Privacy
Policy
Last update - April 2025
Fairclough Palmer AG Full blue square pattern.

1. Introduction: Our Commitment to Your Privacy

Fairclough Palmer AG, including its affiliates and subsidiaries (hereinafter referred to as "We", "Us", "Our", or the "Company"), is unequivocally committed to safeguarding the privacy, confidentiality, and security of the Personal Data entrusted to Us. This Privacy Policy outlines the principles and practices governing Our collection, processing, storage, protection, and disclosure of Personal Data pertaining to Our clients, prospective clients, investors, partners, website visitors, and other individuals with whom We interact.

For the purposes of this Policy, "Personal Data" signifies any information relating to an identified or identifiable natural person.

Our data processing activities are primarily governed by the Swiss Federal Act on Data Protection (FADP) and its accompanying Ordinance. Where applicable, particularly concerning individuals within the European Economic Area (EEA), We also adhere to the standards set forth by the European General Data Protection Regulation (GDPR). Furthermore, Our practices comply with relevant international financial regulations and applicable local laws in jurisdictions where We operate.

2. Personal Data Collection and Lawful Processing

We collect and process Personal Data strictly for specified, explicit, and legitimate business purposes. The collection is limited to data that is adequate, relevant, and necessary for the intended purpose (data minimisation).

2.1 Purposes of Processing:

Our primary purposes for processing Personal Data include, but are not limited to:

  • Client Onboarding and Account Management: Establishing and maintaining client relationships, including identity verification and account administration.
  • Service Provision: Delivering investment services, processing transactions, and managing portfolios effectively.
  • Legal and Regulatory Compliance: Fulfilling mandatory legal and regulatory obligations, including Anti Money Laundering (AML), Counter Terrorist Financing (CTF), Know Your Customer (KYC) requirements, tax reporting (e.g., Common Reporting Standard - CRS), and responding to lawful requests from authorities.
  • Communication: Engaging with clients, investors, and partners regarding services, accounts, market updates, and responding to inquiries.
  • Risk Management: Assessing and managing financial, operational, and compliance risks associated with Our business activities.
  • Service Improvement: Analysing data (often in aggregated or anonymised form) to enhance Our service offerings and operational efficiency.
  • Internal Operations: Facilitating internal audits, record keeping, and general business administration.
2.2 Categories of Personal Data Collected:

The types of Personal Data We may collect encompass:

  • Identification Data: Full legal name, date and place of birth, gender, nationality, copies of passport or national identity card, tax identification numbers (TINs), social security numbers (where legally required for specific purposes like US tax reporting, obtained with explicit consent where necessary), and specimen signatures.
  • Contact Information: Residential and correspondence postal addresses, telephone numbers (landline and mobile), email addresses, and other electronic contact details.
  • Financial Data: Details regarding investment objectives and experience, risk tolerance, assets, income, account balances, transaction history, banking coordinates (account numbers, IBAN, SWIFT/BIC), information pertaining to creditworthiness, source of wealth and funds documentation, tax residency information.
  • Compliance and Due Diligence Data: Information gathered during KYC/AML checks, politically exposed person (PEP) screening results, sanctions list verification data, information relevant to fraud prevention and detection.
  • Technical Data: Internet Protocol (IP) addresses, login credentials for online services, browser type and version specifics, device operating system and platform details, location data (derived from IP address or device settings), cookies, and similar technologies used when interacting with Our digital platforms.
  • Communication Data: Records of correspondence and interactions, including copies of emails, letters, facsimiles, secure messages, logs of telephone calls (potentially including recordings where legally permissible and notified), and meeting notes.
  • Marketing Preferences: Explicit preferences regarding receiving marketing materials or communications from Us.

2.3 Lawful Basis for Processing:

We process Personal Data based on one or more lawful grounds as stipulated by the FADP and, where applicable, GDPR:

  • Contractual Necessity: Processing necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (e.g., managing investments).  
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which We are subject (e.g., AML/KYC checks, regulatory reporting).
  • Legitimate Interests: Processing necessary for the purposes of the legitimate interests pursued by Us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (e.g., risk management, service improvement, fraud prevention).  
  • Consent: Where required, We will obtain explicit consent for specific processing activities (e.g., certain marketing communications). Consent can be withdrawn at any time.

3. Data Storage, Security, and Protection

We implement and maintain robust technical, organisational, and physical security measures designed to protect Personal Data against unauthorised or unlawful processing, accidental loss, destruction, damage, alteration, or disclosure.  

  • Secure Storage: Personal Data is securely stored predominantly using encrypted cloud infrastructure provided by reputable vendors such as Google Cloud. These providers adhere to internationally recognised security certifications (e.g., ISO 27001, SOC 2) and maintain stringent physical and logical security controls.
  • Third Party Software: We utilise carefully selected third party software solutions for client relationship management, transaction processing, and other operational functions. These solutions are vetted for their adherence to multi layered security protocols, including robust encryption (both at rest and during transmission using protocols like TLS), granular access controls (implementing role based access and the principle of least privilege), advanced intrusion detection and prevention capabilities, and regular security updates and vulnerability management.
  • Due Diligence: Any third party platform used for storing or processing Personal Data undergoes rigorous security and data protection due diligence prior to engagement and periodically thereafter. Clients will be informed where applicable if data is processed by significant third parties not covered under general service provision.
  • Confidentiality: All Our personnel are subject to strict confidentiality obligations regarding Personal Data.

4. Data Sharing and Disclosure to Third Parties

We uphold strict confidentiality and do not sell, trade, or rent Personal Data to third parties for their own marketing initiatives. Disclosure of Personal Data is limited and occurs only under specific, legitimate circumstances:

  • Trusted Service Providers: We may share Personal Data with verified third party service providers contracted to perform specific functions on Our behalf, necessary for operating Our business and providing services. Such providers may include IT infrastructure and support services, cloud storage providers, payment processors, custodians, legal counsel, compliance consultants, auditors, and document management services. These providers are contractually bound to maintain confidentiality and implement appropriate technical and organisational security measures, including encryption and robust cybersecurity protocols, consistent with applicable laws and industry standards. Data Processing Agreements (DPAs) are established where required by law.
  • Regulatory and Legal Authorities: We may be legally compelled to disclose Personal Data to regulatory bodies (e.g., FINMA), tax authorities, law enforcement agencies, courts, or other governmental bodies pursuant to applicable laws, regulations, subpoenas, court orders, or other legal processes.
  • Legal Rights: Disclosure may occur where necessary to establish, exercise, or defend Our legal rights or protect Our vital interests or those of others.
  • Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, Personal Data may be transferred as part of the transaction, subject to appropriate confidentiality and security safeguards.
  • With Consent: We may share Personal Data with other third parties where We have obtained explicit consent to do so.

5. Compliance with Swiss and International Regulations

Fairclough Palmer AG is steadfast in its commitment to adhering to all applicable data protection legislation and relevant financial regulations.

  • Swiss Federal Act on Data Protection (FADP): As Our primary governing law, We fully comply with the FADP's principles regarding lawful processing, transparency, data subject rights, cross border data transfers, and mandatory data security measures.
  • European General Data Protection Regulation (GDPR): We acknowledge the GDPR's potential applicability to processing Personal Data of individuals located within the EEA. Where GDPR applies, We adhere to its stringent requirements, including its core principles (Lawfulness, Fairness, Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitation; Integrity and Confidentiality; Accountability) and enhanced data subject rights.  
  • International Financial Regulations: Our data handling practices incorporate requirements from international standards aimed at preventing financial crime, notably the Financial Action Task Force (FATF) recommendations concerning AML and CTF, and automatic exchange of information protocols like the Common Reporting Standard (CRS). We also comply with applicable international sanctions regimes.

6. Data Retention Policy

We retain Personal Data only for as long as is strictly necessary to fulfil the specific purposes for which it was originally collected, and to satisfy any applicable legal, regulatory, accounting, reporting, or legitimate business requirements.

Retention periods are determined by considering:

  • The nature, sensitivity, and volume of the Personal Data.
  • The purposes for which We process the data.
  • Mandatory retention periods stipulated by law (e.g., Swiss Code of Obligations requirements for retaining business records, typically 10 years).
  • Applicable statutes of limitations for potential legal claims.
  • Our documented operational needs and legitimate business interests.

Upon expiry of the applicable retention period, Personal Data is securely and permanently destroyed, erased, or anonymised using methods aligned with industry best practices to prevent subsequent access or use.

7. Your Data Subject Rights

Under the FADP and, where applicable, GDPR and other relevant laws, you possess specific rights concerning your Personal Data. These may include, subject to certain legal limitations and conditions:

  • Right of Access: To request confirmation of whether We process your Personal Data and, if so, to access that data along with supplementary information.
  • Right to Rectification: To request the correction of inaccurate or incomplete Personal Data We hold about you.  
  • Right to Erasure ('Right to be Forgotten'): To request the deletion of your Personal Data under specific circumstances (e.g., data is no longer necessary for its original purpose, consent is withdrawn). This right is not absolute and may be overridden by Our legal retention obligations.
  • Right to Restriction of Processing: To request the limitation of how We process your Personal Data under certain conditions (e.g., while accuracy is contested).
  • Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, to receive your Personal Data in a structured, commonly used, machine readable format, and potentially transmit it to another controller.
  • Right to Object: To object to the processing of your Personal Data based on legitimate interests or for direct marketing purposes.  
  • Right to Withdraw Consent: Where Our processing is based on your explicit consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.  
  • Right to Lodge a Complaint: To lodge a complaint regarding Our data processing activities with the relevant supervisory authority, primarily the Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB), or your local data protection regulator if applicable.

To exercise any of these rights, please submit a written request to Our contact point detailed in Section 10. We will respond to verifiable requests in accordance with applicable legal requirements and typically within one month of receipt.

8. Security Measures Implemented

We implement a comprehensive suite of technical and organisational security measures, reviewed and updated regularly, to protect Personal Data under Our control. These measures include:

  • Technical Security:
    • Encryption of sensitive Personal Data both during transmission (e.g., using TLS/SSL) and when stored at rest (e.g., using AES 256 or equivalent standards).
    • Deployment and maintenance of robust firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
    • Regular vulnerability scanning, penetration testing (where appropriate), and timely application of security patches.
    • Secure network architecture including segregation where necessary.
    • Systematic logging and monitoring for security events.
    • Secure data backup procedures and disaster recovery capabilities.
  • Organisational Security:
    • Strict access control policies employing role based permissions and the principle of least privilege.
    • Multi factor authentication (MFA) enforced for access to sensitive systems and data.
    • Regular reviews and audits of access rights.
    • Comprehensive data protection and information security policies and procedures.
    • Mandatory, role specific data protection and security awareness training for all personnel.
    • Confidentiality clauses within employment contracts and third party agreements.
    • Due diligence processes for selecting and managing third party service providers.
  • Physical Security:
    • Controlled access to office premises and sensitive areas.
    • Secure procedures for the disposal of physical documents and electronic media containing Personal Data.

9. Modifications to This Privacy Policy

We reserve the right to amend or update this Privacy Policy periodically to reflect changes in Our practices, legal or regulatory requirements, or service offerings. Any revisions will become effective upon posting the updated Policy on Our website. For significant changes, particularly those impacting your rights or the way We handle Personal Data, We will provide appropriate notice (e.g., via email or a prominent notice on Our website). We encourage you to review this Privacy Policy regularly to stay informed about Our data protection practices.  

10. Contact Information

Should you have any inquiries regarding this Privacy Policy, wish to exercise your data subject rights, or have concerns about Our handling of your Personal Data, please contact Our designated data protection lead via:

  • Email: Privacy@FaircloughPalmer.com
  • Registered Address: Fairclough Palmer AG, Schifflände 26, 8001 Zürich, Switzerland

We are committed to addressing your queries and resolving any issues concerning your privacy in a timely and effective manner.

Acknowledgement

By engaging with our investment offerings or utilising our services, providing your Personal Data, or otherwise interacting with Fairclough Palmer AG, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, processing, and storage of your Personal Data as described herein, subject to your statutory rights.

Fairclough Palmer AG - CTA Bg Top

Ignite the Conversation

Let's start a journey together. Reach out to us today and witness how Fairclough Palmer AG can revolutionise your long term investment objectives. Your future starts with a simple click.

Let's Talk
Fairclough Palmer AG - CTA Bg Bottom
Empowering Investments, One Share at a Time
Info@FaircloughPalmer.com
Insights
Fairclough Palmer AG
Our Portfolio
About Us
Business Model
Convertible Debt
Company
Zurich Registry
Legal Entity ID (LEI)
FINMA
Legal
Privacy Policy
Contact
Correspondence
Schifflände 26, 8001 Zürich, Switzerland
+41 (0) 44 505 2202
The official logo mark for Fairclough Palmer AG, identifying it as an Investment Holding Company. The design includes the company name 'FAIRCLOUGH PALMER AG' in a dark serif font, positioned below a distinctive blue stylised lion emblem, with the descriptor 'INVESTMENT HOLDING COMPANY' displayed underneath.
Copyright © 2025 by Fairclough Palmer AG. All rights reserved.