Privacy policy GWL Asset Management AG

1. Introduction

In this privacy policy we, the GWL Asset Management AG, Dorfstrasse 19A, 6340 Baar (hereinafter we or us), explain how we collect and further process personal data. We provide wealth management services to you.

The aim of this information is

  • comprehensive information about the processing of your personal data by us;
  • the explanation of your rights in connection with the processing of your personal data; and
  • providing the contact details of the entity responsible for processing your personal data and the data protection officer of GWL Asset Management AG.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (FADP), the Telecommunications Act (TCA) and, the European General Data Protection Regulation (GDPR) (EU) 2016/679, where applicable, other provisions of data protection law.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.

2. What personal data do we process and for what purpose?

Depending on your activity, we process the following personal data:

2.1 Visit the website

When you visit our websites, our servers temporarily save each access in a log file. The following data is collected without your intervention and stored by us until automatic deletion (at the latest after 12 months ):

  • the IP address of the requesting computer (shortened);
  • the name of your internet access provider (usually your internet access provider);
  • the date and time of access;
  • the name and URL of the retrieved file;
  • the page and address of the website from which you were redirected to our websites and, if applicable, the search term used;
  • the country from which our website is accessed;
  • the operating system of your computer and the browser you use (provider, version and language);
  • the transmission protocol used (e.g. HTTP/1.1).

The collection and processing of this data is carried out for the purpose of enabling the use of our websites (connection establishment), to ensure system security and stability on a permanent basis, to enable the optimisation of our internet offer as well as for internal statistical purposes.

Only in the event of an attack on the network infrastructure or suspicion of other unauthorised or abusive website use will the IP address be evaluated for the purpose of clarification and defence and, if necessary, used as part of criminal proceedings to identify and take civil or criminal action against the users concerned.

The legal basis is our legitimate interest within the meaning of Art. 6 para 1 lit. f GDPR in providing a stable and functional website.

Finally, we use cookies and other applications based on cookies when you visit our websites. You will find further information on this in the “Cookies” chapters.

2.2 When opening and maintaining a customer relationship

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*Passport
  • Electricity bill/other proof of address*.
  • Risk assessment*
  • KYC form/register of beneficial owners/passport/proof of address*.
  • Register of Directors/KYC Form/Passport/Proof of Address*.
  • Name and contact information of the managing director or authorised representative. *
  • Name of directors and officers*
  • Corresponcance

This data processing is necessary in order to enter into a contractual relationship with us.

Certain data are mandatory (marked with *). If you do not provide us with the mandatory information, it is not possible to open a customer account.

We are legally obliged to carry out further clarifications when entering into and maintaining client relationships. In particular, we are subject to an extensive duty of identification with regard to new and existing clients and are also subject to Swiss money laundering legislation.

Furthermore, this data is used to maintain the business relationship with you, to provide our services and to invoice you.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

2.3 When opening a customer account

When opening a client account (e.g. with a custodian bank or broker), we process the following personal data:

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*
  • Passport
  • Electricity bill/other proof of address*.
  • Register of Directors/KYC form/passport/proof of address*.
  • Name of directors and officers*
  • Performance report
  • Balance of account
  • Invoices
  • Access to E-Banking

Certain information is mandatory (marked with *). If you do not provide us with the mandatory information, it will not be possible to open a bank account.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

2.4 Anti-Money Laundering Act

The following data is collected as part of audits for compliance with the Money Laundering Act:

  • Name, first name*
  • Address*
  • Date of birth*
  • Phone number*
  • Gender*
  • Passport
  • Electricity bill/other proof of address*.
  • Risk assessment*
  • KYC form/register of beneficial owners/passport/proof of address*.
  • Register of Directors/KYC Form/Passport/Proof of Address*.
  • Name and contact information of the managing director or authorised representative *
  • Name of directors and officers*
  • Criminal record extract

The purpose of this data processing lies in the legal obligation to comply with the provisions of the Money Laundering Act. It is therefore necessary for the fulfilment of the legal obligations.

Certain data is mandatory (marked with *). If you do not provide us with the mandatory information, we will not be able to complete the verification of compliance with the Anti-Money Laundering Act.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR, our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR to comply with Anti-Money Laundering provisions as well as legal obligation within the meaning of Art. 6 para. 1 lit. c GDPR.

3. From which sources do we collect your personal data?

In principle, we collect personal data directly from you (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.).

Unless this is inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the media or the internet incl. social media) or receive data from other companies within our group, from authorities and from other third parties (such as data collections on criminal activities (such as World Check).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people close to you provide to us so that we can conclude or process contracts with you or involving you (e.g. information for compliance with legal requirements such as for combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet (where this is appropriate in the specific case).e.g. information to comply with legal requirements such as those relating to combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet.

4. Location

Your personal data is stored in Switzerland or in the EU/EEA.

5. Is the personal data passed on to third parties?

We share your personal data with the following categories of recipients:

  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g. IT providers, banks, insurance companies, debt collection companies, credit agencies or address checkers).

Central service providers in the IT area for us is TTP Consulting AG, Erlenbach, Switzerland.

We disclose to these service providers the data required for their services, which may also concern you. These service providers may also use such data for their own purposes, e.g. information about outstanding debts and your payment history in the case of credit agencies or anonymised data to improve services. We also enter into contracts with these service providers that include provisions to protect your personal data. Our service providers may also process data about how their services are used and other data arising from the use of their services as independent data controllers for their own legitimate interests (e.g. for statistical analysis or billing purposes). Service providers inform about their independent data processing in their own data protection statements.

  • Authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities then process this data on their own responsibility.

All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at events organised by us (e.g. media photographers, providers of tools that we have embedded on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to exercise your data protection rights, please contact these third parties directly.

6. Cookies

Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful.

Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each subsequent access, your system transmits these codes to our server or the server of the third party. In this way, you are recognised, even if your identity is not disclosed.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a user-friendly and up-to-date website.

Our websites use cookies and similar technologies. If the settings of your device allow it, we use cookies and similar tools to provide you with an optimal browsing experience on our websites.

Cookies collect data such as:

  • the IP address;
  • the website from which you are visiting us;
  • the type of device you are using;
  • how you use our search function (so-called search log);
  • what actions you take when you receive the newsletter.

It is also possible to visit our website without cookies. You can prevent the storage of cookies in the browser settings. However, this may affect your ability to use the website. Under no circumstances will cookies be used by us to install malware or spyware on your computer.

Most internet browsers automatically accept cookies. However, you can configure the Internet browser so that no cookies are stored or a notice always appears when you receive a new cookie. On the following pages you will find explanations on how you can configure the processing of cookies:

On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers.

Please note that deactivating cookies may mean that you cannot use all the functions of our website.

A distinction is made between the following cookies:

  • Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one use of the website), if you request this function (e.g. language selected, consent given, the function for automatic login etc.). These cookies have an expiry date of up to [24] months
  • Performance cookies: In order to optimise our website and corresponding offers and to better adapt them to the needs of users, we use cookies to record and analyse the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Before we use such cookies, we ask you to accept them. Performance cookies also have an expiry date of up to [24] months. Details can be found on the websites of the third-party providers.
  • Marketing cookies: We and our advertising partners have an interest in targeting advertising, i.e. displaying it only to those we want to target. We have listed our advertising partners below. For this purpose, we and our advertising partners – if you consent – also use cookies that can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think you may be interested in on our website, but also on other websites that display advertisements from us or our advertising partners. These cookies have an expiry date of between a few days and [12] months depending on the situation. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but advertising that is not tailored to your user behaviour.

7. Tracking tools

  1. Google Analytics

We use Google Analytics (including Google Analytics for Firebase), an analysis tool of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that enable an analysis of the use of website, such as cookies. The information generated by the cookie about your use of website such as.

  • App updates,
  • Browser information,
  • Click path,
  • Date and time of the visit,
  • Device information,
  • Downloads,
  • Flash version,
  • Location information,
  • IP address,
  • JavaScript support,
  • pages visited,
  • Purchase activity,
  • Referrer URL,
  • Usage data,
  • Widget interactions,
  • Navigation path that a visitor follows on the websites,
  • Dwell time on the websites and subpages,
  • The sub-page on which the websites are left,
  • The country, region or city from where access is made,
  • End device (type, version, colour depth, resolution, width and height of the browser window),
  • Returning or new visitor,
  • Browser provider/version,
  • The operating system used,
  • The referrer URL (previously visited website),
  • Host name of the accessing computer (IP address),
  • Time of the server request

are usually transferred to a Google server in the USA and stored there. In the process, the IP address is shortened by activating IP anonymisation (“anonymizeIP”) before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted within the scope of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.

The information is used to evaluate the use of the website, to compile reports on the activities in on the website and to provide other services associated with the use of the website for the purposes of market research and demand-oriented design of [the website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

The legal basis for processing the data for this purpose is your consent. The consent can be revoked at any time with effect for the future.

Users can prevent the collection of the data generated by the cookie and related to the use the website by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by preventing cookies or by making the appropriate settings in the website.

The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent or refuse processing at any time by rejecting or switching off the relevant cookies in your web browser settings or by making use of the service-specific options described below.

8. Transmission of personal data abroad

The personal data is processed in Switzerland and Greece and in the USA.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: [] ), insofar as they are not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.

9. Note on data transfers to the USA

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, restriction or exception based on the objective pursued and without any objective criterion that would make it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both access to and use of this data. Furthermore, we would like to point out that in the USA, data subjects from Switzerland do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out to users who are resident in Switzerland that the USA does not have a sufficient level of data protection from the point of view of the European Union and Switzerland – among other things due to the issues mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners through contractual arrangements with these companies as well as any additional appropriate guarantees required, which protect the rights of persons whose personal data is transferred to a third country.

10. Your rights

You can object to data processing at any time. You also have the following rights:

Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.

Right to restrict processing: Under certain circumstances, you have the right to have us restrict the processing of your personal data.

Right to object: You have the right to object to data processing, in particular to the processing of personal data.

Right to data transfer: In certain circumstances, you have the right to receive, free of charge, the personal data you have provided to us in a machine-readable format.

Right of withdrawal: In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past do not become unlawful as a result of your revocation.

Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.

11. Retention period of personal data

We retain personal data for as long as it is needed for the purpose for which it was collected, or for a period of time that we are obliged to retain it under applicable laws, regulations or contractual agreements, as well as for as long as we have an overriding interest in retaining it. After that, the data will be deleted.

Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. Likewise, certain data must be retained for up to 10 years after termination of the business relationship in accordance with money laundering legislation.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data as well as to comply with Swiss legal obligations

12. Data security

We take appropriate technical and organisational security measures to protect personal data from unauthorised access and misuse. These include IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training and controls.

If third parties have access to our data, special measures are taken which are regulated in the order processing contract.

13. Contact

If you have any questions about data protection, would like information, would like to object to data processing or would like to have your data deleted, please contact us by sending an e-mail to .

Please send your request by letter to the following address:

GWL Asset Management AG
Dorfstrasse 19A
6340 Baar
Tel: (+41) 55 417 04 71   /   (+41) 78 920 52 64

The representative of the responsible person in the EU is:

PIXELLAS OE – Vaggelis Ch.
Vafeiochoriou 19, Athens 11476
Tel.: +302103006203

14. Adaptation

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on 22/08/2023 is the current version.

Last updated: 22/08/2023