Search
Close this search box.

Altoo Platform and App Privacy Notice

TRANSPARENCY STATEMENT ACCORDING TO ART. 13 AND 14 GDPR

1. Scope

Altoo AG has issued below Transparency Statement in the light of the enactment of GDPR, the new data protection and privacy regulation of the European Union (EU), and the upcoming revision of the Swiss Data Protection Act.

It is especially dedicated for the users of Altoo Platform, consisting of both, Web Application and Mobile Application, i.e. clients with access to our tools.

For Website Access and Newsletter, a dedicated Transparency Statement can be found here.

Elevate Your Wealth Game: Empowering UHNWIs for Simplified Asset Management. Altoo Platform Preview

2. Data Protection Information

With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws. The details on what data will be processed and which method will be used depend significantly on the services applied for, procured or otherwise agreed upon.

3. Who Is Responsible for Data Processing and How Can I Contact Them?

The unit responsible is and you can reach our company at:

Altoo AG
Attn: Data Protection Responsible
Innere Güterstrasse 2
6300 Zug
Switzerland

Phone +41 58 502 25 25
E-Mail: dataprotection@altoo.io
Web: https://altoo.io/live01

4. What Sources and Data Do We Use?

4.1 We process personal data that we obtain from our (business) clients in the context of business relationships. We also process – insofar as necessary to provide our services and organize our procurement of services – personal data that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet).

4.2 Relevant data is personal information of contact persons from our clients (e.g. name, address and other contact details, date and place of birth, and nationality), and identification data (e.g. ID card details). Furthermore, this can also be order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. sales and order data in payment transactions), marketing and sales data, documentation data (e.g. meeting protocols), and other data similar to the categories mentioned.

5. Cookies

5.1 The Altoo platform uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

5.2 Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

5.3 Using cookies, we can provide the users of our platform with more user-friendly services that would not be possible without the cookie setting.

5.4 By means of a cookie, the information and offers on our platform can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our platform users. The purpose of this recognition is to make it easier for users to utilize our platform.

5.5 You may, at any time, prevent the setting of cookies through our platform by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our platform may be entirely usable.

6. What Do We Process Your Data for (Purpose of Processing) and On What Legal Basis?

6.1 We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP):

a) For fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR)

Data is processed in order to provide and receive services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided or received. You can find more specific details about the purposes of data processing in the relevant contract documents and terms and conditions.

b) In the context of balancing interests (Art. 6 para. 1f of the GDPR)

Where required, we process personal data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples:

  • Consulting and exchanging data with third parties (if appropriate and required)
  • Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions
  • Marketing or market and opinion research, unless you have objected to the use of your data
  • Asserting legal claims and defense in legal disputes
  • Guarantee of our company’s IT security and IT operation
  • Prevention and clarification of crimes
  • Measures for building and site security (e.g. access controls)
  • Measures for ensuring the right of owner of premises to keep out trespassers
  • Measures for business management and further development of services and products
  • Risk control in Altoo AG.

In addition, we obtain personal data from publicly available sources for client acquisition purposes.

c) As a result of your consent (Art. 6 para. 1a of the GDPR)

As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of certain activities for marketing purposes), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.

7. Who Receives My Data?

7.1 Within Altoo, every unit that requires your wealth data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain confidentiality. These are companies in the categories of banking services, as well as advice and consulting (e.g. Family Offices, Lawyers, Real Estate Offices), as instructed by you.

7.2 Service providers and vicarious agents appointed by us can also receive access to personal data for the purposes given, if they maintain confidentiality. These are companies in the categories of IT services (e.g. mobile number for App download), logistics, printing services, telecommunications, collection, and sales and marketing.

8. Will Data Be Transferred to a Third Country or International Organization?

8.1 Some personal data (e.g. mobile number) may be shared with specialized providers (e.g. IT service providers, e.g. for downloading the App). As such, such generic data may be transferred to countries outside Switzerland or the European Economic Area (EEA). Personal data is transferred outside the EEA on the basis of declarations of adequacy or other appropriate safeguards, in particular standard data protection clauses adopted by the European Commission.

8.2 Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information (Article 13 para 1f of the GDPR).

9. Security of Processing

9.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we make reasonable efforts to protect personal data against accidental and illegal destruction and loss. We strive to ensure that personal data is used properly and protected from unauthorized access, use or disclosure. We use a combination of process, technology and physical security controls to protect personal data from unauthorized access, use or disclosure.

9.2 In addition, access to personal data is restricted to employees, contractors, and agents who need such information to perform their assigned functions and to develop or improve our services.

10. For How Long Will My Data Be Stored?

10.1 We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations. It should be noted here that our business relationship is a long-term obligation, which is set up based on periods of years.

10.2 If the data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further processing is required – for a limited time – for the fulfilling of obligations to preserve records according to commercial law.

11. What Data Privacy Rights Do I Have?

11.1 In accordance with and as far as the GDPR is applicable, every data subject has the right to access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR the right to restrict processing according to Article 18 GDPR, the right of object according to Article 21 GDPR, and if applicable – the right to data portability according to Article 20 GDPR. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 GDPR).

11.2 On grounds relating to your particular situation, you shall have the right of objection, at any time to processing of your personal data which is based on Article 6 para 1 e of the GDPR (data processing in the public interest) and Article 6 para1 f of the GDPR (data processing based on balancing interests). If you submit an objection, we will no longer process your personal data unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defense of interests. Please note, that in such cases we may not be able to continue to provide services and maintain a business relation.

11.3 You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it.

11.4 The objection or withdrawal does not need to be made in a particular form and should ideally be addressed to the contact details given above.

12. Right to lodge a complaint with a supervisory authority (Article 13 para 2 d, 77 para 1 GDPR)

12.1 As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority, Article 13 para 2 d of the GDPR. The right to lodge a complaint with a supervisory authority is regulated by Article 77 para 1 of the GDPR. According to this provision, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The right to lodge a complaint with a supervisory authority was only limited by the law of the Union in such way, that it can only be exercised before a single supervisory authority (Recital 141 Sentence 1 GDPR). This rule is intended to avoid double complaints of the same data subject in the same matter. If a data subject wants to lodge a complaint about us, we therefore ask to contact only a single supervisory authority.

12.2 This arrangement is intended to avoid double complaints in the same case by the same data subject. Therefore, if an affected person wants to complain about us, we ask you to contact only one regulatory body

13. Data protection provisions about the application and use of Matomo (former PIWIK)

13.1 On the Altoo platform, we have integrated the Matomo component. Matomo is an open-source software tool for web & mobile analysis. Web analysis is the collection, gathering and evaluation of data on the behavior of visitors from Internet sites. A web analysis tool collects, inter alia, data on the website from which a data subject came to a website (so-called referrer), which pages of the website were accessed or how often and for which period of time a sub-page was viewed. A web analysis is mainly used for the optimization of a website and the cost-benefit analysis of Internet advertising.

13.2 The software is operated on our server, the data protection-sensitive log files are stored exclusively on such server.

13.3 The purpose of the Matomo component is the analysis of the visitor flows on our website. We use the obtained data and information, inter alia, to evaluate the use of this website in order to compile online reports, which show the activities on our Internet pages.

13.4 Matomo sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, an analysis of the use of our website is enabled. With each call-up to one of the individual pages of this website, the Internet browser on the information technology system of the data subject is automatically through the Matomo component prompted to submit data for the purpose of online analysis to our server. During the course of this technical procedure, we obtain knowledge about personal information, such as the IP address of the data subject, which serves to understand the origin of visitors and clicks.

13.5 The cookie is used to store personal information, such as the access time, the location from which access was made, and the frequency of visits to our website. With each visit of our Internet pages, these personal data, including the IP address of the Internet access used by the data subject, are transferred to our server. These personal data will be stored by us. We do not forward this personal data to third parties.

13.6 The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the used Internet browser would also prevent Matomo from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Matomo may be deleted at any time via a web browser or other software programs.

13.7 Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/

14. To What Extent Is There Automated Decision-Making or Profiling?

In establishing and carrying out a business relationship, we generally do not use any automated decision-making nor any Profiling pursuant to Article 22 GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.

 

Thank you very much. Kind regards

Altoo: Secure Swiss Professional for Consolidated Assets and Document Management. Platform Preview.

Insights On Wealth Management And More.

Delivered To Your Inbox.
Left Menu Icon