Legal


Privacy Statement


Last updated: May 2024

Summary


Protecting Your Privacy


360core is committed to protecting your privacy by handling your personal data in good faith, in a proportionate way, and by safeguarding it against unauthorised access through adequate technical and organisational measures.


We only process personal data for the purpose indicated at the time of collection, that is evident from the circumstances, or that is provided for by law.


The privacy notice below explains what information we gather about you, what we use it for, and who we share it with. It also sets out your rights and who you can contact for more information.


Disclosure of your personal data


a) To trusted Swiss third parties


We share your personal data only with trusted third parties where you have consented to the transfer or where its processing is directly connected with the conclusion or the performance of a contract between you and us.


b) To the Swiss authorities


We may share your personal data with the Swiss authorities pursuant to obligations we have such as record keeping for tax purposes or providing information to a public body or law enforcement agency.


c) Transfer outside Switzerland


360core never transfer your personal data outside Switzerland, in particular to jurisdictions lacking legislation guaranteeing adequate protection, unless:


  • you have consented in the specific case;
  • the processing is directly connected with the performance of a contract between you and us;
  • disclosure is essential in the specific case in order either to safeguard an overriding public interest or for the establishment, exercise or enforcement of legal claims before Swiss courts;
  • disclosure is required in the specific case in order to protect your life or physical integrity;
  • you have made the data generally accessible and have not expressly prohibited its processing.

 

Information about you that we process


We may process information about you that (i) you provide to us (ii) we obtain from third parties or (iii) is publicly available. This information may include your name, age, gender, date of birth and contact details.


How we use information about you


We process information about you to enable us to:

 

  • provide our services to you;
  • to enable us to provide you with information that we think may be of interest to you; and
  • to meet our legal or regulatory obligations.


When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us, or by following the unsubscribe instructions in our communications.


Your rights


Your rights under data protection laws include the right to:


  • request copies of your data;
  • request correction of your data;
  • request erasure of your data;
  • object to us processing your data.


If you have any questions about privacy issues or wish to exercise any of the rights set out above, please write to 360core Ltd, Data Protection, Schützengasse 25, 8001 Zurich, Switzerland.


Our Privacy Statement


In this statement:


“Data Protection Legislation” means (i) the Swiss Federal Act on Data Protection of 25 September 2020 (FADP) and (ii) the EU General Data Protection Regulation 2016/679 (GDPR); together with all other applicable legislation relating to privacy or data protection and including any statute or statutory provision which amends, extends, consolidates or replaces the same;


"Disclosure" means making personal data accessible, for example by permitting access, transmission or publication;


"Personal Data" means all information relating to an identified or identifiable person;


"Processing" means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.


1. Scope


This privacy statement exclusively applies to 360core Ltd with registered offices at Schützengasse 25, 8001 Zurich, Switzerland (“360core”, “we”, “us” or “our”).


This privacy statement explains how we will collect, handle, store and protect information about you when:


  • we provide services to you;
  • you use our Website;
  • we perform any other activities that form part of our business operations.


When we refer to “our Website” or “this Website”, we mean the specific webpages of 360core.


2. What personal data we collect


We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with Data Protection Legislation and as set out in this statement.


When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this Website.


We may process your data because:


  • you give it to us (for example, in a form on our Website);
  • other people give it to us (for example, your adviser, or third-party service providers that we use to help operate our business); or
  • it is publicly available.


The personal data we process may include your:


  • name, gender, age and date of birth;
  • contact information, such as address, email, and mobile phone number;
  • country of residence and citizenship;
  • lifestyle and social circumstances (for example, your hobbies);
  • family circumstances (for example, your marital status and dependants);
  • employment and education details (for example, the organisation you work for, your job title and your education details);
  • financial and tax-related information (for example your income, investments and tax residency);
  • IP address, browser type and language, your access times;
  • details of how you use our products and services;
  • details of how you like to interact with us, and other similar information.


The personal data we collect may also include so called "sensitive" personal data, such as details about your:


  • religious, ideological, political views or activities;
  • dietary requirements (for example, when we would like to provide you with refreshments during a meeting);
  • health, social security measures;
  • administrative or criminal proceedings and sanctions; and
  • sexual orientation (for example, if you provide us with details of your spouse or partner).


Please note that if you choose not to provide, or object to us processing, the information we collect, we may not be able to process your instructions or continue to provide some or all of our services to you.


3. Personal data provided by or about third parties


When our client or another third party gives us personal data about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that the client or the third party has informed you of the processing and has obtained any necessary permission for us to process that information as described in this privacy statement.


If any information you give us relates to a third party (such as a spouse, a dependant, a business partner, or a joint account holder), by providing us with such personal data you confirm that, in line with the above provisions, you have obtained any necessary permission to use it or are otherwise permitted to give it to us.


4. How we use your personal data


We process information about you or your business to enable us to provide our services to you, and to meet our legal or regulatory obligations.


Some of your personal data may be used for other business purposes. Below are some examples.


Use of personal data to provide services to our clients


We will use your personal data to provide you with services, and this includes using your personal data in correspondence relating to those services. That correspondence may be with:


  • you; or
  • the competent Swiss authorities.


We may also use your personal data to conduct due diligence checks relating to our services.


Because we provide a wide range of services to our clients, the way we use personal data in relation to our services also varies.


Typically, we process your personal data in the context of:


  • providing services in the field of physical and electronic data processing to you;
  • meeting our legal and regulatory requirements;
  • requests and communications from competent authorities (for example, the Swiss tax authorities);
  • client relationship management (such as sending you research).


5. The legal grounds we use for processing personal data


We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:


  • you have explicitly agreed to us processing your information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be (i) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed (ii) to protect our business interests (iii) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.


6. Sharing your personal data


In connection with any of the purposes outlined in the section “How we use your personal data” above, we may disclose details about you to:


  • competent authorities (including courts and authorities regulating us);
  • anyone to whom we may transfer our rights and/or obligations under our Terms of Use;
  • any other person or organisation after a restructure, sale or acquisition of 360core, as long as they use your information for the same purposes we did;


7. How we protect your personal data


We use a wide range of measures to ensure we keep your personal data secure, accurate and up to date.


These include:


  • Swiss webhosting, Swiss electronic mailboxes, physical data storage in Switzerland exclusively;
  • data retention in an ISO 27001 certified, FINMA-compliant, encrypted Swiss data centres across multiple availability zones (AZ) complying with the highest security standards (AES 256 Encryption / FIPS 140-3 Security Level 3);
  • regular Swiss offline and off-site air-gapped tape backups (here) via an exclusive direct physical connection to our Swiss data centres (not via the public internet) providing greater reliability, faster and more consistent speed, and higher security;
  • physical security measures, such as security passes to access our premises;
  • education and training of our staff to ensure they are aware of our privacy obligations when handling personal data;
  • restriction of access to personal data to a "need to know" basis, that is, access to the information must be absolutely necessary for our employees to conduct their duties;
  • technological security measures, including fire walls, hard drive encryption and anti-virus software.


The transmission of data over the internet (including by e-mail) is never completely secure. Although we use appropriate measures such as strict data storage in Switzerland to try to protect personal data, we cannot completely guarantee the security of data transmitted to us or by us.


8. How long we keep your personal data for


We seek to ensure that we only keep your personal data for the longest of:


  • the period necessary for the relevant activity or services;
  • any retention period that is required by law (that is, during 10 years in Switzerland); or
  • the period in which litigation or investigations might arise in respect of our clients or our services.


9. Your rights


You have various rights in relation to your personal data. In particular, you have a right to:


  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
  • be informed about the processing of your personal data (that is, for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from where it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data; withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (known as “data portability”);
  • ask us to stop or start sending you marketing messages at any time by using the contact details in section 11 below; and
  • object to our processing of your personal data.


If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation. We will comply with our legal obligations with regard to your rights as a data subject.


You may also use the contact details in section 11 if you wish to make a complaint relating to your privacy.


10. Sending you marketing information


We may use your information from time to time to inform you by letter, telephone, email and other electronic methods about products and services (including those of third parties) that may be of interest to you.


You may, at any time, ask us not to send marketing information to you by following the unsubscribe instructions in communications from us, or contacting us in the way described in section 11 below.


11. Contact


If you wish to exercise any of the rights relating to your personal date as set out above, or if you have any questions about privacy issues, or you wish to raise a complaint about how we are using your information, you can contact us by writing to 360core AG, Data Protection, Schützengasse 25, 8001 Zurich, Switzerland.


12. Changes to this privacy statement


We may modify or amend this privacy statement from time to time.


When we make changes to this privacy statement, we will amend the revision date at the top of this page. The modified or amended privacy statement will apply from that date. We encourage you to review this statement periodically to remain informed about how we are protecting your information.

Share by: