Data protection

1. Gamma Financials AG protects your personal data in accordance with Swiss DSG and EU GDPR. Data is only used for legitimate purposes, such as contract processing, service, communication and security.
2. Technical information, communication data and, if you consent, cookies and analysis tools are used.
3. Your data may be passed on to service providers or authorities in Germany and abroad, always with appropriate protective measures.
4. Data is only stored for as long as is necessary for legal or contractual purposes.
5. You have the right to information, correction, deletion and objection at any time. contact: info@gammafinancials.ch

By accessing the official website of Gamma Financials AG, you agree to the information and processing of your personal data in the manner described in this privacy policy. If you do not agree, please refrain from accessing our entire website. This privacy statement can be updated at any time. The updates are binding. By continuing to use the website and our services, we assume that you have read it.

The following information also applies mutatis mutandis to all other information that you receive, for example in the form of our newsletter.

With this privacy policy, we, Gamma Financials AG (hereinafter referred to as the company, we or us), describe how we collect and process personal data. This privacy statement is not necessarily a comprehensive description of how we process data. It is possible that other privacy statements or general terms and conditions, participation conditions or similar documents may apply to specific circumstances.

In this privacy statement, the term “personal data” means any information that identifies an identified or identifiable natural person (data subject) or could reasonably be used to identify a natural person.

If you provide us with personal data of other people (e.g. family members, work colleagues), please ensure that the data subjects are aware of this privacy policy and that you only provide us with their data if you have the right to do so and that personal data is correct.

This privacy policy is in line with the EU General Data Protection Regulation (“GDPR”) and the Swiss Data Protection Act (“DSG”). However, the application of these laws depends on the individual case.

The “responsible person” of data processing, as described in this privacy policy (i.e. the responsible person), is:

Andreas Köpfli, CFO/Partner
Gamma Financials AG
Bahnhofplatz
6300 train

‍info@gammafinancials.ch

If you have any questions about the processing of your personal data or other concerns about data protection, you can contact us using these contact details.

We use the collected data primarily to conclude and fulfill contracts with our customers and business partners, in particular in connection with the provision of financial services and the purchase of products and services from our suppliers and subcontractors, as well as to comply with domestic and foreign legal obligations.

In addition, in accordance with applicable law and where appropriate, we may process personal data for the following purposes, which are in our or, where applicable, the legitimate interests of a third party, such as:

• providing and developing our products, services, and websites, apps, and other platforms on which we operate;
• communication with third parties and processing their inquiries (e.g. applications, media inquiries);
• advertising and marketing (including the organization of events), unless you have objected to the use of your data for this purpose (if you are part of our customer base and receive advertising, you can object at any time and we will add you to the list of people who do not want any further advertising);
• asserting legal claims and defending in legal disputes and administrative proceedings;
• preventing and investigating crime and other misconduct;
• ensuring our operations, including our IT, websites, apps, and other applications;
• Acquisition and sale of divisions, companies or parts of companies and other corporate transactions and the associated transfer of personal data as well as measures for corporate governance and compliance with legal and regulatory obligations as well as internal company regulations.

If you have given us your consent to process your personal data for specific purposes (e.g. when signing up to receive newsletters), we process your personal data within the scope of and on the basis of this consent, unless we have another legal basis, if we need one. A given consent can be withdrawn at any time, but this has no effect on the data processed before the withdrawal.

We primarily process personal data that we receive from our customers and other business partners as well as from other persons as part of our business relationships with them or that we collect from users when operating our websites, apps and other applications.

As far as we are permitted, we obtain certain personal data from publicly available sources (e.g. debtor register, land register, commercial register, press, Internet) or we receive such information from affiliated companies, authorities or other third parties (such as sales partners, custodian banks). In addition to the data that you have provided to us directly, the categories of data that we receive about you from third parties include information from public registers, data that we receive in connection with administrative or court proceedings, information related to your professional role and activity (e.g., to conclude and execute contracts with your employer), information about you in correspondence and in discussions with third parties, information about you who us from people associated with you ( family members, advisors, legal representatives, etc.) to conclude or process contracts with you or with your participation (e.g. powers of attorney), information on legal regulations such as money laundering, bank details, information about you that can be found in the media or on the Internet (provided in individual cases, e.g. in connection with applications, media reports, branding/sales, etc.), your address and any other socio-demographic Data (for marketing purposes), data related to your use of our websites (e.g. IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages and content retrieved, applications used, referring website, localization data).

In principle, we store this data for 12 months after the processing purpose has ended. This period may be longer if this is necessary for evidentiary reasons or to meet legal or contractual requirements.

specifications

When you visit our website, your user-specific data (e.g. IP address, web browser, operating system) and technical data (e.g. URLs of pages viewed, execution of a search query) are collected and evaluated anonymously.

The above data is collected and processed for purposes of system security and stability, error and performance analysis and for internal statistical purposes and enables us to optimize our website.

When subscribing to our content or submitting a contact form/customer login, we process the data required to provide the desired service. Depending on the service, the following data can be processed: email address, first name, last name, title, full address, subject and message.

If you have given us your consent to process your personal data for specific purposes (e.g. when you subscribe to a newsletter or make an enquiry), we process your personal data within the scope of and on the basis of this consent, unless we have another legal basis, if we need one. A given consent can be withdrawn at any time; however, this has no effect on the data processed up to the revocation.

In principle, we store technical data for 6 months.

communication data

If you contact us via the contact form, by e-mail, telephone or chat, by letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the peripheral communication data. If we record or listen to telephone calls or video conferences, e.g. for training and quality assurance purposes, we will let you know. Such recordings may only be made and used in accordance with our internal policies and legal requirements.

In principle, we store this data for 12 months from the last exchange with you. This period may be longer if this is necessary for evidentiary reasons, to meet legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally kept for 24 months. Chats are generally kept for 2 years.

Cookies and their use

In some cases, we use “cookies” to tailor our offer as precisely as possible to your needs. Cookies are small files that cannot perform any actions on their own and are stored on your computer or mobile device when you visit or use one of our websites. Cookies store specific settings about your browser and data related to the exchange with the website via your browser. When a cookie is activated, it can be assigned an identification number that identifies your browser and allows the information contained in the cookie to be used. There are basically two different types of cookies: temporary cookies and persistent cookies. We use temporary cookies, which are automatically deleted from your mobile device or computer after the browsing session is over. We also use persistent cookies to save user preferences (e.g. language, auto login), to understand how you use our services and content and to be able to show you tailored offers and advertising (which can also happen on websites of other companies; if we know your identity, these companies do not know your identity from us; they only know that the same user who visits their website has visited a particular website before). These remain stored on your computer or mobile device for a long time after the browsing session. They are automatically deactivated after a certain period of time.

However, you can set your browser so that it rejects cookies, stores them only for one session, or deletes them prematurely. Most browsers are pre-set to accept cookies. If you block cookies, it is possible that certain functions (such as language settings, shopping cart, ordering processes) are no longer available to you.

Gamma Financials AG allows partner companies that provide services for Gamma Financials AG or that are integrated into our website to store cookies, provided that this is technically necessary and the use of cookies is proportionate. Gamma Financials AG has no control over how cookies are used outside of our website.

By continuing to use our website and/or agreeing to this privacy policy, you agree that we store cookies and thus collect, store and use personal usage data even after the browser session has ended (“persistent cookies”). You can object to this at any time by changing the default settings of your browser so that it rejects (third-party) cookies.

Google Analytics and similar services

With the aim and intention of designing and continuously optimizing our website, we can use Google Analytics or similar services on our website. These are third-party services that may be based in any country in the world (in the case of Google Analytics Google Ireland Ltd. (based in Ireland), Google Ireland uses Google LLC (based in the USA) as a sub-processor (both “Google”), www.google.com) and which enable us to measure and evaluate the use of our website (on an anonymous basis). For this purpose, permanent cookies are used, which are set by the service provider. We have configured the service so that Google abbreviates the IP addresses of visitors in Europe before they are redirected to the USA and can then no longer be traced. We've turned off the “Data Sharing” option and the “Signals” option. Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google can use the collected data to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these people for its own purposes. If you have registered with the service provider, the service provider also knows your identity. In this case, your personal data will be processed by the service provider in accordance with its data protection regulations. The service provider only provides us with data about the use of the respective website (but no personal information about you).

When using our Internet pages, pseudonymized user profiles are created and, as explained in section 5 above, small text files stored on your computer are used. The information generated by such cookies about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data mentioned in section 4 above, we also receive the following information:

• Navigation path that a visitor follows on the website
• Time spent on the website or subpage
• Subpage on which the website is abandoned
• Country, region, or city from which access is made
• device (type, version, color depth, resolution, width and height of the browser window)
• Returning or new visitor

The tools, programs and instruments that we use to analyze web behavior include Google reCAPCHA

The information generated by cookies about your use of this website (including your IP address) is usually transmitted to a Google server in the USA and stored there. Google will use this information to evaluate the use of the website, to compile reports on website activity for us as website operators and to provide other services related to website activity and Internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will never connect your IP address with other data from Google. You can prevent cookies from being installed by changing your browser settings. However, in this case, you may not be able to take full advantage of all the features of the website. By using this website, you consent to the processing of data about you by Google in the manner described above and for the purposes set out above.

In addition, we use plug-ins from social networks such as Facebook, Twitter, YouTube, Pinterest or Instagram on our website. This is visible to you (typically based on the respective icons). We've configured these items to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks can record that you are on our website, from which page you are accessing, and can use this information for their own purposes. This processing of your personal data is the responsibility of the respective operator and is carried out in accordance with their data protection regulations. We do not receive any information about you from the respective operators.

As part of our business activities and in accordance with the data processing purposes mentioned above, we may transfer data to third parties, insofar as such transfer is permitted and we deem it appropriate so that they process the data for us or, where applicable, for their own purposes. In particular, the following categories of recipients may be affected:

• Our service providers (e.g. risk management & compliance, IT providers, host providers, auditors)
• National and foreign authorities, official bodies and courts
• Other parties in potential or actual legal proceedings

Some recipients are located in Switzerland, others may be in any country in the world. In particular, you must expect that your data will be transferred to every country where our service providers are located (such as Microsoft).

If a recipient is in a country without sufficient legal data protection, we oblige the recipient to comply with data protection (we use the revised standard contractual clauses of the European Commission, which can be downloaded here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply, for example, in the event of legal proceedings abroad, but also in cases where there is an overriding public interest or the fulfilment of a contract requires transfer, if you have given your consent or if the data has been made available by you in general and you have not objected to the processing.

Your data, which includes personal data, will only be processed and stored for as long as is necessary to fulfill our contractual and legal obligations or the other purposes pursued with the processing, i.e. possibly for the duration of the entire business relationship and also due to legal storage obligations and documentation requirements. It is possible that personal data may be kept for the period in which claims can be made against our company and insofar as we are otherwise required to do so by law or when legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above purposes, it will be deleted or anonymized as far as possible. There are shorter retention periods of 30 days or less for operational data (e.g. system logs, logs).

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. These measures include issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of passwords, data storage and transmission, pseudonymization, and controls.

We cannot guarantee the security of data transmission over the Internet. In particular when transmitting data by e-mail, there is a certain risk of access by third parties.

In accordance with applicable law, you have the right to access, correct and delete your personal data, the right to restrict processing or to object to our data processing, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing, as well as the right to receive certain personal data for transmission to another person responsible (data portability). Please note, however, that we reserve the right to assert legal restrictions on our part, e.g. if we are required to store or process certain data, have an overriding interest (insofar as we can rely on such interests) or need the data to assert claims.

We have already pointed out to you the possibility of objecting/withdrawing consent at any time. Please also note that exercising these rights may conflict with your contractual obligations and may result in consequences such as early termination of the contract and may involve costs. If this is the case, we will inform you in advance, unless this has already been contractually agreed.

In general, exercising these rights requires you to be able to prove your identity (e.g. by means of a copy of identity documents if your identity is not otherwise apparent or can be verified by other means). To exercise these rights, please contact us using the details provided above.

In addition, every data subject has the right to assert their rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

We can process some of your personal data automatically in order to evaluate certain personal aspects (profiling). In particular, profiling enables us to better inform and advise you about products that may be relevant to you. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as needed, including market and opinion research.

We may change this privacy statement at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will notify you by email or other appropriate means in the event of a change.