Privacy Notice of Swiss Fintech Innovations (SFTI)
1. Introduction
With this Privacy Notice we, Swiss Fintech Innovations (SFTI) (hereinafter also we or us), inform you about the data we collect about you, why we process it and with whom we share it with. In doing so, we will provide you with the information you need to assert your rights under the applicable Swiss Federal Act on Data Protection (FADP).
2. Controller
SFTI is the controller responsible for the processing of your personal data described below.
If you have any questions about data protection, you can contact us as follows:
Swiss Fintech Innovations (SFTI)
Rämistrasse 5
8001 Zürich
3. Direct Collection of Personal Data
We primarily process personal data that we obtain from you as a contact person of one of our members, as a board member or employee of our association, as a job applicant, as a business partner, as a media representative, as a politician, as an employee of market participants, as a visitor of our website or as an interested party and that we need to achieve the purposes set out in Section 5 (e.g. first and last name, address, e-mail address, telephone number, function, application documents and other information relating to you that you provide to us verbally or in writing).
4. Indirect Collection of Personal Data
Insofar as it is permitted to us, we obtain certain personal data from publicly accessible sources (e.g. commercial register, members of the National Council, social media platforms) or we may receive such information from authorities or other third parties (e.g., your employer).
The categories of data we receive about you from third parties include, but are not limited to:
- information from public registers;
- data received in connection with administrative or court proceedings;
- information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer);
- information about you in correspondence and discussions with third parties;
- information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. references, your delivery-address, powers of attorney);
- information regarding legal regulations such as anti-money laundering and export restrictions;
- bank details;
- information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases);
- information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with job applications, media reviews, marketing/sales, etc.);
- your address and any interests and other socio-demographic data (for marketing purposes);
- data in connection with your use of our websites (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data).
If you provide us with personal data of other persons (such as family members, work colleagues), please make sure the respective persons are aware of this Privacy Notice and only provide us with their data if you are allowed to do so and such personal data is correct.
5. Purpose of Processing
We may process personal data for the following purposes:
- Member administration;
- the performance of our association activities and in particular the safeguarding and representation of the interests of our members;
- the conclusion and processing of contracts with you (e.g., as an employee of ours) and/or with third parties (e.g., your employer as a business partner of ours);
- to review and respond to your inquiries (e.g., a request for membership or job application) or otherwise communicate with you (e.g., sending media releases or responding to contact inquiries);
- advertising and marketing (e.g., sending newsletters, organizing events);
- market and opinion research, media surveillance;
- an employee’s suitability for the job (e.g., recruiting, in connection with job applications, job interviews, contract negotiations);
- the performance of the employment contract (e.g., human resources administration, salary, bonus, vacations and expenses, insurance, taxes);
- preparing and holding other events (e.g., general meetings, conferences, courses, etc.);
- ensuring the availability and security of our IT and website;
- providing as well as further developing our services and website;
- compliance with legal and/or regulatory obligations;
- enforcing or defending legal claims in and out of court;
- prevention and investigation of crime and other misconduct;
- safeguarding other legitimate interests of SFTI.
6. Cookies
Our web server automatically logs every visit to our website in a temporary log file. User-specific data (e.g. browser information, IP address) as well as technical data (e.g. name and URL of the referring website) are logged for the purpose of establishing the connection and optimizing your website visit.
We only use technically necessary cookies (codes temporarily stored in your browser) on our website to be able to guarantee you a flawless browsing experience on our website. These are exclusively so-called session cookies, which are deleted again after the end of your website visit.
You have the option at any time to configure your browser so that cookies are blocked or deleted prematurely. However, if you block cookies, it may not be possible to use certain functionalities on our website. Please also note that if you click on the link redirecting you to another website, we are not responsible for the further processing of your data and you must refer to the relevant third-party provider.
7. Newsletter
We may include visible and invisible image files in our newsletters and other marketing e-mails. If such image files are retrieved from our servers, we can determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and customize them. You may disable this in your e-mail program, which will usually be a default setting.
By consenting to the receipt of newsletters and other marketing e-mails you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly.
We use Swiss Newsletter for sending our newsletter and marketing mails (https://www.swissnewsletter.ch). The service is provided by mailXpert GmbH, Schulstrasse 37, 8050 Zürich. We have concluded a data processing agreement with mailXpert and enabled pseudonymization for data evaluation.
8. Transfer of Personal Data
In the context of our business activities and in line with the purposes of the processing set out in Section 5, we may involve external service providers. These are primarily IT, cloud, support, newsletter service and hosting providers. We may use event agencies or other organizers (for conducting events such as general meetings). These recipients are assessed by us as far as necessary with regard to compliance with data protection and are obliged to process your personal data exclusively on our behalf.
Insofar as indicated within the scope of the purposes pursuant to Section 5 we may also disclose your data to third parties such as, for example, our business partners, partner associations, official bodies, politicians, participants in SFTI events, banks, insurances, media, public, authorities or courts, other parties in possible or pending legal proceedings and other private and/or official bodies who will then process the data concerned not on our behalf and in accordance with our instructions, but for their own purposes and thus on their own responsibility and in accordance with their own privacy notices.
9. Transfer of Personal Data Abroad
Certain service providers and third parties (Recipients) may be within Switzerland but they may be located in any country worldwide. In particular, you must anticipate your data to be transmitted to other countries in Europe and the USA where our service providers are located or use sub-processors.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.
10. Retention Periods for your Personal Data
We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
11. Data Security
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.
12. Social Media
We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and collect data about you described in Section 3 and 4 as well as below. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). At the same time, the platforms analyze your use of our online presences and combine this data with other data they have about you (for example about your behavior and preferences). They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.
We process this data for the purposes set out in Section 5, in particular for communication, for marketing purposes (including advertising on these platforms) and for market research. We may disseminate content published by you (for example comments on an announcement), for example as part of our advertising on the platform or elsewhere. We or the operators of the platforms may also delete or restrict content from or about you in accordance with their terms of use (for example inappropriate comments).
For further information on the processing of the platform operators, please refer to the privacy information of the relevant platforms. There you can also find out about the countries where they process your data, your rights of access and erasure of data and other data subjects rights and how you can exercise them or obtain further information. We currently use the following platforms:
- We have a profile on X at https://x.com/sftinno.The provider is X Corp., San Francisco, USA. Further information can be found in their privacy policy. Some of your data will be transferred to the USA. You can also adjust your privacy settings here.
- We also have a profile on LinkedIn at https://www.linkedin.com/company/swiss-fintech-innovations. The provider is LinkedIn Ireland Unlimited Company, Dublin, Ireland. You can find more information on the data protection in their data protection declaration. Some of your data will be transferred to the USA. The processing of LinkedIn can be objected to. Further settings can be made via the objection form. In connection with the operation of our LinkedIn profile, we use LinkedIn Page Analytics. We thus receive information about the use of our content. It helps us understand how our page is used and how to improve it. We have agreed our data protection responsibilities according to the joint controller addendum.
- We run the YouTube channel https://www.youtube.com/@swissfintechinnovations7184. The provider is Google Ireland Limited, Dublin, Ireland. Their privacy policy is available here. There you can also see what decision-making options you have regarding the data collected by Google and its use. Some of your data will be transferred to the USA. You can object to advertising here.
13. Automated Individual Decision-Making
In establishing and carrying out a business relationship, we generally do not use any fully automated individual decision-making. Should we use such procedures in certain cases, we will inform you separately on this and advise you of your relevant rights if required by law.
14. Your Rights
If you have given us your consent to process your personal data for certain purposes (e.g., newsletters), we will process your personal data within the scope of and based on this consent. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
In accordance with and as far as provided by applicable law, you have the right to access, rectification, erasure and objection to the processing of your personal data as well as the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance.
In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 2 above.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
15. Amendments of this Privacy Notice
We may amend this Privacy Notice at any time without prior notice. The current version published on our website shall apply. If the Privacy Notice is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.
Version effective as of September 1, 2023