the organization of events), unless you have objected to the use of your data for this
  purpose;
• Assertion of legal claims and defense in legal disputes and official proceedings;
• Prevention and investigation of crime and other wrongdoing;
• Ensuring our operations, including our IT platform and its applications;

C. Rights of the Affected Person(s)

In line with applicable legislation, persons whose personal data is processed (“Affected Persons”) have a number of rights in connection with the processing of their data. It is important to our company that you can exercise your rights easily and transparently if you wish. In particular, you have the following rights:

• to request and receive information as to whether and which of your data we are processing;
• demand that any inaccurate or incorrect information be corrected;
• to object to all or some processing;
• to request deletion of data;
• to request that we provide you or any other person you may wish to appoint with certain personal data in a commonly used electronic format;
• to withdraw consent where our processing has been based on your consent;
• to obtain further information on the exercise of these rights upon request.

In general, the exercise of these rights is subject to being able to prove your identity (e.g. by a copy of identification documents). To exercise these rights, please address your request in writing using the contact details mentioned above. However, please note that we reserve the right to assert legal re-strictions or exceptions on our part, for example if we are obliged by law to store or process certain data, have identified an overriding interest justifying our action, or if the data may be needed for assertion of legal claims.

Please also note that exercising these rights may conflict with our contractual agreements, which may result in consequences such as premature contract termination and associated costs. If this is the case, we will inform you in advance, unless this has already been contractually agreed.

In addition, each Affected Person may assert their rights in court or lodge a complaint with the competent data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/).

D. Transfer of data to third parties and transfer of data abroad

In fulfilment of our contractual obligations vis-à-vis our clients and in order to fulfil regulatory obligations, we may transfer data to third parties for further processing, if we deem such transfer to be permissible and appropriate. In particular, such recipients may fall into the following categories:

• External legal and compliance providers
• IT system providers (CRM system, Portfolio Management and Reporting System)
• Data hosting providers
• Custodian banks
• Domestic and foreign authorities, official bodies and courts

Certain recipients are located in Switzerland, others may be located in any country worldwide. In par-ticular, you should expect your data to be transferred to any country where the Corecam Group is active (Singapore, Germany, Vietnam, UAE) and to other countries where our service providers are based (Ger-many).

If a recipient is located in a country without adequate legal data protection, we oblige the recipient to comply with our relevant data protection standards, unless the recipient is subject to a legally recog-nized privacy policy and we cannot rely on an exception. An exception may apply, for example, in the case of court proceedings abroad, but also in cases in which there is an overriding public interest or the performance of a contract requires disclosure if you have consented or if the data has been made generally available by you and you have not objected to the processing.

E. Changes to this Privacy Policy

We may change this privacy policy at any time without notice. The most current version is published on our website. If the Privacy Policy forms part of an agreement with you, we will notify you by email or other appropriate means of any change.