Privacy Policy

1. General

This Privacy Policy provides information about how Aquila AG ("Aquila") obtains and processes personal data.

“Personal data" means all information relating to an identified or identifiable natural person. “Processing" means any handling of personal data, irrespective of the means and procedures applied, in particular the collection, storage, retention, use, revision, disclosure, archiving, deletion or destruction of personal data.

Further regulations (e.g. terms of use) may exist for certain data processing, e.g. in the context of contracting with Aquila or in connection with websites of Aquila ("Aquila Websites"). In addition, the General Terms and Conditions (GTC) contain general in-formation on data protection, in particular in connection with the performance of con-tracts in banking.

If the data subject provides Aquila with personal data of other persons (e.g. family members, work colleagues or employees), the data subject must ensure that these per-sons are aware of this Privacy Policy. Their personal data may only be disclosed to Aqui-la if the data subject is authorised to do so and if such personal data is accurate.

2. Controller and contact

Aquila AG, Bahnhofstrasse 43, 8001 Zurich, is responsible for the data processing described here. For data protection concerns, please use the following contact address

Aquila AG
P.O. Box,
8022 Zurich or telephone +41 58 680 60 00.

3. Collection and processing of personal data

Aquila primarily obtains and processes personal data provided to Aquila by the data sub-ject, e.g. when opening a business relationship, in the context of the execution of con-tracts, the use of products and services or on websites or other applications. Aquila also processes personal data which is collected and transmitted to Aquila in the context of the use of products or services, e.g. in payment transactions, securities trading, eBanking, websites or on the occasion of cooperation with other financial or IT service providers, marketplaces and stock exchanges. Aquila may, where permitted, obtain personal data from publicly accessible sources, from public authorities or from other third parties.

4. Categories of personal data

Aquila processes different categories of personal data. The most important categories are the following:

Master and inventory data (e.g. name, address, nationality, date of birth, tax number, information regarding account, custody account, concluded transactions and contracts, information on third parties affected by data processing, such as spouses, authorised representatives and advisors).
Technical data (e.g. business numbers, IP addresses, internal and external identi-fiers, records of access).
Transaction or order and risk management data (e.g. details of beneficiaries of transfers, beneficiary bank, amount of transfers, details of investment products).
Financial data (e.g. creditworthiness data, information on assets, liabilities, risk and investment profile)
User and prospect data (e.g. visitors to Aquila or Aquila websites)
Marketing data (e.g. preferences, needs)
Communication data (e.g. contact data such as email address, telephone number)
Other data (e.g. video or audio recordings, access data)

Many of these data are disclosed to Aquila by the data subject himself/herself. The cate-gories of personal data that Aquila receives from third parties include, in particular, in-formation from public registers, information obtained in connection with official and legal proceedings, creditworthiness information, information on compliance with legal require-ments such as those relating to combating fraud, combating money laundering and ter-rorism financing or export restrictions, information from banks, insurance companies and distribution and other contractual partners of Aquila relating to the use or provision of services, information from the media and the Internet, address and, where applicable, contact details, interests and other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online of-fers where this use can be attributed to the data subject.

5. Purposes of the processing

Aquila processes personal data primarily to provide its own services, to process contracts with business partners and clients and to comply with legal obligations. Aquila also pro-cesses personal data, where permitted and appropriate, for the following purposes:

Conclusion and fulfilment of contracts, execution, processing and administration of products and services (e.g. accounting, tax returns, commercial register entries and mutations, invoices, account openings, payments, financing, financial plan-ning, investments, pension provision, insurance, consolidation).
Monitoring and controlling risks (e.g. investment profiles, anti-money laundering, limits, utilisation figures, market, credit or operational risks).
Statistics, planning, business decisions (e.g. development of new or assessment of existing services, products, processes, technologies).
Marketing, communicating, informing about and reviewing the service offering (e.g. print and online advertising, customer, prospect or other occasions, identify-ing future customer needs, assessing a customer, market or product potential).
Fulfilment of legal or regulatory obligations to provide information or to report to courts and authorities, fulfilment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
Prevention and investigation of criminal offences or other misconduct (e.g. through internal investigations).
Safeguarding the interests and securing the claims of Aquila, e.g. in the event of claims against Aquila or claims of Aquila against third parties.
Ensuring the operation, in particular of the IT, the website and other platforms.
Preparation and execution of transactions relating to the acquisition or sale of companies or parts of companies or other transactions under company law.

Insofar as consent has been given to process personal data for specific purposes (e.g. when registering for a newsletter), Aquila processes the personal data within the scope of and based on this consent, insofar as no other legal basis is given and necessary. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.

6. Data security

Aquila undertakes to protect personal data and privacy in accordance with applicable laws, in particular the banking secrecy and data protection law. To this end, Aquila takes appropriate technical and organisational security measures (e.g. access restrictions, fire-walls, personalised passwords as well as encryption and authentication technologies, training of employees, etc.).

7. Disclosure to third parties and data transfer abroad

Aquila discloses personal data to the following third parties (recipients) in the following cases:

For outsourcing in accordance with section 8 and for the purpose of customer care to other service providers.
For order execution, i.e. when products or services are used, e.g. to service pro-viders, stock exchanges or marketplaces, reports of stock exchange transactions to (international) trade repositories.
Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
To the extent necessary to protect Aquila's legitimate interests, e.g. in the event of legal action threatened or initiated by clients against Aquila, in the event of public statements, to secure Aquila's claims against clients or third parties, in the event of collection of Aquila's claims, etc.
With the consent of the data subjects to other third parties.

Recipients of personal data are usually in Switzerland. Personal data may also be dis-closed to third parties outside Switzerland (e.g. Europe or the USA), particularly when certain Aquila products or services are used.

Where a recipient is located in a country without an adequate level of data protection, Aquila shall contractually oblige the recipient to comply with the applicable level of data protection (e.g. with standard contractual clauses), unless the recipient is already subject to a legally recognised set of rules to ensure data protection or Aquila can rely on an exemption provision.

8. Outsourcing of business areas or services (outsourcing)

Aquila outsources certain business areas and services in whole or in part to third parties (such as account management incl. payment transactions, custody account management, preparation of consolidation reports, fund limit checks, definition of fund limit rules, opening of securities, updating of restriction rules, IT systems, etc.).

The service providers who process personal data on behalf of Aquila for this purpose (so-called processors) are carefully selected. Whenever possible, Aquila uses processors domiciled in Switzerland. The processors may be entitled to have certain services (e.g. electronic data processing, securities settlement, etc.) provided by third parties.

The processors may only process personal data received in the same way as Aquila itself and are contractually obliged to ensure confidentiality, banking secrecy and the security of the data.

Outsourcing by Aquila shall, where applicable, be carried out in accordance with the Out-sourcing Circular of the Swiss Financial Market Supervisory Authority (FINMA), in its cur-rently valid version.

9. Automated decisions in individual cases including profiling

Aquila reserves the right to process personal data automatically in the future, in particu-lar in order to identify essential personal characteristics of the customer, to predict de-velopments and to create customer profiles. This serves in particular the assessment and further development of offers and the optimization of the provision of services.

In the future, customer profiles may also lead to automated individual decisions (e.g. automated acceptance and execution of customer orders in e-banking). Aquila ensures that a contact person is available if a data subject wishes to comment on an automated individual decision and such a possibility to comment is provided for by law.

10. Use of websites and cookie policy

When a person visits Aquila websites, the web server automatically records details of their visit (e.g. the website from which the visit takes place, the visitor's IP address, the content of the Aquila website that is accessed, including the date and duration of the visit). Such tracking data is used to optimise Aquila's websites and to provide infor-mation on how visitors inform themselves about and use Aquila's products, services and offers. As a rule, however, it does not allow any conclusions to be drawn about the iden-tity of the visitor. In this respect, no personal data is processed.

However, if the visitor provides personal data, e.g. by filling in a registration form or message field for newsletters etc., Aquila may use this data in particular for the follow-ing, in addition to the purposes set out in section 5:

for customer and user administration;
to inform the visitor about services and products;
for marketing purposes (e.g. sending newsletters);
for the technical "hosting" and further development of the Aquila websites.

When visiting Aquila websites, the visitor's data is transported via the Internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. This entails the risk that data may be disclosed or its content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message is faked or manipulated in some other way by unauthorised persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, that data may be transmitted uncontrolled abroad, where data protection requirements may be lower than in Switzerland, etc. The risk of such manipulation may also arise.

By using the Aquila Websites, a visitor confirms his or her express agreement with this Privacy Policy and the risks mentioned.

In addition, by using the Aquila website, a visitor consents to the use of cookies. Cookies are small files that are stored on the visitor's computer to track the corresponding web-site visit and navigation between different pages and/or to save settings (e.g. selected language). Cookies are used to collect statistical data on the frequency and time of visits to individual website areas and help to design tailored, useful and user-friendly websites. The visitor can opt out of the use of cookies at any time by deleting the cookies set by the Aquila website. Deletion is possible via the settings in the visitor's internet browser.

Below you will find a list of all cookies and other tracking tools used by this website:

Cookies or other tracking tools	ga, ga_xxxxxxxxxxxx
Category	Performance and analysis cookies
Service life	2 years
Third-party cookie or own cookie	Third-party cookie
Cookie providers	Google privacy policy

Occasionally, Aquila uses third party components (such as plug-ins) to enhance the user experience and online advertising campaigns. These components may also use cookies for similar purposes. Neither these third parties nor Aquila have access to the data col-lected by the other through cookies. Finally, Aquila also uses cookies as part of Aquila's advertising on third party websites with which Aquila has marketing relationships. To the extent that third parties collect anonymised information about the use of the Aquila Websites and other websites, Aquila may use this anonymised data to improve the ef-fectiveness of its advertising.

This title of this Privacy Policy applies only to data Aquila receives as a result of the use of Aquila websites. It does not apply to third party websites, even if the visitor accesses them through links on an Aquila website. Aquila has no control over, and cannot accept responsibility for, the content and privacy practices of third-party websites.

11. Duration of storage

The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal retention and documentation obligations, which amount to five, ten or more years depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it is deleted or made anonymous as far as possible.

12. rights of the data subjects

Anyone can request information from Aquila as to whether personal data about him/her are being processed. There is the right of objection or restriction processing and, where applicable, to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, unless legal or regulatory obligations (e.g. legal re-tention obligations of business-relevant data) or technical hurdles prevent this. The dele-tion of data may result in Aquila no longer being able to provide certain services. In ad-dition, where applicable, there is a right of appeal to a competent authority. Where Aq-uila processes personal data on the basis of consent, that consent may be revoked at any time. It should be noted that Aquila reserves the right to invoke the restrictions pro-vided for by law, for example if it is obliged to retain or process certain data, has an overriding interest in doing so (insofar as it is entitled to rely on this) or requires it for the assertion of claims.

In order to assist Aquila in responding to your request, please provide us with a corresponding, comprehensive message. We will review and respond to the concerns within a reasonable time.

13. changes

Aquila may amend this Privacy Policy at any time without prior notice. The current ver-sion published on Aquila's website shall apply.