Principalis AG
Principalis AG, Seestrasse 63, 8806 Bäch (Principalis), is a family office based in Switzerland, which provides various advisory services to its clients. Principalis works closely with the Swiss fund management company PMG Investment Solutions AG, Dammstrasse 23, 6300 Zug (PMG), which provides asset management services to Principalis clients. Due to the close cooperation between Principalis and PMG, personal data relating to an asset management mandate is exchanged between these two companies.
Notes on data protection
Your privacy is important to us. It is Principalis policy to respect your privacy and to comply with all applicable laws and regulations regarding any personal information we may collect about you. We also take these principles into account when operating our website , https://www.principalis.com.
Personal data is any information about you that can be used to identify you. This includes information about you as a person (e.g. name, address and date of birth), your devices and the technical equipment you use, payment details and even information about how you use a website or online service.
Information we collect
The information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information that you knowingly and actively provide to us when you use or participate in one of our services or promotions, or when you contact us via our website, telephone or email.
“Automatically collected” information refers to any information that is automatically sent by your devices when you access our website and use our services.
Log-data
When you visit our website, our servers may automatically log standard information provided by your web browser. This includes the internet protocol (IP) address of your device, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page and other details about your visit.
In addition, if you encounter certain errors while using the Website, we may automatically collect data about the error and the circumstances of its occurrence. This data may include technical details about your device, what you were doing when the error occurred and other technical information relating to the problem. You may also receive a notification at the moment of occurrence that the error has occurred or what type of error it is.
Please note that while this information is not personally identifiable in and of itself, it may be possible to combine it with other data to identify individuals.
Personal information
The personal data that we collect, store, use and process, includes the following (the list is not exhaustive):
Based on your request and explicit consent, we also process special categories of personal data, such as details of your family, relatives as well as any friends, etc.
What sources do we use to collect personal data?
We collect and receive the aforementioned information either:
- directly from the data subjects themselves (e.g. when you contact us), be they clients/potential clients; and/or
- by using publicly available sources (e.g. SECO or OFAC sanctions lists, Worldcheck, AML Spotter, LexisNexis); and/or
- from other third party sources (e.g. credit report) lawfully provided to us.
Legitimate grounds for processing your personal data
We only collect and use your personal data when we have a legitimate reason to do so. In this case, we only collect personal data that is reasonably necessary to provide our contracted services to you.
Collection and use of information
We may collect personal data from you when you do any of the following on our website:
- Signing up to receive news from us via email or social media channels
- Using a mobile device or web browser to access our content
- Contacting us via email, social media or similar technologies
- When you mention us on social media
When you mention us on social media
We are entitled to collect, store, use and disclose information for the following purposes and personal data will not be further processed in a way incompatible with those purposes:
- to provide you with the core functions and services of our platform
- to contact and communicate with you
- for analytics, market research and business development, including the operation and improvement of our website, associated applications and associated social media platforms
- for internal records and administrative purposes
- for security and fraud prevention and to ensure that our websites and apps are secure and used in accordance with our terms of use
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, our marketing and market research activities may uncover data and insights that we can combine with information about how visitors use our website to improve our website and your experience on it.
Who receives your data?
Principalis is bound by the confidentiality agreement agreed separately with our clients. In principle, your personal data will only be shared with third parties (including subsidiaries of Principalis) if there is a legal or regulatory necessity for this or if you have given us your consent. The transfer of your personal data to a third party involved in the value chain will only take place after a comprehensive confidentiality agreement has been concluded.
The transfer of personal data to a third country (i.e. outside the EEA, European Economic Area) will only be carried out in compliance with the applicable legal provisions, for European customers this means if (i) this is necessary to be able to execute customer orders, (ii) this is required by law or regulation, or (iii) you have given us your consent.
Security of your personal information
When we collect and process personal data and for as long as we retain it, we protect it using commercially reasonable means to prevent loss and theft and unauthorised access, disclosure, copying, use or modification.
Although we do our best to protect the personal information you provide to us, please note that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for the selection of any password and its overall security strength, and for ensuring the security of your own data within our Services. For example, you must ensure that any passwords associated with access to your personal data are secure and confidential.
How long we keep your personal information?
We process and store your personal data for as long as permitted by applicable law. We store your personal data for as long as is necessary for the contractual and legal purposes for which it was collected. In some cases, we store your personal data for longer periods, e.g. if there are legal, regulatory, tax, accounting or mandatory technical requirements (the retention periods are thus five, ten or more years).
Disclosure of personal information to third parties
We may disclose personal data to:
- a parent, subsidiary or affiliate of our company.
- third party service providers to enable them to provide their services, including asset management service providers, IT service providers, data storage providers, consolidation service providers, hosting and server providers, analysts, error loggers, collection agencies, maintenance or problem resolution providers, professional advisors and payment system operators
- our employees, contractors and/or affiliates
- our existing or potential agents or business partners
- credit reference agencies, courts, tribunals and regulatory authorities if you fail to pay for goods or services we have provided to you
- courts, tribunals, regulators and law enforcement agencies, where required by law, in connection with current or future legal proceedings or to establish, exercise or defend our legal rights
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you
- third parties who collect and process data
- third parties we may use include but are not limited to:
- Google Analytics
- a company that buys our assets and business or to whom we transfer all or substantially all of our assets and business.
Your rights and control over your personal data
Your Choice: By providing us with personal information, you consent to our collection, retention, use and disclosure of your personal information in accordance with this Privacy Policy. You are under no obligation to provide us with personal information. However, your failure to do so may affect your use of our website or the quality of the products and/or services offered on or through the website.
Information from third parties: If we receive personal information about you from a third party, we will protect it in accordance with this Privacy Policy. If you are a third party providing us with personal information about another person, you represent and warrant that you have that persons consent to share the personal information with us.
Access: You can request details of the personal data we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the address provided in this Privacy Policy. We will take reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading or out of date.
Non-discrimination: We will not discriminate against you when you exercise any of your rights over your personal data. Unless your personal data is required to provide you with a particular service or offer (e.g. the provision of user support), we will not withhold goods or services from you and/or charge you different prices or rates for goods or services, including by giving you discounts or other benefits, or offer you a different level or quality of goods or services.
Data breach notification: We will comply with applicable laws.
Complaints: If you believe that we have breached any relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you in writing, setting out the outcome of our investigation and the steps we will take to address your complaint. You also have the right to contact a supervisory authority or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt out of communications (including marketing communications), please contact us using the details provided in this Privacy Policy or use the unsubscribe options provided in the communication. We may need to request specific information from you to confirm your identity.
Use of cookies
We use “cookies” to collect information about you and your activities on our website. A cookie is a small piece of data that our website stores on your computer and retrieves each time you visit so that we can understand how you use our website. This helps us to present you with content based on the preferences you have indicated.
Please read our Cookie Policy for more information.
Do we carry out profiling?
Generally, we do not use automated decision-making. If we do, it is usually on the basis of applicable legal and regulatory requirements (e.g. in the context of combating money laundering, terrorist financing and asset endangering offences, if we are obliged to do so for legal reasons).
Publications
You can have one of our publications sent to you via our website by providing us with your e-mail address. We require your consent for this service, as this will result in your e-mail address being stored by us. If you no longer wish your e-mail address to be stored by us, please contact info@principalis.com
Cookies
These are small data records that are stored when you visit our website. We also collect personal data (e.g. e-mail address) that you submit to us via our website (e.g. newsletter subscription). We use your data for statistical purposes, for technical evaluations, to determine the frequency of access and to be able to draw conclusions for improving the user-friendliness and the functionalities on our website.
If you do not agree to the use of cookies, you must configure your browser so that cookies are no longer stored on the electronic device you are using. Please note that this may mean that you can no longer use all the functions of our website.
Analysis tools
In order to be able to analyse the information made available by cookies on how visitors use our website, we use so-called analysis tools.
The data may be transferred to third parties and is used for analysis purposes as described in the Cookies section.
Limits of our policy
Our website may contain links to external websites that are not operated by us. Please note that we have no control over the content and policies of these sites and cannot accept any responsibility or liability for their respective privacy practices.
Changes to this policy
We have the discretion to change our privacy policy to reflect updates to our business processes, current acceptable practices, or legal or regulatory changes. If we decide to change this Privacy Policy, we will post the changes here at the same link that you use to access this Privacy Policy.
If the changes are significant, or if required by law, we will contact you (based on your chosen preferences for communications from us) and all of our registered users with the new details and links to the updated or amended policy.
If required by law, we will seek your consent or give you the opportunity to consent or opt out of the new use of your personal information, whichever is applicable.
Additional information on compliance with the General Data Protection Regulation (DSGVO/GDPR) (EU)
Data controller / data processor ( Art. 4 GDPR).
The GDPR distinguishes between organisations that process personal data for their own purposes (known as “data controllers”) and organisations that process personal data on behalf of other organisations (known as “data processors”). We, Principalis, located at the address shown in our contact section, are a data controller in relation to the personal information you provide to us.
Legal basis for the processing of your personal data (Art. 6 DSGVO)
We will only collect and use your personal information if we have a legal right to do so. In this case, we will collect and use your personal data in a lawful, fair and transparent manner. If we seek your consent to process your personal information and you are under 16 years of age, we will obtain the consent of your parent or guardian to process your personal information for that specific purpose. (Art. 8 DSGVO)
Our legal bases depend on which services you use and how you use them. This means that we only collect and use your data for the following reasons:
Consent from you (Art. 6 para. 1 lit.a DSGVO)
When you give us your consent to collect and use your personal data for a specific purpose. You can withdraw your consent at any time via the options we provide; however, this does not affect the use of your data that has already taken place. You may consent to providing your email address in order to receive marketing emails from us. While you can unsubscribe at any time, we will not be able to recall any emails that have already been sent. If you have any further questions about how to withdraw your consent, please contact us at the address provided in the “Contact Us” section of this Privacy Policy.
Fulfilment of a contract or transaction (Art. 6 para. 1 lit. b DSGVO)
If you have entered into a contract or transaction with us, or to take preparatory steps before we enter into a contract or transaction with you. For example, if you contact us with an enquiry, we may need personal data such as your name and contact details in order to respond to you.
Safeguarding our legitimate interests (Art. 6 para. 1 lit. f DSGVO).
Where we believe it is necessary for our legitimate interests, e.g. to provide, operate, improve and communicate our services. Our legitimate interests include research and development, understanding our audience, marketing and promoting our services, measures to operate our services efficiently, marketing analysis and measures to protect our legal rights and interests.
Compliance with laws (Art. 6 para. 1 lit. c DSGVO).
In some cases, we may be required by law to use or retain your personal data. Such cases may include (but are not limited to) court orders, criminal investigations, government requests and regulatory obligations. If you have any further questions about how we retain personal data to comply with the law, please feel free to contact us at the address provided in the “Contact Us” section of this Privacy Policy.
Your rights and control of your personal data
Access to data (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you. Where possible, we will provide this information in CSV format or another easily readable machine format.
Data transfer (Art 20 GDPR): You also have the right to request that we transfer this personal data to a third party.
Correction (Art 16 GDPR): You have the right to request that incorrect or false information about your personal data be corrected.
Erasure (Art. 17 DSGVO): You have the right to ask us to delete the personal data we hold about you at any time and we will take reasonable steps to delete your personal data from our current records. If you ask us to delete your personal data, we will inform you how the deletion will affect your use of our website or our products and services. There may be exceptions to this right for certain legal reasons, which we may inform you of in our response to your request. Please note that search engines and similar third parties may continue to retain copies of your personal data that has been made public at least once, such as certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
Restriction (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal data if (i) you have concerns about the accuracy of your personal data; (ii) you believe that your personal data has been processed unlawfully; (iii) we no longer need the personal data for accurate processing; or (iv) we are currently considering your objection to processing based on legitimate interests.
Objection to processing (Art. 21 GDPR): You have the right to object to the processing of your personal data based on our legitimate interests or public interests. In this case, we must provide compelling legitimate grounds for the processing that override your interests, rights and freedoms in order to proceed with the processing of your personal data.
International transfers outside the European Economic Area (EEA) (Art. 45 GDPR and Art. 46 GDPR)
We ensure that any transfer of personal data from Switzerland or from countries in the European Economic Area (EEA) to countries outside the European Economic Area (EEA) is protected by appropriate safeguards, such as the use of standard data protection clauses approved by the European Commission or the use of binding corporate rules or other legally accepted means. A transfer of personal data to countries outside the European Economic Area may take place for purposes of so-called Fatca or AIA/CRS reporting, among others.
Who can I contact with questions regarding data processing?
Your first point of contact for all issues relating to this privacy policy is:
Principalis AG
Seestrasse 63
8806 Bäch
You can reach our data protection officer at the following email address:
Applicable law and place of jurisdiction
This Privacy Policy is governed exclusively by Swiss law. Any dispute, controversy or claim arising out of or in connection with this Privacy Policy, including the validity, invalidity, breach or termination thereof, shall be settled by mediation in accordance with the Swiss Rules of Mediation for Commercial Disputes of the Swiss Chambers Arbitration Institution. The version of the Mediation Rules in force at the time of service of the Notice of Arbitration shall apply. The seat of the mediation proceedings shall be Zurich. The language of the mediation proceedings shall be German.
If the dispute(s), disagreement(s) or claim(s) cannot be fully resolved through the mediation process within 60 days of the confirmation or appointment of the mediator(s), they shall be settled by arbitration in accordance with the Swiss International Arbitration Rules of the Swiss Chambers Arbitration Institution. The version of the Rules in force at the time of service of the Notice of Arbitration shall apply. The arbitral tribunal shall consist of one (1) or three (3) arbitrators. The seat of the arbitration shall be Zurich. The language of the arbitration shall be German. The arbitration shall be conducted in accordance with the provisions of the Expedited Procedure.