We use cookies to ensure you get the best experience on our website. Cookie Policy & Privacy Policy
Accept All
Privacy Policy
MyTresor AG, Dammstrasse 16, 6300 Zug, Switzerland (hereinafter: "MyTresor", "we", "us", "our") is aware of the importance of the data entrusted to us. We use the term "data" here synonymously with "personal data". The protection and security of your personal data or your privacy is a significant concern for us. Of course, we treat your data confidentially and process, i.e., collect, store and use it only within the framework of legal regulations and as long as it is necessary in terms of time.
The legal basis of this privacy policy includes, among others, the national legal provisions of Swiss data protection law, in particular the "Federal Act on Data Protection" (FADP), the "Ordinance to the Federal Act on Data Protection" (DPO) and - depending on the case constellation/applicability - the data protection provisions of other foreign regulations (e.g., the "European General Data Protection Regulation", Regulation (EU) 2016/679, in short: "EU-GDPR"). Whether and to what extent these respective laws with their rights and obligations are applicable (or applicable to you) depends on the individual case.
Specifically, this privacy policy informs you about the type, scope and purpose of the processing of your personal data, whether it is when using our website www.mytresor.com, other websites of ours or apps, our internet offer (online shop etc. - hereinafter collectively "Website(s)"), as well as regarding our services (purchase, sale, delivery/collection and storage of precious metals) or whether you are otherwise in connection with us within the framework of a contract, communicate with us or otherwise have to do with us.
Furthermore, you will be informed about the rights to which you are entitled with regard to the processing of your data from data protection requirements. If necessary, we will inform you by means of a timely written notification about additional processing activities not mentioned in this privacy policy. In addition, we may inform you about the processing of your data separately, e.g. in consent declarations, contractual conditions, additional privacy policies, forms and notices.
Furthermore, if you transmit or disclose data about other persons to us, such as family members, work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.
The legal basis of this privacy policy includes, among others, the national legal provisions of Swiss data protection law, in particular the "Federal Act on Data Protection" (FADP), the "Ordinance to the Federal Act on Data Protection" (DPO) and - depending on the case constellation/applicability - the data protection provisions of other foreign regulations (e.g., the "European General Data Protection Regulation", Regulation (EU) 2016/679, in short: "EU-GDPR"). Whether and to what extent these respective laws with their rights and obligations are applicable (or applicable to you) depends on the individual case.
Specifically, this privacy policy informs you about the type, scope and purpose of the processing of your personal data, whether it is when using our website www.mytresor.com, other websites of ours or apps, our internet offer (online shop etc. - hereinafter collectively "Website(s)"), as well as regarding our services (purchase, sale, delivery/collection and storage of precious metals) or whether you are otherwise in connection with us within the framework of a contract, communicate with us or otherwise have to do with us.
Furthermore, you will be informed about the rights to which you are entitled with regard to the processing of your data from data protection requirements. If necessary, we will inform you by means of a timely written notification about additional processing activities not mentioned in this privacy policy. In addition, we may inform you about the processing of your data separately, e.g. in consent declarations, contractual conditions, additional privacy policies, forms and notices.
Furthermore, if you transmit or disclose data about other persons to us, such as family members, work colleagues, etc., we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.
Data About Third Parties
If you provide personal data about any individual other than yourself (e.g., colleagues, family members, or beneficiaries), you confirm that you are lawfully authorized to do so and that the individual has been informed about this Privacy Policy. You further agree to direct that individual to this Privacy Policy so they understand how we process their data.
By using our website and our offers/services, you declare your agreement with the valid version of our privacy policy/privacy notices that can be accessed at the time of your visit.
This privacy policy can and will be adjusted from time to time. We therefore encourage you to inform yourself regularly about its content and thus about the most current version by visiting our website.
In particular, we point out that websites of third parties that may be accessible via our portals may not be subject to the principles set out here. We assume no responsibility or liability for the observance of data protection by third-party websites.
By using our website and our offers/services, you declare your agreement with the valid version of our privacy policy/privacy notices that can be accessed at the time of your visit.
This privacy policy can and will be adjusted from time to time. We therefore encourage you to inform yourself regularly about its content and thus about the most current version by visiting our website.
In particular, we point out that websites of third parties that may be accessible via our portals may not be subject to the principles set out here. We assume no responsibility or liability for the observance of data protection by third-party websites.
A. Controller for data processing and related contact details
MyTresor AG Dammstrasse 16 CH-6300 Zug, Switzerland
Email: info@mytresor.com
Web: mytresor.com
If you have questions and/or for information about data protection, you can contact us directly by email at privacy@mytresor.com or by mail at the above address.
MyTresor AG has appointed an external Data Protection Officer (DPO) to oversee compliance with data protection regulations. If you have any questions or concerns regarding the handling of your personal data, you can contact our DPO or by mail at the above address.
Email: info@mytresor.com
Web: mytresor.com
If you have questions and/or for information about data protection, you can contact us directly by email at privacy@mytresor.com or by mail at the above address.
MyTresor AG has appointed an external Data Protection Officer (DPO) to oversee compliance with data protection regulations. If you have any questions or concerns regarding the handling of your personal data, you can contact our DPO or by mail at the above address.
B. Scope and purpose of processing personal data:
What data do we collect and what is the purpose? MyTresor offers you as a customer or interested party within the framework of the internet presence on www.mytresor.com, among other things, the possibility to carry out online transactions (online trading platform), to order market reports or newsletters or to contact us in general. In principle, personal data is collected within the framework of the following constellations and can be processed for the purposes explained there. It is your free decision whether you use our offers and enter/transmit your data. The requested data and its processing is carried out to the extent and duration necessary for the respective purpose in each individual case.
Profiling and Automated Decision-Making
We may use algorithms or other automated processes to analyze certain aspects of your behavior or status (e.g., for fraud detection, AML checks, or marketing). While these processes may produce “profiles” to help us tailor services or assess risk, we do not rely solely on automated decision-making that produces legal or similarly significant effects concerning you without human review. If we ever implement fully automated decisions with significant impact, we will inform you in advance and provide you the opportunity to request human intervention or review of the decision.
- General
Data categories
We process various categories of data about you. The main categories are summarized in advance as follows:
Technical data: When you use our website or other electronic offers (e.g. - if offered - free WLAN), we collect the IP address of your end device and other technical data (see below 1.) to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. The technical data alone does not generally allow any conclusions to be drawn about your identity.
Registration data: Certain offers such as services (e.g. login areas of our website, newsletter dispatch, etc.) or competitions can only be used with a user account or registration, which can be done directly with us or - if given - via an external login service provider. In doing so, you must provide us with certain data, and we collect data about the use of the offer or service.
Communication data: When you contact us via the contact form, by email, telephone or chat, by letter or via other means of communication, we record the data exchanged between you and us, including your contact details and the metadata of the communication.
Master data: Master data refers to the basic data that we need in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes (such as name, contact details and information e.g. about your role and function, your bank details, your date of birth, customer history, powers of attorney, signing authorities and declarations of consent). We process your master data if you are a customer or other business contact or are active for one (e.g. as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you yourself (e.g. in the case of a purchase or in the context of a registration), from bodies for which you are active, or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or possibly the internet (websites, social media, etc.).
Contract data: This is data that arises in connection with the conclusion of a contract or the processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to a contract conclusion, information required or used for processing and information about reactions (e.g. complaints or information about satisfaction, etc.). We usually collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also possibly from third-party sources (e.g. providers of credit data) and from publicly accessible sources.
Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you and align our products, services and offers better with you. To do this, we collect and use data about your behavior and preferences, if these functions are used. We do this by evaluating information about your behavior in our area, and we can supplement this information with information from third parties - including from publicly accessible sources.
Other data: We also collect data from you in other situations. For example, data may arise in connection with official or court proceedings (such as files, evidence, etc.), which may also relate to you. We may also collect data about who enters certain buildings when or has corresponding access rights (including access controls, based on registration data or visitor lists, etc.), who participates in events or actions (e.g. competitions) when, or who uses our infrastructure and systems when. In addition, we collect and process data about our shareholders and other investors; in addition to master data, this includes, among other things, information for the corresponding registers, regarding the exercise of their rights and the holding of events (e.g. general meetings).
Technical data: When you use our website or other electronic offers (e.g. - if offered - free WLAN), we collect the IP address of your end device and other technical data (see below 1.) to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. The technical data alone does not generally allow any conclusions to be drawn about your identity.
Registration data: Certain offers such as services (e.g. login areas of our website, newsletter dispatch, etc.) or competitions can only be used with a user account or registration, which can be done directly with us or - if given - via an external login service provider. In doing so, you must provide us with certain data, and we collect data about the use of the offer or service.
Communication data: When you contact us via the contact form, by email, telephone or chat, by letter or via other means of communication, we record the data exchanged between you and us, including your contact details and the metadata of the communication.
Master data: Master data refers to the basic data that we need in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes (such as name, contact details and information e.g. about your role and function, your bank details, your date of birth, customer history, powers of attorney, signing authorities and declarations of consent). We process your master data if you are a customer or other business contact or are active for one (e.g. as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g. in the context of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you yourself (e.g. in the case of a purchase or in the context of a registration), from bodies for which you are active, or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or possibly the internet (websites, social media, etc.).
Contract data: This is data that arises in connection with the conclusion of a contract or the processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to a contract conclusion, information required or used for processing and information about reactions (e.g. complaints or information about satisfaction, etc.). We usually collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also possibly from third-party sources (e.g. providers of credit data) and from publicly accessible sources.
Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you and align our products, services and offers better with you. To do this, we collect and use data about your behavior and preferences, if these functions are used. We do this by evaluating information about your behavior in our area, and we can supplement this information with information from third parties - including from publicly accessible sources.
Other data: We also collect data from you in other situations. For example, data may arise in connection with official or court proceedings (such as files, evidence, etc.), which may also relate to you. We may also collect data about who enters certain buildings when or has corresponding access rights (including access controls, based on registration data or visitor lists, etc.), who participates in events or actions (e.g. competitions) when, or who uses our infrastructure and systems when. In addition, we collect and process data about our shareholders and other investors; in addition to master data, this includes, among other things, information for the corresponding registers, regarding the exercise of their rights and the holding of events (e.g. general meetings).
Purposes
We process your data for the purposes we explain below. These purposes or the objectives underlying them represent legitimate interests of us and possibly third parties.
We process your data for purposes related to communication with you, in particular to respond to inquiries and to assert your rights and to contact you in case of queries.
For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We store this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up queries. This includes all purposes in connection with which you and we communicate, whether in customer service or in consulting, in authentication in case of a use of the website or for training and quality assurance (e.g. in the area of customer service). We continue to process communication data so that we can communicate with you by email and telephone, as well as chat, social media, letter and/or fax. Communication with you usually takes place in connection with other processing purposes, e.g. so that we can provide services or answer an information request. Our data processing also serves to prove communication and its contents.
We process data for the establishment, administration and handling of contractual relationships.
We conclude contracts of various types with our business and private customers, suppliers, subcontractors or other contractual partners, such as partners in projects or with parties in legal disputes. In doing so, we process in particular master data, contract data and communication data and, depending on the circumstances, also registration data of the customer or the persons to whom the customer mediates a service. This includes, for example, the recipients of our products or services who receive vouchers and invitations from our customers and can in turn become our customers when redeeming them. In this case, we process data for the processing of the contract with these recipients, but also with the contractual partners who invited them. As part of the business initiation, personal data - in particular master data, contract data and communication data - is collected from potential customers or other contractual partners (e.g. in an order form or contract) or results from a communication. Also in connection with the conclusion of the contract, we process data to check creditworthiness and to open the customer relationship. In some cases, this information is checked for compliance with legal requirements.
In the context of processing contractual relationships, we process data for the administration of the customer relationship, for the provision and demand of contractual services (which also includes the involvement of third parties, such as logistics companies, security services, advertising service providers, banks, insurance companies or credit agencies, which can then in turn provide us with data), for consulting and customer support. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as is accounting, termination of contracts and public communication.
We process data - if given - for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalized advertising for products and services from us and from third parties (e.g. advertising contractual partners).
This can be done, for example, in the form of newsletters and other regular contacts (electronically, by mail, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing actions (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can refuse such contacts at any time or revoke your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you.
For example, with your consent, we send you information, advertising and product offers from us and from third parties within and outside the group (e.g. advertising contractual partners), as printed matter, electronically or by telephone. For this purpose, we process mainly communication and registration data. Like most companies, we personalize messages so that we can provide you with individual information and make offers that meet your needs and interests. To do this, we link data that we process about you and determine preference data and use this data as a basis for personalization. We also process data in connection with competitions, prize draws and similar events.
Relationship maintenance also includes the - possibly based on behavioral and preference data personalized - addressing of existing customers and their contacts. As part of relationship maintenance, we may also operate a Customer Relationship Management system ("CRM") in which we store the data necessary for maintaining the relationship with customers, suppliers and other business partners, e.g. about contact persons, relationship history (e.g. about products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.) and other information.
All these processing activities are important for us not only to be able to advertise our offers as effectively as possible, but also to make our relationships with customers and other third parties more personal and positive, to concentrate on the most important relationships and to use our resources as efficiently as possible.
We further process your data - if given - for market research, to improve our services and our operations and for product development.
We strive to continuously improve our products and services (including our website) and to be able to react quickly to changing needs. We therefore analyze, for example, how you navigate through our website or which products are used by which groups of people in which way and how new products and services can be designed (for further details, see section 12). This gives us indications of the market acceptance of existing products and services and the market potential of new products and services. For this purpose, we process in particular master data, behavioral and preference data, but also communication data and information from customer surveys, surveys and studies and other information e.g. from the media, from social media, from the internet and from other public sources. Wherever possible, we use pseudonymized or anonymized data for these purposes. We may also use media monitoring services or conduct our own media monitoring and process personal data in the process to conduct media work or to understand and react to current developments and trends.
We may also process your data for security purposes and for access control.
We continuously check and improve the appropriate security of our IT and our other infrastructure (e.g. buildings). Like all companies, we cannot rule out data security breaches with absolute certainty, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, controls, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and in the context of security backups. Access controls include, on the one hand, the control of access to electronic systems (e.g. logging in to user accounts), and on the other hand, physical access control (e.g. building access). For security purposes (prevention and investigation of incidents), we may also keep access logs or visitor lists and use monitoring systems (e.g. security cameras). We inform you about monitoring systems at the relevant locations by means of appropriate signs.
We process personal data for compliance with laws, instructions and recommendations from authorities and internal regulations ("Compliance").
This includes, for example, the legally regulated fight against money laundering and terrorist financing. We are obliged to carry out certain checks on customers ("Know Your Customer", "KYC") or to report to authorities. The fulfillment of information, disclosure or reporting obligations, e.g. in connection with supervisory and tax law obligations, also requires or involves data processing, e.g. the fulfillment of archiving obligations and the prevention, detection and investigation of criminal offenses and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communication, internal investigations or the disclosure of documents to an authority if we have sufficient reason to do so or are legally obliged to do so. We may also process personal data about you in connection with external investigations, e.g. by a law enforcement or supervisory authority or a commissioned private entity. Furthermore, we process data to support our shareholders and other investors and to fulfill our related obligations. For all these purposes, we process in particular your master data, your contract data and communication data, but possibly also behavioral data and data from the categories of other data. In the case of legal obligations, these may be Swiss law, but also foreign provisions to which we are subject, as well as self-regulation, industry standards, our own "Corporate Governance" and official instructions and requests.
We also process data for purposes of our risk management and as part of prudent corporate governance, including business organization and corporate development.
For these purposes, we process in particular master data, contract data, registration data and technical data, but also behavioral and communication data. For example, as part of our financial management, we must monitor our debtors and creditors, and we must avoid becoming victims of crimes and abuses, which may require the evaluation of data for corresponding patterns. For these purposes and for your and our protection against criminal or abusive activities - if given - we may also carry out profiling and create and process profiles. As part of planning our resources and organizing our operations, we need to evaluate and process data on the use of our services and other offers or exchange information about them with others (e.g. outsourcing partners), which may include your data. The same applies to services provided to us by third parties. As part of corporate development, we may sell businesses, business units or companies to others or acquire them from others or enter into partnerships, which may also lead to the exchange and processing of data (including yours, e.g. as a customer or supplier or as a supplier representative).
We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.
These other purposes include, for example, training and education purposes, administrative purposes (such as the management of master data, accounting and data archiving and the testing, management and ongoing improvement of IT infrastructure), the preservation of our rights (e.g. to enforce claims in court, pre-trial or out-of-court and before authorities at home and abroad or to defend ourselves against claims, e.g. by securing evidence, legal clarifications and participation in judicial or official proceedings) and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The preservation of other legitimate interests is also part of the further purposes, which cannot be exhaustively named.
Specific facts
We process your data for purposes related to communication with you, in particular to respond to inquiries and to assert your rights and to contact you in case of queries.
For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We store this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up queries. This includes all purposes in connection with which you and we communicate, whether in customer service or in consulting, in authentication in case of a use of the website or for training and quality assurance (e.g. in the area of customer service). We continue to process communication data so that we can communicate with you by email and telephone, as well as chat, social media, letter and/or fax. Communication with you usually takes place in connection with other processing purposes, e.g. so that we can provide services or answer an information request. Our data processing also serves to prove communication and its contents.
We process data for the establishment, administration and handling of contractual relationships.
We conclude contracts of various types with our business and private customers, suppliers, subcontractors or other contractual partners, such as partners in projects or with parties in legal disputes. In doing so, we process in particular master data, contract data and communication data and, depending on the circumstances, also registration data of the customer or the persons to whom the customer mediates a service. This includes, for example, the recipients of our products or services who receive vouchers and invitations from our customers and can in turn become our customers when redeeming them. In this case, we process data for the processing of the contract with these recipients, but also with the contractual partners who invited them. As part of the business initiation, personal data - in particular master data, contract data and communication data - is collected from potential customers or other contractual partners (e.g. in an order form or contract) or results from a communication. Also in connection with the conclusion of the contract, we process data to check creditworthiness and to open the customer relationship. In some cases, this information is checked for compliance with legal requirements.
In the context of processing contractual relationships, we process data for the administration of the customer relationship, for the provision and demand of contractual services (which also includes the involvement of third parties, such as logistics companies, security services, advertising service providers, banks, insurance companies or credit agencies, which can then in turn provide us with data), for consulting and customer support. The enforcement of legal claims arising from contracts (debt collection, legal proceedings, etc.) is also part of the processing, as is accounting, termination of contracts and public communication.
We process data - if given - for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalized advertising for products and services from us and from third parties (e.g. advertising contractual partners).
This can be done, for example, in the form of newsletters and other regular contacts (electronically, by mail, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing actions (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can refuse such contacts at any time or revoke your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you.
For example, with your consent, we send you information, advertising and product offers from us and from third parties within and outside the group (e.g. advertising contractual partners), as printed matter, electronically or by telephone. For this purpose, we process mainly communication and registration data. Like most companies, we personalize messages so that we can provide you with individual information and make offers that meet your needs and interests. To do this, we link data that we process about you and determine preference data and use this data as a basis for personalization. We also process data in connection with competitions, prize draws and similar events.
Relationship maintenance also includes the - possibly based on behavioral and preference data personalized - addressing of existing customers and their contacts. As part of relationship maintenance, we may also operate a Customer Relationship Management system ("CRM") in which we store the data necessary for maintaining the relationship with customers, suppliers and other business partners, e.g. about contact persons, relationship history (e.g. about products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.) and other information.
All these processing activities are important for us not only to be able to advertise our offers as effectively as possible, but also to make our relationships with customers and other third parties more personal and positive, to concentrate on the most important relationships and to use our resources as efficiently as possible.
We further process your data - if given - for market research, to improve our services and our operations and for product development.
We strive to continuously improve our products and services (including our website) and to be able to react quickly to changing needs. We therefore analyze, for example, how you navigate through our website or which products are used by which groups of people in which way and how new products and services can be designed (for further details, see section 12). This gives us indications of the market acceptance of existing products and services and the market potential of new products and services. For this purpose, we process in particular master data, behavioral and preference data, but also communication data and information from customer surveys, surveys and studies and other information e.g. from the media, from social media, from the internet and from other public sources. Wherever possible, we use pseudonymized or anonymized data for these purposes. We may also use media monitoring services or conduct our own media monitoring and process personal data in the process to conduct media work or to understand and react to current developments and trends.
We may also process your data for security purposes and for access control.
We continuously check and improve the appropriate security of our IT and our other infrastructure (e.g. buildings). Like all companies, we cannot rule out data security breaches with absolute certainty, but we do our best to reduce the risks. We therefore process data, for example, for monitoring, controls, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and in the context of security backups. Access controls include, on the one hand, the control of access to electronic systems (e.g. logging in to user accounts), and on the other hand, physical access control (e.g. building access). For security purposes (prevention and investigation of incidents), we may also keep access logs or visitor lists and use monitoring systems (e.g. security cameras). We inform you about monitoring systems at the relevant locations by means of appropriate signs.
We process personal data for compliance with laws, instructions and recommendations from authorities and internal regulations ("Compliance").
This includes, for example, the legally regulated fight against money laundering and terrorist financing. We are obliged to carry out certain checks on customers ("Know Your Customer", "KYC") or to report to authorities. The fulfillment of information, disclosure or reporting obligations, e.g. in connection with supervisory and tax law obligations, also requires or involves data processing, e.g. the fulfillment of archiving obligations and the prevention, detection and investigation of criminal offenses and other violations. This also includes the receipt and processing of complaints and other reports, the monitoring of communication, internal investigations or the disclosure of documents to an authority if we have sufficient reason to do so or are legally obliged to do so. We may also process personal data about you in connection with external investigations, e.g. by a law enforcement or supervisory authority or a commissioned private entity. Furthermore, we process data to support our shareholders and other investors and to fulfill our related obligations. For all these purposes, we process in particular your master data, your contract data and communication data, but possibly also behavioral data and data from the categories of other data. In the case of legal obligations, these may be Swiss law, but also foreign provisions to which we are subject, as well as self-regulation, industry standards, our own "Corporate Governance" and official instructions and requests.
We also process data for purposes of our risk management and as part of prudent corporate governance, including business organization and corporate development.
For these purposes, we process in particular master data, contract data, registration data and technical data, but also behavioral and communication data. For example, as part of our financial management, we must monitor our debtors and creditors, and we must avoid becoming victims of crimes and abuses, which may require the evaluation of data for corresponding patterns. For these purposes and for your and our protection against criminal or abusive activities - if given - we may also carry out profiling and create and process profiles. As part of planning our resources and organizing our operations, we need to evaluate and process data on the use of our services and other offers or exchange information about them with others (e.g. outsourcing partners), which may include your data. The same applies to services provided to us by third parties. As part of corporate development, we may sell businesses, business units or companies to others or acquire them from others or enter into partnerships, which may also lead to the exchange and processing of data (including yours, e.g. as a customer or supplier or as a supplier representative).
We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.
These other purposes include, for example, training and education purposes, administrative purposes (such as the management of master data, accounting and data archiving and the testing, management and ongoing improvement of IT infrastructure), the preservation of our rights (e.g. to enforce claims in court, pre-trial or out-of-court and before authorities at home and abroad or to defend ourselves against claims, e.g. by securing evidence, legal clarifications and participation in judicial or official proceedings) and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. The preservation of other legitimate interests is also part of the further purposes, which cannot be exhaustively named.
Specific facts
2. When visiting our website
When you visit our website/portals or other electronic or digital offers, the access and each retrieval of a file stored on this website is automatically temporarily logged (log file, server log files). As a rule, the following data is logged: IP address of the requesting computer, name of the retrieved file, date and time of retrieval/access, duration, amount of data transferred, access country, message about successful retrieval, web browser and requesting domain. Based on the IP address, we know which provider you are accessing our offers through (and thus also the region), but we usually cannot deduce who you are from this. In order to ensure the functionality of these offers, we may also assign you or your end device an individual code (e.g. in the form of a cookie, see section I. below).
The purpose of the automatic collection and processing of the aforementioned data is to enable you to use our website or to ensure this (connection establishment), to serve internal statistical purposes, to permanently guarantee system security and stability and to enable and optimize our internet offer and its handling. There is no personal evaluation or profiling. The disclosure of the information thus collected and evaluated to third parties is excluded in any case. Only in the event of an attack on the network infrastructure of mytresor.com will the IP address be evaluated. Using the aforementioned data, we can find out which information is really useful for our users and customers and which areas of our portals and online services interest you the most. In summary, we want to offer you high-quality consulting and trading services, enable comfortable access to our products and services and provide an optimal range of services. More extensive personal data is only collected if you as a user of the website and/or as a customer voluntarily provide information, for example in the context of an inquiry or registration or to conclude a contract or via your browser settings (see sections below).
The purpose of the automatic collection and processing of the aforementioned data is to enable you to use our website or to ensure this (connection establishment), to serve internal statistical purposes, to permanently guarantee system security and stability and to enable and optimize our internet offer and its handling. There is no personal evaluation or profiling. The disclosure of the information thus collected and evaluated to third parties is excluded in any case. Only in the event of an attack on the network infrastructure of mytresor.com will the IP address be evaluated. Using the aforementioned data, we can find out which information is really useful for our users and customers and which areas of our portals and online services interest you the most. In summary, we want to offer you high-quality consulting and trading services, enable comfortable access to our products and services and provide an optimal range of services. More extensive personal data is only collected if you as a user of the website and/or as a customer voluntarily provide information, for example in the context of an inquiry or registration or to conclude a contract or via your browser settings (see sections below).
3. When registering a customer account ("MyTresor Account")
In order to provide you with personalized services (specifically in the form of a virtual back office for your purchases and sales, including precious metal online shopping at the click of a mouse, to display all your transactions at a glance, furthermore to enable simple handling of limit orders as well as self-management of your customer data, trading functionalities such as price radar, availability service and notepad, special promotions or our free information service under topic subscriptions) and thus make order processing more efficient and faster and provide even more professional and prompt support, we offer you the option of opening a customer account under the access-protected area "MyTresor Account", i.e. to register free of charge for your personal customer area. You create your personal area in "MyTresor Account" and then set a password for security reasons. The creation of a customer account by providing your personal data is voluntary. Which personal data is transmitted in the process results from the respective input mask. The system stores all your information and generates a personal account with access data. Through a registration, the IP address assigned to you/the data subject by the Internet service provider (ISP), the date and time of registration are also stored. You can freely choose your username. The next time you want to place an order in our online portal or make a sales offer to MyTresor, you simply need to enter your username and password in "MyTresor Account" and the system automatically searches for the required data.
The provision of certain data and truthful data is mandatory (not least to comply with the requirements of the Anti-Money Laundering Act, SR 955.0). When completing the registration for the recording and modification of your details for the customer account, you confirm and warrant the accuracy of the information you have recorded.
In principle, the following information is recorded:
The purpose of providing this data is the processing and administration of our website or offers, to check the entered data for plausibility, i.e. to establish, design the content of, process and change the contractual relationships concluded with you via your customer account and in the case of chargeable services for proper invoicing. Depending on the context and offer, the required information is provided to comply with mandatory legal requirements (such as the provisions of the Anti-Money Laundering Act, SR 955.0).
The provision of certain data and truthful data is mandatory (not least to comply with the requirements of the Anti-Money Laundering Act, SR 955.0). When completing the registration for the recording and modification of your details for the customer account, you confirm and warrant the accuracy of the information you have recorded.
In principle, the following information is recorded:
- Your email address, which can also serve as a username,
- Password
- and depending on the context and offer, possibly other information such as
- Company
- Name, first name
- Address (complete postal address, postal code, city)
- Phone number
- Information on subscribed newsletters or other advertising
- Language preferences.
The purpose of providing this data is the processing and administration of our website or offers, to check the entered data for plausibility, i.e. to establish, design the content of, process and change the contractual relationships concluded with you via your customer account and in the case of chargeable services for proper invoicing. Depending on the context and offer, the required information is provided to comply with mandatory legal requirements (such as the provisions of the Anti-Money Laundering Act, SR 955.0).
4. When using a website/portal as a registered customer
While you use our website/portal as a registered customer (i.e. under password-protected login), data is collected in particular about the type, frequency and intensity of use of the website and its offers (functions, advertising, etc.), the duration of customer membership, the purchase or sale frequency, minimum and maximum in USD and the number of items. This data is collected for statistical reasons, to enable the smooth functionality of the website/portal and for the analysis, optimization and personalization of the use of our offers and services.
5. When making a purchase / sale or using a chargeable service (e.g. delivery/collection, storage)
If you want to buy or sell a precious metal product on our website/online shop or use a chargeable service (e.g. storage of precious metals), we need various data for the processing of the respective contractual relationship. You must provide the following data via enrichment, e.g. in a form/for applications or questionnaires, depending on the context and offer:
The provision of any additional data beyond this is generally voluntary. The purpose of processing the data is the contract and order processing (e.g. sending order confirmations or shipping notifications) as well as the other necessary communication within the framework of contract and order processing, the delivery of ordered or stored or collection of sold precious metals to/from you (if applicable via logistics companies), communication with you in case of offer changes, delivery delays or delivery impossibilities, payment processing, identity verification, processing of inquiries from you, processing of complaints, returns, warranty cases, provision and warranty of available customer service, sending evaluation requests to you after delivery or contract fulfillment, as well as to carry out all other conceivable actions by MyTresor for the purpose of contract or order processing.
Many of the data mentioned in this section are made known to us by you yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you want to conclude contracts with us or claim services, you must also provide us with data within the framework of your contractual obligation according to the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you want to gain access to certain systems or buildings, you must provide us with registration data. With behavioral and preference data, however, you generally have the option of objecting or not giving consent (see section 6).
For Know Your Customer (KYC) and Anti-Money Laundering (AML) processes, we utilize the services of SumSub, a third-party provider. After initial account creation, where we collect only your email, password, and name, SumSub may collect additional information including your address, ID documents, selfie, and other relevant data for identity verification purposes. For more information on how SumSub handles your data, please refer to their privacy notice: sumsub.com
- Login data, if you are a registered customer (selected by you)
- Email address
- Name, first name
- Date of birth, place
- Address (street, house number, postal code, city, country and - depending on the offer/context - possibly different delivery or collection address)
- Nationality
- Phone number
- Payment method or details in the context of a payment to be made by us to you (e.g. bank, IBAN, BIC, SWIFT)
- Information for the transmission of the invoice
- Further information to comply with mandatory legal requirements (including Anti-Money Laundering Act, SR 955.0).
The provision of any additional data beyond this is generally voluntary. The purpose of processing the data is the contract and order processing (e.g. sending order confirmations or shipping notifications) as well as the other necessary communication within the framework of contract and order processing, the delivery of ordered or stored or collection of sold precious metals to/from you (if applicable via logistics companies), communication with you in case of offer changes, delivery delays or delivery impossibilities, payment processing, identity verification, processing of inquiries from you, processing of complaints, returns, warranty cases, provision and warranty of available customer service, sending evaluation requests to you after delivery or contract fulfillment, as well as to carry out all other conceivable actions by MyTresor for the purpose of contract or order processing.
Many of the data mentioned in this section are made known to us by you yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you want to conclude contracts with us or claim services, you must also provide us with data within the framework of your contractual obligation according to the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you want to gain access to certain systems or buildings, you must provide us with registration data. With behavioral and preference data, however, you generally have the option of objecting or not giving consent (see section 6).
For Know Your Customer (KYC) and Anti-Money Laundering (AML) processes, we utilize the services of SumSub, a third-party provider. After initial account creation, where we collect only your email, password, and name, SumSub may collect additional information including your address, ID documents, selfie, and other relevant data for identity verification purposes. For more information on how SumSub handles your data, please refer to their privacy notice: sumsub.com
6. Basis for data processing / consent
Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary in the broadest sense for the initiation or processing of a contract with you (or the entity you represent) or that we or third parties have a legitimate/overriding interest in doing so, in particular to pursue the purposes described above and to implement associated measures. Our legitimate/overriding interests also include compliance with legal requirements, insofar as these are not already recognized by the applicable data protection law as a legal basis (e.g. in the case of the GDPR, the law in the EEA and in Switzerland: FADP and DPO). This also includes the marketing of our products and services, the interest in better understanding our markets and in managing and developing our company, including operational operations, safely and efficiently.
Additional Legal Bases
Performance of a Contract: Where processing is necessary to carry out our contractual obligations (e.g., verifying your identity, fulfilling your gold storage request).
Legal Obligations: Where we must process your data to comply with laws (e.g., Anti-Money Laundering Act).
Legitimate Interests: Where our interests or those of third parties do not override your fundamental rights (e.g., detecting security threats, marketing to existing customers).
Vital Interests: Where processing is necessary to protect someone’s life or physical integrity, if applicable.
Public Task: Where required by certain laws or if we must cooperate with regulators for the public good.
By enriching, recording or changing your data entries, e.g. in a form/when submitting offers, applications or questionnaires, you consent to the processing, use and disclosure of the same within the framework and scope of the purposes described in this privacy policy and privacy notices.
Insofar as we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke consent given at any time by written notification (by post/email) to us with effect for the future; our contact details can be found above under A or below C. Where you have a user account, a revocation or contact with us may also be carried out via the relevant website or other service. As soon as we receive the notification about the revocation of your consent, we will no longer process your data for the purposes to which you originally agreed, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Additional Legal Bases
Performance of a Contract: Where processing is necessary to carry out our contractual obligations (e.g., verifying your identity, fulfilling your gold storage request).
Legal Obligations: Where we must process your data to comply with laws (e.g., Anti-Money Laundering Act).
Legitimate Interests: Where our interests or those of third parties do not override your fundamental rights (e.g., detecting security threats, marketing to existing customers).
Vital Interests: Where processing is necessary to protect someone’s life or physical integrity, if applicable.
Public Task: Where required by certain laws or if we must cooperate with regulators for the public good.
By enriching, recording or changing your data entries, e.g. in a form/when submitting offers, applications or questionnaires, you consent to the processing, use and disclosure of the same within the framework and scope of the purposes described in this privacy policy and privacy notices.
Insofar as we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke consent given at any time by written notification (by post/email) to us with effect for the future; our contact details can be found above under A or below C. Where you have a user account, a revocation or contact with us may also be carried out via the relevant website or other service. As soon as we receive the notification about the revocation of your consent, we will no longer process your data for the purposes to which you originally agreed, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
On-Chain Data Disclaimer
If you use blockchain-based services or transact in cryptocurrencies while engaging with MyTresor, you acknowledge that certain personal data (including wallet addresses and transaction details) may be permanently stored on public blockchains. Neither MyTresor nor any third party can edit, alter, or delete data once published on a blockchain. Consequently, you should be aware that such data may be publicly accessible and may not be subject to standard data protection rights (e.g., right to erasure). By transacting on blockchains, you release and indemnify MyTresor from any liability related to the permanent storage of on-chain data.
You acknowledge and agree that you assume all responsibility for any personal data placed on a public blockchain, and you release and indemnify MyTresor from any claims or liabilities arising from this permanent on-chain storage.
You acknowledge and agree that you assume all responsibility for any personal data placed on a public blockchain, and you release and indemnify MyTresor from any claims or liabilities arising from this permanent on-chain storage.
C. Use of data for advertising purposes
As part of registering a customer account under "MyTresor Account" on our website mytresor.com or an order (purchase/sale, etc.) as a guest, you have agreed that we may also process your personal data for marketing purposes or for personalized advertising measures, i.e. use it. This includes, for example, contacting you or sending newsletters, advertising, information about special offers or services from us, keeping you up to date on current prices and developments, new products and special promotions, as well as conducting prize competitions and sweepstakes and all other conceivable actions and measures that we may take in the future as part of marketing. We may use your data and customer evaluations for market and opinion research purposes. However, this is done - if applicable - in anonymous form. You can object to the use of your data in the sense described above at any time (see general notice below). If necessary, we will ask you for your consent for further specific measures in accordance with legal requirements (cf. e.g. declaration of consent in forms).
1. Newsletter
By subscribing to our newsletter, you agree to receive it and the procedures described. With the following information, we specifically inform you about the registration, dispatch and statistical evaluation procedure as well as your right to object with regard to newsletters.
On the MyTresor website, you are given the opportunity to subscribe to our newsletter. Consequently, you will only receive a newsletter at your own request. MyTresor informs you in it about offers and information about precious metals. The prerequisite for receiving the newsletter is a valid email address and registration for the dispatch. When registering for the newsletter, we store the IP address assigned by the Internet service provider of the computer system used at the time of registration as well as the date and time of registration. The personal data collected as part of a registration for the newsletter will be used exclusively for sending our newsletter. No personal data collected in the context of the newsletter service will be passed on to third parties.
Registration for our newsletter takes place in a so-called double opt-in procedure, which means: After registration, you will receive an email in which you are asked to confirm your registration. This confirmation email is used to verify that the owner of the email address as the data subject has authorized the receipt of the newsletter. This confirmation is also necessary so that no one can register with other people's email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time, as well as the IP address. MyTresor may use a dispatch service provider to send the newsletter. The changes to your data stored at the (possibly used) dispatch service provider are also logged. The terms and conditions with this service provider include the provisions of data protection law and their observance is contractually stipulated. The use of a dispatch service provider, the implementation of statistical surveys and analyses as well as logging of the registration procedure are carried out on the basis of our legitimate interests. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.
We also point out that the newsletters contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded counting pixel, MyTresor can recognize if and when an email was opened and which links in the email were called up.
Such personal data collected via the counting pixels contained in the newsletters are stored and evaluated by MyTresor in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the respective separate declaration of consent given via the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. MyTresor automatically regards a unsubscription from the receipt of the newsletter as a revocation.
The subscription to our newsletter can be terminated at any time. The consent to the storage of personal data can be revoked at any time. For the purpose of revoking consent, there is a corresponding link ("Unsubscribe link") in every newsletter, the mere activation of which terminates data processing. Furthermore, there is the possibility to unsubscribe from the newsletter dispatch at any time in other ways (for example by post or email to privacy@mytresor.com). An unsubscription from receiving the newsletter is automatically interpreted by MyTresor as a revocation.
On the MyTresor website, you are given the opportunity to subscribe to our newsletter. Consequently, you will only receive a newsletter at your own request. MyTresor informs you in it about offers and information about precious metals. The prerequisite for receiving the newsletter is a valid email address and registration for the dispatch. When registering for the newsletter, we store the IP address assigned by the Internet service provider of the computer system used at the time of registration as well as the date and time of registration. The personal data collected as part of a registration for the newsletter will be used exclusively for sending our newsletter. No personal data collected in the context of the newsletter service will be passed on to third parties.
Registration for our newsletter takes place in a so-called double opt-in procedure, which means: After registration, you will receive an email in which you are asked to confirm your registration. This confirmation email is used to verify that the owner of the email address as the data subject has authorized the receipt of the newsletter. This confirmation is also necessary so that no one can register with other people's email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time, as well as the IP address. MyTresor may use a dispatch service provider to send the newsletter. The changes to your data stored at the (possibly used) dispatch service provider are also logged. The terms and conditions with this service provider include the provisions of data protection law and their observance is contractually stipulated. The use of a dispatch service provider, the implementation of statistical surveys and analyses as well as logging of the registration procedure are carried out on the basis of our legitimate interests. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.
We also point out that the newsletters contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded counting pixel, MyTresor can recognize if and when an email was opened and which links in the email were called up.
Such personal data collected via the counting pixels contained in the newsletters are stored and evaluated by MyTresor in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the respective separate declaration of consent given via the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. MyTresor automatically regards a unsubscription from the receipt of the newsletter as a revocation.
The subscription to our newsletter can be terminated at any time. The consent to the storage of personal data can be revoked at any time. For the purpose of revoking consent, there is a corresponding link ("Unsubscribe link") in every newsletter, the mere activation of which terminates data processing. Furthermore, there is the possibility to unsubscribe from the newsletter dispatch at any time in other ways (for example by post or email to privacy@mytresor.com). An unsubscription from receiving the newsletter is automatically interpreted by MyTresor as a revocation.
2. Direct advertising and fair trading law
Notwithstanding the above, we are entitled within the framework of the legal permission according to Art. 3 para. 1 lit. o UWG (or Art. 6 para. 1 f) EU-GDPR) to use the email address that you provided when purchasing goods, works or services for direct advertising for our own similar goods, works or services. If you no longer wish to receive advertising for similar goods, works or services, you can object to the corresponding use of your email address at any time without incurring additional costs. To do this, you can unsubscribe by clicking on the unsubscribe link contained in each mailing (see also general notice below).
3. Participation in competitions
The following declarations apply to all participants in competitions conducted by MyTresor AG.
If you participate in a competition, we process, among other things, the following data from you:
Your data will be processed for the purposes of handling the competition (primarily determining the winner and contacting them) as well as direct marketing. Another purpose may be the delivery of the prize. Recipients of the data are internal recipients of the controller in compliance with the "need-to-know" principle as well as external recipients for the fulfillment of the prize claim such as travel organizers. The processing is based on the fulfillment of the debt relationship based on the competition, so that Art. 6 para. 1 lit. b) GDPR is the legal basis for the processing. The use of your data collected in the context of the competition for direct marketing purposes is based on consent given in accordance with Art. 6 para. 1 lit. a) GDPR as the legal basis.
After the purpose has been achieved (conducting the competition), your data will be deleted. If you have also consented to the use of your data for direct marketing purposes as part of the competition, we will delete this data after you revoke your consent.
If you participate in a competition, we process, among other things, the following data from you:
- First and last name,
- Address,
- Email address,
- Content data, if this is the subject of the competition
- as well as other data that you transmit to us in this context.
Your data will be processed for the purposes of handling the competition (primarily determining the winner and contacting them) as well as direct marketing. Another purpose may be the delivery of the prize. Recipients of the data are internal recipients of the controller in compliance with the "need-to-know" principle as well as external recipients for the fulfillment of the prize claim such as travel organizers. The processing is based on the fulfillment of the debt relationship based on the competition, so that Art. 6 para. 1 lit. b) GDPR is the legal basis for the processing. The use of your data collected in the context of the competition for direct marketing purposes is based on consent given in accordance with Art. 6 para. 1 lit. a) GDPR as the legal basis.
After the purpose has been achieved (conducting the competition), your data will be deleted. If you have also consented to the use of your data for direct marketing purposes as part of the competition, we will delete this data after you revoke your consent.
4. General notice on right of objection / unsubscription
The respective data protection law applicable to you grants you the right to object to the processing of your data under certain circumstances, in particular for purposes of direct marketing, profiling operated for direct advertising purposes (if applied at all) and other legitimate interests in processing. If you are generally not interested (anymore) in our advertising measures/information etc., e.g. to be informed about the latest products, special promotions and activities of MyTresor, you can object to these on the one hand within the framework of the specific advertising measure mailing (i.e. via the objection/unsubscribe link contained therein) and on the other hand at any time by email to privacy@mytresor.com or write to us at the following address:
MyTresor AG Dammstrasse 16 6300 Zug, Switzerland
You also have the right to object at any time to the processing of your personal data for purposes of profiling or automated decision-making if it produces legal or similarly significant effects on you. If you wish to exercise this right or have concerns about such profiling, please contact privacy@mytresor.com.
MyTresor AG Dammstrasse 16 6300 Zug, Switzerland
You also have the right to object at any time to the processing of your personal data for purposes of profiling or automated decision-making if it produces legal or similarly significant effects on you. If you wish to exercise this right or have concerns about such profiling, please contact privacy@mytresor.com.
D. Duration of processing and data storage
The processing and storage of your personal data generally lasts as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require it, or storage is technically necessary or, in summary, as long as it is necessary to fulfill our contractual and legal obligations, etc. As a rule, regular deletion of data takes place that is no longer necessary for the fulfillment of contractual or legal obligations. Excluded from this are data whose (temporary) further processing is necessary for the following purposes:
Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in case of legal claims, disagreements, purposes of IT and infrastructure security and proof of good corporate governance and compliance. Technical storage may be necessary if certain data cannot be separated from other data and we therefore have to store it with this data (e.g. in the case of backups or document management systems).
If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the expiry of the storage or processing period within the framework of our usual processes.
Specific Data Retention Periods:
These periods may be extended if required by law, ongoing investigations, or legal proceedings.
- Compliance with commercial and tax law and other retention/documentation periods: e.g. the Swiss Code of Obligations (OR), the Business Records Ordinance (GeBüV), the Anti-Money Laundering Act (GwG), the Federal Act on Direct Federal Tax (DBG), the Federal Act on the Harmonization of Direct Taxes of Cantons and Municipalities (StHG), the Federal Act on Stamp Duties and the Withholding Tax Act (StG), the Value Added Tax Act (MWSTG), the Anti-Money Laundering Act (GwG).
- Preservation of evidence within the framework of statutory limitation provisions.
- General note: According to Art. 127 ff. of the Swiss Code of Obligations (OR), claims generally become statute-barred after five (5) to ten (10) years.
Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in case of legal claims, disagreements, purposes of IT and infrastructure security and proof of good corporate governance and compliance. Technical storage may be necessary if certain data cannot be separated from other data and we therefore have to store it with this data (e.g. in the case of backups or document management systems).
If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the expiry of the storage or processing period within the framework of our usual processes.
Specific Data Retention Periods:
- Customer account data: Retained for the duration of the account's existence and for 10 years after account closure.
- Transaction data: Kept for 10 years to comply with financial regulations and tax requirements.
- Communication data (e.g., customer service interactions): Stored for 18 months after the last interaction.
- Marketing data: Retained until the user opts out or for 3 years of inactivity.
These periods may be extended if required by law, ongoing investigations, or legal proceedings.
Blockchain Exception
Where data is published on a public blockchain, we cannot guarantee its deletion or compliance with typical retention periods. Blockchain transactions are typically irreversible, and any personal data contained therein may remain public indefinitely, outside of MyTresor’s control.
E. Do we pass on personal data?
We may process the information/data you have provided about yourself as well as data we have collected about you as follows, i.e. use and, in connection with our contracts, the website, our services and products, our legal obligations or otherwise to safeguard our legitimate interests and the other purposes listed above, if necessary, pass on to other companies/persons (possibly also abroad), insofar as this is expedient for the data processing described in this privacy policy:
We reserve the right to make these data disclosures even if they should concern secret data in exceptional cases (unless we have expressly agreed with you that we will not disclose this data to certain third parties, unless we are legally obliged to do so). Notwithstanding this, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe even after disclosure. For disclosure to other countries, the conditions/provisions mentioned in the following paragraph apply. If you do not want certain data to be passed on, please inform us via the contact channels already mentioned so that we can check whether and to what extent we can accommodate you (Section 2).
In the majority of cases, the disclosure of even secret data is necessary in order to be able to process contracts or provide other services. Confidentiality agreements also do not generally exclude such data disclosures, nor does disclosure to service providers. Depending on the sensitivity of the data and other circumstances, however, we take care to ensure that these third parties handle the data appropriately. We cannot comply with your objection to the disclosure of data where the data disclosures in question are necessary for our activities.
We also allow certain third parties to collect personal data about you on our website and at our events (e.g. media photographers, providers of tools that we have integrated into our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. For concerns and to assert your data protection rights, please contact these third parties directly.
As explained, we also disclose data to other bodies. These are not only located in Switzerland. Your data can therefore be processed both in Europe and possibly in your country of residence; in exceptional cases, theoretically in any country in the world. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection - if no exception/justification should exist - (for this purpose we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? or for Switzerland https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html), insofar as it is not already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if a contract execution requires such disclosure, if you have consented or if it concerns data made generally accessible by you to whose processing you have not objected.
Many states outside Switzerland or the EU and the EEA currently do not have laws that ensure an adequate level of data protection from the perspective of the FADP or the GDPR. The contractual precautions mentioned can partially compensate for this weaker or missing legal protection. However, contractual precautions cannot eliminate all risks (in particular of state access abroad). You should be aware of these residual risks, even if the risk in individual cases may be low and we take further measures (e.g. pseudonymization or anonymization) to minimize it.
Please also note that data exchanged over the Internet is often routed through third countries. Your data can therefore reach foreign countries even if the sender and recipient are located in the same country.
- The personal data transmitted/made available by you may be passed on by us to companies of the MyTresor Group and/or to companies associated with the MyTresor Group, insofar as this is necessary for the conclusion and processing of contractual relationships, e.g. for the provision of the order/sales offer you have placed and/or the requested service and for billing and accounting purposes. For these purposes, necessary data may be passed on, for example - but not conclusively - to logistics/transport companies, credit institutions and other service providers. These external service providers are obliged to treat the information confidentially and may only process the personal data that may be passed on in accordance with the agreements that may be required by law/existing with us and within the purposes provided for in this privacy policy.
- Business Transfers and M&A As part of our legitimate interest in business development, we may buy, sell, or transfer parts of our business or assets. In such transactions, user data may be included as an asset transferred to the acquiring or merging entity, subject to appropriate confidentiality and data protection safeguards. If a third party acquires all or substantially all of our business, personal data held by us may be transferred to that acquirer.
- Beyond the aforementioned case constellations, personal data will only be passed on if you have expressly consented, or
- insofar as we are obliged to disclose your personal data on the basis of legal provisions or legal proceedings or due to court decisions (e.g. anti-money laundering law, supervisory authorities/authorities, offices, judicial orders at home and abroad, etc.), or are entitled to do so or this appears necessary to protect our interests, this for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship, or the disclosure is necessary in the case of attacks on our internet infrastructure for legal or criminal prosecution
- Within the framework of compliance with data protection regulations, a transfer of personal data abroad may possibly be made to companies of the MyTresor Group or companies associated with the MyTresor Group/external service providers, insofar as this is necessary or expedient for the data processing described in this privacy policy. Your interests worthy of protection are taken into account in accordance with the legal provisions. Certain countries have stricter data protection regulations than Switzerland. Should the legislation of a country not guarantee the level of adequate protection of data, contractual agreements will ensure that the recipient complies with the required level of data protection. Please also compare the section on the data protection provisions of the EU General Data Protection Regulation (EU GDPR, see below).
We reserve the right to make these data disclosures even if they should concern secret data in exceptional cases (unless we have expressly agreed with you that we will not disclose this data to certain third parties, unless we are legally obliged to do so). Notwithstanding this, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe even after disclosure. For disclosure to other countries, the conditions/provisions mentioned in the following paragraph apply. If you do not want certain data to be passed on, please inform us via the contact channels already mentioned so that we can check whether and to what extent we can accommodate you (Section 2).
In the majority of cases, the disclosure of even secret data is necessary in order to be able to process contracts or provide other services. Confidentiality agreements also do not generally exclude such data disclosures, nor does disclosure to service providers. Depending on the sensitivity of the data and other circumstances, however, we take care to ensure that these third parties handle the data appropriately. We cannot comply with your objection to the disclosure of data where the data disclosures in question are necessary for our activities.
We also allow certain third parties to collect personal data about you on our website and at our events (e.g. media photographers, providers of tools that we have integrated into our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. For concerns and to assert your data protection rights, please contact these third parties directly.
As explained, we also disclose data to other bodies. These are not only located in Switzerland. Your data can therefore be processed both in Europe and possibly in your country of residence; in exceptional cases, theoretically in any country in the world. If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection - if no exception/justification should exist - (for this purpose we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj? or for Switzerland https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html), insofar as it is not already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if a contract execution requires such disclosure, if you have consented or if it concerns data made generally accessible by you to whose processing you have not objected.
Many states outside Switzerland or the EU and the EEA currently do not have laws that ensure an adequate level of data protection from the perspective of the FADP or the GDPR. The contractual precautions mentioned can partially compensate for this weaker or missing legal protection. However, contractual precautions cannot eliminate all risks (in particular of state access abroad). You should be aware of these residual risks, even if the risk in individual cases may be low and we take further measures (e.g. pseudonymization or anonymization) to minimize it.
Please also note that data exchanged over the Internet is often routed through third countries. Your data can therefore reach foreign countries even if the sender and recipient are located in the same country.
Storage of personal data
In order to maximize the availability of our website through multiple availability zones, we have chosen to work with the Amazon Web Service Cloud infrastructure (AWS) in the Europe Region. For legal and security purposes, we replicate and save all your personal data on a secure server in Switzerland. This ensures both high availability and compliance with Swiss data protection regulations.
For more information about AWS, please consult: Amazon Web Service aws.amazon.com
For more information about AWS, please consult: Amazon Web Service aws.amazon.com
F. Data protection rights: Right to information, correction, blocking or deletion, etc. of data
The data protection law applicable to you/your case constellation grants you the possibility to assert your respective data protection rights to (1) information, (2) correction, (3) blocking or (4) deletion of data, (5) the release of certain personal data in a common electronic format or its transfer to another controller (6) to revoke a consent, insofar as our processing is based on your consent, (7) in the case of automated individual decisions (if any), to present your point of view and to demand that the decision be reviewed by a natural person, generally free of charge vis-à-vis us.
Specifically, this means that you can request information from us at any time about whether and which personal data about you is processed by us. You can also have your personal data corrected, blocked or (under certain circumstances) deleted at any time by notification and corresponding proof of your identity (if the requirements are met). So that we can exclude misuse, we reserve the right to identify you (e.g. with a copy of your ID, if this is not possible otherwise). Send us a message to privacy@mytresor.com or write to us at the following address:
MyTresor AG Data Protection Dammstrasse 16 6300 Zug, Switzerland
Please note that conditions, exceptions or restrictions apply to these rights under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary. For example, contractual and legal retention/documentation obligations regarding data are reserved (cf. e.g. bookkeeping and retention regulations in particular Art. 957 and 961-963 OR, Business Records Ordinance, tax law, Anti-Money Laundering Act, Product Liability Law, etc.). Long-term contractual relationships must be taken into account in particular (storage, safe deposit box rental, etc.). In particular, we may have to continue to process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. Insofar as legally permissible, in particular to protect the rights and freedoms of other data subjects as well as to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that affects third parties or our business secrets). This means that even after your request to delete your personal data, we may have to retain some of it within the framework of our legal or contractual retention/documentation obligations.
Please also note that in the event of deletion of your data, use of our services may no longer be possible or may no longer be possible to the full extent. We retain your personal information in accordance with applicable data protection laws and as long as it is necessary in terms of time.
Apart from the aforementioned data protection rights, as a registered customer you naturally always have the possibility to view and, if necessary, change your personal data on our website via "MyTresor Account" with your login data. In addition, as a registered customer, you should regularly check your contact information and preferences in the "MyTresor Account" section on your own responsibility to see if they are still correct, complete and up to date.
Specifically, this means that you can request information from us at any time about whether and which personal data about you is processed by us. You can also have your personal data corrected, blocked or (under certain circumstances) deleted at any time by notification and corresponding proof of your identity (if the requirements are met). So that we can exclude misuse, we reserve the right to identify you (e.g. with a copy of your ID, if this is not possible otherwise). Send us a message to privacy@mytresor.com or write to us at the following address:
MyTresor AG Data Protection Dammstrasse 16 6300 Zug, Switzerland
Please note that conditions, exceptions or restrictions apply to these rights under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary. For example, contractual and legal retention/documentation obligations regarding data are reserved (cf. e.g. bookkeeping and retention regulations in particular Art. 957 and 961-963 OR, Business Records Ordinance, tax law, Anti-Money Laundering Act, Product Liability Law, etc.). Long-term contractual relationships must be taken into account in particular (storage, safe deposit box rental, etc.). In particular, we may have to continue to process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. Insofar as legally permissible, in particular to protect the rights and freedoms of other data subjects as well as to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that affects third parties or our business secrets). This means that even after your request to delete your personal data, we may have to retain some of it within the framework of our legal or contractual retention/documentation obligations.
Please also note that in the event of deletion of your data, use of our services may no longer be possible or may no longer be possible to the full extent. We retain your personal information in accordance with applicable data protection laws and as long as it is necessary in terms of time.
Apart from the aforementioned data protection rights, as a registered customer you naturally always have the possibility to view and, if necessary, change your personal data on our website via "MyTresor Account" with your login data. In addition, as a registered customer, you should regularly check your contact information and preferences in the "MyTresor Account" section on your own responsibility to see if they are still correct, complete and up to date.
G. Data security/integrity: How do we protect personal data, what general risks exist?
We take appropriate security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unintended disclosure or unauthorized access. However, we can only secure areas that we control. We use suitable technical and organizational measures ("TOM") to adequately protect your personal data against unauthorized or accidental destruction or accidental loss, technical errors, forgery, theft or unlawful use, unauthorized alteration, copying, access or other unauthorized processing and thus ensure the confidentiality, availability, completeness and correctness as well as up-to-dateness of your personal data for the intended purposes of use. As security or protection measures, we use both physical and electronic and process-specific security precautions (e.g. use of firewalls to prevent external interference, personal passwords as well as encryption and authentication technologies, etc.). Within the framework of encryption via the industry standard SSL ("Secure Sockets Layer"), for example, third-party users should be prevented from spying on, reading out or manipulating your personal data during transmission in the online trading platform. SSL-protected areas can be recognized by a lock symbol in your browser. Secure connections can usually be recognized by your address, which begins with "https://". By clicking on the lock symbol, you will also receive further information about the security certificate. Technical security measures to protect your personal data are regularly reviewed and, if necessary, adapted to the state of the art. Furthermore, access to personal data is limited to those employees, contractors and third parties whose access is necessary with regard to ensuring the processing purpose or providing products and services. We also oblige our processors to take appropriate technical and organizational security measures. However, security risks generally cannot be completely ruled out; residual risks are unavoidable. Please bear in mind that data transmission via an open network such as the Internet or an email service generally does not represent a secure environment and can generally be associated with security gaps - i.e. data is visible to everyone. Consequently, it cannot be ruled out that unauthorized third parties may, under certain circumstances, gain access to information (messages, documents, etc.) that you send to us or our website via the Internet and this information may thus be disclosed or altered in its content. Comprehensive protection of your data/information from access by third parties is therefore not possible. Especially when communicating via unencrypted email, complete data security cannot be guaranteed by us. Although individual data packets may be transmitted in encrypted form, not the names of the sender and recipient. Third parties could therefore draw conclusions about existing or future business relationships. If you therefore send confidential data to MyTresor, this is at your own risk.
For your personal protection, please make sure to inform yourself about necessary security precautions and take appropriate precautions and/or send us data via other channels that you consider more secure instead of via the Internet. We would also be happy to tell you whether and which specific means we may be able to offer you for transmitting confidential data. Against the background presented, we cannot in any case assume any responsibility and/or liability for your data while it is being transferred via the Internet, e.g. to the MyTresor website. In this context, we ask for your support: Contribute to the protection of your personal data on the Internet through appropriate precautionary measures. For example, by regularly changing your password for access to our customer account ("MyTresor Account") after your registration. Finally, it is strongly recommended that you always treat your payment and access information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with other people. Also make sure to always use a secure and up-to-date web browser.
For your personal protection, please make sure to inform yourself about necessary security precautions and take appropriate precautions and/or send us data via other channels that you consider more secure instead of via the Internet. We would also be happy to tell you whether and which specific means we may be able to offer you for transmitting confidential data. Against the background presented, we cannot in any case assume any responsibility and/or liability for your data while it is being transferred via the Internet, e.g. to the MyTresor website. In this context, we ask for your support: Contribute to the protection of your personal data on the Internet through appropriate precautionary measures. For example, by regularly changing your password for access to our customer account ("MyTresor Account") after your registration. Finally, it is strongly recommended that you always treat your payment and access information confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with other people. Also make sure to always use a secure and up-to-date web browser.
H. Contact option via the website
Our website contains information that enables quick electronic contact and direct communication with us. If contact is made by email or via a contact form, the personal contact data transmitted by you on a voluntary basis is automatically stored for the purpose of processing the request and in case of follow-up questions.
I. Cookies and other technologies
MyTresor strives to continuously improve the website. From this aspect, we use so-called "cookies" and other technologies on our website (see following sections below) to better analyze which areas of our website are particularly popular, how our visitors navigate the website and how long they stay on individual web pages. In addition, we use cookies and other technologies to ensure that our online marketing is effective and actually draws customers' attention to our products and services. In short, cookies are used to:
Cookie Banner and Consent Management
We may display a cookie banner (or similar consent tool) upon your first visit. You can revisit or modify your cookie settings at any time by clicking on the “Cookie Preferences” link or button on our Website. Please note that disabling certain cookies may affect the functionality or availability of some Website features.
Cookies are small text files (temporary/permanent) that your browser automatically creates and that are stored on your end device (desktop, laptop, tablet, smartphone, etc.) when you visit our site. They are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when connecting to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each further access, your system transmits these codes to our server or the server of the third party. This is how you are recognized, even if your identity is unknown. Cookies do not cause any damage to your end device according to the information provided by their creators. Information is stored in the cookie that results in each case in connection with the specifically used end device. However, this does not mean that we thereby gain direct knowledge of your identity. In addition, we pass on information about your use of our website to our partners - if such exist and this function is used - for social media, advertising and analyses. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services. You give consent to our cookies if you continue to use our website.
These records are not associated with your person. Certain information is automatically collected and stored in log files. This information includes Internet Protocol addresses (IP addresses), browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. In some of our email messages and newsletters, we use a so-called "click-through URL" that is linked to content on the MyTresor web pages. When you click on such a URL address, you reach our web server and from there to the actually clicked target web page. If you want to avoid such data collection, please do not click on text or graphic links in our emails and newsletters.
Most browsers accept cookies automatically. You can program your browser to block certain cookies or alternative techniques, deceive them or delete existing cookies. You can also extend your browser with software that blocks tracking by certain third parties. You can find more information on the help pages of your browser or on the websites of the third parties we list below. In the menu bar of your web browser, you will generally find a function (e.g. privacy settings or "privacy") that prevents your browser from accepting new cookies or makes your browser inform you when you receive a new cookie, or also how you can switch off all received cookies. However, cookies allow you to use some of our essential functions. If you reject all cookies, for example, you may not be able to use the functions of our website to their full extent. For example, no purchase can be processed if cookies are not accepted. Apart from this, we recommend that you always log off completely after finishing using a computer that you share with others and that is set to accept cookies.
The cookies used are listed in the cookie pop-up (cookie consent banner) when visiting the MyTresor website mytresor.com.
- analyze traffic on our web pages,
- continuously improve the design and functionality and thus user-friendliness,
- investigate the efficiency of communication with our customers and
- offer you convenient navigation through our MyTresor website/trading worlds.
Cookie Banner and Consent Management
We may display a cookie banner (or similar consent tool) upon your first visit. You can revisit or modify your cookie settings at any time by clicking on the “Cookie Preferences” link or button on our Website. Please note that disabling certain cookies may affect the functionality or availability of some Website features.
Cookies are small text files (temporary/permanent) that your browser automatically creates and that are stored on your end device (desktop, laptop, tablet, smartphone, etc.) when you visit our site. They are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when connecting to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each further access, your system transmits these codes to our server or the server of the third party. This is how you are recognized, even if your identity is unknown. Cookies do not cause any damage to your end device according to the information provided by their creators. Information is stored in the cookie that results in each case in connection with the specifically used end device. However, this does not mean that we thereby gain direct knowledge of your identity. In addition, we pass on information about your use of our website to our partners - if such exist and this function is used - for social media, advertising and analyses. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services. You give consent to our cookies if you continue to use our website.
These records are not associated with your person. Certain information is automatically collected and stored in log files. This information includes Internet Protocol addresses (IP addresses), browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. In some of our email messages and newsletters, we use a so-called "click-through URL" that is linked to content on the MyTresor web pages. When you click on such a URL address, you reach our web server and from there to the actually clicked target web page. If you want to avoid such data collection, please do not click on text or graphic links in our emails and newsletters.
Most browsers accept cookies automatically. You can program your browser to block certain cookies or alternative techniques, deceive them or delete existing cookies. You can also extend your browser with software that blocks tracking by certain third parties. You can find more information on the help pages of your browser or on the websites of the third parties we list below. In the menu bar of your web browser, you will generally find a function (e.g. privacy settings or "privacy") that prevents your browser from accepting new cookies or makes your browser inform you when you receive a new cookie, or also how you can switch off all received cookies. However, cookies allow you to use some of our essential functions. If you reject all cookies, for example, you may not be able to use the functions of our website to their full extent. For example, no purchase can be processed if cookies are not accepted. Apart from this, we recommend that you always log off completely after finishing using a computer that you share with others and that is set to accept cookies.
The cookies used are listed in the cookie pop-up (cookie consent banner) when visiting the MyTresor website mytresor.com.
J. Tracking and analysis/statistics tools
The use of our digital offerings is also measured and evaluated using various technical systems, either independently or from third-party providers (tracking and analysis/statistics tools, cookies). These measurements can be both anonymous and personal. It is possible that the collected data may be passed on by us or the third-party providers of such technical systems to third parties for processing.
K. Social Media Plug-ins
We may also integrate other third-party offerings on our website, especially from social media providers. Our website is then - depending on use - connected with various systems and offers/functions of third parties, i.e. social networks (social media plug-ins). The plug-ins are marked with the corresponding logos. These offers are standardly deactivated. As soon as you activate them (e.g. by clicking a switch), the corresponding providers can determine that you are on our website. These social media providers process this data on their own responsibility. These services collect information and may use so-called "cookies", i.e. text files that are stored on your computer and enable an analysis of your use of our website. The information generated about your use (including your IP address) is transferred to servers of such providers in Germany or abroad, stored there and processed and may possibly be assigned to your account with these providers.
NOTE: We point out that if you have a user account with these third parties, it may also be possible for these third parties to measure and evaluate your use of our digital offerings. This may result in the processing of personal data. We have no control over the use of such personal data collected by third parties and assume no responsibility or liability.
We therefore expressly point out that the services used by MyTresor, such as Twitter, Facebook, Xing, Google+ and YouTube, etc., store the data of their users (e.g. personal information, IP address) in accordance with their data usage guidelines and use it for business purposes. We have no influence on the data collection and its further use by the social networks. Thus, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on.
You acknowledge and accept that there may not be adequate legal data protection abroad. By using this website, you agree to the processing of the data collected about you in the manner described above and for the purpose named above.
The following social network plugins are currently in use:
YouTube
Our website uses plugins from the YouTube site operated by Google. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
With each call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical procedure, YouTube and Google gain knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject visits when a subpage containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the time of calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desired by the data subject, he or she can prevent the transmission by logging out of his or her YouTube account before calling up our website.
YouTube's privacy policy, available at https://www.google.com/intl/en/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.
NOTE: We point out that if you have a user account with these third parties, it may also be possible for these third parties to measure and evaluate your use of our digital offerings. This may result in the processing of personal data. We have no control over the use of such personal data collected by third parties and assume no responsibility or liability.
We therefore expressly point out that the services used by MyTresor, such as Twitter, Facebook, Xing, Google+ and YouTube, etc., store the data of their users (e.g. personal information, IP address) in accordance with their data usage guidelines and use it for business purposes. We have no influence on the data collection and its further use by the social networks. Thus, there is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on.
You acknowledge and accept that there may not be adequate legal data protection abroad. By using this website, you agree to the processing of the data collected about you in the manner described above and for the purpose named above.
The following social network plugins are currently in use:
YouTube
Our website uses plugins from the YouTube site operated by Google. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
With each call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical procedure, YouTube and Google gain knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject visits when a subpage containing a YouTube video is called up. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the time of calling up our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not desired by the data subject, he or she can prevent the transmission by logging out of his or her YouTube account before calling up our website.
YouTube's privacy policy, available at https://www.google.com/intl/en/policies/privacy/, provides information about the collection, processing and use of personal data by YouTube and Google.
L. Comment function in blogs
We offer users on a blog that is or may be located on our website (e.g. "Newsroom") the opportunity to leave individual comments on individual blog posts. A blog is a portal maintained on a website, usually publicly viewable, in which one or more persons, called "bloggers" or "web-bloggers", can write articles ("post") or put down thoughts in so-called blog posts. The blog posts can usually be commented on by third parties.
If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time of comment entry and the username (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned to the data subject by the Internet Service Provider (ISP) is also logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties or posts illegal content through a submitted comment. The storage of this personal data is therefore in the controller's own interest, so that the controller could exculpate itself if necessary in the event of a legal violation. This collected personal data will not be passed on to third parties, unless such passing on is required by law or serves the legal defense of the controller.
If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time of comment entry and the username (pseudonym) chosen by the data subject will be stored and published. Furthermore, the IP address assigned to the data subject by the Internet Service Provider (ISP) is also logged. This storage of the IP address is done for security reasons and in case the data subject violates the rights of third parties or posts illegal content through a submitted comment. The storage of this personal data is therefore in the controller's own interest, so that the controller could exculpate itself if necessary in the event of a legal violation. This collected personal data will not be passed on to third parties, unless such passing on is required by law or serves the legal defense of the controller.
M. Subscription to comments in the blog on the website
The comments made in the blog can generally be subscribed to by third parties. In particular, there is the possibility that a commentator subscribes to the comments following his comment on a particular blog post. If a data subject decides to subscribe to the option of comments, the controller sends an automatic confirmation email to check in the double opt-in procedure whether the owner of the specified email address has really decided on this option. The option to subscribe to comments can be terminated at any time.
N. Protection of minors
Persons under 18 years of age should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not knowingly collect such data and do not pass it on to third parties.
O. Links to websites of other providers
For your even more comprehensive information, you may find links on our websites that refer to websites of third parties/other providers. These websites are not operated or monitored by us. If links are not obviously recognizable, we inform you that it is an external link. We have no influence on the content and design of the websites of other providers and are not responsible for their principles in dealing with personal data. We have no influence on whether these providers comply with the data protection regulations, therefore the content of this privacy policy does not apply to these external providers.
P. SSL encryption
The website can or our web shop uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Q. Responsible data protection authority
Federal Data Protection and Information Commissioner (FDPIC)
Post: Feldeggweg 1, CH - 3003 Bern Phone: +41 (0)58 462 43 95 Fax: +41 (0)58 465 99 96 Homepage: https://www.edoeb.admin.ch/edoeb/en/home.html
Contact: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
Post: Feldeggweg 1, CH - 3003 Bern Phone: +41 (0)58 462 43 95 Fax: +41 (0)58 465 99 96 Homepage: https://www.edoeb.admin.ch/edoeb/en/home.html
Contact: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
R. Data protection notices
In addition to these website- and trading house-specific data protection notices, the DATA PROTECTION NOTICES according to the EU General Data Protection Regulation, EU-GDPR as well as the Swiss Data Protection Act (hereinafter: "FADP") or the Swiss Data Protection Ordinance ("DPO") also apply, insofar as applicable to you.
S. Currentness and changes to the privacy policy
This privacy policy is not part of a contract with you. We may adjust this privacy policy at any time. Due to the further development of our website and our offers, the implementation of new technologies or due to changed legal or official requirements, it may become necessary to change this privacy policy. The version published on this website is the current version, it can be retrieved and printed out by you at any time at https://mytresor.com/privacy/. The original privacy policy is in English. Versions translated into other languages, if any, are for better understanding only. In case of disputes, the English text takes precedence.\
Questions about data protection?
If you have questions about our data protection, data collection, processing and/or use of your personal data, want to request information or request the correction, blocking and/or deletion of your data, please contact us. Send us a message to privacy@mytresor.com or write to us at the following address:
MyTresor AG Data Protection Dammstrasse 16 6300 Zug, Switzerland
Status: April 2025 © MyTresor 2024 - 2025. All rights reserved
MyTresor AG Data Protection Dammstrasse 16 6300 Zug, Switzerland
Status: April 2025 © MyTresor 2024 - 2025. All rights reserved