FinWatch Datenschutz Privacy Policy

1. Introduction

The contracting party is Crovax Capital LLC ("FinWatch", "we", "us", or "our"), a limited liability company incorporated under Swiss law with its registered office at Chapfstrasse 102, 8126 Zumikon, Switzerland, and registered in the Swiss Commercial Register under number CHE-309.490.623, operates the website https://www.finwatch.ai and the FinWatch AI-native compliance platform (the “Service”) are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). This Privacy Policy outlines how we collect, use, and protect your personal data when you use our Service. By using our Service, you accept the practices described herein.

2. Purpose

This Privacy Policy explains:

What personal data we collect and why.

How we use, store, and share your data.

Your rights regarding your personal data.

Our commitment to compliance with FADP, GDPR, and applicable Swiss financial regulations, including those related to FINMA data.

We will not use or share your data except as described in this policy or with your explicit consent.

3. What is Personal Data?

Personal data includes any information that can identify you, directly or indirectly, such as your name, email address, IP address, or device identifiers. Under FADP and GDPR, this also includes usage data or encrypted data linked to an individual.

4. What is Processing?

Processing refers to any action performed on personal data, including collection, storage, use, sharing, or deletion.

5. Scope of This Policy

This policy applies to personal data for which FinWatch is the data controller, meaning we determine the purpose and means of processing. It covers data collected via our website, platform, and support channels.

6. Who’s Data Do We Process?

We process personal data from:

Platform Users: Individuals using our AI-native compliance platform.

Organization Representatives: Contacts provided during organizational registration.

Website Visitors: Individuals browsing our website.

Support Inquirers: Individuals contacting us via email or support channels.

7. Types of Data, Purposes, and Legal Basis

We collect and process the following data:

7.1 Platform Users

Data: Contact details (name, email, company), usage data (platform interactions), technical data (IP address, browser, device).

Purposes and Legal Basis:

Provide and maintain the Service (contract performance).

Verify identity and comply with FINMA-related regulations (legal obligation).

Improve platform functionality and user experience (legitimate interest).

Ensure security and prevent abuse (legal obligation, legitimate interest).

Offer support (contract performance).

7.2 Website Visitors

Data: Technical data (IP address, browser, device), usage data (pages visited, time spent), cookie data (per our Cookie Policy).

Purposes and Legal Basis:

Optimize website performance (legitimate interest).

Analyze user behavior to improve content (legitimate interest, consent for non-essential cookies).

Deliver relevant content (legitimate interest).

7.3 FINMA and Public Data

Data: Publicly available data from FINMA registries, company registries, professional networks (e.g., LinkedIn), or grant databases.

Purposes and Legal Basis:

Enhance AI compliance assessments (legitimate interest).

Ensure accuracy of compliance outputs (legal obligation).

We notify individuals where required by law when collecting data from third-party sources.

8. Data from Third Parties

We may collect publicly available data from:

FINMA public registries.

Swiss Commercial Register.

Professional networks (e.g., LinkedIn).

Grant-making organizations.
We verify the accuracy of such data and use it only for purposes outlined in this policy.

9. How We Do Not Use Your Data

We will never:

Sell your personal data.

Share your data for third-party marketing.

Process your data for purposes not specified here without your consent.

10. AI and Automated Decision-Making

Our AI platform analyzes FINMA and public data to provide compliance insights. All AI-generated outputs are subject to human oversight to ensure accuracy and fairness. We do not use fully automated decision-making that produces legal or significant effects on individuals.

11. Data Sharing with Third Parties

11.1 Infrastructure Providers

Amazon Web Services (AWS): Data storage in Zurich, Switzerland.

Cloudflare: Content delivery and security.

11.2 Service Providers

We share data with trusted providers for:

IT and analytics (e.g., Google Analytics, with anonymized IP settings).

Customer support (e.g., Zendesk).
All providers are bound by Data Processing Agreements ensuring data security and compliance.

12. International Data Transfers

Our primary data storage is in Switzerland (AWS, Zurich). For transfers outside Switzerland or the EEA (e.g., Cloudflare in the U.S.), we use:

Standard Contractual Clauses (SCCs) (see eur-lex.europa.eu, search 32021D0914).

Vendor assessments to ensure adequate data protection.
Switzerland is recognized as providing adequate data protection under GDPR, but we apply additional safeguards for third-country transfers.

13. Security Measures

We protect your data with:

Encryption in transit (TLS) and at rest.

Secure access controls and multi-factor authentication.

Regular security audits and penetration testing.

Employee training on FADP and GDPR compliance.

Physical security at our Zürich office.

Incident response plans, including data breach notifications to the Swiss FDPIC and affected users within legal timeframes (e.g., 72 hours for GDPR).

14. Data Retention

We retain data only as long as necessary:

Account Data: 1 year after account closure, unless required for legal compliance (e.g., Swiss tax law, up to 10 years).

Usage Data: 1 year from collection.

Technical Logs: 90 days.

Support Communications: 1 year after resolution.
Longer retention may apply for legal claims, audits, or fraud prevention, as permitted by FADP and GDPR.

15. Your Rights

Under FADP and GDPR, you have the right to:

Access your personal data.

Correct inaccurate data.

Request deletion (“right to be forgotten”).

Restrict or object to processing.

Data portability.

Opt out of automated decision-making (not applicable here).

Be informed about data processing.

16. Exercising Your Rights

Contact our Data Protection Officer:

Email: privacy@finwatch.com

Address: Crovax Capital LLC, Chapfstrasse 102, 8126 Zumikon, Switzerland
We respond within 30 days (extendable to 90 days for complex requests).

If unsatisfied, contact the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Website: www.edoeb.admin.ch

Address: Feldeggweg 1, 3003 Bern, Switzerland

Phone: +41 58 462 43 95

For EU users, you may also contact your local data protection authority.

17. Cookies

We use:

Essential Cookies: For website functionality.

Analytics Cookies: To analyze usage (consent required).

Preference Cookies: To save settings (consent required).
We obtain explicit consent for non-essential cookies via a cookie banner.

18. FINMA Data Handling

We process publicly available FINMA data to provide AI-driven compliance insights. This data is:

Sourced from FINMA’s public registries.

Processed securely with human oversight.

Used only for compliance purposes, in line with FINMA guidelines and Swiss financial laws.

19. Third-Party Websites

Our Service may link to third-party sites (e.g., FINMA, LinkedIn). We are not responsible for their privacy practices. Review their policies before sharing data.

20. Data Breach Notification

In case of a data breach, we will:

Notify the FDPIC and, if applicable, EU authorities within legal timeframes.

Inform affected users promptly with details and mitigation steps.

21. Children’s Data

Our Service is not intended for users under 16. We do not knowingly collect data from children. Contact us if you believe we have such data.

22. Amendments

We reserve the right to modify this disclaimer at any time without prior notice. Continued use of the website following any modifications constitutes acceptance of the amended disclaimer.