Privacy Policy

Privacy Notice

Information on the processing of personal data

We respect users’ privacy and are committed to protecting it through compliance with this privacy notice ("Privacy Notice"). In accordance with Art. 19 of the Federal Act on Data Protection (hereinafter also referred to as "FADP") and Art. 13 of the Ordinance on Data Protection (hereinafter also referred to as "DPO"), Copernicus Wealth Management SA, as further identified below, acting as the "Data Controller" of the processing, provides some information about the use of personal data provided by users who consult and/or interact with the web services accessible electronically from the address: https://www.groupcopernicus.com/ ("Website") corresponding to the homepage of the official website of Copernicus Wealth Management SA. Specifically, this notice describes the types of information we may collect from the user or that the user may provide ("Personal Information") on https://www.groupcopernicus.com/ and on any related product and service (collectively, "Services"), and our practices for collecting, using, storing, protecting, and disclosing such Personal Information. It also describes the user's choices regarding the use of their Personal Information and the ways to access and update it.

This notice is provided only for the website in question and not for other websites that may be accessible to the user through links and is directed at users of this site. The Website may contain links to third-party websites, services, and other Internet resources. In this case, the Data Controller is in no way responsible for the content, security, and usability of such websites and resources; in particular, the Data Controller does not verify the policy or provide guarantees regarding the protection of privacy and personal data by such third parties.

By accessing and using the Website and the Services, the user acknowledges having read, understood, and agreed to be bound by the terms of this notice. This notice does not apply to practices of companies we do not own or control or to individuals we do not employ or manage.

In compliance with obligations dictated in the field of personal data protection, this Website respects and protects the confidentiality of users.

PREAMBLE

What is personal data?

Personal data

any information concerning an identified or identifiable data subject. Copernicus Wealth Management SA, through the website, collects various personal data, including but not limited to: name, surname, email address, phone number, IP address.

What is meant by processing?

Processing

any operation or set of operations, performed with or without the aid of automated processes, and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, alignment or combination, restriction, erasure or destruction.

Who is the data subject?

Data subject

the identified or identifiable natural person. For example (not exhaustive), the data subject is the user browsing the platform and who submits, through it, a request for information.

1.     DATA CONTROLLER

The data controller is:

Copernicus Wealth Management SA, Via al Forte 1, 6900 Lugano, represented by persons with signing authority in accordance with the entries in the cantonal commercial register (CHE-286.598.153), hereinafter also referred to as "Copernicus" or "Data Controller" or the "Company".

To contact the data controller: email dataprivacy@groupcopernicus.com

The list of data processors and any authorized persons is kept at the controller's headquarters and made available upon request of the data subject.

2.     PERSONAL DATA SUBJECT TO PROCESSING

Our top priority is the security of customer data, and for this reason, we apply a "no logs" policy. We can process only minimal user data, only to the extent absolutely necessary to maintain the Website and Services. Automatically collected information is used only to identify potential cases of abuse and to establish statistical information about the use and traffic of the Website and Services. This statistical information is not aggregated in a way that identifies a particular user of the system.

Personal data refers to indications or information that directly or indirectly allow the identification of a person, whether physical or legal. The Website does not request/collect/process sensitive personal data, given its purely informative nature. Therefore, users are advised not to transmit unsolicited information of this kind through the Website and related resources.

We do not knowingly collect any personal information from children under 18. If the user is under 18, please do not send any personal information through the Website and Services. If you have reason to believe that a child under 18 has provided us with personal information through the Website and Services, please contact us to request the deletion of the child's personal information from our Services. We encourage parents and legal guardians to monitor their children's internet usage and to assist in enforcing this notice by instructing their children never to provide personal information through the Website and Services without their permission. We also ask all parents and legal guardians who oversee children's custody to take necessary precautions to ensure that their children are instructed not to provide personal information online without their permission.

We specify that sensitive personal data includes information about religious, philosophical, or political opinions or activities, intimate sphere, mental or physical health status, as well as information about offenses committed, related penalties imposed, and measures taken.

Therefore, for the purposes described in this notice, we may collect the following categories of common personal data:

  • User device's IP address, user location, user's mobile device unique identifiers, duration of stay on the Website, services used, links and messages activated, browser characteristics (type, language, installed plug-ins, etc., cookies, etc.).

  • User's identifying data, personal data, and contact details, such as, for example, name, surname, email address.

  • Information contained in the curriculum submitted possibly via email to the email address published on the Website to send one's application (such as, for example, name, surname, residence, tax code, educational qualifications, professional skills, email, and telephone contacts).

3.     PURPOSES OF PROCESSING

We may process the user's personal data for the following purposes:

a)     Browsing on this website

Activities aimed at the functioning of the site. The system acquires certain personal data during normal operation, the transmission of which is implicit in the use of Internet communication. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computing environment.

b)    Contacting the user in response to the request sent via email, specifically:

  • To forward the requested informational material or any other communications.

  • To inform about changes to this website or updates to the services.

c)    Taking necessary actions for the conclusion or execution of a contract with you for the services or products requested, particularly for:

  • Fulfilment of obligations arising from such contract.

  • Some data disclosures.

d)    Managing the applications received through the email address published on the Website, particularly for:

  • Recruitment, analysis, evaluation, and selection of personnel.

  • Archiving resumes for future personnel search needs.

e)     Establishing liability in the event of hypothetical computer crimes against the website. 

f)      For legal, administrative, and audit purposes, particularly to:

  • Comply with legal or regulatory responsibilities.

  • Conduct legal and regulatory compliance checks.

  • Make disclosures to authorities, regulators, and government agencies.

g)     To assert or defend a right in judicial, extrajudicial, or administrative proceedings.

4.     LEGAL BASIS AND LEGITIMATE INTEREST

Pursuant to art. 6 FADP, we will process the user's personal data within the applicable legal framework. The applicable legislation is the Federal Act on Data Protection (FADP).

Where required and depending on the purpose of the processing activity, the processing of your personal data is based on one of the following grounds:

  • For processing related to the execution of the contract: overriding interest of the data controller, particularly in the execution of the contract (art. 31 FADP para. 2).

  • For contacting the user in response to the request sent: consent of the data subject (art. 6 para. 7 and art. 31 para. 1 FADP).

  • For processing personal data contained in resumes: overriding interest of the Data Controller, particularly in fulfilling activities necessary for the execution of pre-contractual measures adopted at the request of the data subject (art. 31 para. 2 FADP).

  • Regarding browsing data on this website, establishing liability in case of hypothetical computer crimes against the site, for administrative or audit purposes, to assert or defend a right in judicial, extrajudicial, or administrative proceedings: overriding interest of the data controller – legitimate interest of the data controller (art. 31 para. 2 FADP) without unduly prejudicing the interests or fundamental rights and freedoms of the user and to the extent that such personal data is necessary for the intended purpose.

  • As for processing carried out for legal purposes: legal obligation (art. 31 para. 1 FADP).

  • In some cases, necessary for the performance of a task carried out in the public interest.

5.     PERSONAL DATA PROCESSING METHODS

In relation to the purposes described above, the processing of personal data occurs through manual, computer, and telematic tools, ensuring the security and confidentiality of the data. This includes the collection, recording, storage, organization, processing, profiling for organizational purposes, selection, extraction, comparison, interconnection, communication, blocking, deletion, and destruction.

6.     PERIOD OF PERSONAL DATA RETENTION

In accordance with art. 6 para. 4 FADP, we will retain your personal data based on the principle of the necessity of processing for the period necessary to achieve the above-mentioned purposes.

Specifically:

  • Regarding personal and contact data related to contract management: for the period strictly necessary to fulfil the contract and in any case not exceeding 10 years from the completion of contractual obligations, unless interrupted by the receipt of acts interrupting the prescription or the existence of grounds for suspension of prescription; or, in any case, for the different period provided by law for proving compliance with legal or tax obligations or the period necessary to enable the Company to potentially protect its rights in judicial, administrative, or other proceedings before a Public Authority.

  • As for browsing data: for the period related to the browsing session.

  • Regarding personal and contact data provided when making contact requests: for the time necessary to fulfil the forwarded request and in any case not exceeding 10 years from the contact request or, if earlier, until the data subject revokes consent.

  • Regarding personal data contained in resumes: for a period not exceeding 45 days from the collection, unless the user updates it.

In any case, we will retain the processed data for the entire duration of any pre-trial and/or judicial proceedings, until the expiry of the terms for the exercise of judicial protections and/or actions for challenging. Any aggregated data derived from or embedded in your personal information after you have updated or deleted it may be used, but not in a way that personally identifies you. Once the retention period has expired, personal information will be deleted. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be applied after the expiration of the retention period.

7.     SECURITY MEASURES

All Company personnel who have access to personal data are required to comply with internal rules and procedures regarding the processing of personal data to protect and ensure their confidentiality. The Data Controller has also implemented technical and organizational measures to protect personal data from destruction, loss, alteration, unauthorized access, disclosure, or any other form of unlawful processing.

8.     DISCLOSURE OF INFORMATION

Depending on the services requested or if necessary to complete a transaction or provide a service requested by the user, we may share user information with:

  • Data processors.

  • Individuals acting under the authority of the Data Controller and Processor for the above purposes.

  • Firms or companies within the scope of assistance and consultancy relationships (e.g., legal).

  • Entities, group companies, third-party partner companies, joint venture partners, affiliates, and subcontractors of the Data Controller.

  • Entities authorized to access your data by law, secondary or community legislation.

  • Competent authorities for compliance with legal obligations and/or provisions of public bodies upon request; ü Service providers ("Service Providers") we rely on to assist in managing the Website and Services available to the user, whose privacy policies are consistent with ours or who agree to comply with our policies on Personal Information.

When transferring your data to third-party service providers, we will ensure that they meet the same security standards. Third-party service providers are therefore required to comply with a series of technical and organizational security measures, regardless of their location, including measures related to: (i) information security management; (ii) risk assessment for information security; and (iii) information security measures (e.g., physical access controls, logical access controls; protection against malware and hacking; data encryption measures; backup and recovery management measures). The third parties described above must process the shared personal data in accordance with the purpose for which such data was originally collected and at least to the same level of protection in force in Switzerland.

The list of Data Processors is constantly updated and available at the Data Controller's office. We will not share any personally identifiable information with third parties and will not share any information with non-affiliated third parties.

Service providers are not authorized to use or disclose user information except to the extent necessary to perform services on our behalf or to comply with legal requirements. Service providers receive only the information they need to perform their assigned functions and are not authorized to use or disclose the information provided for their marketing or other purposes.

9.     TRANSFER OF INFORMATION

Depending on the user's location, data transfer may involve transferring and storing user information in a country other than their own. However, this does not include countries outside the European Union and the European Economic Area. In case of such transfers, you can learn more by consulting the relevant sections of this Policy or by contacting us using the information provided in the contact section. Your personal data, in addition to being maintained in Switzerland, may be transferred to and stored in countries of the European Union and/or European Economic Area that have the same data protection laws as the country where the information was initially provided. Specifically, personal data subject to processing may be transferred to Germany.

10.  USER RIGHTS

If you are a resident in Switzerland, under the FADP, you have certain rights regarding data protection, and we aim to take reasonable measures to allow you to correct, modify, delete, or limit the use of your Personal Information. If you wish to be informed about what personal information, we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, the user has the following rights regarding data protection:

  • Withdraw consent if you have previously given consent to the processing of your Personal Information. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

  • Be subject to transparent processing (articles 19-21 FADP).

  • Obtain confirmation as to whether or not personal data concerning you is being processed and, if so, access personal data - including a copy thereof - and communication, among others, of the following information: purpose of processing, categories of personal data processed, recipients to whom they have been or will be communicated, data retention period, (right of access - art. 25 FADP).

  • Obtain, without undue delay, the rectification of inaccurate personal data and/or the completion of incomplete personal data (right to rectification - art. 32 para. 1 and 3 FADP).

  • Obtain, without undue delay, the erasure of personal data (right to erasure - art. 32 para. 2 lett. c FADP).

  • Receive personal data in a structured, commonly used, and machine-readable format, where the processing is based on consent and carried out by automated means (right to data portability - art. 28 FADP).

  • Object to processing at any time, for reasons related to your particular situation (right to object - art. 30 para. 2 lett. B and para. 3 FADP). If this right is exercised, the Company will refrain from further processing personal data, provided that there are no compelling legitimate grounds for processing.

  • Obtain restriction of processing (right to restriction of processing) where the accuracy of personal data is contested (for the period necessary for the controller to verify the accuracy of personal data) or where the data subject has objected to processing (pending verification of whether the legitimate grounds of the controller override those of the data subject).

  • Express your point of view regarding automated decisions, including the right to demand a review of the decision by a human being (right not to be subject to automated individual decision-making - art. 21 FADP).

  • Lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

How to exercise your rights

Any request to exercise user rights may be addressed to us through the contact details provided in this document. Before responding to such requests, we may ask you to verify your identity. Your request must provide sufficient information to allow us to verify that you are the person you claim to be or that you are the authorized representative of such person. If we receive your request from an authorized representative, we may request proof that you have provided such authorized representative with a power of attorney or that the authorized representative otherwise has valid written authority to make requests on your behalf.

You must include sufficient details to allow us to properly understand the request and respond to it. We may not be able to respond to your request or provide you with personal information until we verify your identity or the authority authorizing you to make such request and confirm that the personal information relates to you.

11.  PRIVACY OFFICER

The Company has appointed a Data Protection Officer, who can be contacted at the Data Controller's address indicated above or by sending an email to: dataprivacy@groupcopernicus.com.

12.  ADDITIONAL INFORMATION

For European Union Users

This section applies to users residing in the European Union and, for such users, replaces any other potentially divergent or conflicting information contained in this privacy notice. Further details regarding the categories of data processed, the purposes of processing, the categories of recipients of personal data, if any, the retention period, and other information about personal data can be found in the sections above.

Legal Basis

Depending on the purpose of the processing activity, the processing of your personal data may be based on one of the following reasons:

  • for processing related to the execution of the contract: performance of the contract (Art. 6, letter b) GDPR).

  • to contact the user in response to the request sent: consent of the data subject (Art. 6, letter a) GDPR).

  • for the processing of personal data contained in resumes: performance of activities necessary for the execution of pre-contractual measures adopted at the request of the data subject (Art. 6, letter b) GDPR).

  • regarding browsing data on this website, to ascertain liability in case of hypothetical computer crimes against the site, for administrative or audit purposes, to assert or defend a right in court, extrajudicially or administratively: overriding interest of the data controller – legitimate interest of the data controller (Art. 6, letter f) GDPR) without unduly prejudicing the interests or fundamental rights and freedoms of the user and to the extent that such personal data are necessary for the intended purpose.

  • for processing carried out for legal purposes: legal obligation (Art. 6, letter c) GDPR).

  • in some cases, necessary for the performance of a task carried out in the public interest (Art. 6, letter e) GDPR).

Data Subject Rights

Under the GDPR, you may exercise certain rights regarding your data within the limits of the law and in particular the following:

  • withdraw consent if you have previously given your consent to the processing of your personal information. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

  • be subject to lawful, fair and transparent processing (Art. 6 GDPR).

  • obtain confirmation as to whether or not personal data are being processed and, if so, access to personal data - including a copy thereof - and communication, among others, of the following information: purposes of processing, categories of personal data processed, recipients to whom they have been or will be communicated, retention period of data, (right of access - art. 15 GDPR).

  • obtain, without undue delay, the rectification of inaccurate personal data and/or the integration of incomplete personal data (right of rectification - art. 16 GDPR).

  • obtain, without undue delay, the erasure of personal data (right to erasure - Art. 17 GDPR).

  • receive personal data in a structured, commonly used, and machine-readable format, where processing is based on consent and is carried out by automated means (right to data portability - art. 20 GDPR).

  • object to processing at any time, for reasons related to your particular situation (right to object - art. 21 GDPR). If this right is exercised, the Company will refrain from further processing personal data, provided that there are no compelling legitimate reasons for processing.

  • obtain restriction of processing (right to restriction of processing - art. 18 GDPR).

  • express your point of view regarding automated decisions and in particular to demand a review of the decision by a human being (right not to be subject to automated individual decision-making - art. 22 GDPR).

  • lodge a complaint with the competent supervisory authority Any request to exercise the user's rights can be addressed to us through the contact details provided in this document. 

Cookies

Our website and services use "cookies" to personalize your online experience. A cookie is a text file that is placed on your hard drive by a web page server. Cookies cannot be used to run programs or transmit viruses to your computer. Cookies are uniquely assigned to the user and can only be read by a web server in the domain that issued the cookie. If you choose to decline cookies, you may not be able to use and experience the features of the Website and Services.

We may use cookies to collect, store, and track information for security and personalization, for the operation of the Website and Services, and for statistical purposes. You have the option to accept or decline cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

Do Not Track Signals

Some browsers incorporate a "Do Not Track" feature that signals to visited websites that you do not want your online activity to be tracked. Tracking does not mean using or collecting information in relation to a website. For these purposes, tracking refers to the collection of personally identifiable information from consumers who use or visit a website or online service while moving across different websites over time. The way browsers communicate the Do Not Track signal is not yet uniform. Consequently, the Website and Services are not yet configured to interpret or respond to Do Not Track signals communicated by the browser. Nevertheless, as described more fully in this Policy, we limit the use and collection of your personal information. For a description of Do Not Track protocols for browsers and mobile devices or to learn more about the choices available to you, visit the website internetcookies.com.

Information Security

No data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your personal data, you acknowledge that (i) there are Internet security and privacy limitations beyond our control; (ii) we cannot guarantee the security, integrity, and privacy of all information and data exchanged between you and the Website and Services; and (iii) such information and data may be viewed or tampered with by third parties during transit, despite our efforts.

Data Breach

In the event that we become aware that the security of the Website and Services has been compromised or that User Personal Information has been disclosed to unrelated third parties as a result of external activity, including but not limited to security attacks or fraud, we reserve the right to take reasonably appropriate measures, including but not limited to investigations and reporting, as well as notification and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe there is a reasonable risk of harm to the User as a result of the breach or if notification is otherwise required by law. In such a case, we will publish a notice on the Website.

Changes and Amendments

We reserve the right to modify this Policy, or its terms relating to the Website and Services, at any time and at our discretion; the User will not receive proactive communications from us regarding any changes.

An updated version of this Policy will be effective immediately upon posting of the new Policy, unless otherwise specified. Your continued use of the Website and Services after the effective date of the updated Policy (or other specified act at that time) will constitute your consent to such changes. However, without your consent, we will not use your Personal Information in a manner materially different from what was stated at the time of collection of your Personal Information.

Acceptance of this Policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information, you agree to be bound by this Policy. If you do not agree to comply with the terms of this Policy

How to Contact Us

If you have any questions, doubts, or complaints regarding this Policy, the information we hold, or if you wish to exercise your rights, please feel free to contact our Privacy Officer using the details provided below:

Copernicus Wealth Management SA, Via al Forte 1, 6900 Lugano, at the following email address: dataprivacy@groupcopernicus.com.

We will attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws.

 

Data of Entry into Force, 04/03/2024