The affected person can contact Baryon AG in writing for data protection concerns via the following email address:
Email address: email@example.com
To prevent misuse, data protection inquiries will only be answered in writing and upon presentation of proof of identity (copy of your passport or your ID). The information is free and is usually provided within 30 days.
Regarding the terms used, such as “personal data” or its “processing”, reference is made to the definitions in Art. 5 FADP.
Personal data is processed by Baryon AG in accordance with, among others, the following legal principles:
The personal data processed by Baryon AG comes from various sources. These include personal data that originates from a potential, existing, or previously dissolved business relationship with Baryon AG or that is transmitted to Baryon AG by an affected person when purchasing or applying for a product or service.
Some personal data comes directly from the affected person. Others are provided by third parties such as the client’s custodian banks, other client advisors, intermediaries, etc. Personal data can also be obtained from publicly accessible information sources, through the combination of different pieces of information, or generated by Baryon AG itself.
The collected personal data may specifically include the following information:
a) Information transmitted by an affected person to Baryon AG, such as:
b) Information about an affected person that Baryon AG collects or generates:
c) Information about an affected person that Baryon AG collects otherwise, such as:
Baryon AG may also collect and process other personal data and will inform you on a case-by-case basis if required by law.
Baryon AG processes personal data of the affected person primarily for the purpose of tax and legal advice as well as asset management, associated administrative processes, and concerning the web presence at www.baryon.com, for ensuring smooth technical access to the information present on the website. The data processing by Baryon AG is not intended, unless explicitly declared otherwise, to purposefully collect and evaluate personal data or to pass it on to third parties.
The processing follows the provisions of the FADP and the GDPR. Baryon AG only processes personal data to the extent that there is a legitimate legal basis for doing so. Processing is deemed appropriate and purposeful, especially when:
a) based on your consent (Art. 6 Para. 6 in conjunction with 31 Para. 1 FADP / 6 Para. 1 lit. a GDPR)
If you have given Baryon AG consent to process personal data for specific purposes, the legality of this processing is based on your consent. A given consent can be revoked at any time. However, please note that a revocation does not affect the legality of data processing carried out up to the point of revocation. Nevertheless, Baryon AG may still be allowed to continue processing your personal data if they can cite other legitimate reasons for doing so.
b) for the fulfillment of contractual obligations (Art. 31 Para. 1, 2 lit. a FADP / 6 Para. 1 lit. b GDPR)
c) due to legal requirements (Art. 31 Para. 1 FADP / 6 Para. 1 lit. c GDPR) or in the public interest (Art. 31 Para. 1 FADP / 6 Para. 1 lit. e GDPR)
Furthermore, Baryon AG is subject to various legal obligations, i.e., statutory requirements (e.g., Financial Service Act, Financial institutions Act, Collective Investment Schemes Act, Financial Market Infrastructure Act, Anti-Money Laundering Act, regulations and circulars from regulators, and tax laws, ordinances and circulars from FINMA). The processing purposes also include identity verification, anti-fraud and anti-money laundering measures, fulfilling reporting and control obligations under fiscal and other laws, and evaluating and managing the risks of Baryon AG.
d) within the context of overriding or legitimate interests (Art. 31 Para. 1 FADP / 6 Para. 1 lit. f GDPR)
If necessary, Baryon AG processes personal data beyond the actual fulfillment of the contract to safeguard legitimate interests of Baryon AG or third parties. Examples include:
At Baryon AG, the confidentiality of personal data is given particular importance within the scope of activities in the areas of tax, legal or wealth advisory and asset management. Unless explicitly mentioned in this privacy statement, such as in the context of data processing by contractors or the use of third-party services as part of the online presence at www.baryon.com, or unless it is evidently intended for sharing, personal data is treated confidentially and is not passed on to third parties or sold to third parties for their own purposes.
Within Baryon AG, those departments that need access to the data of affected individuals to provide the agreed service, related administrative processes, and to fulfill the contractual and legal obligations of Baryon AG, or as further described in this privacy statement, will have access.
Baryon AG is authorized to have personal data processed by contractually bound external service providers or agents (“processors”), which also includes cloud services. These are primarily the client’s custodian banks and companies in the fields of IT services, logistics, printing services, telecommunications, consulting, and sales and marketing. They are legally or contractually obligated to comply with data protection laws and to ensure confidentiality or client secrecy to the same extent as Baryon AG. They may process the data of affected individuals only to the same extent as Baryon AG would be allowed. Baryon AG is also obligated to regularly ensure that the processors used are able to ensure data security adequately.
With respect to data sharing with other recipients outside of Baryon AG, it’s important to note that Baryon AG, as a regulated asset manager, tax and legal advisor, is generally bound by confidentiality regarding all client-related facts and evaluations which become known to Baryon AG. Baryon AG may only share information about you if required by law, if you have given your consent, and/or where Baryon AG is authorized to provide such information. Under these conditions, recipients of personal data might include:
Additional recipients of personal data could be those bodies to which you have given your consent for data transmission, or banks you have released from banking confidentiality by declaration or consent.
Under certain circumstances, personal data can be transferred to entities outside of Switzerland and stored there. This includes entities that might not have the same level of protection for personal data as Switzerland. Baryon AG will always do this in a manner consistent with data protection legislation. Baryon AG might need to transfer your personal data in instances such as:
Transfers of personal data to recipients in countries outside of Switzerland, the EEA, and the EU (so-called third countries) will occur where:
When your personal data is to be transferred to third parties in countries where there is no adequate level of data protection, Baryon AG, where legally required, will ensure that they take appropriate measures (e.g., contractual arrangements; recognized standard contract clauses, e.g., in accordance with Art. 46 para. 2c GDPR; other provisions or justifications) to ensure that personal data remains adequately protected.
Further details regarding the protection afforded to your information in individual cases when it is transferred out of Switzerland, can be obtained by contacting Baryon AG at the address mentioned in item 1 above.
Baryon AG establishes internal technical and organizational measures (TOM) according to current technical standards to secure and protect data of affected individuals. Such measures can take the form of encryption, anonymization, access restriction, as well as physical security measures. Baryon AG requires its employees and all third parties who perform work for Baryon AG to adhere to appropriate compliance standards in the area of TOM, which includes the obligation to protect any information and to apply appropriate precautions during the handling or transfer of such data.
For security reasons and to protect the transmission of information, the website www.baryon.com uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”. When SSL or TLS encryption is activated, the data you transmit to us by visiting our website cannot be read by third parties.
Important: Please note that, as a general rule, for organizational and technical reasons, Baryon AG sends emails unencrypted. In particular, we will also reply in unencrypted form to unencrypted emails that we receive. This also applies to emails to addresses that we used for communication with you before this privacy statement was drafted. You are responsible for protecting your email accounts. Baryon AG cannot be held liable for damages and consequential damages, such as manipulation, deletion, forgery, distribution, etc., due to insufficient security measures of the email accounts you use. You can or must inform us if you wish to avoid communication via email (if not already done).
Baryon AG processes and stores data related to affected individuals for as long as it is necessary for the fulfillment of Baryon AG’s contractual and legal obligations or as covered by overriding interests. Client data will be deleted 10 years after the conclusion of the last procedure of a client relationship, subject to the following exceptions. Unless otherwise agreed or prescribed by legal regulations, Baryon AG is not obliged to keep data of affected individuals for an extended period.
It’s essential to consider the retention duration, as business relationships with Baryon AG are often designed as continuous and long-term contractual relationships spanning several years. If personal data is no longer necessary for fulfilling contractual or legal obligations and there are no overriding interests against it, they are regularly deleted, subject to the following limitations:
In the context of a business relationship with Baryon AG, the affected individual must provide all personal data that is necessary for the initiation and execution of such a business relationship and the fulfillment of the associated contractual obligations, or which Baryon AG is legally required to collect. For wealth management services, for instance, this also includes information regarding experiences and knowledge with financial instruments, financial circumstances and their structure and risks, education and professional activity, details about investment objectives, planned inflows and outflows of funds, or other information that serves to determine a meaningful risk profile or individual risk capacity. Typically, without the collection and processing of personal data, Baryon AG will not be able to conclude a contract or, consequently, accept and execute an instruction. Affected individuals are responsible for ensuring that the information provided to Baryon AG is accurate and current.
Baryon AG is obligated, especially under anti-money laundering regulations, to identify an affected individual based on their identification document (e.g., ID card) before initiating a business relationship and, for this purpose, to collect and record details such as name, place of birth, date of birth, nationality, address, and other data. To comply with this legal obligation, an affected person must provide Baryon AG with the necessary information and documents required by the Anti-Money Laundering Act and promptly notify any changes that occur during the business relationship. If an affected individual does not provide Baryon AG with the necessary information and documents, Baryon AG may neither initiate nor continue the desired business relationship.
Baryon AG does not automatically process data of affected individuals with the aim of evaluating certain personal aspects specific to the individual (“Profiling”).
Certain cookies used on the Baryon AG website are so-called “Session-Cookies”. They are automatically deleted at the end of the visit. Other cookies remain stored on the visitor’s device until they delete them. These cookies enable us to recognize the visitor on their next visit. They contain an identification number through which the website operator can identify the querying device. This way, the website operator can improve their services when the user revisits the website. Baryon AG does not associate any specific individuals with this identification number.
Baryon AG may incorporate commercially available digital content or service offers or corresponding programs from third-party providers within its online presence at www.baryon.com to use their content and services, such as fonts or traffic analysis services (“third-party services”).
The use of these third-party services always requires that the third-party providers capture the IP address of the website visitor, as they cannot send information to the visitor’s browser without the IP address. Thus, the visitor’s IP address is necessary for the operation of third-party services. Third-party providers might also use so-called pixel tags (invisible graphics, also referred to as “Web Beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. Such information can also be stored in cookies on the device of website visitors and can include technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online services. It can also be linked to such information from other sources. Depending on the third-party service, other information about the visitor might be collected, used for the third party’s own purposes, and possibly processed abroad.
Within such third-party services, only website visitor information (IP address, pixel tags, date/time of access, navigation behavior, etc.) and no actual client data from tax, legal, or wealth management areas are collected and processed by third parties. Such third-party services, and the accompanying extent of data processing, constantly change due to updates, bug fixes, new releases, or other program modifications. The affected individual acknowledges that Baryon AG cannot assume responsibility for the processing of personal data within such third-party services due to a lack of influence. Upon request, directed to the contact address listed above in point 1, Baryon AG will, however, inform the affected person of the third-party services currently used on the online presence and provide further information about these services so that the affected person can inquire further about the data processing undertaken by the third-party service provider.
According to data protection legislation, you have the following rights:
In individual cases, Baryon AG processes your personal data for the purpose of direct marketing, e.g., to send you the newsletter or to invite you to events or functions. You have the right at any time to object to the processing of your personal data concerning such advertising purposes. If you object to processing for direct advertising purposes, Baryon AG will no longer process your personal data for these purposes.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you object, Baryon AG will no longer process your personal data unless Baryon AG can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing of which serves the establishment, exercise or defense of legal claims. Please note that Baryon AG, due to a restriction or cessation of the processing of your personal data as a result of an objection, will often no longer be able to provide services to you or maintain a business relationship with you.
For evidential purposes, objections should be made in writing and addressed to the point of contact at Baryon AG specified in point 1.
The responsible authority for concerns related to data protection, where individuals in Switzerland are affected or data is processed from Switzerland, is the Federal Data Protection and Information Commissioner (FDPIC). They can, ex officio or upon complaint, investigate breaches of data protection regulations and order the processing to be adapted, interrupted, or terminated in whole or in part. Furthermore, they advise private individuals on data protection issues, provide information upon request on how individuals can exercise their rights, and can file a complaint with the competent criminal prosecution authority. The contact details of the FDPIC can be found at https://www.edoeb.admin.ch. Where data processing falls within the scope of the GDPR, there is a right to lodge a complaint with the relevant data protection supervisory authority in the EU (Art. 77 GDPR).
Please note that in case of legal dispute only the official German version of this document is legally binding.
Zurich, August 2023