Privacy - Guy Spier

Privacy Policy

With this Privacy Policy, Aquamarine Zürich AG (hereinafter "Aquamarine", "we" or "us"), on behalf of Guy Spier, describes how we collect and process personal data. This statement is not necessarily an exhaustive description of all our data processing activities. Other specific data protection notices (e.g., in General Terms and Conditions, Conditions of Participation, or similar documents) may apply in particular circumstances.

In this Privacy Policy, "personal data" means any information that identifies, or could reasonably be used to identify, an individual.

If you provide us with personal data of other individuals (such as family members or colleagues), please ensure they are aware of this Privacy Policy. Only share their data if you are authorized to do so and if the information is accurate.

This Privacy Policy is aligned with the requirements of the Swiss Federal Data Protection Act (revDPA) effective as of 1 September 2023

A. Data Controller

The controller responsible for the data processing described in this Privacy Policy is:

Aquamarine Zürich AG
Rämistrasse 18
8001 Zürich

Email: [email protected]
Website: www.aquamarinefund.com

If you have any questions about how we process personal data, or if you wish to exercise your data protection rights, please contact us using the above details.

B. Purpose of Data Processing and Legal Bases

We primarily use collected personal data to enter into and fulfill our agreements with clients and business partners – for example, to provide financial services to clients or to procure products and services from suppliers. We also process personal data to comply with our legal obligations under Swiss law (such as record-keeping or regulatory requirements).

Additionally, where permitted by law and as appropriate, we may process personal data for the following purposes, which reflect our (or, where applicable, third parties’) legitimate interests:

Providing and improving our products and services, as well as our websites, apps, and other platforms.
Communicating with third parties and handling requests (e.g., job applications or media inquiries).
Advertising and marketing (including organizing events), provided you have not objected to the use of your data for this purpose. If you are an existing client, you may object to marketing at any time and we will then refrain from further marketing communications.
Asserting legal claims and defending against legal disputes or official proceedings.
Preventing and investigating criminal activity and other misconduct.
Ensuring the proper functioning of our IT systems, websites, apps, and other infrastructure.
Acquiring or selling business divisions, companies, or parts of companies, and other corporate transactions involving the transfer of personal data (including related due diligence, business management, and compliance with legal or regulatory obligations and internal policies).

If you have given us consent to process your personal data for specific purposes (for example, when subscribing to a newsletter), we will process your data based on that consent. You may withdraw your consent at any time, which will affect future processing (but not retroactively).

In particular, if we intend to process your sensitive personal data or to conduct profiling that involves a high risk to your rights (“high-risk profiling”), we will seek your explicit consent unless another legal justification applies.

C. Collection and Processing of Personal Data

We primarily process personal data that you provide to us as part of our relationship with you (for instance, as a client or business partner). We may also collect personal data from your use of our websites, apps, or other applications.

Where permitted, we may obtain certain personal data from publicly accessible sources (e.g., commercial registers, the press, internet searches) or receive such information from third parties such as our affiliates, authorities, or other business partners. In addition to data you give us directly, such third-party data may include:

Information from public registers or information that you have made public.
Details from administrative or court proceedings.
Information related to your professional role and activities (e.g., to conclude or fulfill contracts with your employer).
Information from correspondence or discussions with third parties (for example, references or background checks).
Information provided by persons associated with you – such as family members, consultants, or legal representatives – to facilitate a contract or transaction involving you (for example, powers of attorney).
Information required to comply with legal obligations (e.g., anti-money-laundering checks or know-your-customer data, including bank account details).
Information about you from media or internet sources in specific cases (e.g., as part of a background check for a job application or for marketing research).
Your address, interests, and other socio-demographic data (for marketing and relationship management purposes).
Data generated in connection with your use of our websites and online services (e.g., IP address, MAC address of your device, device identifiers and settings, cookies, date and time of visits, pages and content viewed, search queries executed, referring website, and general location information).

We generally retain personal data collected for these purposes for 12 months after the purpose of processing has been fulfilled. However, this retention period may be extended as needed to comply with legal or contractual obligations or to preserve evidence (for example, in the event of a dispute).

D. Cookies / Tracking and Other Information Regarding the Use of Our Website

Technical Data: When you visit our website, we collect certain technical and usage data about your visit in an anonymized manner. This includes, for example, your device’s IP address, the type of web browser and operating system you are using, the pages you access on our site, any search queries you run, and the date and time of your visit. We collect and process this data to ensure system security and stability, to identify and resolve performance issues, and for internal statistics that help us optimize our website.

If you subscribe to content on our site or submit information through a contact form or customer login, we process the personal data you provide (such as your name, email address, postal address, and the content of your message or request) in order to deliver the requested service or respond to your inquiry.

If we process your personal data based on your consent (for instance, if you signed up for our newsletter or submitted an inquiry), we will do so within the scope of that consent. You can withdraw that consent at any time, but this will not affect any processing that has already occurred.

In general, we retain technical data collected about website visits for 12 months.

E. Communication Data

If you contact us by email, telephone, chat, through a web form, by postal mail, or via any other communication channel, we will collect and store the information you provide (such as your name and contact details) along with the content of the communication. For example, if you call us, we may log the date and time of the call and your questions or requests. If we record telephone or video calls (for example, for training or quality assurance purposes), we will inform you at the beginning of the call. Any such recordings will be made and used in accordance with our internal guidelines and applicable laws.

Generally, we retain communication data for 12 months from the date of our last interaction with you, unless a longer retention is required for legal, compliance, or technical reasons. Certain types of communications are kept longer, for example:

Emails and written correspondence: retained for at least 10 years (e.g., to comply with legal archiving requirements).
Recorded telephone or video calls: retained for up to 24 months.
Chat messages: retained for approximately 2 years.

F. Cookies and Their Use

We use "cookies" on our websites to personalize content and optimize your user experience. Cookies are small text files stored on your computer or mobile device when you visit a site. They save certain settings and information via your browser. Cookies generally cannot run programs or perform actions on your device; they only store information. There are two main types of cookies:

Temporary cookies: These cookies (also called session cookies) are automatically deleted when you close your browser.
Permanent cookies: These cookies remain stored on your device beyond your current session and expire after a defined period or until you delete them. Permanent cookies can allow us or our partners to recognize your browser on your next visit.

You can configure your browser to block cookies, to allow them only for one session, or to delete them early. Most browsers accept cookies by default. However, if you disable cookies entirely, please note that certain features of our website (for example, language preferences or shopping cart functions) may no longer work properly.

Aquamarine also permits certain trusted partners that provide services for us or that are integrated into our website to set cookies as necessary for technical reasons, provided their use of cookies is proportionate. However, once such cookies are outside our website (for instance, when you interact with a third-party service), we have no control over how those cookies are used.

By continuing to use our website (and/or by explicitly agreeing to this Privacy Policy where prompted), you consent to our use of cookies and the related processing of personal usage data — including beyond the end of a browser session (i.e., you consent to the use of permanent cookies). You can withdraw this consent at any time by adjusting your browser settings to block cookies (especially third-party cookies).

G. Google Analytics and Similar Services

We may use analytics and tracking services such as Google Analytics on our website to help us design our online services and continuously optimize them to better meet user needs. These services are provided by third-party companies, which may operate from any country worldwide. (For example, Google Analytics is provided by Google Ireland Ltd., and Google Ireland uses Google LLC in the United States as a sub-processor.) These analytics providers set permanent cookies on our site to collect information about how users interact with our website. We have configured these services to anonymize visitors’ IP addresses by truncating them within Europe before any transfer to servers in the United States. We have also disabled optional data sharing and advertising features in these tools to further protect privacy.

Although we do not provide personal details such as your name to analytics providers, it is possible that a provider (like Google) could associate your site usage with your identity if you are logged into their service (for example, if you are logged into a Google account while visiting our site). In such cases, the third-party provider will process your personal data under its own privacy policy, and we do not control that processing. We receive only aggregated website usage statistics from these providers, which do not identify you as an individual.

In the course of using our website, these services may collect and process on our behalf additional information about your usage. This can include data mentioned above (like truncated IP address and technical details) and other information such as:

The country, region, or city from which you accessed our site.
Technical details about your device and browser (e.g., device type, browser version, screen resolution, etc.).
Whether you are a first-time visitor or a returning visitor.

We currently use tools including Google Analytics, as well as embedded third-party content such as videos from Vimeo or YouTube and customer relationship management platforms like Salesforce, to analyze or enhance our web offerings.

Data generated by Google Analytics cookies (including your truncated IP address) is transmitted to Google’s servers (which may be in the USA) and processed for us. Google uses this information to evaluate your use of the website, compile reports on website activity for us, and provide other services related to website usage. Google may transfer this information to third parties where required by law or where those third parties process information on Google’s behalf. According to Google, your IP address transmitted by your browser will not be merged with other Google data.

You can prevent Google Analytics and similar services from collecting data by disabling or refusing cookies in your browser settings, or by installing an opt-out browser add-on if available. However, blocking cookies may limit some features of our website. By using our website without disabling the analytics cookies, you consent to the processing of your data by these third-party providers as described above for the stated purposes.

H. Social Media Plug-ins

Our website may use social media plug-ins (e.g., the Facebook "Like" button, Twitter share button, LinkedIn badge, YouTube video player, Instagram or Pinterest widgets) which are identifiable by the respective platform's icon or name. For your privacy, these plug-ins remain inactive by default when you visit our site. This means no data is transmitted to the social network operators unless you activate the plug-ins. If you choose to activate a plug-in (for example, by clicking a social media share button), the provider of that social network may collect information that your browser has accessed a certain page on our website. If you are logged into the social network account at that time, the provider could potentially link your visit to our site with your account.

We have no control over the data that these third-party social network providers collect via their plug-ins, nor how they use it. The processing of your personal data in connection with social media plug-ins is the responsibility of the respective social network provider and is governed by that provider’s own privacy policies. We do not receive any personal information about you from these providers as a result of the plug-ins. For further information, please consult the privacy policies of the relevant social media platforms.

I. Sharing Data with Third Parties and Transfer of Data Abroad

In the course of our business activities and for the purposes described above, we may share personal data with third parties, provided such disclosure is permitted by law and appropriate. Such third parties might process your data on our behalf as service providers, or in certain cases use it for their own purposes. In particular, recipients of your personal data may include:

Service providers that we use (e.g., companies providing compliance, IT, hosting, or CRM services).
Domestic or foreign authorities, governmental or regulatory bodies, or courts when we are legally obliged to disclose data.
Other parties in potential or actual legal proceedings, such as counterparties, arbitrators, or legal advisors.

Some of these recipients are located in Switzerland, but they may be in any country worldwide. In particular, you should anticipate that your data might be transferred to any country where Aquamarine is represented through affiliates, branches, or other offices, as well as to other countries in Europe or the United States where our service providers operate (for example, we use cloud and software solutions from providers like Microsoft and Salesforce, which may involve processing data in the USA).

If we transfer personal data to a country that does not have an adequate level of data protection as determined by Swiss law, we will ensure your data is protected by appropriate safeguards. Typically, we will rely on the European Commission’s Standard Contractual Clauses (SCCs) (as recognized under Swiss law) to contractually oblige the recipient to protect your data. In addition, we may rely on other legally recognized measures or exceptions for international data transfers. For instance, a transfer might be justified if it is necessary for the performance of a contract with you, required by law or an overriding public interest, if you have given explicit consent, or if the data is part of information that you have made public and you have not objected to its processing.

J. Duration of Data Storage

We process and store your personal data only for as long as necessary to fulfill our contractual and legal obligations or the purposes outlined in this Privacy Policy. This means we may retain your data for the duration of our business relationship and, after that, for the period required by applicable laws and regulations or our legitimate business interests.

For example, financial and transaction records are often subject to a legal retention period of 10 years under Swiss law. We may also keep data for the period during which claims can be brought against our company or as long as we have another legitimate reason to do so (such as evidence preservation).

Once your personal data is no longer needed for the above-mentioned purposes, we will delete or anonymize it, provided no legal requirement or compelling interest exists to retain it.

Please note that certain types of operational data (e.g., system logs or security logs) are kept for shorter periods by default – typically 30 days or less – unless we need to retain them longer (for instance, to investigate security incidents).

K. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data from unauthorized access, misuse, loss, or alteration. These measures include, for example, access controls and restrictions, encryption or pseudonymization of data when appropriate, network security protections such as firewalls, regular training of our staff on data protection, and internal policies to ensure that personal data is handled properly.

Despite our robust security measures, please be aware that data transmission over the internet can never be guaranteed to be 100% secure. When you communicate with us by email or via our website, there is a risk that third parties might unlawfully intercept or access those communications if adequate security measures are not in place on your side. We advise you to take appropriate steps to secure your own devices and networks.

If we become aware of a data breach that poses a high risk to your personal rights or privacy, we will notify the competent supervisory authority (the Swiss Federal Data Protection and Information Commissioner) as soon as required by law, and we will inform you as well when necessary, in accordance with our obligations under Article 24 of the revised Swiss DPA.

L. Your Rights

Under applicable data protection law, you have various rights in relation to your personal data. In particular, and subject to the conditions and exceptions provided by law, you have the right to:

Access your personal data that we hold, and to receive information about how we process it.
Rectification of any inaccurate or incomplete personal data.
Erasure of your personal data (“right to be forgotten”), for example if the data is no longer needed for the purposes for which it was collected or if processing it is unlawful.
Restriction of processing, under certain circumstances (for instance, if you contest the accuracy of your data, you can request we limit processing while we verify your claim).
Object to the processing of your data when we base our processing on a legitimate interest. This includes the right to object at any time to the use of your data for direct marketing purposes or for profiling related to direct marketing.
Data Portability, meaning you can ask to receive certain personal data that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller.

Additionally, if a decision is made about you solely on the basis of automated processing (see the "Profiling and Automated Decision-Making" section below), you have the right to request that the decision be reviewed by a human being.

Please note that we may refuse certain requests or only fulfill them partially where allowed by law – for example, if we are obliged by law to keep the data, if we have an overriding interest in retaining the data (and are permitted to assert such interest), or if the data is needed to establish, exercise, or defend legal claims.

Exercising your rights is generally free of charge. However, we may require proof of your identity to ensure that we do not disclose data to an unauthorized person (for instance, we might ask for a copy of an identification document if your identity is not otherwise clear).

Please be aware that in some cases, exercising your rights (for example, requesting the deletion of your data) may affect the services we are able to provide to you or have other contractual implications. If such a situation arises, we will inform you in advance of any consequences (such as the potential need to terminate a service or any fees that may apply as per your agreement with us) before complying with your request.

To exercise your rights, you can contact us at any time using the contact information in the Data Controller section above. We will respond to your request in accordance with the requirements of the law.

Finally, you have the right to lodge a complaint with a supervisory authority if you believe we are processing your personal data in violation of the law. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC). You also have the right to seek a judicial remedy through the courts if you believe your data protection rights have been infringed.

M. Profiling and Automated Decision-Making

In some cases, we analyze personal data automatically to evaluate certain personal aspects about individuals – this is known as profiling. For example, we might analyze a client's past investment behavior or preferences to better tailor our financial advice or product offers. Profiling helps us understand your needs and interests so that we can serve you more effectively, and it may also be used for marketing and market research purposes (e.g., to segment customers into groups so we can offer appropriate services).

However, we do not use fully automated individual decision-making processes that have legal or similarly significant effects on you without human intervention. In other words, we will not make important decisions about you solely by algorithm or computer program without any human review. In the unlikely event that we ever make a decision about you based only on automated processing, we will inform you in advance as required by law, and we will ensure that you retain the right to have the decision reviewed by a natural person before it is final.

N. Changes to this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The current version published on our website is the version that applies. If this Privacy Policy is part of an agreement we have with you, we will notify you of any significant changes by appropriate means (for example, via email or via our website).

Aquamarine Zürich AG / July 2025