Privacy Policy
Privacy Policy Orthos Advisory AG

With this Privacy Policy, Orthos Advisory AG (hereafter "OA") informs how personal data is obtained and processed. This Privacy Policy is not exhaustive, as further declarations by OA may regulate the data protection of specific circumstances (e.g. conditions of participation).

1. Scope

Personal data refers to all information relating to an identified or identifiable natural person. Processing means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, use, revision, disclosure, archiving, deletion or destruction of data.

When processing personal data, OA is guided by the provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Data Protection Act (DPA) and any other data protection provisions, insofar as they are applicable to the data processing referred to in this Policy.

2. Controller and contact

The person responsible for the data processing described here is Orthos Advisory AG, Scheideggstrasse 85, 8038 Zürich, +41 79 299 3153, The data subject may contact the controller using these contact details for any data protection concerns.

3. Origin and processing of personal data

OA primarily processes personal data that it receives in the context of client relationships as well as contractual relationships with business partners from these or other persons involved. In addition, OA processes personal data that it collects from users in the course of operating OA's website. If personal data of other persons (e.g. family members, work colleagues or employees) is transferred to OA by the data subject, it must be ensured that the personal data provided is accurate and that these persons have been made aware of this Privacy Policy.

In addition to the data that is provided to OA by the data subject, OA also processes data that it receives from authorities or other third parties (e.g. custodian banks), publicly accessible data or data that it becomes aware of as a result of the use of a service. The categories of personal data that OA obtains from third parties include, in particular, information from public registers, information in connection with administrative or judicial proceedings, information in connection with professional activities or functions of the data subject, information about the data subject from correspondence and meetings with her/him and/or with third parties, information about the data subject disclosed to OA by persons in the data subject's environment (e.g. family, accountant, attorney), information for compliance with legal requirements such as anti-money laundering and terrorist financing regulation or export restrictions, information from banks, insurance companies and other contracting partners of OA for the use or provision of services for the data subject and third parties, information in the media and internet and data in connection with the use of OA's website.

4. Purposes of data processing

OA always processes personal data for a specific purpose. Primarily, this is the conclusion and fulfillment of contracts, in particular in the context of providing services to clients and purchasing products and services from suppliers, as well as in order to comply with OA's legal obligations. In addition, OA also processes personal data for the following purposes, which are in OAs legitimate interest:

  • Offering and further developing products, services and the website;
  • Communication with clients, business partners and third parties;
  • Client care and marketing (unless the use of data from data subject for the specific purpose has been explicitly objected to);
  • Assertion of legal claims and defense in the context of legal disputes and official proceedings;
  • Ensuring the OA's business operation, in particular of the IT and the website;
  • Compliance with applicable legal and professional regulations and contractual agreements;
  • Corporate transactions (merger, acquisition and sale of companies or transfer of assets).

If the data subject gives consent for the processing of his/her personal data for specific purposes (e.g. receiving newsletters), OA will process the personal data only within the scope of and based on this consent. The given consent can be revoked at any time.

5. Data transfer to third parties and data transfer abroad

The personal data processed by OA will be transferred to third parties, if necessary or useful from OA's point of view, for the provision of the services or fulfillment of other purposes defined in this Privacy Policy. These recipients of personal data may fall into the following categories:

  • Clients and their affiliates;
  • Suppliers, their subcontractors and other external service providers (e.g. banks, insurance companies, accounting) and order processors (e.g. IT providers);
  • Domestic and foreign authorities, official agencies and courts, conciliation boards and arbitration tribunals;
  • Parties or interested parties to corporate transactions;
  • Other parties to potential or actual legal proceedings.

The aforementioned recipients of personal data may be located in Switzerland, but also abroad. The data subject must accordingly expect his/her personal data to be processed in Switzerland but also transmitted to any other country in the world where service providers of OA are located. If a recipient is located in a country without adequate data protection, OA will contractually bind the recipient (e.g. by means of recognized standard contractual clauses) or will rely on an exemption provision, such as consent, the execution of the contract or an overriding public interest.

6. Data security

OA takes appropriate technical and organizational security measures, to protect personal data of the data subject from unauthorized access and misuse.

7. Cookies and tracking

OA uses cookies on the website. Cookies are small text files that are automatically stored on a computer's hard drive when users visit OA's website. Cookies do not cause any harm there. These cookies are used to collect statistical information about visitors' use of the website on an anonymous basis. The information also enables the operator to optimize the functionality of the website. The website operator may cooperate with Google Analytics in the area of web analytics. Google Analytics also uses cookies. From the data stored in the Google Analytics cookie, Google Analytics learns which pages have been accessed in order to be able to display appropriate advertising. The Google Analytics cookies do not store any personal data. Most internet browsers accept cookies automatically. However, cookies can be prevented from being stored on a computer's hard drive by changing the browser settings. Cookies that are already stored on a hard drive can also be deleted at any time. If the data subject does not agree to the use of cookies, the functionality of this website may be limited.

8. Profiling and automated individual decision-making

While establishing and carrying out business relationships, OA generally do not use any fully automated individual decision-making. Should OA decide to use such procedures in certain cases, the data subject will be informed separately and advised of his/her relevant rights if required by law.

9. Rights of the data subject

This Privacy Policy also serves to provide the data subject with the information required to enable him/her to assert the following rights to which he/she is entitled under the FADP:

  • Right to information on existing personal data;
  • Right to rectification of personal data;
  • Right to delete personal data;
  • Right to restrict the processing of personal data;
  • Right to raise an objection to the processing of personal data;
  • Right to revoke consent given in the future;
  • Right to receive personal data for the purpose of transfer.

The data subject also has the right to enforce his/her claims in court or to file a complaint with the competent data protection authority (in Switzerland: the Federal Data Protection and Information Commissioner). OA draws attention to the fact that OA reserves the right to enforce the restrictions provided for by law, such as legal obligations to retain or process data or the existence of an overriding interest in data processing. The assertion of rights due to the data subject may result in OA no longer being able to provide agreed services and may result in termination of the contract.

10. Changes

OA reserves the right to change this Privacy Policy at any time without prior notice. The version published on OA's website is the current valid version.