iolite Capital Management AG ("iolite Capital", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect when you visit www.iolitecapital.com (the "Website"), how and why we use it, the legal bases on which we rely, with whom we share it, how long we keep it, and the rights available to you. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Who we are
The controller responsible for the processing of personal data on this Website is:
iolite Capital Management AG
Gwattstrasse 15, 8808 Pfäffikon SZ, Switzerland
Email: privacy@iolitecapital.com · info@iolitecapital.com
For any privacy-related enquiry, or to exercise any of the rights described in Section 10, please contact us using the details above.
2. Personal data we collect
We collect personal data that you provide directly and data collected automatically when you use the Website:
- Information you provide: name, email address, telephone number, company or organisation, and the content of any message you send through our contact form or by email.
- Member account data: if you are granted access to the Inner Circle, the account information necessary to authenticate you and to provide access to investor materials, together with records of the materials you access.
- Usage and technical data: IP address, approximate location derived from it, browser type and version, device and operating-system information, pages viewed, dates and times of access, time spent on pages, and referring URLs.
- Cookies and similar technologies: identifiers used to operate the Website, remember preferences, maintain security, and measure usage (see Section 6).
We do not knowingly collect special categories of personal data (such as data revealing health, religious or political views, or biometric data) through the Website, and we ask that you do not submit such data to us.
3. How we use personal data
We use personal data for the following purposes:
- To operate, maintain, and secure the Website;
- To respond to enquiries and communicate with you;
- To create, administer, and authenticate an Inner Circle member account, and to grant or restrict access to investor materials accordingly;
- To send investor letters, updates, and other communications to members and, where you have consented or as otherwise permitted by law, to prospective investors;
- To maintain records of our relationships and communications for legal, regulatory, tax, and audit purposes;
- To detect, investigate, and prevent fraud, abuse, security incidents, and unauthorised access;
- To analyse and improve the Website's functionality, content, and user experience; and
- To comply with applicable legal and regulatory obligations, and to establish, exercise, or defend legal claims.
We do not sell personal data, and we do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
4. Legal bases for processing
Where the GDPR applies, we rely on one or more of the following legal bases, depending on the purpose of processing:
- Consent — for example, where you have opted in to receive communications, or accepted non-essential cookies;
- Performance of a contract — for example, to administer your Inner Circle membership at your request;
- Legitimate interests — for example, to operate and secure the Website, respond to enquiries, and maintain appropriate business records, provided such interests are not overridden by your interests or fundamental rights; and
- Legal obligation — for example, to comply with applicable tax, anti-money-laundering, or regulatory record-keeping requirements.
Where the FADP applies, we process personal data on the basis of our legitimate interest in operating the Website and our business, your consent where sought, or as otherwise permitted by Swiss law.
5. Disclosure to third parties
We do not sell or rent personal data. We may share personal data with:
- Service providers who process data on our behalf and under our instructions, such as our website hosting provider (Wix.com, Inc.), email delivery providers, and IT service providers;
- Professional advisers, including legal, tax, and audit advisers, where necessary for their engagement;
- Regulatory, governmental, or judicial authorities, where required by applicable law, regulation, or legal process; and
- A successor entity, in connection with a merger, reorganisation, or sale of all or part of our business, subject to appropriate safeguards.
Any third party that processes personal data on our behalf is bound by contractual obligations to implement appropriate technical and organisational measures to protect that data and to process it only for the purposes we specify.
6. Cookies and analytics
The Website uses cookies and similar technologies necessary for its operation (such as maintaining your session and security) and, where applicable, analytics technologies to help us understand how the Website is used.
You can control or disable non-essential cookies through your browser settings; please note that doing so may affect the functionality of the Website. Essential cookies required for the Website to function, such as the authentication cookies used to keep you signed in to the Inner Circle, cannot be disabled without affecting your ability to use the relevant features.
7. International data transfers
iolite Capital is based in Switzerland. Where personal data is transferred to countries outside Switzerland or the European Economic Area that are not recognised as providing an adequate level of data protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or the Swiss Federal Data Protection and Information Commissioner's recognised transfer mechanisms, or another lawful transfer basis.
8. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements, and to establish, exercise, or defend legal claims.
Criteria used to determine retention periods include the nature and sensitivity of the data, the purpose for which it is processed, whether that purpose can be achieved through other means, and applicable statutory retention periods. When personal data is no longer required, we delete or anonymise it in a secure manner.
9. Data security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or destruction, taking into account the nature of the data and the risks involved.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
10. Your rights
Subject to applicable law, you may have the right to:
- Request access to, and a copy of, the personal data we hold about you;
- Request that we correct inaccurate or incomplete personal data;
- Request that we delete your personal data, subject to applicable legal retention requirements;
- Request that we restrict or object to certain processing of your personal data;
- Request a portable copy of personal data you have provided to us, where applicable; and
- Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us using the details in Section 1. We will respond within the timeframe required by applicable law. If you are not satisfied with our response, where the GDPR applies you have the right to lodge a complaint with your local data protection supervisory authority; where the FADP applies, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC).
11. Children's privacy
The Website is not directed at, and is not intended for use by, children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so that we can take appropriate action.
12. Third-party links
The Website may contain links to third-party websites. This Privacy Policy does not apply to those websites, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policy of any third-party website you visit.
13. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The effective date and version number at the top of this page indicate when this Policy was last revised. We encourage you to review this Policy periodically.
14. How to contact us
If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@iolitecapital.com or by post at iolite Capital Management AG, Gwattstrasse 15, 8808 Pfäffikon SZ, Switzerland.