top of page

Privacy Policy

1. Introduction

1.1 Our Commitment to Privacy

BlynkX AG ("we," "us," "our," or "the Company") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.blynkx-ag.com (the "Website") or engage with our services.

1.2 Data Controller

BlynkX AG acts as the data controller for personal information processed in connection with our services. Our contact details are provided in Section 12 of this Policy.

1.3 Scope of This Policy

This Policy applies to:

  • Personal information collected through our Website

  • Personal information collected during client onboarding and service provision

  • Personal information processed by our appointed data processors

  • Both individual personal data and corporate contact information

 

2. Legal Basis for Processing

2.1 Governing Legislation

 

Our data processing activities are governed by:

  • Switzerland: Federal Act on Data Protection (FADP, SR 235.1) and the revised Federal Act on Data Protection (revFADP)

  • European Union: General Data Protection Regulation (GDPR, Regulation 2016/679)

  • Other jurisdictions: Applicable local data protection laws where we operate

 

2.2 Regulatory Framework

BlynkX AG operates as an asset manager under the supervision of SO-FIT (Organisme de Surveillance pour Intermédiaires Financiers & Trustees), a supervisory organisation approved by the Swiss Financial Market Supervisory Authority (FINMA). Our data processing activities comply with the regulatory requirements applicable to supervised asset managers in Switzerland.

2.3 Lawful Bases for Processing

We process personal information based on the following lawful bases:

Consent (Article 6(1)(a) GDPR / Article 31(1) FADP):

  • Marketing communications (where required)

  • Cookie preferences

  • Specific processing activities requiring explicit consent

 

Contract Performance (Article 6(1)(b) GDPR / Article 31(2)(a) FADP):

  • Client onboarding and due diligence procedures

  • Provision of asset management services

  • Processing of investment instructions and portfolio management

  • Managing client relationships and communications

 

Legal Obligation (Article 6(1)(c) GDPR / Article 31(2)(b) FADP):

  • Anti-money laundering (AML) and know-your-customer (KYC) requirements under Swiss AMLA

  • Regulatory reporting obligations to SO-FIT and other authorities

  • Tax reporting under Common Reporting Standard (CRS) and FATCA

  • Sanctions screening and compliance

  • Record-keeping requirements under Swiss financial market regulations

 

Legitimate Interests (Article 6(1)(f) GDPR / Article 31(1) FADP):

  • Website security and fraud prevention

  • Business development and relationship management

  • Internal administration and record-keeping

  • Legal claims and regulatory investigations

 

3. Information We Collect

3.1 Information You Provide Directly

Website Enquiries:

  • Name and contact details (email, telephone, address)

  • Company information (for corporate enquiries)

  • Nature of enquiry and communication preferences

  • Any other information you choose to provide in contact forms or correspondence

 

Client Onboarding (Individual Clients):

  • Full name, date of birth, nationality, and citizenship

  • Residential and correspondence addresses

  • Identity documents (passport, national ID, driving licence)

  • Contact information (email, telephone, mobile)

  • Employment and professional information

  • Financial information including income, net worth, assets, and investment experience

  • Source of wealth and source of funds documentation

  • Investment objectives, risk tolerance, and time horizon

  • Politically exposed person (PEP) declarations

  • Tax residency and identification numbers

  • Bank account and custodian information

 

Client Onboarding (Corporate and Institutional Clients):

  • Company name, registration number, and incorporation details

  • Registered office and business addresses

  • Corporate structure and beneficial ownership information

  • Authorised signatories, directors, and board members

  • Regulatory licences and permissions

  • Financial statements and corporate tax information

  • Ultimate beneficial owner (UBO) identification

  • Corporate resolutions and signing authorities

  • Investment policy statements and mandate parameters

 

Qualified Investor Verification:

  • Documentation to verify status as a qualified investor under Swiss law

  • Professional investor certifications or declarations

  • Evidence of financial sophistication and investment experience

 

3.2 Information We Collect Automatically

Website Usage Data:

  • IP address and geolocation information

  • Browser type, version, and operating system

  • Pages visited, time spent, and navigation patterns

  • Referral sources and exit pages

  • Device information and screen resolution

 

Cookies and Tracking Technologies:

  • Essential cookies for website functionality

  • Analytics cookies for usage statistics

  • Preference cookies for user settings

  • Security cookies for fraud prevention

  • Details of our cookie usage are provided in our Cookie Policy

 

3.3 Information from Third Parties

Due Diligence Providers:

  • Identity verification results

  • Enhanced due diligence reports

  • Sanctions and PEP screening results

  • Adverse media and reputational checks

 

Public Sources:

  • Corporate registry information

  • Regulatory databases and licensing records

  • Court records and legal proceedings

  • Media reports and public announcements

 

Financial Intermediaries:

  • Information from custodian banks and prime brokers

  • Transaction confirmations and settlement information

  • References from existing financial service providers

 

Professional Advisers:

  • References from lawyers, accountants, and other advisers

  • Verification of professional qualifications

  • Confirmation of client relationships

 

4. How We Use Your Information

4.1 Service Provision

  • Providing discretionary and advisory asset management services

  • Conducting client onboarding, due diligence, and suitability assessments

  • Executing investment decisions and managing portfolios

  • Processing subscriptions, redemptions, and other investment transactions

  • Preparing client reports and performance statements

  • Managing client relationships and communications

  • Maintaining accurate client records

 

4.2 Legal and Regulatory Compliance

  • Fulfilling anti-money laundering (AML) obligations under Swiss AMLA

  • Conducting know-your-customer (KYC) and know-your-business (KYB) procedures

  • Verifying qualified investor status under Swiss financial market regulations

  • Sanctions screening and ongoing monitoring

  • Regulatory reporting to SO-FIT, FINMA, and other authorities as required

  • Tax reporting under CRS, FATCA, and other international agreements

  • Responding to regulatory enquiries and examinations

  • Maintaining records as required by Swiss financial market regulations

 

4.3 Business Operations

  • Website administration and security

  • Internal record-keeping and administration

  • Risk management and compliance monitoring

  • Business development and relationship management

  • Legal claims and dispute resolution

  • Audit and regulatory examinations

  • Investment research and market analysis

 

4.4 Communications

  • Responding to enquiries and providing information

  • Sending service-related communications and transaction confirmations

  • Providing regulatory updates, important notices, and material changes

  • Distributing investment reports and market commentary

  • Marketing communications (with appropriate consent where required)

 

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

 

Custodian Banks and Prime Brokers:

  • Safekeeping of client assets

  • Trade execution and settlement

  • Corporate actions processing

 

Technology Providers:

  • Website hosting and cloud storage providers

  • Portfolio management and reporting systems

  • Email and communication service providers

  • Document management and storage systems

  • Analytics and website performance tools

 

Due Diligence and Compliance Providers:

  • Identity verification and KYC service providers

  • Sanctions screening and monitoring services

  • Background check and due diligence providers

 

Professional Advisers:

  • Legal counsel for regulatory and compliance matters

  • Auditors and compliance consultants

  • Tax advisers for reporting obligations

  • Other professional service providers as required

 

5.2 Regulatory and Legal Disclosures

We may disclose personal information to:

  • SO-FIT (our supervisory organisation)

  • Swiss Financial Market Supervisory Authority (FINMA)

  • Money Laundering Reporting Office Switzerland (MROS)

  • Tax authorities under CRS, FATCA, and other reporting obligations

  • Law enforcement agencies and regulatory authorities

  • Courts and legal proceedings as required by law

  • Other authorities as required by applicable laws and regulations

 

5.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred to the acquiring entity, subject to appropriate safeguards, regulatory approvals, and notification requirements.

5.4 Consent-Based Sharing

We may share personal information with third parties where you have provided specific consent for such sharing.

6. International Data Transfers

6.1 Transfer Mechanisms

Personal data may be transferred to countries outside Switzerland in connection with our business operations. Such transfers may include:

European Union:

  • EU-based service providers, custodians, and technology platforms

  • Transfers based on adequacy decisions and Standard Contractual Clauses

 

Other Jurisdictions:

  • Service providers and counterparties in other countries as required for investment activities

  • Appropriate safeguards implemented including Standard Contractual Clauses

  • Assessment of adequacy and data protection standards

 

6.2 Safeguards for International Transfers

We implement appropriate safeguards for international data transfers including:

  • Standard Contractual Clauses approved by Swiss and EU authorities

  • Adequacy decisions recognising equivalent protection

  • Binding corporate rules for multinational service providers

  • Specific consent where required by applicable law

  • Regular review of transfer mechanisms and safeguards

7. Data Retention

7.1 Retention Periods

We retain personal information for the following periods:

Client Records:

  • Active client relationships: Duration of relationship plus 10 years

  • Prospective clients (not onboarded): 7 years from last contact

  • Former clients: 10 years from end of relationship

 

Regulatory and Compliance Records:

  • AML and KYC documentation: 10 years from collection or end of relationship (whichever is later)

  • Transaction records: 10 years from transaction date

  • Regulatory correspondence: 10 years from date of correspondence

  • Suspicious activity reports: 10 years from filing

 

Investment Records:

  • Portfolio records and investment decisions: 10 years from relevant date

  • Trade confirmations and settlement records: 10 years from transaction

  • Client instructions and mandate documentation: 10 years from end of mandate

 

Website and Marketing Data:

  • Website analytics: 26 months from collection

  • Marketing communications: Until consent withdrawn plus 3 years

  • Contact enquiries: 7 years from enquiry date

 

Legal and Audit Records:

  • Legal proceedings: 10 years from conclusion

  • Audit documentation: 10 years from audit date

  • Regulatory examinations: 10 years from examination

 

7.2 Secure Disposal

At the end of retention periods, personal information is securely deleted or destroyed using appropriate technical and organisational measures to prevent unauthorised access or recovery.

8. Data Security

8.1 Technical Safeguards

  • Encryption of data in transit and at rest

  • Secure hosting environments with access controls

  • Regular security assessments and vulnerability testing

  • Multi-factor authentication for system access

  • Automated backup and disaster recovery procedures

  • Network security monitoring and intrusion detection

 

8.2 Organisational Safeguards

  • Staff training on data protection and information security

  • Access controls based on need-to-know principles

  • Regular review of data processing activities

  • Incident response and breach notification procedures

  • Vendor due diligence and ongoing monitoring

  • Physical security measures for premises and equipment

 

8.3 Data Processing Agreements

All third-party processors are bound by comprehensive data processing agreements that include:

  • Specific processing instructions and limitations

  • Technical and organisational security measures

  • Confidentiality and staff training requirements

  • Incident notification and breach response procedures

  • Audit rights and compliance monitoring

  • Sub-processor approval and oversight requirements

 

9. Your Rights

9.1 Data Subject Rights

Under applicable data protection laws, you have the following rights:

Right of Access (Article 15 GDPR / Article 25 FADP):

  • Request confirmation of whether we process your personal data

  • Obtain a copy of your personal data and information about processing

 

Right to Rectification (Article 16 GDPR / Article 32 FADP):

  • Request correction of inaccurate or incomplete personal data

  • Provide supplementary information where necessary

 

Right to Erasure (Article 17 GDPR / Article 32 FADP):

  • Request deletion of personal data in certain circumstances

  • Subject to legal retention requirements and legitimate interests

 

Right to Restrict Processing (Article 18 GDPR / Article 32 FADP):

  • Request limitation of processing in specific situations

  • Data may be stored but not further processed

 

Right to Data Portability (Article 20 GDPR):

  • Receive personal data in a structured, machine-readable format

  • Request direct transfer to another controller where technically feasible

 

Right to Object (Article 21 GDPR / Article 30 FADP):

  • Object to processing based on legitimate interests

  • Object to direct marketing at any time

 

9.2 Exercising Your Rights

To exercise your rights:

  • Submit requests in writing to info@blynkx-ag.com

  • Provide sufficient information to verify your identity

  • Specify the right you wish to exercise and relevant details

  • We will respond within one month (extendable by two months for complex requests)

 

9.3 Limitations on Rights

Certain rights may be limited by:

  • Legal and regulatory obligations (AML, tax reporting, financial market regulations)

  • Supervisory requirements and regulatory examinations

  • Legitimate interests in fraud prevention and legal claims

  • Rights and freedoms of other individuals

  • Technical feasibility and proportionality

 

10. Cookies and Tracking Technologies

10.1 Cookie Usage

Our Website uses cookies and similar technologies as detailed in our Cookie Policy. By continuing to use our Website, you consent to our use of cookies in accordance with your preferences.

10.2 Cookie Categories

  • Strictly Necessary: Essential for website functionality

  • Performance: Analytics and website improvement

  • Functional: Enhanced features and personalisation

 

10.3 Managing Cookie Preferences

You can manage your cookie preferences through:

  • Our cookie consent banner on first visit

  • Browser settings and privacy controls

  • Third-party opt-out mechanisms where applicable

  • Contacting us directly for assistance

 

11. Changes to This Privacy Policy

11.1 Policy Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in applicable laws and regulations

  • New processing activities or technologies

  • Feedback from regulators or data protection authorities

  • Business developments and service enhancements

  • Changes to our regulatory status or supervisory requirements

 

11.2 Notification of Changes

  • Material changes will be notified through our Website

  • Significant changes may be communicated directly to clients

  • The "Last Updated" date at the top of this Policy will be revised

  • Continued use of our services constitutes acceptance of changes

 

12. Contact Information

12.1 Data Protection Enquiries

For questions about this Privacy Policy or our data processing activities:

BlynkX AG

Ageristrasse 64 6300 Zug Switzerland

Email: info@blynkx-ag.com Website: www.blynkx-ag.com

Company Registration (UID): CHE-302.149.169

12.2 Supervisory Organisation

BlynkX AG is supervised by:

SO-FIT (Organisme de Surveillance pour Intermédiaires Financiers & Trustees) Website: www.so-fit.ch

12.3 Regulatory Complaints

If you are not satisfied with our response to your data protection concerns, you may lodge a complaint with:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1 3003 Bern Switzerland Website: www.edoeb.admin.ch

European Union: Your local data protection supervisory authority List available at: https://edpb.europa.eu/about-edpb/board/members_en

bottom of page