This Privacy Notice describes how Amfin SA, Via al Chioso 15, CH-6900 Lugano (hereinafter “Amfin”, “we”, “our”, “us”), collects and processes personal data. Personal data is any information relating to an identified or identifiable natural person. We treat personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Notice.
For the data processing according to this Privacy Notice, Amfin is the “controller”, i.e. the party primarily responsible under data protection law unless otherwise communicated in individual cases
2. Data processing and categories of personal data
We process different categories of personal data depending on the occasion and purpose of the processing. We primarily process data that we receive in the context of an existing or potential client relationship or receive in the context of the execution of contracts or the use of products and services with other business partners. You will find below the most important categories of personal data we process, whereby this list cannot be exhaustive:
Identification and contact data (e.g., name, nationality, date of birth, address, telephone number, email);
Data on family and economic situation, including data on third parties (e.g. family members, authorized representatives);
Information on professional activities and education;
Information on tax residence and, if necessary, other relevant tax data;
Transaction data (e.g. beneficiaries, bank details);
Order and risk management data (e.g. information on the wealth situation, information for the risk and investment profile, knowledge and experience with investment products, specialized databases, public sources, the Internet or the media). Where relevant and permissible, this may also include personal data requiring special protection, in particular in connection with our “anti-money laundering” and “know your client” (AML/KYC) obligations as asset managers/investment advisors, such as data on administrative or criminal prosecutions and sanctions and health data (e.g. information on capacity to act, need for protection);
Contract data (i.e. information that incurs in connection with the conclusion or execution of a contract, for example information about contracts and the services to be rendered or the services rendered);
Information about our correspondence and interactions, including electronic and physical communications (e.g., via email, telephone, online meetings via Microsoft Teams or meetings in person);
Data related to the use of our website transmitted by browsers and automatically collected by our server (e.g. technical data, cookies, IP address, logins);
We may also collect data from you in other situations, for example in connection with official or judicial proceedings, such as files, evidence, etc. that may also relate to you.
You disclose much of the data mentioned in this section yourself (e.g. via forms, when communicating with us, in connection with contracts, when using the website, etc.). If you wish to enter into contracts with us or claim services, you must provide us with data as part of your contractual obligation under the relevant contract.
When Amfin provides services to its clients, it may also process personal data of third parties that we have not collected directly from the data subjects. These third parties are usually employees, family members or persons who have a relationship with the client or the data subjects for other reasons. We need this personal data in order to fulfil contracts with the client. If you do submit data concerning third parties, we understand that you confirm this data is correct and that you are authorised to provide us with this data. We ask you to inform these third parties about our processing of their data (for example, by a reference to this Privacy Notice).
3. Purposes of data processing
The specific data processed and the method used depends largely on the services requested or agreed upon. Amfin always processes personal data for specific purposes and as follows for:
Establishing, maintaining and developing a client relationship: when concluding or executing a contract with the data subject or for the benefit of the data subject, including contract initiation and possible enforcement (e.g. investment advice, asset management);
Provision/utilization of services: Fulfilment of a legal obligation (e.g. when we perform our duties as an asset manager/investment advisor or are required to disclose information);
Compliance and risk management: safeguarding legitimate interests (e.g., for administrative purposes, to improve quality, to ensure security, to manage risk, to enforce our own rights, in the event of claims against us or claims by us against third parties or to check for potential conflicts of interest);
Marketing, communication and information.
If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by written notice.
4. Cookies from partners and third parties on our website
The Site does not use third-party cookies for analysis, marketing, or profiling purposes (e.g., Google Analytics, social media cookies, advertising, or remarketing tools).
Technical cookies are necessary for the proper functioning of the Site and to allow the user to navigate and use its features. This type of cookie does not require user consent, pursuant to current legislation.
Since the Site only uses technical cookies, there is no banner consent system for profiling cookies.
5. Data sharing and data transfer
Amfin will only disclose data to third parties if this is necessary for the provision of its services, if these third parties provide a service for us, if we are required to do so by law or by the authorities, or if we have an overriding interest in the disclosure of the personal data. We will also disclose personal data to third parties if the data subjects give their consent to do so or have requested us to do so. Not all personal data is transmitted in encrypted form as standard. Unless explicitly agreed otherwise with the client or employee, reports, invoices, contracts, accounting data, as well as salary administration data, salary statements and pay slips, are transmitted unencrypted.
The following categories of recipients may receive personal data from us:
Service providers (e.g. IT service providers, external risk managers, hosting providers, consulting companies, debt collection service providers, marketing service providers);
Third parties within the scope of our legal or contractual obligations, e.g. fund administrators and custodian banks.
Other recipients such as courts and authorities as part of legal proceedings and legal information and cooperation duties, buyers of companies and assets, and collection agencies;
In individual cases, it is possible that we also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.
For the above purposes, personal data will be transferred mainly in Switzerland or in the EU/EEA. Certain personal data may also be transferred to the USA or in exceptional cases to other countries worldwide. Should a transfer of data to other countries that do not have an adequate level of data protection be necessary, this will be done on the basis of the EU standard contractual clauses or other appropriate instruments. In certain cases, we may transmit data in accordance with data protection law requirements even without such instruments, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.
6. Duration of the retention of personal data
Amfin processes and stores personal data as long as it is necessary for the fulfilment of contractual and legal obligations or the purposes otherwise pursued with the processing, i.e., for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against us (i.e. in particular during the statutory limitation period) and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as the storage of personal data is no longer required for the aforementioned purposes, it is generally destroyed.
7. Data security
We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data to protect it against unauthorised or unlawful processing and to protect it against the risks of loss, accidental loss or alteration, unauthorised access. However, security risks cannot be completely ruled out; residual risks are unavoidable.
8. Rights
Under the applicable data protection law, you have certain rights to obtain further information about and influence our data processing. Particularly, these are the following rights:
Access right: you can request further information about our data processing. We are at your disposal for this purpose. You can also submit a so-called information request if you wish to receive further information and a copy of your data.
Objection and deletion: you may object to our data processing and request that we delete your personal data at any time if we are not obliged to continue processing or storing this data and if it is not necessary for the contract.
Correction: you can have incorrect or incomplete personal data corrected or completed or complemented by a note that indicates your objection.
Data portability: you also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to have it transferred to a third party, as far as the respective data processing is based on your consent or is necessary for the execution of the contract.
Revocation: if we process data based on your consent, you can revoke your consent at any time. The revocation is only valid for the future, and we reserve the right to continue to process data based on another basis in the event of a revocation.
Please note that these rights are subject to legal requirements and restrictions and are therefore not fully applicable in every case. In particular, we may need to further process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by redacting certain content relating to third parties or our trade secrets).
If you wish to exercise any rights against us, please contact us in writing. You will find our contact details in the section below. As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card). You are also free to file a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Swiss Data Protection and Information Commissioner (FDPIC).
9. Data protection concerns
For requests for information and questions regarding data protection, Amfin can be contacted as follows:
AMFIN SA
Via al Chioso 15
CH-6900 Lugano
tel. +41 91 971 73 30
fax. +41 91 971 73 35
e-mail: info@amfin.ch
10. Modification of the Privacy Notice
Amfin may amend its Privacy Notice at any time by posting it on the website. It is the responsibility of the party concerned to stay informed about the latest version on the website.
Status of this Privacy Notice: 09.01.2026