Privacy Policy
The term “personal data” refers to any information that identifies or could reasonably be used to identify any natural person, such as natural persons within the organization of clients and interested parties or business partners, website visitors, newsletter subscribers, event participants, job applicants and any other natural person (“you”).
You are in general under no obligation to provide us with any personal data. However, if you do not provide the required information regarding certain use cases set out below, we may not be able to process your corresponding request, get in contact with you, enter into or negotiate a contract with you, provide you with our services, process your application, fulfil our obligations in connection with your employment, etc.
If you provide us with personal data of natural persons other than yourself (such as family members or work colleagues), we assume that this data is correct. By sharing such data with us, you confirm that you are authorized to do so and that you have informed the affected natural person about our Privacy Policy and our processing of personal data.
A. Data Controller
The “controller” of data processing as described in this Privacy Policy (i.e. the responsible person) is:
Alpha Leonis Partners AG
Löwenstrasse 28
8001 Zürich
+41 58 100 58 58
contact@alphaleonispartners.com
www.alphaleonispartners.com
If you have any questions regarding how your personal data is processed or any other data protection concerns, you can contact us using the above-mentioned contact details.
B. Processing of Personal Data in Connection with our Services
Categories of Personal Data
We primarily collect and process personal data that we obtain from you, our clients, business partners, and individuals in the context of our business activities. This includes any information that is relevant in order to be able to provide our services, such as your name, contact details (including address, phone number, and email address), information about your employer, date of birth, nationality, identity document details, title, profession, role and function, financial details (including income, assets owned, and tax status), client history, sanctions, etc.
We may also collect personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or receive such information from our affiliated companies, from authorities, or other third parties (such as e.g., distribution agents, custodian banks). In addition to the data provided directly by you, the categories of data we receive from third parties include, but are not limited to: information from public registers, data received in administrative or court proceedings, information related to your professional role and activities (e.g., to conclude and fulfill contracts with your employer), information from correspondence and discussions with third parties, information provided by individuals associated with you (family, consultants, legal representatives, etc.) to conclude or process contracts with your involvement (e.g. powers of attorney), information regarding legal regulations such as anti-money laundering, bank details, information about you from media or internet sources (in specific cases, e.g. media reviews, marketing/sales, etc.), your address, interests and other socio-demographic data (for marketing purposes).
Processing Purpose and Legal Basis
We primarily use the personal data listed above (i) to communicate with and inform clients and interested parties about our products and services (Art. 6 para. 1 lit. f GDPR) and answering their questions (Art. 6 para. 1 lit. a or b GDPR), and (ii) to enter into and fulfill contracts with our clients and business partners, particularly in relation to providing financial services to our clients and procuring products and services from our suppliers and subcontractors (Art. 6 para. 1 lit. b GDPR). We also process personal data to comply with domestic and foreign legal and regulatory requirements (Art. 6 para. 1 lit. c GDPR).
Additionally, we may process personal data for the following purposes, which are in our (or, where applicable, third parties’) legitimate interest (Art. 6 para. 1 lit. f GDPR):
- Providing and developing products, services and websites, apps and platforms in which we are involved.
- Communication with respect to a (potential) interest in ALP and its activities (e.g., media inquiries).
- Advertisement, marketing and relationship management, such as by way of newsletters or other forms of contacts, in person or by way of any communication channel such as e-mail or video conference, unless based on consent (Art. 6 para. 1 lit. a GDPR). If you receive advertisements or mailings from us, you may object at any time thereto, and we will stop sending you advertising or mailings.
- Asserting legal claims and defending against legal disputes and official proceedings, prevention and investigation of criminal offenses and other misconduct.
- Ensuring the smooth operation of our IT systems, websites, apps and other devices.
- Investment activities and acquisition and sale of business divisions, companies, or parts of companies, and other corporate transactions involving the transfer of personal data. This includes measures for business management and compliance with legal and regulatory proceedings and requirements (unless based on Art. 6 para. 1 lit. c GDPR), as well as internal company regulations.
If you have provided us with your consent to process your personal data for specific purposes (for example when registering to receive newsletters), we will process your personal data within the scope of and based on this consent, unless we have another legal basis if one is required. You have the right to withdraw your consent at any time, but this does not affect the processing of data that occurred prior to the withdrawal and it may mean that we will no longer be able to provide the respective services to you.
C. Processing of Personal Data Regarding Applicants and Employees
Categories of Personal Data
If you apply for a job vacancy or if we enter into an employment relationship with you, we may collect and process personal data that is related to the (potential) employment relationship, such as your name, address, telephone number, email address, date of birth, gender, nationality, photograph, identity document details, working permit, job title, role and function, payroll data (including payment and tax data), vacation and sick days, information provided in application documents (including CV), education and employment history, professional qualifications and experience, references, interview evaluations, and background check. We may also collect and process certain sensitive personal data, e.g. information relating to health, social insurance, trade union activities, criminal records, religious affiliation, etc. (where necessary and permitted by applicable law). Furthermore, we may collect and process details of the interactions that you have with us, together with any other information that you choose to give us.
In general, we collect such personal data from you, but may also use personal data from third parties (including other employers, recruiting agencies and further third parties who are authorized to share your personal data), public sources (e.g. media or internet sources and telephone directories) or business-related records (such as business correspondence, reports, presentations and other documents).
Processing Purpose and Legal Basis
In general, we collect and process personal data for purposes that concern your suitability for the job or that are necessary for the conclusion and performance of the employment contract. Specifically, we may collect and process personal data to communicate with you and to conduct background checks in relation to the employment relationship (Art. 6 para. 1 lit. b GDPR), to fulfil administrative and planning purposes (Art. 6 para. 1 lit. b and f GDPR), to support our organizational processes and to comply with our internal regulations (Art. 6 para. 1 lit. f GDPR), to comply with legal obligations and with requests from authorities (Art. 6 para. 1 lit. c and f GDPR), to establish, exercise or defend legal claims (Art. 6 para. 1 lit. f GDPR), etc.
D. Processing of Personal Data and Other Relevant Information Regarding the Use of our Website / Cookies and Communication
Technical Data
When you visit our website, we collect and evaluate user-specific data (e.g. IP address, web browser, operating system) and other technical data (such as URLs and content of accessed pages, execution of search queries, date and time of visit, localization data, referring website, used applications, device and settings information), generally in an anonymous manner. The mentioned data is collected, and it may be processed for system security, stability, error and performance analysis, as well as for internal statistical purposes. This allows us to optimize our website. Within the scope of applicability of the GDPR, such processing is based on our legitimate interest to operate, secure and optimize our website (Art. 6 para. 1 lit. f GDPR).
For subscribing to our content or when logging in to a client account, we process the necessary data to provide the requested service. Depending on the specific service, the following data may be processed: email address and phone number, first name, last name, salutation, full address, and login credentials. Within the scope of applicability of the GDPR, such processing is based on our legitimate interest to provide you with the requested service (Art. 6 para. 1 lit. f GDPR), the necessity for the conclusion or performance of a contract (Art. 6 para. 1 lit. b GDPR) or your consent (Art. 6 para. 1 lit. a GDPR).
If you have given us your consent to process your personal data for specific purposes (for example, subscribing to a newsletter or making an inquiry), we will process your personal data within the scope of and based on this consent, if required, unless we have another legal basis. You have the right to withdraw your consent at any time, but this does not affect the processing of data that occurred prior to the withdrawal and it may mean that we will no longer be able to provide the requested service to you.
In general, technical data will be processed for as long as required to enable the requested access and secure the stability and integrity of the relevant systems. Technical data will be anonymized or stored for as long as required to perform the analysis and will thereafter be deleted.
Communication Data
If you contact us via the contact form, e-mail, telephone, chat, letter, or any other means of communication, we collect the exchanged data between you and us, including your contact details, relevant communication details and related metadata. We use such communication data to process your inquiry and any possible further questions you may have with regard to our services. If we record or listen to telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will inform you thereof. Within the scope of applicability of the GDPR, the processing of communication data is based on the necessity for the conclusion or performance of a contract (Art. 6 para. 1 lit. b GDPR), your consent (Art. 6 para. 1 lit. a GDPR) or regulatory and other compliance purposes (Art. 6 para. 1 lit. c GDPR).
Generally, we retain personal data collected from such contacts until such time as we have responded to you and/or completed your inquiry, provided that (a) we are not legally obliged to retain such personal data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding or legitimate interest to retain such personal data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims or regulatory matters. Within the scope of applicability of the GDPR, we may keep the corresponding personal data based on the aforementioned legitimate interests (Art. 6 para. 1 lit. f GDPR) as well as for regulatory and other compliance purposes (Art. 6 para. 1 lit. c GDPR).
Cookies and Their Use
We use ‘cookies’ in some cases to customize our offering to better suit your needs. Cookies are small files that are stored on your computer or mobile device when you visit or use our websites. These cookies cannot perform any operations on their own. They save specific settings through your browser and collect data related to your interaction with the website. When a cookie is enabled, it is assigned an identification number that identifies your browser and allows the information stored in the cookie to be utilized. Within the scope of applicability of the GDPR, the use of cookies is based on our legitimate interest to optimize our website and services (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR).
There are two primary types of cookies: temporary cookies and permanent cookies. We use temporary cookies, which are automatically deleted from your mobile device or computer at the end of the browser session. We might also use permanent cookies to save user settings, e.g., preferred language, or to understand how you use our services and content. Permanent cookies remain saved on your computer or mobile device for an extended period but are automatically disabled after a predetermined time.
Despite the above, you may configure your browser settings in a way that it rejects cookies altogether, only saves them for one session or deletes them prematurely. Most browsers are preset to accept cookies. However, if you choose to block cookies, certain functions such as default language settings, will no longer be available to you.
If and to the extent the use of cookies is based on your consent, you agree to the saving of cookies and the collection, storage and use of personal usage data, even after the browser session ends (‘permanent cookies’). You can object to this at any time by changing the browser’s default setting to reject (third-party) cookies. A deactivation of cookies may result in a limited user experience and you may not be able to use every function of our website or services.
Cookies will be stored on your device for the period required to achieve the related purpose and will thereafter be deleted by your browser.
Google Analytics and Similar Services
We may use Google Analytics or similar services on our website with the objective of designing and continuously optimizing our website. These services are provided by third parties, which may be located in a country in Europe or in the United States (in the case of Google Analytics, currently Google Ireland Ltd. (located in Ireland); Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both “Google” and www.google.com). These services allow us to measure and evaluate the usage of our website on an anonymized basis. For this purpose, permanent cookies might be used, which are set by the service provider. Within the scope of applicability of the GDPR, the use of such services is based on our legitimate interest to optimize our website and our own services (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR).
Although we can assume that the information shared with Google does, in general, not constitute personal data for Google, it may be possible that Google could potentially draw conclusions about the identity of visitors based on the collected data, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. If you have registered with the service provider, the service provider will also have knowledge of your identity. In this case, the processing of your personal data by the service provider will also be conducted in accordance with its own data protection notices.
In the context of using our website, pseudonymized user profiles are created, as previously mentioned, through the use of small text files that are stored on your computer. The information generated by such cookies regarding your usage of our website is transmitted to the servers of the service providers, where it is stored and processed on our behalf. In addition to the previously mentioned data, we may also receive the following information:
- The navigation path followed by a visitor on the website.
- The time spent on the website or subpage.
- The subpage from which you leave the website.
- The country, region or town/city from which access is made.
- The end device (type, version, color depth, resolution, width
- and height of the browser window).
- Whether the visitor is a new or returning user.
The tools, programs, and instruments we use in the context of analyzing web behavior might include Google Analytics, Google Tag Manager, Google Ads, YouTube (embedded videos), Userlike and MailChimp.
The information, including your IP address, generated by the cookie when using the mentioned Google Analytics tool, is transmitted to a server in the USA operated by Google. Google will use this information to evaluate website usage and compile reports on website activities for us as the website operator, as well as providing other services relating to website and internet use. Google may also transmit this information to third parties if required by law or if third parties process the data on Google’s behalf. You can prevent the installation of cookies by adjusting your browser settings. However, if you do so, you may not be able to use all the features on the website. For further information, please also refer to the section “Cookies and Their Use” above.
Social Media Plug-ins
In addition, our website may utilize plug-ins from social networks such as LinkedIn or YouTube, which are identifiable by their respective symbols. If you choose to activate them (by clicking on them), the operators of the respective social networks may collect information about your visit to our website, including the specific page you accessed, and utilize this data for their own purposes. The processing of your personal data in this context is the responsibility of the respective operator and is conducted in accordance with their own data protection notices. We, as the website owner, do not receive any information about you from such operators.
E. Sharing Data With Third Parties and Transfer of Data Abroad
In the context of our business activities or our employment relationship with you, respectively, and in line with the purposes of the data processing outlined above, we may transfer data to third parties, provided that such transfer is permitted. Specifically, the following categories of recipients may be concerned:
- Our affiliated companies.
- Our service providers (e.g. Risk Management & Compliance, IT Provider, CRM System, administrative services providers, including providers of HR services and digital signature services, providers of data rooms, and financial institutions).
- Professional advisors, including legal and tax advisors, auditors, etc.
- Fund managers and administrators of investment funds our clients are exposed to.
- Domestic and foreign authorities, official bodies and courts or arbitral tribunals.
- Parties involved in potential or ongoing legal proceedings.
Most recipients are located within Switzerland, but others may be situated in various countries in Europe, in the United States or in the Cayman Islands.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to commit to data protection compliance (for this purpose, we use the revised European Commission’s standard contractual clauses, if necessary, amended for compliance with Swiss law, which can be accessed here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is subject to a legally accepted set of rules to ensure data protection, or unless we can rely on an exception. An exception may apply for example in case of legal proceedings abroad, overriding public interest, certain contractual disclosure requirements, your consent, or if data has been made publicly available and you have not objected to its processing. Within the scope of applicability of the GDPR, you may ask us for a copy of the relevant safeguards (e.g. standard contractual clauses) by contacting us as indicated in section A.
Furthermore, we are using online services where your personal data might be recorded and processed. In these situations, the processing may also be carried in accordance with the privacy policy of the respective service providers, in particular:
- SalesForce (for privacy policy, please see www.salesforce.com/eu/company/privacy/)
- Intralinks (for privacy policy, please see www.intralinks.com/privacy)
- DocuSign (for privacy policy, please see www.docusign.com/privacy)
F. Duration of Data Storage
In general, your personal data will be processed and stored only for as long as necessary to achieve the processing purposes set out above or to fulfil our contractual and legal obligations. This may include the entire duration of the business relationship and beyond, based on legal retention requirements and documentation obligations. It is possible that your personal data will be retained for the period during which claims can be asserted against us or one of our affiliates and insofar as we are otherwise legally obliged to do so, or if legitimate business interests require it (e.g., for evidence and documentation purposes). Once the relevant retention period has expired, the personal data will be erased or anonymized. For operational data such as system protocols and logs, shorter retention periods of 30 days or less are typically applied. Specifically, we retain:
- Personal data related to general communication until we have responded to you and/or completed your inquiry.
- Personal data related to services, transactions, and contracts for the duration of the statute of limitations regarding contractual claims.
- Personal data related to job applications for the duration of the application process and three months thereafter, unless you request or allow us to retain your application for a longer time. If you get employed by ALP, we will retain your data for the duration of your employment and as long as legally required or permitted thereafter.
- Personal data related to advertisement, marketing and relationship management for as long as necessary to achieve the respective purposes.
In each of the cases mentioned above, we retain personal data for limited duration provided that (a) we are not legally obliged to keep such personal data (e.g. for accounting or document retention purposes) or (b) we do not have an overriding or legitimate interest to retain such personal data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defense against, legal claims or regulatory matters.
G. Data Security
We cannot guarantee the security of data transmission over the internet. When transmitting data by email, there is a certain risk of access by third parties.
H. Your Rights
In accordance with and as far as provided by applicable law, you have certain rights regarding your personal data that we process. These rights include being informed about, rectifying, and erasing your personal data. You also have the right to restrict processing or object to our data processing, particularly for advertising, direct marketing, profiling, or other legitimate interests (by explaining your particular reasons and specific circumstances on which your objection is based). Additionally, you also have the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that while we respect these rights, we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data or if we have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
We have already informed you of the possibility to object/withdraw consent at any time. If you withdraw your consent, this does not affect the processing of personal data that occurred prior to the withdrawal and it may mean that we will no longer be able to provide the respective services to you. Please be aware that exercising your rights may have implications for your contractual obligations and this may result in consequences such as premature contract termination or associated costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.
In general, to exercise these rights, it is necessary for you to provide proof of your identity (e.g., through identification documents) if your identity is not apparent or verifiable by other means.
In addition, every data subject has the right to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).
I. Changes to this Privacy Policy
Last update: February 12, 2024