With this Data Protection Policy, SIDENIA LTD and its subsidiaries (hereafter SIDENIA) describe the extent, purpose and the methods of how SIDENIA collects and processes personal data.
The term “personal data” means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as for example a name, an identification number or an online identifier.
If you provide us with personal data of other persons (such as family members), you have to ensure the respective persons are aware of this Data Protection Policy and only provide us with their data if you are allowed to do so and if such personal data is correct.
In relation to the processing of personal data, SIDENIA complies with the Swiss Federal Act on Data Protection (FADP) and, where applicable, with the General Data Protection Regulation of the EU (GDPR).
All employees who have access to confidential data and information are bound by the aforementioned regulations and have signed a confidentiality agreement.
The “controller” of data processing as described in this Data Protection Policy is SIDENIA LTD, Dufourstrasse 42, 8008 Zurich, Switzerland. You can notify us of any data protection related concerns using the following contact details of our Data Protection Officer according to Art. 37 GDPR: datenschutz@sidenia.com.
Our representative in the EEA according to Art. 27 GDPR is: Ulrica Schmid-Mastrocola, uschmid@uliandmore.com.
If SIDENIA processes personal data on behalf of another controller, SIDENIA acts as a “processor”. In that case the controller is responsible for the processing of your personal data.
SIDENIA processes personal data that SIDENIA obtains from you in the context of our business relationship (in particular trustee-, directorship and fiduciary functions, family office services, company formation, consultation, administration and accounting). Insofar as it is permitted to SIDENIA, SIDENIA also obtains certain personal data from:
Relevant personal data is personal information (e.g. name, address, contact details, date of birth and nationality) and information about your financial situation (e.g. creditworthiness data).
Personal data is processed in order to provide our services in the context of carrying out our contracts with you or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided and can include fiduciary and consulting services, wealth and asset management advice. For the processing of personal data required for the fulfillment of a contract Art. 31 Sect. 2 lit. a FADP or if applicable, Art. 6 Sect. 1 lit. b GDPR is the legal basis.
When the processing of personal data is required for the preservation of legitimate interests pursued by us or a third party, Art. 31 Sect. 1 and Sect. 2 FADP or if applicable, Art. 6 Sect. 1 lit. f GDPR is the legal basis.
Examples of legitimate interests:
In cases where SIDENIA obtains consent from affected individuals for processing personal data, Art. 31 Sect. 1 FADP or if applicable, Art. 6 Sect. 1 lit. a GDPR is the legal basis. Consent to the data processing can be withdrawn at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
In cases where processing of personal data is necessary for the fulfillment of a statutory obligation which SIDENIA is subject to (e.g. statutory retention obligations), Art. 31 Sect. 1 FADP or if applicable Art. 6 Sect. 1 lit. c GDPR is the legal basis.
Where SIDENIA processes personal data on behalf of a controller, SIDENIA acts as processor.
When you apply for a vacant position, SIDENIA processes your data for the purpose of conducting the application process. Without this data, SIDENIA is unable to assess your application and decide whether you are suitable for the position in question.
For example, SIDENIA uses contact data to arrange appointments with you. SIDENIA collects personal information, such as that contained in your resume, and processes data from job references or training diplomas. In addition to this absolutely necessary data, you have the option of providing SIDENIA with additional information for the application process. SIDENIA uses the data provided to SIDENIA to evaluate the application and to make decisions.
Your application data will only be shared with persons involved in the application process, such as management, supervisors, employees. In addition, data may be disclosed to authorities if there is a legal obligation to disclose.
Processing is permitted within the scope of the application process. The data will generally be deleted 6 months after the end of the application process.
If your application is followed by the conclusion of an employment contract, the data will continue to be stored and used for the implementation of the employment relationship.
Only employees of SIDENIA who require your personal data to provide the services and fulfill the contractual and legal obligations will have access to it. SIDENIA transfers your data to third parties, insofar as such transfer is permitted and SIDENIA deems it appropriate, in order for such third parties to process data for SIDENIA or if it is necessary for the performance of the services. Third parties may be, for example, any of the following:
Other recipients of personal data can be any third party for which you have given SIDENIA your consent to transfer data. Certain recipients may be within or outside of Switzerland located anywhere in the world.
When transferring personal data internationally SIDENIA makes sure that it complies with applicable laws and regulations, for example, by entering into agreements which will ensure that the recipients of your personal data maintain an adequate level of data protection. For this purpose, SIDENIA uses the revised European Commission’s standard contractual clauses. SIDENIA is allowed to transfer personal data to another country which does not have an adequate level of data protection without further safeguards, if the transfer is necessary for the performance of its services, for the conclusion or performance of a contract concluded in your interest or for the implementation of pre-contractual measures taken at your request.
Exactly which data may be subject to a disclosure requirement within the framework of transactions and services varies from case to case, but may include the following: information about you, information about your business relationship with SIDENIA or information about the services provided to you.
The personal data may be disclosed in any manner. This includes, in particular, disclosure via telecommunication channels and electronic means as well as the physical provision of documents.
SIDENIA will process and store your personal data for as long as it is necessary in order to fulfill its contractual and statutory obligations.
As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, to the extent possible.
SIDENIA has taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.
In the context of your business relationship with SIDENIA, you must provide all personal data that is required, either legally or factually, for accepting and carrying out such business relationship and fulfilling the accompanying contractual obligations. Without this data, SIDENIA is not in a position to provide its services to you.
SIDENIA neither uses automated individual decision-making (decision based solely on automated processing) nor profiling (any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person), Art. 21 FADP and Art. 22 GDPR. If SIDENIA should use such decision-making based solely on automated processing, SIDENIA will inform you separately, if legally required.
As an affected individual, you have the right to information regarding which data SIDENIA processes about you (Art. 25 FADP, Art. 15 GDPR), the right to rectification (Art. 6 FADP, Art. 16 GDPR), the right to erasure (Art. 6 FADP, Art. 17 GDPR), the right to restrict processing (Art. 31, 32 FADP, Art. 18 GDPR), the right of object (Art. 32 Sec. 2 lit. a FADP, Art. 21 GDPR) and if applicable, the right to data portability (Art. 28 FADP and Art. 20 GDPR). These rights exist insofar as no statutory retention obligations or other justified interests on the part of SIDENIA prevent their application. In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority (Art. 77 GDPR). The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
You have the right at all times to revoke a consent which was previously granted for data processing. You can assert your rights by notifying the contact address pursuant to Sect.2.
SIDENIA may amend this Data Protection Policy at any time without prior notice. The current version published on its website shall apply.
Version effective as of September 2023.