We are committed to process all personal data in accordance with the applicable data protection regulations and to take appropriate security measures to protect it from unauthorized access.
1. Identity and contact details of the provider
Responsible for the data processing is:
Forma Futura Invest AG
The following statements refer to the processing of personal data of natural persons. Personal data is information that relates to an identified or identifiable natural person. Personal data includes all data that allow identification, such as your name, e-mail address, date of birth or telephone number.
The term data processing refers to any handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, disclosure, archiving, deletion and destruction of data.
3. Legal basis and purposes of data processing
We collect and process personal data carefully and for the purposes described below. The provision of this personal data takes place expressly on a voluntary basis.
Personal data will only be collected, used, and disclosed by us if the processing is carried out for the fulfillment of (pre)contractual obligations, for the protection of legitimate interests and for business and legal purposes or if you consent to the processing. This includes in particular the following purposes:
- Conclusion and execution of contracts, including but not limited to the provision of (contractual) services of an asset manager (e.g. account opening, stock exchange transactions, investments, transactions);
- Monitoring and managing risks, including those related to account opening and management (e.g. risk and investment profiles, anti-money laundering, counterparty, market or operational risks);
- Marketing, communication, networking, counseling and information about our services (e.g. advertising, prospect and client events, website);
- Provision, maintenance, protection, optimization, development of the business and of our services (e.g. development of new or assessment of existing services, process and technologies);
- Compliance with legal and other regulatory requirements including disclosure, information or reporting obligations (e.g. reporting obligations to supervisory authorities, clarifications in connection with the prevention of money laundering and terrorist financing);
- For the purpose of processing an inquiry after contact has been made (e.g. via contact form or e-mail);
- Processing of an incoming application;
- Establishing, exercising and/or defending actual or potential legal claims, investigations or similar proceedings (e.g. defense of legal claims).
4. Recipients of personal data
We take the necessary measures to ensure that only authorized employees or auxiliary persons who have the required knowledge have access to your personal data in order to fulfill the above-mentioned purposes.
In accordance with the legal and regulatory requirements, we are entitled to disclose personal data to the following possible recipients or categories of recipients in accordance with the purposes and legal bases of processing described above, insofar as this is appropriate for the intended data processing:
- Other financial services and comparable institutions for the execution of the contractual relationship and order execution, i.e. utilization of products and services (e.g. custodian banks, brokers, stock exchanges, trade repositories);
- Authorities, official agencies, courts or other state institutions on the basis of statutory obligations, legal justification or complying with regulatory orders (e.g. to supervisory authorities, money laundering reporting office, child and adult protection authority (KESB));
- Other parties in potential or actual legal proceedings to the extent necessary to protect the legitimate interests of Forma Futura;
- Competent Swiss authorities for the re-establishment of client contact after contact has been broken off (dormancy);
- Experts and other service providers of Forma Futura in the context of an inquiry;
- Service providers who process personal data on our behalf and according to our instructions (so-called processors, e.g. in the area of IT, hosting and support);
- Other business partners and auxiliary persons (e.g. lawyers).
We guarantee to you that our business partners and processors have suitable organizational and technical measures in place to ensure compliance with the data protection provisions. Furthermore, those business partners and processors who process client data are contractually obligated to maintain confidentiality and client secrecy.
5. Categories of personal data
Depending on which of our services you use, Forma Futura will process the following categories of personal data:
- Identification and contact data (e.g. name, birthday, nationality, address, telephone number);
- Information about tax situation (e.g. tax domicile, tax identification number (TIN));
- Information about occupation, education, and information about family and personal background;
Asset data (e.g. information about income and asset situation, origin of assets and assets to be invested);
- Data regarding suitability/risk profile (e.g. information about knowledge and experience, financial circumstances, investment objectives incl. risk capacity and risk appetite);
- Transaction data (e.g. information about the background of the transaction as well as beneficiaries);
- Marketing data (e.g. preferences, needs);
- Technical data in connection with the website (e.g. access data/server log files, cookies, IP addresses).
6. Transfer of personal data abroad
In principle, your personal data will be processed in Switzerland. If, exceptionally, we disclose personal data abroad, we ensure that the countries concerned guarantee an adequate level of data protection (so-called adequate level of data protection).
If your personal data is transferred to countries that do not have an adequate level of data protection (e.g. outside the EU or the European Economic Area), we ensure adequate data protection by taking appropriate precautions to comply with data protection law. To this end, we contractually oblige the recipients to comply with the data protection provisions by concluding so-called standard contractual clauses that have been approved, issued, or recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC). If there are no contractual guarantees, we will only disclose your data to a country without an adequate level of data protection if you expressly consent to the disclosure, if it is necessary for the conclusion or execution of a contract (e.g. securities orders), if it is required by law (e.g. reporting obligations under tax law) or if it is necessary for the establishment, exercise or enforcement of legal claims.
7. Data security
We take appropriate technical and organizational measures to ensure the integrity and confidentiality of your data, in particular by protecting it from unauthorized access, accidental or intentional manipulation, loss and/or destruction. Our data security measures are continuously being adapted and optimized in line with technological developments.
8. Use of the website
When you visit our website, the web server automatically registers details (so-called access data/server log files) about your visit. The access data includes:
- Name of the accessed website, file(s)
- Date and time of access
- Amount of data transferred
- Message about successful retrieval
- Browser type and version of the user’s operating system
- Referrer URL (the previously visited page) and exit pages
- IP address and the requesting provider)
- Location data (especially when using mobile devices)
- Information about interaction between pages (e.g. scrolling, clicking, mouseovers).
We use the server log files only for statistical evaluations for the purpose of the operation, security and stability of the system, and the optimization of the website. This data is not merged with other personal data. It is stored separately from any other personal data you may have provided. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications.
We endeavor to process as little personal data as possible and to collect information in anonymous or pseudonymous form so that your identity is not identifiable.
This website uses SSL or TLS encryption for security reasons and to protect personal data and other confidential content (e.g. inquiries). You can recognize an encrypted connection by the string «https://» (https stands for «Hypertext Transfer Protocol Secure») at the very beginning of the address line in the browser and the lock symbol in your browser line.
10. Integration of third-party services and content
Third-party content, such as videos from YouTube, maps from Google Maps, Monotype Fonts, spam protection via hCAPTCHA or graphics from other websites may be embedded into our website. This requires the providers of this content (hereinafter referred to as «third-party providers») to know your IP address. Without IP address, no connection would be possible and thus the content could not be displayed in your browser. The IP address is required for the display of this content. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address and other information, e.g. for statistical purposes.
11. Google Maps
We use Google Maps from Google LLC. on our website (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, «Google»). Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, our location is displayed to you and a possible approach is facilitated. As soon as you call up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data are directly assigned to your account. If you do not want the data to be assigned to your Google profile, you must log out before activating the button or visit the relevant sub-pages respectively. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.
We integrate YouTube videos from Google LLC. on our website (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, «Google»). We use YouTube videos in privacy-enhanced mode. The privacy-enhanced mode means that no information about you is stored before you watch the video. As soon as you start a YouTube video on our website, a connection to YouTube’s servers is established. If you are logged into your YouTube account, you enable YouTube to associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account before watching the video on our website.
For data transfers to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses. Furthermore, content from YouTube is blocked by default on our website. By loading the video or clicking «Accept all» in our cookie banner, you expressly agree to the setting of cookies and the transfer of personal data to YouTube. You can view Google’s terms of service here. Detailed information on data protection in connection with the use of YouTube can be found here.
We use the anti-bot service hCAPTCHA from Intuition Machines Inc. on our website (350 Alabama Street, San Francisco, CA 94110, USA, «IMI»). The purpose of hCAPTCHA is to check whether the data entry on our website (e.g. in the contact form) is made by a human or by an automated program. For this purpose, hCAPTCHA analyzes your behavior on our website based on various characteristics. This analysis begins automatically as soon as you enter the sub-page in which the contact form is integrated. For the analysis, hCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by you). The hCAPTCHA analysis may take place entirely in the background. You will not be notified that such an analysis is taking place unless a task is given to you. The data collected as part of the analysis is forwarded to IMI and transferred to IMI’s servers in the USA and stored there.
For data transfers to the USA, IMI has undertaken to sign and comply with the EU standard contractual clauses. IMI acts as a processor in the sense of the Swiss Data Protection law. You can view IMI’s terms of service here. Detailed information on data protection in connection with the use of hCAPTCHA can be found here.
15. Video and telephone conferences with Microsoft Teams
16. Contact us
If you contact us (e.g. via contact form, e-mail or telephone), we process the necessary personal data (e.g. contact details). Which data is collected in the case of the contact form can be found in the contact form on our website. In any case, the name and e-mail address must be provided. Your data will be stored exclusively for the purpose of processing the request and in the event that follow-up questions arise. After final processing, the data collected and stored in the context of the request will be deleted. This is the case when the matter in question has been conclusively clarified. Legal retention periods remain reserved.
If you apply for one of our advertised positions, we collect the information provided in the job advertisement as well as any information you provide of your own accord. Your information will be stored solely for the purpose of processing your application. Once an employment procedure has been completed, the documents that are no longer required are deleted. Further information on data processing will be provided in the application process.
18. Retention period
In principle, your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. A longer retention period is permissible if this is necessary to fulfill legal, contractual or precontractual obligations or legitimate business interests (e.g. in connection with the assertion, exercise or defense of legal claims), or if you expressly consent to a longer retention period determined in advance.
19. Your rights
You may assert your claims against us at any time based on the data protection provisions. In particular, you have the right to receive information from us free of charge about your stored personal data. You also have the right to have incorrect data corrected and to have your personal data deleted, provided there is no legal or contractual obligation to retain the data.
You are entitled to report violations of data protection regulations to the Federal Data Protection and Information Commissioner (FDPIC).
Last updated: September 2023