Privacy policy

1. identity and contact details of the provider

The data controller is:
Forma Futura Invest AG
Bederstrasse 49
8002 Zurich

We determine the purposes and means of processing and are therefore responsible for the processing and use of personal data. If you have any questions regarding this privacy policy or the processing of personal data, you can contact us at any time by email at info@formafutura.com.

2. terms

a) Personal data

Personal data (synonymous with the term "personal information") refers to all information relating to an identified or identifiable natural person. This includes, for example, name, email address, date of birth, telephone number, and IP address. Data about personal preferences, such as leisure activities or memberships, also counts as personal data.

b) Data processing

The term "data processing" refers to any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion, or destruction of personal data.

3. Data processing in general

3.1 Legal basis and purposes of data processing

We collect and process personal data carefully and for the purposes described below. The provision of this personal data is expressly voluntary. We ensure that processing is transparent and proportionate.
We only collect, use, and possibly pass on personal data if processing is necessary to fulfill (pre)contractual obligations, to protect legitimate interests, to comply with legal requirements, or if you consent to the processing. This includes the following purposes in particular:

• Conclusion and execution of contracts, including but not limited to the provision of (contractual) services in the context of asset management (e.g., account opening, stock exchange transactions, investments, transactions);
• Monitoring and controlling risks, including those related to opening and managing a business (e.g., risk and investment profiles, anti-money laundering, counterparty, market, or operational risks);
• Marketing, communication, network maintenance, consulting, and information about our services (e.g., advertising, events for prospective and existing customers, website);
• Provision, maintenance, protection, optimization, and further development of the business and our services (e.g., development of new services, processes, and technologies, or evaluation of existing ones);
• Compliance with legal and other regulatory requirements, including disclosure, information, or reporting obligations (e.g., reporting obligations to supervisory authorities, clarifications in connection with the prevention of money laundering and terrorist financing);
• For the purpose of processing an inquiry after contact has been established (e.g., via contact form or email);
• Processing of an incoming application;
• Justification, exercise, and/or defense of actual or potential legal claims, investigations, or similar proceedings (e.g., defense of legal claims).

If you have given us your consent to process your personal data for specific purposes, we will process your data within the scope of this consent, unless we have another justification or another legal basis applies.

You can revoke your consent at any time in the future by sending an email to the address specified in section 1. Data processing that has already taken place is not affected by the revocation and remains valid.

3.2 Recipients of personal data

We take the necessary measures to ensure that only authorized employees or auxiliary persons who have the necessary knowledge and who undertake to comply with data protection regulations have access to your personal data in order to fulfill the above-mentioned purposes.
In accordance with legal and regulatory requirements, we are entitled to disclose personal data to the following potential recipients or categories of recipients in accordance with the purposes and principles of processing described above, insofar as this is appropriate for the intended data processing:

• Other financial services institutions and comparable institutions for the purpose of conducting business relationships and executing orders, i.e., the use of products and services (e.g., custodian banks, brokers, stock exchanges, transaction registers);
• Authorities, government agencies, courts, or other state institutions due to legal obligations, justifiable reasons, or official orders (e.g., to supervisory authorities, money laundering reporting office, child and adult protection authority (KESB));
• Other parties in potential or actual legal proceedings to the extent necessary to protect the legitimate interests of Forma Futura;
• Swiss authorities responsible for re-establishing customer contact after contact has been broken off (dormancy);
• Experts and other service providers from Forma Futura as part of an inquiry;
• Service providers who process personal data on our behalf and on our instructions (so-called contract processors, e.g., in the IT sector, hosting, and support);
• Other business partners and auxiliary persons (e.g., attorneys).

We guarantee to you that our business partners and processors have suitable organizational and technical measures in place to comply with data protection regulations. Furthermore, those business partners and processors who process customer data are contractually obliged to maintain confidentiality and customer secrecy.

3.3 Categories of personal data processed

Depending on which of our services you use, the following categories of personal data will be processed:

• Personal master data (e.g., name, date of birth, nationality, address, etc.);
• Contact details (mobile phone number, email address, etc.)
• Data relating to tax status (e.g., information on tax domicile, tax identification number (TIN));
• Data concerning professional and family situation (e.g., information about occupation, education, and family and personal background)
• Financial data (e.g., information on income and asset situation, origin of assets, and assets to be invested);
• Data for suitability assessment/risk profile (e.g., information about knowledge and experience, investment objectives, including risk capacity and risk tolerance);
• Transaction data (e.g., information on the background of the transaction and beneficiaries)
• Marketing data (e.g., preferences, needs);
• Technical data related to the website (e.g., access data/server log files, cookies, IP address).

The personal data processed is usually provided to us by you. Without such data, we are unable to execute a contract. The website cannot normally be used either if certain information required to secure data traffic, such as your IP address, is not disclosed. In connection with the use or provision of services, we also obtain certain data from publicly accessible sources (e.g., commercial registers, the Internet, media) or receive it from third-party providers, insofar as this is legally permissible.

3.4 Transfer of personal data abroad

As a rule, your personal data is processed in Switzerland. If, in exceptional cases, we disclose personal data abroad, we ensure that the countries concerned guarantee adequate data protection (known as an adequate level of data protection).
If your personal data is transferred to countries that do not have an adequate level of data protection (e.g., outside the EU or the European Economic Area), we will ensure adequate data protection by taking appropriate measures to comply with data protection regulations. To this end, we oblige the recipients to comply with adequate data protection by concluding contractual guarantees. If there are no contractual guarantees, we will only transfer your data to a country without an adequate level of data protection if you expressly consent to the disclosure, if it is necessary for the conclusion or execution of a contract (e.g., securities orders), it is required by law (e.g., tax reporting obligations), or it is necessary for the establishment, exercise, or enforcement of legal claims.

3.5 Retention period

In principle, your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected. A longer storage period is permissible if this is necessary to fulfill legal, contractual, or pre-contractual obligations or legitimate business interests (e.g., in connection with the assertion, exercise, or defense of legal claims), or if you expressly consent to a longer storage period that has been specified in advance.

3.6 Data security

We take appropriate technical and organizational measures to ensure the integrity and confidentiality of your data, in particular by protecting it from unauthorized access, accidental or intentional manipulation, loss and/or destruction. Our data security measures are continuously adapted and optimized in line with technological developments.

4. Data processing in connection with website use

When you visit our website, information, including personal data such as your IP address, is processed. In addition, data about the type, duration, and date of your visit is also collected. The primary purpose of this processing is to ensure data traffic, the security of our website and systems, the proper display and optimization of our website, our content, and our offers. Below, we describe in detail which data is processed by which services, for what purposes, and to what extent when you visit our website.

4.1 Provision of the website and creation of log files

When you visit our website (formafutura.com), the web server automatically records the data that your browser automatically transmits to our server (known as access data/server log files). This data is technically necessary for the operation of the website.
For security reasons and to protect personal data and other content, we use the SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser on our website. You can recognize an encrypted connection by the string "https://" (https stands for "Hypertext Transfer Protocol Secure") at the very beginning of the address line in your browser and by the lock symbol in your browser line.

The following data in particular is processed for the purpose of providing the website and creating log files:

• Name of the Internet service provider
• IP address
• Technical information such as browser, operating system, or screen resolution
• Date and time of access
• referrer URL

This data cannot be assigned to a specific person and is not merged with other data sources. The log files are processed to guarantee the functionality of the website and to ensure the security of our information technology systems.

The data will only be stored for as long as is necessary to achieve the purpose for which it was collected. Accordingly, the data will be deleted after each session has ended. The storage of log files is essential for the operation of the website, so you have no option to object to this unless you do not visit our website.

4.2 Cookies

Our website uses cookies. Cookies are text files that are stored on your device's operating system with the help of your browser when you visit our website. Cookies do not cause any damage to your computer and do not contain viruses. Some cookies are technically necessary for the website to function. Most of the cookies we use are so-called "session cookies." They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them or their term expires.

We use cookies so that we can use the data collected to make our website more user-friendly, effective, and secure. In particular, we use cookies to store your preferences (e.g., language and location settings), to quickly provide and attractively display website content (e.g., through content delivery networks), and to analyze the use of this website for statistical evaluation and continuous improvement (usually using third-party cookies).

Cookies are stored on your computer. You can delete them completely or deactivate or restrict their transfer by changing the settings in your browser. If you deactivate cookies for our website, you may no longer be able to use all of the website's functions to their full extent.

Below you will find instructions for the most common browsers:

• For Google Chrome
• For Apple Safari
• For Microsoft Edge
• For Mozilla Firefox

The technically necessary cookies are essential for the basic functions and proper operation of the website and can therefore only be deactivated by changing your browser settings.

You can revoke the use of technically unnecessary cookies (i.e., marketing cookies and statistics cookies) at any time by adjusting your settings in our consent platform. Furthermore, for cookies used to measure success and reach or for advertising, a general objection ("opt-out") is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

4.3 Tracking pixels

We may use tracking pixels on our website or in our emails. Tracking pixels are also known as web beacons. Tracking pixels are small, usually invisible images that are automatically retrieved when you visit our website or open our emails.

Counting pixels can be used to collect the same information as log files. In addition, movement profiles for the entire session can be collected. Counting pixels are used in particular by third parties whose services we use.

Tracking pixels are used by various tracking services to analyze the use of this website for statistical evaluation and continuous improvement. Tracking pixels can also be used for email tracking.
To prevent data processing using tracking pixels, you can install suitable browser extensions such as uBlockOrigin and block external graphics in your email program.

Please also note the information in this privacy policy regarding the individual tracking services.

4.4 Google Tag Manager

We use Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.

Google Tag Manager is a tag management system that allows website tags to be managed efficiently without interfering with the source code of our website. These tags can be used, for example, to integrate and manage code for web analytics services such as Google Analytics.

Google Tag Manager collects data on the website and forwards it to the analysis tools integrated via Tag Manager, such as Google Analytics, which in turn store and evaluate the data. Google Tag Manager itself does not store any data.

Further information about Google Tag Manager can be found in Google's privacy policy and the Google Tag Manager terms of use.

4.5 Google Analytics 4

We use Google Analytics 4 from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.

Google Analytics is an analysis tool that enables the evaluation and analysis of your usage behavior by means of cookies stored on your device. In order to evaluate usage behavior, the following information in particular is collected when you visit our website:

• IP address
• Interaction with the website as a "click path"
• Technical information such as browser and device
• referrer URL
• Clicks on external links
• File downloads
• Date and time of visit
• Approximate location

The IP address is anonymized by Google Analytics by default, so that it is no longer possible to identify individuals. Accordingly, your IP address will be truncated within member states of the European Union (EU) or in other signatory states to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Based on the aforementioned collected data, your use of our website is evaluated in the form of reports on the activities on our website. If you are logged into your Google account, Google may be able to draw conclusions about your identity based on the collected data, create usage profiles, and assign the collected data to your account. If you do not want the data to be assigned to your Google profile, you must log out before visiting our website.

As Google is a transnational company, your data may be transferred by Google throughout the world. In particular, it may be transferred to Google's headquarters in the US, and thus to a country that does not guarantee adequate data protection. For data transfers to the US, Google has committed to complying with the EU Standard Contractual Clauses, thereby ensuring an adequate level of data protection. Google is also certified under the Swiss-U.S. Data Privacy Framework.

If you wish to prevent Google from processing this data, you must download and install the browser add-on to deactivate Google Analytics. Further information on the data used by Google can be found in Google's privacy policy and the terms of use for Google Analytics.

4.6 Google Ads

We use Google Ads from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google") as an online marketing measure.

Google Ads is an online advertising program. As part of Google Ads, we use Google Ads Conversion Tracking, a website analysis service, to collect information about a Google Ads advertising campaign using cookies. Data processing only takes place if you have accessed our website via a Google Ads advertisement. In particular, the following information may be collected:

• IP address
• Time and date of website visit
• Technical information such as browser, operating system, or screen resolution
• Interactions on the website
• referrer URL
• Duration of the visit

The IP address is anonymized by Google Ads Conversion Tracking, so that it is no longer possible to identify individuals.

Your IP address is used to determine your approximate location. We use the information obtained from this to measure the relevance of our offers in different regions. We also use the IP address to determine where visitors to our website came from. The technical information is processed so that the website and advertisements can be displayed satisfactorily on every device. Interactions, duration, time, and date are collected so that we can use this data to evaluate and optimize our Google Ads marketing campaigns and offers. In addition, we can use this data to determine how visitors interact with our advertisements, i.e., which advertisements lead to high conversion rates for which visitors. The referrer URL is processed for the purpose of measuring the effectiveness and analyzing our Google Ads advertisements.

As Google is a transnational company, your data may be transferred by Google throughout the world. In particular, it may be transferred to Google's headquarters in the US, and thus to a country that does not guarantee adequate data protection. For data transfers to the US, Google has committed to complying with the EU Standard Contractual Clauses, thereby ensuring an adequate level of data protection. Google is also certified under the Swiss-U.S. Data Privacy Framework.

Further information on the data used by Google can be found in Google's privacy policy and under "Conversion analysis – Google Ads Help."

4.7 Google reCaptcha

We use Google reCAPTCHA from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.

Google reCAPTCHA is a verification service for websites that distinguishes human users from bots. In particular, the following information may be collected:

• IP address
• Technical information such as browser, operating system, or screen resolution
• Interactions with the captcha

The IP address is anonymized by Google reCAPTCHA so that it can no longer be linked to a specific person. When a visitor visits our website for the first time, Google reCAPTCHA can generate an identifier to recognize the visitor when they visit the website again.

The IP address is processed in order to analyze the approximate location of the visitor and to prevent any suspicious activity, namely to identify IP addresses associated with spam or other undesirable behavior. The technical information is processed so that the captcha can be adapted to the device or browser and to identify deviations from normal usage behavior. Interactions with the captcha are processed to record behavior patterns in order to distinguish human behavior from automated bots. The aim of Google reCAPTCHA is to protect input forms from bots and spam, while at the same time reliably enabling input from humans. The data collected is not used to identify you personally.

As Google is a transnational company, your data may be transferred by Google throughout the world. In particular, it may be transferred to Google's headquarters in the US, and thus to a country that does not guarantee adequate data protection. For data transfers to the US, Google has committed to complying with the EU Standard Contractual Clauses, thereby ensuring an adequate level of data protection. Google is also certified under the Swiss-U.S. Data Privacy Framework.

Further information on the data used by Google can be found in Google's privacy policy and terms of use.

4.8 Web fonts from Monotype

We use web fonts from Monotype Image Holdings Inc. (600 Unicorn Park Drive, Woburn, Massachusetts 01801, USA, "Monotype") on our website.

Monotype web fonts are used to ensure consistent display of selected fonts. Since we host the web fonts for our website ourselves, Monotype uses a web font tracking script to identify the licensee and the licensed web fonts. Each time the font is called up, your IP address is transmitted to an external service provider of Monotype. Monotype is responsible for processing the information collected.

For more information about the data used by Monotype, please refer to Monotype's Web Font Tracking Privacy Policy.

4.9 Gravity Forms

On our website, we use Gravity Forms from Rocketgenius, Inc. (1620 Centerville Turnpike, VA 23464-6500, USA, "Rocketgenius").

Gravity Forms is a self-hosted WordPress plugin. With Gravity Forms, website operators can create and manage forms such as contact forms, surveys, or payment forms using drag-and-drop functionality.

Gravity Forms does not transfer or store any submitted form data outside the website operator's hosting environment; all form submissions (including personal data) are stored in the operator's WordPress database.

On customer websites, the data is used to collect and manage user submissions (e.g., inquiries, survey responses, payments).

Gravity Forms (Rocketgenius) does not have access to or provide access to form data collected on users' websites; this data remains with us. For more information about the data used by Gravity Forms (Rocketgenius), please refer to the privacy policy and terms of use of Gravity Forms (Rocketgenius).

4.10 OpenStreetMap

We use OpenStreetMap from the OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, “OpenStreetMap”) on our website.

OpenStreetMap is used to display the location of Forma Futura and provide user-friendly directions.

When you visit the page where the OpenStreetMap map is embedded, the following data in particular is transmitted to the OpenStreetMap Foundation's servers:

• IP address
• Browser used, device type, and operating system
• Date and time of access
• page accessed

Our location is displayed to you via OpenStreetMap, making it easier for you to find us. Information about your use (such as your IP address) may be collected as soon as you access the subpages in which the OpenStreetMap map is integrated.

Further information on the data used by OpenStreetMap can be found in OpenStreetMap's privacy policy and terms of use.

4.11 Links to other websites

We use links on our website to other websites that are not operated by us (e.g., Google Maps, LinkedIn). Clicking on the links establishes a direct connection with corresponding data transmission (e.g., IP address) to the individual websites, which are neither operated nor monitored by us. We are not responsible for the content or for the principles applied in the handling of personal data. We have no knowledge of the content of the transmitted data and no influence on the processing of this data. The respective providers or operators of the websites are responsible for the linked websites in all cases.

5. Video and telephone conferences with Microsoft Teams

We use Microsoft Teams, a product offered by Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399, USA, "Microsoft"), for online meetings and conference calls. Microsoft collects profile data (e.g., your email address, your profile picture, if any, and your phone number) as well as data about the content of the meeting (e.g., chats, recordings, and shared files), which may be transferred to servers in the USA and stored there. The use of Microsoft Teams is subject to Microsoft's terms of use and privacy policy. By using Microsoft Teams, you consent to the collection, processing, and use of automatically collected data by Microsoft, its representatives, and third parties.
As Microsoft is a transnational company, your data may be transferred by Microsoft throughout the world. In particular, it may be transferred to the United States, to Microsoft's headquarters, and thus to a country that does not guarantee adequate data protection. For data transfers to the United States, Microsoft has committed to complying with the EU Standard Contractual Clauses to ensure an adequate level of data protection. Microsoft is also certified under the Swiss-U.S. Data Privacy Framework.

For more information about the data used by Microsoft, please refer to Microsoft's privacy policy and terms of use.

7. Applications

When you apply for one of our advertised positions, we collect the information specified in the job advertisement as well as any information you provide voluntarily. This includes, in particular, information about your education, professional experience, skills, and personal and contact details. In addition, all documents you submit in connection with your application, such as your resume and references, will be processed.
Your details will be collected and stored solely for the purpose of processing your application. Once the recruitment process has been completed, any documents that are no longer required will be deleted or, in the event of employment, transferred to your personnel file.

8. Your rights

You can assert your claims against us at any time based on data protection regulations. In particular, you have the right to receive information from us free of charge about your stored personal data. You also have the right to correct incorrect data and to delete your personal data, provided that there are no legal or contractual retention periods that prevent this.

We reserve the right, to the extent permitted by law, to restrict your rights or not to provide you with complete information if, for example, we are obliged to store or process certain data.

Please note that exercising the aforementioned rights may conflict with contractual agreements and may have corresponding effects on the performance of the contract (e.g., premature termination of the contract or cost implications).
If you are affected by the processing of personal data, you have the right to enforce your rights in court or to lodge a complaint with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Changes to the privacy policy

We reserve the right to change the privacy policy at any time and to adapt it to changed circumstances and data processing. The changes will be published on formafutura.com.

Last update: December 2025