DATA PROTECTION DECLARATION
1. Data privacy statement
Alyco Global DMCC, Dubai, United Arab Emirates and its affiliated companies Alyco Advisory Asia Limited, Hong Kong, Hong Kog SAR and Alyco Advisory AG, Zurich Switzerland (hereinafter all referred to as the "Alyco Group") website is subject to Swiss data protection law, especially in accordance with the Federal Act on Data Protection (FADP) and any applicable foreign data protection legislation such as the European Union’s General Data Protection Regulation (GDPR). The EU acknowledges that Swiss data protection law ensures appropriate data protection.
We very much welcome your interest in our company. Data privacy is extremely important to us. Alyco Group websites can in principle be used without providing any personal data. If persons affected wish to avail themselves of particular services of the company via our website, however, it may become necessary to process their personal data. If the processing of personal data is necessary but there is no statutory basis for it, we generally obtain the consent of the person affected.
Personal data such as the name, address, e-mail address or telephone number of a person affected is always processed in accordance with statutory data protection rules. With this data privacy statement the company wishes to inform the public of the nature, extent and purpose of the personal data that we gather, use and process. Furthermore this data privacy statement explains the rights of persons affected to them.
As an entity responsible for processing, Alyco Group has implemented numerous technical and organisational measures to protect the personal data processed via this website to the maximum possible extent. In principle, however, internet-based data transfers may suffer from security loopholes, so total protection cannot be guaranteed. This is why any person affected is free to transfer personal data to us by alternative channels – by phone, for example.
2. Data privacy statement
Alyco Group’s data privacy statement is based on the terms used by the European regulator and issuer of directives when enacting the General Data Protection Regulation (GDPR). Our data privacy statement must be easy to read and intelligible to the public, our customers and our business partners. To this end we shall now explain the terms used.
The terms used in this data privacy statement include the following:
a) Personal data
Personal data are all information relating to an identified or identifiable natural person (hereinafter referred to as the "person affected"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Person affected
A person affected is any identified or identifiable natural person whose personal data are processed by the entity responsible for processing.
Processing is any process carried out with or without the aid of automated procedures or any series of such processes in connection with personal data such as gathering, recording, organisation, sorting, storage, ad-justment or amendment, selection, retrieval, use, disclosure by transmission, dissemination or other form of provision, reconciliation, linking, restriction, deletion or destruction.
d) Restriction of processing
The restriction of processing is the flagging of stored personal data with the objective of restricting its future processing.
Profiling is any automated processing of personal data in which they are used to evaluate certain personal factors relating to natural persons, especially with regard to analysing or predicting their performance, eco-nomic situation, health, personal predilections, interests, reliability, conduct, place of residence or relocation.
Pseudonymisation is the processing of personal data in a way in which they can no longer be associated with a specific person affected without referring to additional information, provided this additional information is preserved separately and is subject to technical and organisational measures ensuring that the personal data cannot be associated with an identified or identifiable natural person.
g) Responsible entity or entity responsible for processing
The responsible entity or entity responsible for processing is the natural person or legal entity, authority, agency or other body that decides on the purposes and means of processing personal data either alone or jointly with others.
A processor is a natural person or legal entity, authority, agency or other body that processes personal data on the instructions of the responsible entity.
A recipient is a natural person or legal entity, authority, agency or other body to which personal data are disclosed, regardless of whether or not it is a third party.
j) Third party
A third party is a natural person or legal entity, authority, agency or other body other than the person affected, the responsible entity, the processor and persons authorised on the direct responsibility of the responsible entity or the processor to process personal data.
Consent is any informed, unequivocal statement of intent made voluntarily by persons affected for the case in point in the form of a declaration or other unambiguous affirmative act intimating that they agree to the processing of the personal data relating to them.
3. Name and address of the entity responsible for processing
Enquiries to the data protection officer from supervisory authorities or persons affected are generally sent by e-mail, but they can also be mailed to:
This may include your name, address, e-mail address and telephone number, information on your business relationship with us and information on your profession, background and interests.
5. Other information
We may also obtain certain information from other sources. For example
- If we have a business relationship with the organisation you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the business relationship.
- Sometimes we gather information from third-party providers or publicly accessible sources to com-bat money laundering, for background checks and for similar purposes in order to protect our business and comply with our statutory and regulatory obligations.
Users can at any time permanently prevent cookies from being set by our website by changing their internet browser settings. Furthermore cookies already placed can be deleted at any time using an internet browser or other software programs. Tracking pixels can be blocked at any time in the internet browser settings or with corresponding browser extensions. This is possible in all common internet browsers. If the person affected deactivates cookie settings and blocks tracking pixels, not all functions on our website may be fully usable.
7. Recording general data and information
The Alyco Group website records a series of general data and information every time it is visited by a per-son affected or an automated system. These general data and information are stored in the server’s log files. The following details can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system arrives at our website (called the referrer), (4) the subpages visited on our website by an accessing system, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the accessing system’s internet service provider and (8) other similar data and information serving to protect our IT systems from attacks.
When using these general data and information, Alyco Group draws no conclusions about the person affected. Instead this information is required (1) to deliver our website content correctly, (2) to optimise our website content and the advertising for it, (3) to safeguard the long-term functionality of our IT systems and our website’s technology and (4) to provide law enforcement agencies with the information they need in the event of a cyberattack. These data and information are gathered anonymously, and are therefore analysed statistically by Alyco Group with the objective of increasing data protection and data security within the company – in order ultimately to achieve an optimum level of protection for the personal data that we process.
8. Registering on our website
Persons affected have the option of registering on the website of the entity responsible for processing, providing their personal data. Which personal data are transmitted to the entity responsible for processing depends on the input screen used for registration. The personal data input by the person affected are gathered and stored solely for the internal use of the entity responsible for processing and for its own purposes. The entity responsible for processing can pass the data to one or more processors, for example a package service provider who also uses the personal data solely for internal use attributable to the entity responsible for processing.
Registering on the website of the entity responsible for processing also stores the IP address allocated to the person affected by the internet service provider (ISP), and the date and the time of registration. These data are stored against the backdrop of the fact that this is the only way to prevent the misuse of our services, and if offences are committed these data make it possible to investigate them. To this extent the storage of these data is necessary to safeguard the entity responsible for processing. These data are not passed to third parties unless there is a statutory obligation to do so or it serves the purposes of criminal prosecution.
By registering and voluntarily providing personal data, the person affected enables the entity responsible for processing to offer the person affected content and services that in the nature of things can only be offered to registered users. Registered persons are free at any time to alter the personal data they provided when registering, or to have it entirely deleted from the database of the entity responsible for processing.
The entity responsible for processing gives persons affected on request at any time information on what personal data on them are stored. The entity responsible for processing also corrects or deletes personal data on request by the person affected, unless they are subject to preservation obligations. All the employees of the entity responsible for processing are at the disposal of the person affected as contacts in this connection.
9. Contact option via the website
In accordance with statutory regulations the Alyco Group website contains information – including a general e-mail address – enabling the user to make rapid electronic contact with the company and communicate with us directly. If contact is made with the entity responsible for processing by e-mail or using a con-tact form, the personal data provided are automatically stored. The IP address is also recorded for security reasons. Personal data voluntarily supplied to the entity responsible for processing are stored for the purposes of processing or contacting the persons affected. They are not passed to third parties.
10. Use of Google Maps
This website uses Google Maps API to present geographical information visually, and to calculate journey times with the Travel Planner. When Google Maps is used, Google also gathers, processes and uses data on the use of map functions by visitors. You can find more detailed information on data processing by Google in the Google data privacy statement. You can alter your personal data protection settings in Google’s data protection centre.
Detailed instructions on managing your own data in connection with Google products can be found here. (http://www.dataliberation.org/)
11. The routine deletion and blocking of personal data
The entity responsible for processing processes and stores the personal data of the person affected only for the period necessary to achieve the purpose of storing it or that is permitted by the European regulator and issuer of directives or other legislature in laws or regulations to which the entity responsible for processing is subject.
If the purpose of storing the data no longer applies or a period prescribed in laws or regulations by the European regulator and issuer of directives or other legislature expires, the personal data are routinely blocked or deleted in accordance with statutory regulations.
12. Rights of the person affected
If you wish to exercise one of the following rights, please contact us as described in paragraph 3.
You can also complain about our processing of your personal data to the Federal Data Protection and Infor-mation Commissioner (FDPIC, http://www.edoeb.admin.ch).
a. Right to confirmation
According to the Swiss legislature and the European regulator and issuer of directives you have the granted right to ask for and obtain from the company/organisation confirmation as to whether or not it holds any personal data which affects you. If you wish to make use of this confirmation right, you can contact us at any time.
b. Right to information
The Swiss legislature and the European regulator and issuer of directives guarantee all persons affected by the processing of their personal data the right to call on the entity responsible for processing for information about the stored personal data relating to them, and to provide them with a copy of that information, free of charge. The European regulator and issuer of directives also give persons affected the right to the following information:
- the purposes of processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom personal data has been or is being disclosed, especially where recipients are in third countries or are international organisations
- where possible the period for which the personal data are to be stored, or if this is not possible the criteria for determining that period
- the existence of a right to the correction or deletion of their personal data or to the restriction of its processing by the responsible entity or to a right of objection to its processing
- the existence of a right to complain to a supervisory authority
- if the personal data are not obtained from the person affected: all available information on the origin of the data
- the existence of automated individual decision making including profiling in accordance with Art. 22 (1) and (4) of the General Data Protection Regulation (GDPR) and – in these cases at least – meaningful information on the logic involved and the implications for and the intended effects on the per-son affected of such processing
- persons affected are also entitled to information on whether their personal data have been trans-mitted to a third country or an international organisation. If this is the case, the person affected is also entitled to information on appropriate guarantees in connection with the transmission.
Persons affected who wish to exercise this right can apply to our data protection officer at any time.
c. Right of correction
The Swiss legislature and the European regulator and issuer of directives guarantee all persons affected by the processing of their personal data the right to call for incorrect personal data relating to them to be corrected without delay. Furthermore persons affected are entitled, taking the purposes of processing into account, to call for their incomplete personal data to be completed, if necessary by means of a supplementary statement.
Persons affected who wish to exercise this right can apply to our data protection officer at any time.
d. Right of deletion (right to be forgotten)
The European regulator and issuer of directives guarantees all persons affected by the processing of their personal data the right to call on the responsible entity to delete their personal data without delay if one of the following reasons applies and processing is not necessary:
- The personal data were obtained or otherwise processed for purposes for which they are no longer necessary.
- The person affected revokes the consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and processing lacks any other legal basis.
- The person affected objects to processing in accordance with Art. 21 (1) GDPR and there are no overriding reasons for it, or lodges an objection to processing in accordance with Art. 21 (2) GDPR.
- The personal data have been unlawfully processed.
- The deletion of the personal data is required in order to meet a statutory obligation under EU law or that of member states to which the responsible entity is subject.
- The personal data were obtained in relation to information society services offered in accordance with Art. 8 (1) GDPR.
If one of the reasons listed above applies and persons affected wish their personal data held by Alyco Group to be deleted, they can apply to our data protection officer at any time.
If personal data have been made public by Alyco Group and the company is obliged as the responsible entity within the meaning of Art. 17 (1) GDPR to delete them, Alyco Group, taking account of available technology and the implementation costs, takes appropriate measures, including technical measures, to make other persons responsible for data processing who process the personal data concerned aware that the person affected has called on these other persons responsible for data processing to delete all links to these personal data or copies or duplicates of these personal data if processing is not necessary. In individual cases our data protection officer will give the necessary instructions.
e. Right to restrict processing
The European regulator and issuer of directives guarantees all persons affected by the processing of their personal data the right to call on the responsible entity to restrict processing if one of the following condi-tions is met:
- The person affected disputes the correctness of personal data for a period enabling the responsible entity to verify their correctness.
- The processing is unlawful, the person affected rejects the deletion of the personal data and calls in-stead for their use to be restricted.
- The responsible entity no longer needs the personal data for the purposes of processing, but the person affected needs them to assert, exercise or defend legal entitlements.
- The person affected has lodged an objection to processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the reasons of the responsible entity outweigh those of the person affected.
If one of the preconditions listed above is met and persons affected wish their personal data held by Alyco Group to be restricted, they can apply to our data protection officer at any time.
f. Right to data transferability
The European regulator and issuer of directives guarantees all persons affected by the processing of their personal data the right to be supplied with the personal data relating to them that was given to a responsible entity by the person affected in a structured, standard, machine-readable format. Such persons are also entitled to transmit these data to another responsible entity without hindrance by the responsible entity to whom the personal data were supplied, provided that processing is based on consent in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and processing is conducted with the aid of automated processes if processing is not necessary for the fulfilment of a task in the public interest or in the exercise of official authority transferred to the responsible entity.
Furthermore the person affected, in exercising the right to data transferability in accordance with Art. 20 (1) GDPR, is entitled to effect the direct transfer of personal data from one responsible entity to another, provided that this is technically feasible and that no rights and liberties of other persons are infringed.
Persons affected wishing to assert the right to data transferability can apply to our data protection officer at any time.
g. Right of objection
The European regulator and issuer of directives guarantees all persons affected by the processing of their personal data the right to object at any time, for reasons arising from their personal situation, to the pro-cessing of personal data relating to them for reasons based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of an objection Alyco Group no longer processes personal data unless we can show that we have legitimate reasons for doing so that outweigh the interests, rights and liberties of the person affected, or that processing serves the assertion, exercise or defence of legal entitlements.
If Alyco Group processes personal data in order to engage in direct advertising, the person affected is entitled at any time to object to processing of personal data for the purposes of such advertising. This also applies to profiling that is connected with such direct advertising. If persons affected object to processing by Alyco Group for the purposes of direct advertising, we shall no longer process their personal data for these purposes.
In addition persons affected are entitled to object to the processing of their personal data conducted by Alyco Group for the purposes of scientific or historical research or for statistical purposes in accordance with Art. 89 (1) GDPR for reasons arising from their personal situation, unless such processing is necessary in order to per-form a task in the public interest.
Persons affected wishing to assert the right to object can apply directly to our data protection officer. Not-withstanding Regulation 2002/58/EC, persons affected are also entitled to exercise their right of objection in connection with the use of the services of the information society by means of an automated process making use of technical specifications.
h. Automated decisions in individual cases including profiling
The European regulator and issuer of directives guarantees all persons affected by the processing of their personal data the right not to be subject to a decision based solely on automated processing – including profiling – that has legal effects on them or similarly compromises them to a significant degree, unless the decision (1) is necessary for the conclusion or fulfilment of a contract between the person affected and the responsible entity or (2) is permitted in accordance with legislation of the European Union or its member states to which the responsible entity is subject and this legislation contains appropriate measures to safe-guard the rights, liberties and legitimate interests of the person affected or (3) has the express consent of the person affected.
If the decision (1) is necessary for the conclusion or fulfilment of a contract between the person affected and the responsible entity or (2) for the conclusion or fulfilment of a contract between the person affected and the responsible entity necessary or (2) has the express consent of the person affected, Alyco Group takes appropriate measures to safeguard the rights, liberties and legitimate interests of the person affected, including at least the right to effect the intervention of a person on the part of the responsible entity, to pre-sent their own standpoint and to contest the decision.
If persons affected wish to assert their rights with regard to automated decisions, they can apply to our data protection officer at any time.
i. Right of revocation of consent under data protection law
The Swiss legislature and the European regulator and issuer of directives guarantee all persons affected by the processing of their personal data the right to revoke their consent to the processing of personal data at any time.
If persons affected wish to assert their right to revoke consent, they can apply to our data protection officer at any time.
13. The legal basis of processing
The company relies on Art. 6 (I) (a) GDPR as the legal basis for processing in which we obtain consent for a defined processing purpose. If the processing of personal data is necessary for the fulfilment of a contract to which the person affected is a party, as is the case, for example, with processing necessary for a delivery of goods, a service or a consideration, then processing is based on Art. 6 (I) (b) GDPR. The same applies to pro-cessing necessary for the performance of precontractual measures, for example in cases of enquiries about our products or services. If the company is subject to a legal obligation necessitating the processing of personal data – in order to meet fiscal obligations, for example – then processing is based on Art. 6 (I) (c) GDPR. In rare cases the processing of personal data could become necessary in order to protect the vital interests of the person affected or another natural person. Processing would then be based on Art. 6 (I) (d) GDPR. Finally processing could be based on Art. 6 (I) (f) GDPR. This is the legal basis for processing not covered by any of the aforementioned legal bases if the processing is necessary in order to safeguard the legitimate interests of the company or a third party, unless these are outweighed by the interests, basic rights and fundamental liberties of the person affected. We are especially permitted to carry out such processing because European legislation specifically mentions it, taking the view that a legitimate interest may have to be assumed if the person affected is a customer of the responsible entity (recital 47 clause 2 GDPR).
14. Legitimate interests in processing by the responsible entity or a third party
If the processing of personal data is based on Art. 6 (I) (f) GDPR, our legitimate interest is the conduct of our business activity for the wellbeing of all our employees and our shareholders.
15. How long personal data are stored
The criterion for how long personal data are stored is the relevant statutory preservation period. On the expiry of this period the corresponding data are routinely deleted unless they are still required for the initiation or fulfilment of a contract.
16. Statutory or contractual regulations on the provision of personal data; requirement for the conclusion of a contract; obligation of the person affected to provide personal data; possible consequences of failure to provide them.
We inform you that the provision of personal data is sometimes prescribed by statute (e.g. tax regulations), and it may also arise from contractual provisions (e.g. information on the contractual partner). It may also be necessary for the conclusion of a contract for a person affected to provide us with personal data that we are subsequently required to process. Persons affected are obliged, for example, to provide us with personal data if the company concludes a contract with them. The failure to provide personal data would prevent the conclusion of the contract with them. Before providing personal data the person affected must apply to one of our employees, who explains on the basis of the individual case whether the provision of personal data is prescribed by statute or contractually or is necessary for the conclusion of a contract, whether an obligation to provide personal data exists, and what consequences would follow a failure to provide personal data.
17. Existence of automated decision making
As a responsible company we make no use of automatic decision making or profiling.
18. Adaption of this Data privacy statement
We may adjust our data privacy statement at any time by publishing it on this website.
The Alyco Group, May 2018