Envisage GmbH (“Envisage” or “we” or “us”) takes the protection of your personal data very seriously. Whether you are a former, prospective or current client, the confidentiality and security of your personal data are fundamental requirements to which we are committed. In this respect, Envisage applies the Federal Act on Data Protection (“FADP”), as revised with effect from 1st September 2023.

You will find hereinafter important information for you to understand what kind of data Envisage may collect about you when providing its services, the purposes of collecting your personal data and how Envisage deals with the data it processes, as well as information about your rights regarding your personal data and how to exercise them.

DEFINITIONS

For the purpose of this Privacy Policy:

• Personal Data means any information relating to an identified or identifiable natural person, as defined in Article 5 let. a FADP;
• Processing means any operation relating to personal data, whatever the means and procedures used, including collection, recording, storage, use, modification, communication, archiving, deletion or destruction of data, as defined in Article 5 let. d FADP;
• Data Controller means the natural or legal person which determines the purposes and means of the Processing of Personal Data, as defined in Article 5 let. j FADP;
• Data Processor means the natural or legal person which processes Personal Data on behalf of the Data Controller, as defined in Article 5 let. k FADP;
• Recipient means any natural or legal person or authority to which Personal Data is disclosed.

ENVISAGE STATUS ACCORDING TO SERVICES RENDERED

Depending on the type of services provided, Envisage may act either as Data Controller or Data Processor.

Envisage provides different kinds of services, in particular:

• Support services in relation to life insurance contracts on behalf of an insurance company;
• Investment advisory services;
• Family office services.

When providing support services in relation to life insurance contracts, Envisage acts as a Data Processor of the insurance company on behalf of which it processes Personal Data. In such cases, the insurance company acts as Data Controller and is responsible for providing you with the information required under the FADP. You are therefore invited to consult the data protection policy of the insurance company you have contracted with.

As regards investment advisory and family office services, Envisage acts as Data Controller and is responsible for providing clear and accessible information on how and why your Personal Data is processed. This Privacy Policy serves this purpose.

We undertake to process your Personal Data lawfully, fairly and transparently, for specified and explicit purposes, and to ensure that it is adequate, relevant and limited to what is necessary in relation to these purposes.

IDENTITY AND CONTACT OF THE DATA CONTROLLER

The Data Controller is Envisage GmbH, with registered seat at Seefeldstrasse 94, 8008 Zürich.

Any questions relating to Personal Data may be addressed by e-mail to Mr. Didier Despland at: didier.despland@envisage.ch.

TYPES OF INFORMATION WE COLLECT AND PURPOSES OF DATA COLLECTION

Envisage collects Personal Data from you in the process of opening a business relationship or in order to perform services in accordance with a contract concluded between you and Envisage.

Envisage only processes Personal Data that is strictly necessary for the following purposes:

• Analysing the client’s specific needs in order to propose suitable investment services;
• Conducting due diligence during client onboarding and ongoing due diligence where applicable;
• Administering the client relationship (issuing invoices, receiving payments, handling queries, monitoring services);
• Maintaining a client database;
• Providing the services agreed with the client;
• Communicating with the client by any means (including e-mail and telephone), including sending newsletters, marketing materials and invitations to events organised by Envisage or affiliated companies;
• Responding to requests to exercise data subject rights.

The Personal Data collected may include in particular:

• Identification data (surname, first name, address, e-mail address, date of birth, telephone number, ID or passport for travel arrangements);
• Data relating to family situation (marital status, number of children);
• Data relating to assets (income, movable and immovable assets, debts, financial assets, tax data, loans, insurances);
• Professional data (company, position, professional background);
• Risk profile data (investment objectives, financial knowledge and experience, financial situation).

In addition, Envisage may use your Personal Data for the following purposes:

• Complying with legal and regulatory obligations, including those towards the U.S. Securities & Exchange Commission;
• Responding to compliance and regulatory requests, including Swiss anti-money laundering obligations;
• Exercising and/or defending legal claims;
• Improving its services.

Envisage does not use your Personal Data for purposes other than those described above.

THIRD PARTIES WITH WHOM WE MAY PROCESS YOUR PERSONAL DATA

For the purposes described above, Envisage may share your Personal Data with:

• Supervisory and governmental authorities;
• Judicial or administrative authorities, including Swiss and U.S. supervisory authorities;
• Auditors, custodian banks, lawyers and consultants;
• Sub-contractors and service providers (including cloud services, WhatsApp services, administrative and HR services).

All such third parties are contractually bound to comply with data protection, security and confidentiality obligations pursuant to the FADP or equivalent legislation.

SECURITY OF YOUR PERSONAL DATA

Envisage implements appropriate organisational and technical security measures to ensure the confidentiality, integrity and availability of your Personal Data and to protect it against unauthorised access, disclosure, loss or alteration.

• Access to Personal Data is restricted to authorised employees bound by confidentiality obligations;
• Premises and server access are secured.

DATA TRANSFER

Your Personal Data is stored on servers located in Switzerland. Certain Personal Data, notably data generated through the use of WhatsApp, may be processed or stored in Switzerland and in the United States.

Any transfer of Personal Data outside Switzerland is carried out on the basis of adequacy decisions, standard contractual clauses or applicable legal exemptions, including your explicit consent where required.

Data transmitted via public networks such as the internet or non-secured e-mail services may not be fully protected. Despite all reasonable safeguards, Envisage cannot guarantee absolute security and cannot be held liable for losses resulting from such transmissions.

DATA STORAGE

Personal Data is retained for as long as necessary to fulfil the purposes described above or as required by law. Personal Data is erased once it is no longer required, unless legal retention obligations apply.

COOKIES

The Envisage website does not use any cookies.

AUTOMATED DECISION-MAKING

Envisage does not carry out automated decision-making producing legal effects or significantly affecting individuals.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

1. Right of access to your Personal Data and to receive a copy thereof;
2. Right to rectification of inaccurate Personal Data;
3. Right to erasure or restriction of Processing, subject to legal obligations;
4. Right to data portability under applicable conditions.

You may exercise your rights using the contact details provided above. Proof of identity may be required.

AMENDMENTS

This Privacy Policy may be updated at any time. Any updated version will be made available on Envisage’s website. The latest update date is indicated below.

Zurich, 11 October 2024