1. General

In this Privacy Policy, we, Clarus Capital Group AG Zurich (hereinafter referred to as CCG), explain how we collect and process personal data. This is not an exhaustive description; other data protection declarations [or general terms and conditions, conditions of participation and similar documents] may govern specific matters. Personal data means any information relating to an identified or identifiable individual.

If you provide us with personal data of other persons (e.g. family members, data of work colleagues), please make sure that these persons are aware of this privacy policy and only share their personal data with us if you are authorized to do so and if this personal data is correct.

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA") and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.

2. Responsible person and contact

CCG is responsible for the processing of your personal data.  You can contact us for any data protection concerns as follows:

Clarus Capital Group AG
Gutenbergstrasse 10
CH-8002 Zurich
+41 (0) 44 552 90 00
​​​​​​​info(at)claruscapital.ch

3. Collection and processing of personal data

We primarily process the personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in it, or that we collect from their users in the course of operating our websites and other applications.

This includes, for example, data during the opening of business relationships, in the context of the execution of contracts, the use of products and services or on websites or other applications. We also process personal data that accrue in the context of the use of products or services and that are transmitted to us. We may, to the extent permitted, obtain personal data from publicly available sources, from public authorities or from other third parties.

4. Categories of personal data

We process different categories of personal data. The main categories are as follows:

• Master and inventory data: This includes information such as name, address, nationality, date of birth, details of accounts, deposits, completed transactions and contracts, as well as information about third parties involved in the data processing, such as spouses, authorized representatives and advisors.
• Technical data: These include business numbers, IP addresses, internal and external identifiers, and records of access.
• Transaction and order data and risk management data: This includes information about payees, their bank, transfer amounts, and investment product details.
• Financial data: This category includes credit rating information, asset details, debt details, and risk and investment profiles.
• Visitor and prospect data: This includes information about users of partner websites.
• Marketing data: This includes preferences and needs of data subjects.
• Communications Data: This includes contact information such as email addresses and phone numbers.
• Other Data: This category includes video or audio recordings and access data.

Much of this data is provided to data subjects by CCG itself. Categories of personal data that CCG receives from third parties include information from public records, information related to governmental and legal proceedings, credit reports, information to comply with legal requirements such as anti-fraud, anti-money laundering and anti-terrorism, and export restrictions. This also includes information from banks, insurance companies and sales partners of CCG in connection with the provision or use of services, namely asset management, investment advice and other related services, information from the media and the Internet, addresses and, if applicable, interests and other socio-demographic data, in particular for marketing and research purposes, as well as data in connection with the use of external websites and online services, provided that this use can be attributed to a data subject.

5. Purposes of data processing and legal basis

We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in connection with the services we provide to our customers and the purchase of products and services from business partners, as well as to comply with our legal obligations in Switzerland and abroad. This is particularly the case in the context of services in the areas of Legal, Risk & Compliance, Fiduciary & Accounting, and IT Administration. If you work for a customer or business partner, your personal data may of course also be affected in this capacity.

In addition, we also process personal data of you and other persons, to the extent permitted and deemed appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• Conclusion and performance of contracts, implementation, processing and administration of products and services (e.g. invoices, payments, financial planning, investments, retirement planning, insurance).
• Monitoring and managing risks (e.g. investment profiles, anti-money laundering, limits, utilization ratios, market risks).
• Planning, business decisions (e.g. development of new or evaluation of existing services and products).
• Marketing, communication, information about and review of service offerings (e.g. print and online advertising, customer, prospect or other events, identification of future customer needs, assessment of a customer, market or product potential).
• Fulfillment of legal or regulatory disclosure, information or reporting obligations to courts and authorities, fulfillment of official orders (e.g. reporting obligations vis-à-vis FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders of public prosecutors in connection with money laundering and terrorist financing).
• Prevention and investigation of criminal offenses or other misconduct (e.g., through internal investigations).
• Safeguarding the interests and securing the claims of CCG e.g. in the event of claims against CCG or claims of CCG against third parties.
• Ensuring the operation, in particular of the IT, the website as well as other platforms.
• Preparation and processing of transactions relating to the purchase or sale of companies or parts of companies or other transactions under company law.

Insofar as you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we process your personal data within the scope of and based on this consent, insofar as we have no other legal basis or require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

6. Cookies / tracking and other technologies in connection with the use of our website.

When necessary, we generally use "cookies" and similar technologies on our websites that are used to identify your browser or device. A cookie is a small file that is automatically stored by your web browser on your computer or mobile device when you visit our website. These cookies are small records that are stored on the visitor's computer to track the visit to the website, to facilitate navigation between different pages and to save settings (e.g. selected language). Cookies are used to collect statistical data about the frequency and duration of visits to certain areas of the website and to help design customized, useful and user-friendly websites. You always have the option to refuse the use of cookies by deleting the cookies set on the website through your internet browser settings.

Occasionally, we also use third-party components (such as plugins) to enhance the user experience and online advertising campaigns. These components may also use cookies for similar purposes. Neither these third parties nor we have access to the data each collects from the other through cookies. Our partners also use cookies as part of advertisements on third-party websites with which we have marketing relationships. When third-party vendors collect anonymized information about the use of our website and other websites, our partner may use this anonymized data to improve the effectiveness of advertising.

This privacy policy applies solely to data we obtain through the use of our website. It does not apply to third-party websites, even if you access them through links on our website. We have no control over, and cannot accept responsibility for, the content and privacy practices of third party websites.

When someone visits our website, the web server automatically collects information about the visit, such as the website from which the visit is made, the visitor's IP address, the content accessed on the website, and the date and duration of the visit. This tracking data is used to optimize the websites visited and provides information about how the visitor learns about and uses products, services and offers. As a rule, however, this data does not enable the visitor to be identified and no personal data is processed. However, if the visitor provides personal data, for example by filling out a registration form or a newsletter subscription form, we may use this data in addition to the purposes mentioned in Section 5:

• To manage customer and user accounts;
• to provide information about services and products;
• for marketing purposes, such as sending newsletters;
• for the technical provision (hosting) and further development of our websites.

In our newsletters and other marketing emails, we sometimes integrate visible and invisible image elements that allow us to determine whether and when you have opened the email. This allows us to measure the use of our offers and better understand how to tailor them to your needs. You can block this in your email program; most programs are set to do so by default.

By using our website and agreeing to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not wish to do so, you must make the appropriate settings in your browser or e-mail program.

7. Data transfer and data transmission abroad

In the course of our business activities and for the purposes set out in section 5, we also disclose data to third parties, where permitted and where we consider it appropriate, either because they process the data for us or because they want to use it for their own purposes. This applies in particular to the following parties:

• Service providers of us (such as banks, insurance companies), including order processors (such as IT providers);
• For the execution of orders, i.e. when products or services are used.
• Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
• For outsourcing in accordance with Section 8 and for the purpose of customer service to other service providers.
• With the consent of the data subjects to other third parties.
• Domestic and foreign authorities, official agencies or courts of law  

all collectively "recipients".

These recipients are usually domestic. In particular, when certain products or services are used, personal data may also be disclosed to third parties outside Switzerland (e.g. Europe or the USA).

If a recipient is located in a country without adequate legal data protection, CCG contractually obligates the recipient to comply with the applicable data protection (e.g., with standard contractual clauses), unless the recipient is already subject to a legally recognized set of rules to ensure data protection or CCG cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

8. Outsourcing of business areas or services

We engage external service providers to provide certain business areas and services in whole or in part on our behalf. These service providers process personal data on behalf of CCG and are therefore referred to as "processors." We take great care in selecting these processors.

Wherever possible, we prefer Processors based in Switzerland that act as joint controllers. These processors may themselves procure certain services from third parties.

Processors may only process the personal data provided to them in accordance with CCG's instructions. They are contractually obligated to ensure the confidentiality and security of this data.

9. Duration of storage of personal data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the legal storage and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and to the extent possible. For operational data (e.g. system logs, logs), generally shorter retention periods of twelve months or less apply.

10. Data security

We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse. The protection of personal data includes appropriate technical and organizational security measures (e.g. access restrictions, firewalls, personalized passwords as well as encryption and authentication technologies, training of employees, etc.).

11. Obligation to provide personal data

Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent) or to process it. Also, the website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.

12. Profiling and automated decision making

We sometimes use your personal data for automated processing purposes to evaluate certain individual characteristics (profiling). Our main objective in using profiling is to provide you with targeted information about our products and to advise you accordingly. To this end, we use analytical tools that enable us to carry out tailored communication and advertising as well as market research and opinion surveys.

Please note that we generally do not use fully automated decision-making processes as described in Article 22 of the General Data Protection Regulation (GDPR) to establish or conduct the business relationship. Should we use such procedures in individual cases, we will inform you separately, if required by law, and inform you of the associated rights.

13. Rights of the data subject

Every person has the right to request information from CCG about whether their personal data is being processed. There is the possibility to object, to restrict processing and, if applicable, to exercise the right to data portability. If there is incorrect information, it can be corrected. In addition, it is possible to request the deletion of personal data, provided that no legal or regulatory requirements (e.g. legal retention obligations for business-related data) or technical obstacles prevent this. Please note that the deletion of data may mean that certain services can no longer be provided. If relevant, you also have the right to complain to a competent authority.

If CCG processes your personal data on the basis of consent, you may withdraw this consent at any time. However, please note that CCG has the right to invoke restrictions provided by law, in particular if we are required to retain or process certain data, have an overriding interest (to the extent permitted) or need the data to enforce claims.

To assist CCG in processing your request, please provide us with a clear and understandable notice. We will review and respond to your request within a reasonable time.

In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

14. Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. Insofar as the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.