1. Introduction

With this Data Protection Policy, SIDENIA LTD and its subsidiaries (hereafter SIDENIA) describe the extent, purpose and the methods of how SIDENIA collects and processes personal data.

The term “personal data” means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as for example a name, an identification number or an online identifier.

If you provide us with personal data of other persons (such as family members), you have to ensure the respective persons are aware of this Data Protection Policy and only provide us with their data if you are allowed to do so and if such personal data is correct.

In relation to the processing of personal data, SIDENIA complies with the Swiss Federal Act on Data Protection (FADP) and, where applicable, with the General Data Protection Regulation of the EU (GDPR).

All employees who have access to confidential data and information are bound by the aforementioned regulations and have signed a confidentiality agreement.

2. Data Controller / Processor / Representative in the EU / EWR

The “controller” of data processing as described in this Data Protection Policy is SIDENIA LTD, Dufourstrasse 42, 8008 Zurich, Switzerland. You can notify us of any data protection related concerns using the following contact details of our Data Protection Officer according to Art. 37 GDPR: datenschutz@sidenia.com.

Our representative in the EEA according to Art. 27 GDPR is: Ulrica Schmid-Mastrocola, uschmid@uliandmore.com.

If SIDENIA processes personal data on behalf of another controller, SIDENIA acts as a “processor”. In that case the controller is responsible for the processing of your personal data.

3. Processing of Personal Data

SIDENIA processes personal data that SIDENIA obtains from you in the context of our business relationship (in particular trustee-, directorship and fiduciary functions, family office services, company formation, consultation, administration and accounting). Insofar as it is permitted to SIDENIA, SIDENIA also obtains certain personal data from:

  • publicly accessible sources (e.g., debt registers, land registries, commercial registers, internet);
  • affiliated companies of SIDENIA;
  • authorities or other third parties;
  • information about you given to us by individuals associated with you (family members, consultants, legal representatives, etc.).

Relevant personal data is personal information (e.g. name, address, contact details, date of birth and nationality) and information about your financial situation (e.g. creditworthiness data).

4. Purpose of Processing and Legal Basis

4.1 Fulfillment of a contract with you

Personal data is processed in order to provide our services in the context of carrying out our contracts with you or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided and can include fiduciary and consulting services, wealth and asset management advice. For the processing of personal data required for the fulfillment of a contract Art. 31 Sect. 2 lit. a FADP or if applicable, Art. 6 Sect. 1 lit. b GDPR is the legal basis.

4.2 Legitimate interests

When the processing of personal data is required for the preservation of legitimate interests pursued by us or a third party, Art. 31 Sect. 1 and Sect. 2 FADP or if applicable, Art. 6 Sect. 1 lit. f GDPR is the legal basis.

Examples of legitimate interests:

  • providing and developing our products, services and website apps and other platforms on which SIDENIA is active;
  • consulting and exchanging data with information offices (e.g. debt register) to investigate creditworthiness;
  • communicating with you, with third parties and processing of their requests (e.g. contact form on our website, media inquiries);
  • asserting legal claims and defense in legal disputes;
  • reviewing and optimizing procedures regarding marketing needs and assessment for the purposes of direct customer approach as well as obtaining personal data from publicly accessible sources for customer acquisition;
  • advertisement and marketing (including organising events), provided you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and SIDENIA will then put you on a list for barring further advertising material being sent);
  • carrying out background checks and screening activities in relation to the client and the relevant persons as part of the performance of a contract;
  • prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
  • acquisition and sale of business divisions, companies, or parts of companies and other corporate transactions and associated transfer of personal data as well as measures for business management and compliance with national and international statutory and regulatory obligations as well as internal SIDENIA regulations.

4.3 Consent

In cases where SIDENIA obtains consent from affected individuals for processing personal data, Art. 31 Sect. 1 FADP or if applicable, Art. 6 Sect. 1 lit. a GDPR is the legal basis. Consent to the data processing can be withdrawn at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

4.4 Statutory obligations

In cases where processing of personal data is necessary for the fulfillment of a statutory obligation which SIDENIA is subject to (e.g. statutory retention obligations), Art. 31 Sect. 1 FADP or if applicable Art. 6 Sect. 1 lit. c GDPR is the legal basis.

4.5 On behalf of a Controller

Where SIDENIA processes personal data on behalf of a controller, SIDENIA acts as processor.

4.6 Collection of data in the context of applications

When you apply for a vacant position, SIDENIA processes your data for the purpose of conducting the application process. Without this data, SIDENIA is unable to assess your application and decide whether you are suitable for the position in question.

For example, SIDENIA uses contact data to arrange appointments with you. SIDENIA collects personal information, such as that contained in your resume, and processes data from job references or training diplomas. In addition to this absolutely necessary data, you have the option of providing SIDENIA with additional information for the application process. SIDENIA uses the data provided to SIDENIA to evaluate the application and to make decisions.

Your application data will only be shared with persons involved in the application process, such as management, supervisors, employees. In addition, data may be disclosed to authorities if there is a legal obligation to disclose.

Processing is permitted within the scope of the application process. The data will generally be deleted 6 months after the end of the application process.

If your application is followed by the conclusion of an employment contract, the data will continue to be stored and used for the implementation of the employment relationship.

5. Data Transfer

Only employees of SIDENIA who require your personal data to provide the services and fulfill the contractual and legal obligations will have access to it. SIDENIA transfers your data to third parties, insofar as such transfer is permitted and SIDENIA deems it appropriate, in order for such third parties to process data for SIDENIA or if it is necessary for the performance of the services. Third parties may be, for example, any of the following:

  • SIDENIA’s service providers including processors (such as e.g. IT providers);
  • domestic and foreign authorities or courts;
  • other parties in possible or pending legal proceedings;
  • affiliates and agents of SIDENIA;
  • registered agents in countries in which they are required by law, provided SIDENIA is supporting you at your request in such country in connection with the incorporation and/or administration of a company
  • dealers, suppliers, sub-contractors and other business partners

Other recipients of personal data can be any third party for which you have given SIDENIA your consent to transfer data. Certain recipients may be within or outside of Switzerland located anywhere in the world.

When transferring personal data internationally SIDENIA makes sure that it complies with applicable laws and regulations, for example, by entering into agreements which will ensure that the recipients of your personal data maintain an adequate level of data protection. For this purpose, SIDENIA uses the revised European Commission’s standard contractual clauses. SIDENIA is allowed to transfer personal data to another country which does not have an adequate level of data protection without further safeguards, if the transfer is necessary for the performance of its services, for the conclusion or performance of a contract concluded in your interest or for the implementation of pre-contractual measures taken at your request.

Exactly which data may be subject to a disclosure requirement within the framework of transactions and services varies from case to case, but may include the following: information about you, information about your business relationship with SIDENIA or information about the services provided to you.

The personal data may be disclosed in any manner. This includes, in particular, disclosure via telecommunication channels and electronic means as well as the physical provision of documents.

6. Retention Periods for your Personal Data

SIDENIA will process and store your personal data for as long as it is necessary in order to fulfill its contractual and statutory obligations.

As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, to the extent possible.

7. Data Security

SIDENIA has taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.

8. Obligation to provide Data

In the context of your business relationship with SIDENIA, you must provide all personal data that is required, either legally or factually, for accepting and carrying out such business relationship and fulfilling the accompanying contractual obligations. Without this data, SIDENIA is not in a position to provide its services to you.

9. Profiling and Automated Individual Decision-Making

SIDENIA neither uses automated individual decision-making (decision based solely on automated processing) nor profiling (any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person), Art. 21 FADP and Art. 22 GDPR. If SIDENIA should use such decision-making based solely on automated processing, SIDENIA will inform you separately, if legally required.

10. Your Rights

As an affected individual, you have the right to information regarding which data SIDENIA processes about you (Art. 25 FADP, Art. 15 GDPR), the right to rectification (Art. 6 FADP, Art. 16 GDPR), the right to erasure (Art. 6 FADP, Art. 17 GDPR), the right to restrict processing (Art. 31, 32 FADP, Art. 18 GDPR), the right of object (Art. 32 Sec. 2 lit. a FADP, Art. 21 GDPR) and if applicable, the right to data portability (Art. 28 FADP and Art. 20 GDPR). These rights exist insofar as no statutory retention obligations or other justified interests on the part of SIDENIA prevent their application. In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority (Art. 77 GDPR). The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

You have the right at all times to revoke a consent which was previously granted for data processing. You can assert your rights by notifying the contact address pursuant to Sect.2.

11. Amendments of this Data Protection Policy

SIDENIA may amend this Data Protection Policy at any time without prior notice. The current version published on its website shall apply.

Version effective as of September 2023.