Data Privacy Policy

Valid as of 01-Sept-2023

Akceso Advisors AG (hereinafter Akceso) understands and fully supports the need for appropriate data privacy protection. This policy lays out the company’s approach to managing confidential and personal data, describing process steps, responsibilities and actions to be taken in ensuring that we comply with our legal obligations.
This document provides the key information from the detailed internal standard operating procedure.

Table of Contents

DEFINITIONS

This policy covers confidential data and personal identifying data. We define these terms as follows:

  • Confidential data: any information from a third party that is not within the public domain, provided under confidentiality agreement to a representative of Akceso or entered into a system owned by Akceso
  • Personal identifying data: any information related to an identifiable person who can be directly or indirectly identified in particular in reference to an identifier

INTRODUCTION

In the conduct of our business, Akceso Advisors AG sometimes needs to gather and use personal data about individuals and confidential data about organisations. These individuals and organisations can include customers, suppliers, business contacts, employees and other people that we have a business relationship with or may need to contact.

WHY THIS POLICY EXISTS

This policy describes how this data must be collected, handled, stored and deleted to meet our data protection standards, and to comply with legal requirements.

POLICY SCOPE

This policy applies to all staff, volunteers, contractors, suppliers and other parties working for or on behalf of Akceso.

It applies to all data that the company holds relating to identifiable individuals covered under the European Commission’s General Data Protection Regulation (GDPR) and Swiss Data Protection Law (nDSG, “neues Datenschutzgesetz”). This includes any personal information by which a specific individual can be identified, such as:

  • Names of individuals
  • Personal postal addresses
  • Personal e-mail addresses
  • Personal telephone numbers
  • Company
  • Role

DATA PROTECTION LAW

Akceso adheres to data protection standards as described under the European Commission’s General Data Protection Regulations (GDPR) and Swiss Data Protection Law (nDSG, “neues Datenschutzgesetz”), governing how an organisation must collect, handle, store and delete personal information that it holds in internal systems. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with legal requirements, personal information as defined by GDPR and nDSG (including, but not limited to, “data to be especially protected” such as administrative or judicial proceedings and sanctions and measures related to social support) as well as confidential information, must be collected and used fairly, stored safely and not disclosed unlawfully. In particular, it protects the rights of individuals to have their personal data removed from an organisation’s data management and storage systems.

DATA PROTECTION GUIDELINES

DATA COLLECTION

In any initial contact with an individual whose personal identifying data we require for execution of a project or for communication purposes, we shall request their explicit acceptance for us to store their personal data using an opt-in request, proof of which must be captured either in writing or by e-mail from the specific individual.

DATA USE

Akceso only uses personal identifying information and confidential data in the conduct of its business. Such data will only be used to share information updates, or as reference information for preparing reports, either for specific clients or general publications. Where it is intended for use in a report Akceso will obtain specific written agreement from the individual owner of the data intended to be used prior to incorporating it into any report or publication. If such agreement is not provided by the individual owner, the data in question will not be used but may be retained within Akceso’s systems unless requested to remove it.
Personal identifying data will not be sent outside of the Akceso e-mail environment using standard e-mail.

DATA RETENTION/STORAGE

Employees and contract staff take all reasonable steps to ensure that all personal and confidential data is kept secure within company systems.

DATA DISCLOSURE

Personal identifying data is never shared informally. Such data will never be disclosed to unauthorised people, either within the company or externally, without the express permission of the specific individual, and only for the agreed purpose in disclosing that data.

DATA DISPOSAL

Akceso retains all information associated with specific projects for at least 5 years following the final completion date of the project, unless requested to remove information from its systems by its clients. Any personal or confidential information held as part of these archived projects is held solely for internal record keeping in the event of a follow-up project or as supporting evidence for any legal proceedings.

DATA BREACH

Although we will use our best efforts to protect all personal and confidential data, we recognise that a breach may still arise. All employees and contract staff are required

to immediately communicate the nature of an actual or suspected breach to the Data Protection Officer and the CEO, as soon as they become aware of the issue. Anyone whose personal data might be affected by a breach will be contacted within 72 hours of the breach being discovered to ensure that they are aware of what has happened and can take any additional steps required to mitigate the incident.

SUBJECT ACCESS REQUESTS

If an individual contacts the company to request what information Akceso holds on them, this is called a subject access request. All individuals whose personal data is held by Akceso are entitled to:

  • Ask what information the company holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how the company is meeting its data protection obligations.
  • Request that their data be removed from Akceso’s systems

Subject access requests from individuals should be made by email, addressed to the Data Protection Officer at dataprivacy at akceso.ch. The data protection officer can supply a standard request form, although individuals do not have to use this. The data protection officer will aim to provide the relevant data within 14 days. The data protection officer will always verify the identity of anyone making a subject access request before handing over any information.

PROVIDING INFORMATION EXTERNALLY

Akceso aims to ensure that individuals are aware that their data is being processed, and that they understand:

  • How the data is being used
  • How to exercise their rights

To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company. The following text will be provided on the Akceso web site and as a link in electronic and paper marketing communications

Public Data Protection Policy Statement
Your data privacy is important to us. We have made a commitment to comply with the requirements of the General Data Protection Regulation and Swiss Data Protection Law. We will only use personal data where we have specifically been informed of a person’s agreement for us to do so, and only for the purposes that they have agreed to. If we believe there is an additional need, we will make a new request to anyone whose personal data is needed to deliver a specific business objective. 
If you wish to find out what data we hold about you, or to exercise your right to be forgotten, please contact us either by e-mail at dataprivacy at akceso.ch or by telephone at +41 61 225 4393. We aim to respond within 48 hours during normal business conditions.

Read the recent posts in our blog
10 Years in Numbers

To commemorate the 10th anniversary of Akceso Advisors we have collected a few facts and figures, demonstrating the successes and milestones.

Read More »
Scroll to Top