Thank you for your interest in our website and our company. In this regard, we assume no liability for the content of linked-to websites despite having carefully checked such content.
The protection of your personal data that are collected, processed, and used when visiting our website is an important concern to us. Your data are protected in accordance with statutory provisions. The following provides you with information about the kinds of data that are collected when you visit our website and how they are used.
1. Scope of the Data Protection Policy
This Data Protection Policy at applies to the website of Exantum Advisory Services Ltd.
The Swiss Data Protection Act (DSG) is applicable. Where the European General Data Protection Regulation (GDPR) is also applicable, reference is specifically made thereto.
2. Processing of personal data; nature and purpose; use of data
a) When visiting the website
When you visit our website (https://www.exantum.eu), information is temporarily stored in log files. This is information that is automatically sent by the browser of your end device, namely:
IP address of the contacting device
Data and time of access
Name of the file accessed
Amount of data transferred
URL of the accessed site
Notification of successful access
Browser and other device information
These data are processed by us for the following purposes:
Establishment of website connection,
Use of our website,
System security and stability
More extensive personal data are collected only if you provide them voluntarily, such as in connection with an enquiry or registration.
The legal basis for processing the data is Article 6(1)(f) GDPR. Our legitimate interest has to do with reasons of IT security.
Furthermore, data are processed in response to your enquiry, and pursuant to Article 6(1)(b) GDPR, processing is necessary for the performance of an assignment and to take steps prior to entering into it. These include responding to your enquiries, performing contracts concluded with you, and sending newsletters, as well as for technical administration.
b) When subscribing to our newsletter
If you would like to receive the newsletter offered on the website, we need you to provide us with your email address, as well as information that enables us to verify that you are the owner of the provided email address and consent to receipt of the newsletter.
To ensure that you consent to the sending of the newsletter, we use what is known as the “double opt-in” procedure. This procedure allows the potential recipient to be added to a mailing list. Thereafter, the user receives an email that enables him or her to confirm the subscription in a legally certain manner. The address is actively added to the mailing list only if confirmation is provided.
We use these data solely for sending the requested information and offers.
Newsletter2Go is used as the newsletter software. In this regard, your data are transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or using them for purposes other than for sending newsletters. Newsletter2Go is a certified German provider that was selected in accordance with the requirements of the GDPR and the German Federal Data Protection Act (BDSG).
When we send newsletters using Newsletter2Go, we can determine whether a newsletter has been opened and which links have been clicked on. Furthermore Newsletter2Go allows us to divide recipients into different categories.
For more information, please visit https://www.newsletter2go.de/informationen-newsletter-empfaenger/.
You may at any time revoke your consent to the storage of data, your email address, and their use for sending the newsletter by clicking on the “unsubscribe” link in the newsletter.
Your data are disclosed on the basis of the consent to the described data processing in accordance with Article 6(1)(a) GDPR.
c) When making enquiries to be contacted and for offers
We collect the following data and information from you for processing enquiries with respect to being contacted and/or for preparing an offer:
First name and last name
TecArt is used as CRM software. In this regard, your data are transmitted to TecArt GmbH for the purpose of storage. TecArt GmbH is prohibited from selling your data or using them for purposes other than for storage. TecArt GmbH is a German provider of ERP and CRM software that was selected in accordance with the requirements of the GDPR and the German Federal Data Protection Act (BDSG).
For more information, please visit https://www.tecart.de/impressum.
The data are processed for the purpose of observing legal requirements and standards and for ensuring compliance, with respect to e.g. money laundering, terrorism financing, tax evasion, etc.
Your data are processed on the basis of the consent to the described data processing in accordance with Article 6(1)(a) GDPR.
3. Disclosure of data to third parties (including common controllers and processors)
In addition, your personal data are disclosed to postal and logistics companies.
The data are disclosed for the purpose of responding to your enquiries, sending the requested documentation and information, and preparing the documents needed for this purpose, as well as for technical administration.
More extensive disclosure of personal data takes place only if there is a statutory obligation to do so or this is necessary in order to enforce the rights of Exantum Advisory Services Ltd, including the enforcement of claims.
The legal basis for processing the data is Article 6(1)(f) GDPR, as well as Article 6(1)(b) GDPR for performance of the contract and taking steps prior to entering into it. Our legitimate interest has to do with reasons of enforcing rights and observing legal requirements.
a) For the purpose of contract performance
To the extent legally permissible under Article 6(1)(b) GDPR and necessary for performing contractual relationships with you, your personal data are disclosed to third parties. This includes, in particular, disclosure to administrative authorities, insurance companies, employer and employee organisations, courts, etc. for the purpose of processing contractually agreed mandates, obtaining and transmitting contractually agreed information and documentation, and disclosing payment data to payment service providers or credit institutions in order to prepare or process a payment transaction. The disclosed data may be used by the third party solely for the aforementioned purposes.
Cookies are used to log frequency of use, number of users, and behaviour on our website, to increase the security of website use, to design our information offering in a user-friendly manner, and to comply with statutory provisions. Once you leave the website, these session cookies are automatically deleted.
In addition, also for the purpose of optimising user-friendliness, we use temporary cookies, which are stored for a specified period of time on your end device. If you visit our site again in order to make use of our services, it is automatically recognised that you had previously visited us and which entries and settings you made so that, e.g. these do not have to be entered again.
The legal basis for processing the data is Article 6(1)(f) GDPR. Our legitimate interest has to do with reasons of observing legal requirements and standards and for ensuring compliance, e.g. with respect to money laundering, terrorism financing, and tax evasion.
You can configure your browser settings in such a way that cookies are not stored on your computer. Complete deactivation of cookies may mean that you will be unable to use all features of our website.
5. Analysis tools
a) Google Analytics
6. Social media plugins
On our website, we use the social media plugins described below in order to make our company better known. The underlying advertising purpose is to be considered our legitimate interest within the meaning of Article 6(1)(f) GDPR. Responsibility for operation in compliance with data protection law is to be ensured by each provider. Data are processed in connection with these plugins with your consent when you use them.
If you use the services of these social networks independently of or in connection with our website, the social networks evaluate your use of the plugin. In such case, information is forwarded by the plugin to the social networks.
Our website uses the plugins of the social network Facebook, which is offered by Facebook Inc. Facebook plugins are identified with a Facebook logo or the “Like” or “Share” button. For an overview of Facebook plugins and what they look like, please visit https://developers.facebook.com/docs/plugins.
If you visit a page on our website that contains such a plugin, your browser generates a direct connection to Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and is embedded in the page.
By such embedding, Facebook receives information that your browser has accessed the corresponding page on our website even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the U.S. and stored there.
If you are logged in to Facebook, it can directly allocate the visit to our website to your Facebook profile. If you interact with the plugins, such as the “Like” button, this information is likewise directly transmitted to a Facebook server and stored there. In addition, the information is published on your Facebook profile and displayed there.
For more information about the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your rights and configuration options in this respect in order to protect your privacy, please see the Facebook data protection statements at http://www.facebook.com/policy.php.
Our website integrates the plugins of the short-message network Twitter Inc. You can recognise Twitter plugins (“Tweet” button) by the Twitter logo. If you visit a page on our website that contains such a plugin, a direct connection is generated between your browser and the Twitter server. In this way, Twitter receives information that you visited our site with your IP address. If you click on the Tweet button while logged in to your Twitter account, you can link the content of our site to your Twitter profile. In this way, Twitter can allocate the visit to our site to your user account.
Please be advised that as the provider of the site, we receive no knowledge about the content of the transmitted data or about their use by Twitter. For more information, please visit http://twitter.com/privacy.
The plugins of the social network LinkedIn Corporation, U.S., are installed on our website. You can recognise the LinkedIn plugin (“LinkedIn Recommended” button) by the LinkedIn logo. If you visit a page on our website that contains such a plugin, a direct connection is generated between your browser and the LinkedIn server. In this way, LinkedIn receives information that you visited our site with your IP address. If you click on the LinkedIn button while logged in to your LinkedIn account, you can link the content of our site to your LinkedIn profile. In this way, LinkedIn can allocate the visit to our site to your user account.
Please be advised that as the provider of the site, we receive no knowledge about the content of the transmitted data or about their use by LinkedIn. For more information, please visit https://www.linkedin.com/legal/privacy-policy.
d) Google Maps
Our website uses Google Maps services (e.g. in-screen or via interfaces/API). Google LLC, U.S., therefore likely processes information about your actual location. For the purpose of determining your location, Google uses various technologies, like IP addresses, GPS, and other sensors that provide Google with, e.g. information about devices located nearby, WiFi access points, and mobile network towers.
For more information about the purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights and configuration options in this respect in order to protect your privacy, please see the Google data protection statements at https://policies.google.com/privacy?hl=en&gl=en.
7. Cross-border disclosure in countries outside Switzerland the EU without an adequate level of data protection
We are very concerned about protecting your data, and for this reason we process or arrange for the processing of your data only within Switzerland and the European Union.
8. Your rights
You have the following rights:
to obtain information about your personal data processed by us. In particular, you can obtain information about the purposes of the processing, the category of the personal data, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged storage period, the existence of the right to rectification, erasure, restriction of processing and to object, the right to lodge a complaint, and the source of your data where they are not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about it (Article 15 GDPR). If the effort is unreasonably great, we reserve the ability to request that you provide proof of your identity and pay the effective costs in advance.
to obtain without undue delay the rectification of inaccurate personal data stored by us or, where they are incomplete, to have them completed (Article 16 GDPR).
to obtain the erasure of personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims (Article 17 GDPR).
to obtain restriction of the processing of your personal data where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose their erasure, we no longer need the data but they are required by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR (Article 18 GDPR).
to receive the personal data that you provided to us in a structured, commonly used, and machine-readable format or to obtain transmission to another controller (Article 20 GDPR).
to withdraw at any time the consent that you granted to us. This means that we may no longer continue with the data processing on which such consent was based (Article 7(3) GDPR).
to lodge a complaint with a supervisory authority (see below) (Article 77 GDPR).
9. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, then pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for that are relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object, which we must implement without the requirement of a particular situation to be specified.
10. Data security
We have taken both technical and organisational steps to protect data. These include:
Making employees aware of the importance of data protection, access controls, user profile concepts, virus and firewall protection, SSL encryption, end-to-end encryption, use of alternatives to unsecure data exchange via email or FTP, data storage in certified computing centres.
11. Retention duration and erasure of data
The retention and erasure concept was set up and is implemented as follows:
Reviewing and monitoring existing retention periods
Identifying and archiving data types (personal data, accounting data, marketing data, etc.)
Returning customer documents that are no longer needed
Destroying documents once the prescription period expires
Blocking documents where a legitimate interest exists
The applicable retention periods are the result of, inter alia, the standards listed below:
Swiss Code of Obligations (OR)
Regulation on the maintenance and retention of business books and records (GeBüV)
Data Protection Act (DSG)
Value-Added Tax Act (MWStG)
Anti-Money Laundering Act (GwG)
Criminal Code (StGB)
12. Contact data
This Data Protection Policy applies to data processing by:
Exantum Advisory Services Ltd.
+41 44 533 08 70
b) Supervisory authority
Federal Data Protection and Information Commissioner
13. Version and amendment of this Data Protection Policy
We may amend or modify this Data Protection Policy at any time.
Zurich, 9 May 2018