Privacy Policy
Datenschutzerklärung
Stand: Juli 2026
This Privacy Policy provides information about how personal data is processed in connection with our activities and operations, including our website swisswealth.cloud. SwissWealthCloud is a service of Dinotronic AG, Switzerland.
In particular, we provide information on why, how, and where we process personal data, as well as the categories of personal data involved and the rights of individuals whose data we process.
Additional data protection statements may apply to specific services or activities.
We are subject to the Swiss Federal Act on Data Protection (FADP) and, where applicable, to foreign data protection law such as the General Data Protection Regulation of the European Union (GDPR).
Responsibility for the Processing of Personal Data
The following entity is responsible for the processing of personal data described in this Privacy Policy:
Dinotronic AG Maneggstrasse 33 8041 Zurich Switzerland
Phone: +41 44 718 30 40Email: dinotronic.ch">info@dinotronic.ch
In certain cases, personal data may be processed jointly with third parties or on behalf of other parties.
Data Protection Contact
For any questions, requests, or concerns relating to personal data:
Nino Vitagliano, Data Protection Officer
Phone: +41 44 718 77 32Email: dinotronic.ch">dpo@dinotronic.ch
Definitions
Data subject: A natural person whose personal data is processed.
Personal data: Any information relating to an identified or identifiable natural person.
Certain categories of personal data are more sensitive in nature and are treated as sensitive personal data under the FADP, such as data relating to health, religious or political views, biometric data identifying a natural person, or data on administrative and criminal proceedings and sanctions.
Processing: Any operation performed on personal data, including collection, storage, use, disclosure, transfer, or deletion.
Processing Principles
We process personal data in accordance with the FADP:
- lawfully, in good faith and proportionately,
- for purposes that are specified at the time of collection and recognisable to the data subject,
- with appropriate data security, and
- only for as long as necessary.
Where processing requires a justification, we rely on consent, an overriding private or public interest, or a statutory basis. Where the GDPR applies, we rely on the corresponding legal bases, in particular consent, performance of a contract, legal obligation or legitimate interests.
Consent may be withdrawn at any time by contacting us (see Section 8).
Categories of personal data
We may process:
- Contact data (name, company, email)
- Communication data (emails, messages)
- Usage data (IP address, browser, website interactions)
- Transaction and contract data (service usage, billing information)
- Technical data (device type, system logs)
Sources of data
Personal data may be collected:
- Directly from individuals
- From publicly available sources
- From third parties where permitted
Purposes of processing
We process personal data for the following specific purposes:
- Providing and managing IT and consulting services
- Communication with customers, partners, and prospects
- Maintaining IT security, system monitoring, and logging
- Improving our services and website performance
- Complying with legal and regulatory obligations
Retention
We retain personal data only for as long as necessary for the purposes described above or as required by law.
When no longer required, personal data is deleted or anonymised.
We may disclose personal data to third parties where necessary, including:
- IT service providers and infrastructure providers
- Business software providers (e.g. CRM)
- Professional advisers (lawyers, auditors)
- Financial services providers
- Public authorities where required by law
All third parties are required to protect personal data and process it only for authorised purposes. Where third parties process personal data on our behalf as processors, they are bound by a data processing agreement.
We process personal data to communicate with individuals (e.g. email or contact forms).
We may store such data in contact management systems.
Third parties that provide us with personal data must ensure they have the right to do so.
We use:
- HubSpot (CRM): HubSpot Inc. (USA) / HubSpot Ireland Limited (Ireland)
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. Dinotronic AG is certified to ISO/IEC 27001.
However, no system is completely secure.
Data Breach Response
We maintain processes to assess and respond to suspected data breaches.
Where a breach of data security is likely to result in a high risk to the personality or fundamental rights of the data subject, we will notify the Federal Data Protection and Information Commissioner (FDPIC) as soon as possible and, where required, inform the affected data subjects. Where the GDPR applies, we notify the competent supervisory authority within the applicable deadlines.
Personal data may be transferred to countries outside Switzerland, in particular to countries in which our service providers operate.
Such transfers only take place where the destination country provides an adequate level of data protection under the applicable list of the Swiss Federal Council, or where appropriate safeguards are in place, in particular the Standard Contractual Clauses recognised by the FDPIC, together with additional measures where required.
Data subjects may request:
- Access to personal data held by us
- Correction of inaccurate or incomplete personal data
- Deletion of personal data
- Restriction of processing
- Data portability, where the legal requirements are met
- Objection to processing
Requests can be made via the contact details above.
We may:
- Verify identity before responding
- Restrict, defer or refuse requests where permitted by law, in particular where overriding interests of third parties or our own overriding interests apply
Access requests are handled free of charge, except where the applicable law permits otherwise.
Withdrawal of Consent
You may withdraw your consent at any time by contacting us.
Upon withdrawal:
- We will inform you of any consequences, and
- We will stop the processing based on that consent, unless another legal basis applies
Complaints
You may contact us regarding concerns.
You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Bern, or, where the GDPR applies, with a competent supervisory authority in the European Economic Area.
Cookies
We use cookies for:
- Essential website functionality (no consent required)
We do not currently use cookies for analytics, profiling or advertising purposes on this website. Should this change, we will obtain consent where required and update this Privacy Policy.
You can control cookies through your browser settings.
Logging
We automatically log technical data such as:
- Date and time
- IP address
- Browser and operating system
- Pages accessed
This is required to operate, secure, and improve our website.
Google Search Console
We use Google Search Console (Google Ireland Limited, Ireland) to monitor how our website performs in Google Search, for example which search queries lead to our website and which pages are indexed.
Google Search Console does not set cookies on our website and does not track individual visitors on our website. The data is generated on the Google search side and is made available to us in aggregated, non-personal form.
Further information can be found in Google’s privacy policy.
Tracking pixels
We may use tracking pixels or similar technologies in our email communication to measure delivery and engagement. See Section “Notifications and Messages”.
We may send communications relating to our services.
Where required:
- We obtain consent for marketing messages
- We provide opt-out mechanisms
We may use:
- SendGrid (Twilio): for transactional emails
We maintain profiles on third-party platforms (e.g. LinkedIn).
These platforms process data under their own privacy policies, for which we are not responsible.
We use services from selected third-party providers to support our business operations, IT infrastructure, communication, and service delivery.
These providers may process personal data on our behalf or as independent controllers, depending on the context.
We ensure that such providers only process personal data:
- for defined purposes,
- in accordance with contractual obligations, and
- with appropriate safeguards.
Categories of providers
We use service providers in the following categories:
- Cloud infrastructure and hosting providers
- IT and security service providers
- Communication and collaboration tools
- Customer relationship management (CRM) systems
- Website services
Examples of providers used
Depending on the service, we may use:
- Microsoft (Azure, Microsoft 365, Teams, Power Platform)
- Cloudflare (CDN and security)
- HubSpot (CRM)
- Twilio / SendGrid (email delivery)
- Google (Search Console)
- LinkedIn (company profile)
- AnyDesk (remote access)
Embedded content and external services
Our website may include embedded content or third-party integrations (e.g. maps, videos, documents).
When accessing such content:
- Your IP address may be transmitted to the respective provider,
- Additional data processing may occur under the provider’s own privacy policies
Responsibility of third parties
We are not responsible for the data processing practices of third-party services that operate under their own terms and privacy policies.
We recommend reviewing the respective privacy notices of such providers.
We may amend and supplement this Privacy Policy at any time. We will provide information about such amendments and additions in an appropriate form, in particular by publishing the current privacy policy on our website.