Privacy policy

Last updated on April 12, 2022

Invest.direct is a website operated by Invest Direct SA

The purpose of this privacy policy is to inform users of our platform in a transparent and detailed manner about the reasons why we collect their personal data. We also explain how we handle the data collected and stored when using our services.

We are aware of the importance to the processing of your personal information.

Therefore, we thank you for trusting Invest Direct SA and we ensure that this information is handled with the highest level of care. Invest Direct SA is responsible for the collection, processing, transmission, storage and protection of your personal information in accordance with the Swiss Federal Data Protection Act (“Bundesdatenschutzgesetz”) for Swiss customers and the General Data Protection Regulation 2016/679/EU (“GDPR”) for customers in the EU.

Our platform respects the confidentiality of all personal data held and is committed to the protection as well as the limitation of the use of such information in accordance with applicable data protection and privacy laws

By reviewing this Privacy Policy, users will be able to understand how their data is processed and exercise their rights.

1. Contact details

Invest Direct SA
Chemin du Courtil, 16
1241 Puplinge

You can email the Data Protection Officer (DPO) at dpo@invest.direct – or write to him at the above address.

2. Applicable Legislation

The processing of data by Invest Direct SA is governed by the following law:

  • Data of Swiss customers and Swiss visitors of our website

The processing of data of Swiss customers is exclusively governed by Swiss law, in particular by the Federal Data Protection Act (DPA, SR 235.1) and the Ordinance on the Federal Data Protection Act (SR 235.11).
The General Data Protection Regulation (GDPR) is not applicable. The GDPR remains applicable (i) if it is expressly provided for certain areas of this Privacy Policy and (ii) if its application is mandatory for Swiss customer data due to special circumstances.

  • Data from customers and visitors to our website based in the EU

In addition to Swiss law, Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) applies to the processing of data of customers established in the EU. 

3. Definitions

3.1 What is personal data?

Personal data is information concerning a physical person who can be identified:

  • Directly: for example with a name, a photo, a telephone number, a social security number, etc.
  • Or indirectly: for example an IP address, or a computer connection identifier or a voice recording for example.

3.2 What is personal data processing?

The term “processing” is used in this policy to cover all activities involving personal data, including collecting, handling, updating, storing, deleting, sharing, accessing, using, transferring and destroying personal data.

4. Collection and processing of personal data

We process the data collected in order to constantly improve the products and services we provide, to better manage both your use of and access to our applications, products and information, to monitor and improve the performance of our services, and to provide you with information about our products or services.

Data may also be transferred to legally authorized partner companies, service providers and external service providers in Switzerland and abroad for processing, storage or use for the purposes mentioned above. This includes, for example, service providers or agents providing IT and technical services, such as those responsible for hosting and providing the websites and services.

If the processing or storage of personal information is carried out in a country that does not guarantee an appropriate level of data protection equivalent to the level of protection offered in Switzerland, we will require the service provider to comply fully, as a contractual obligation, with the relevant provisions of the DPA (or of the GDPR if the data concerned is that of clients established in the European area).

We collect personal data directly or indirectly.

4.1 Data collected directly:

This refers to information that a user inputs when requesting to create an account on our platform via the contact form. This data is referred to “contact data” in this privacy policy, and may include last name, first name, cell phone number, business or personal email address, company name and mailing address, or personal mailing address; in both cases, the address includes the user’s zip code, city and country.

4.2 Indirectly collected data:

Invest Direct SA may collect data through cookies or similar technologies placed on devices. Some cookies are necessary for the efficient running of our platform and others are used for analytical purposes that help us provide you with more personalized services and a better user experience.

5. Cookies

The use of cookies allows us to make your navigation on our site easier, more pleasant and more efficient. Cookies are files containing information that your web browser automatically stores on your computer’s hard drive when you visit our website.

For more information on the cookies collected, you can refer to the #Cookies section.

You can easily deactivate and/or delete cookies from your computer, tablet or cell phone by managing your browser settings. Please note, however, that you may not be able to use our services in their entirety. Instructions on how to manage and deactivate cookies can be found in the cookies section, depending on the browser.

Mozilla Firefox

Click on the Menu button, select Options/Preferences, select Privacy, select the History option for Retention Rules, select Use custom settings for history, check or uncheck the Accept Cookies box, and select your preferences.

Safari

Click the Safari menu, then click Preferences, then click the Security tab, and in the Block Cookies section, select your preferences.

6. Duration of data retention

The data collected is kept for the duration of our business relationship and may be kept for up to 3 years following the date of the end of our business relationship (date of the last transaction) in intermediate storage, and then deleted at the end of the legal retention period in order to comply with legal retention obligations, such as (the list below is neither limiting nor exhaustive and is provided as an example):

  •  Compliance with commercial, tax and other retention obligations in Switzerland: in particular, books must be kept and retained for a period of ten years (CO 958f); longer periods may also apply under special laws.
  •  Retention of evidence within the statutory limitation period of the country concerned; limitation periods can be up to 30 years and more. Invest Direct has implemented internal processes that ensure:
  •  Deletion of any personal data whose retention is not justified by the current activity or by regulation;
  •  Identification of personal data whose retention period has been reached and taking the necessary steps to delete them;
  •  Retention of user consent;
  •  Purging of your personal data is implemented to verify effective deletion once the retention or archiving period necessary to fulfill the determined or imposed purposes has been reached.

7. Links to other websites

The Invest Direct website contains links to other websites owned by third parties. Invest Direct SA is not responsible for the content or the data protection practices of such websites.

8. Your rights

8.1.1 Right of access

A right of access to the personal data you have provided: the exercise of the right of access allows you to find out whether your data is being processed and to obtain access to it in an understandable format. It also allows you to check the accuracy of the data and, if necessary, to have them corrected or deleted (see below).

8.2 Right of rectification

The right of rectification allows you to correct inaccurate data about yourself (e.g. age or address) or to complete information (e.g. complete your postal address or change it).

8.3 Right of deletion

The right consists in obtaining the removal of a collected information that you consider useless. You can obtain its removal if your case corresponds to one of the situations cited by a control authority in accordance with Article 77 of the GDPR.

8.4 Right of limitation

The right of limitation allows you to request a limitation of the processing relating to your person consists in asking to freeze the use of your data.

8.5 Right of opposition

The right allows you to object to the use of your data and you must put forward “reasons relating to your particular situation”. We invite you, for all useful purposes, to refer to the site of the CNIL.

8.6 Right to portability

The right to data portability offers the possibility to recover part of your data in a machine-readable format. You are free to store this portable data elsewhere or to transmit it easily from one system to another, with a view to reusing it for other purposes.

8.7 Right of complaint

You may, in the context of exercising your rights, lodge a complaint with a supervisory authority (for example, the CNIL, whose website is in French).

To make a complaint, you can refer to the CNIL website: https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-commentPour.

To exercise your right to access, rectify, delete, oppose, port data or limit processing, you can write to us at the following email address: dpo@invest.direct

9. How to exercise your rights

If you have any questions about this Policy and/or wish to exercise your rights as described above, you may contact Invest Direct SA’s Data Protection Officer (“DPO”):

  • electronically at dpo@invest.direct
  •  by mail at: For the attention of the DPO, Invest Direct SA -Chemin du Courtil 16, CH 1241, Puplinge, Switzerland.

Your request must be made in writing and must be signed and may be accompanied, if necessary, by a photocopy of an identity document showing your signature.

10. Security and data protection

We make every effort to protect your data from computer threats and our sites have an SSL certificate to ensure that the information and data transfer through the sites is secure. In the event that the integrity, confidentiality or security of the user’s personal data is compromised, Invest Direct undertakes to inform the person(s) concerned as soon as possible when the breach is likely to result in a high risk to the rights and freedoms of that person.

11. Changes to the Privacy Policy

Invest Direct SA may make changes to this Privacy Policy from time to time, so please check back periodically. If there are any significant changes to our privacy policy, all users will be notified by e-mail or otherwise.