PRIVACY POLICY
Privacy Policy of Prism Consultancy Co. (CY) Ltd.
1. Introduction
In this privacy policy we, Prism Consultancy Company (CH) AG, Löwenstrasse 20, 8001 Zürich (hereinafter we or us), explain how we collect and further process personal data. We provide visa services in connection with the Swiss residency permit to you.
The aim of this information is
- comprehensive information about the processing of your personal data by us;
- the explanation of your rights in connection with the processing of your personal data; and
- providing the contact details of the entity responsible for processing your personal data and the data protection officer of Prism Consultancy Company (CH) AG.
Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA), the European General Data Protection Regulation (GDPR) and, where applicable, other provisions of data protection law.
So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.
2. What personal data do we process and for what purpose?
Depending on your activity, we process the following personal data:
2.1 Visit the website
When you visit our websites, our servers temporarily save each access in a log file. The following data is collected without your intervention and stored by us until automatic deletion (at the latest after 12 months):
- the IP address of the requesting computer (shortened);
- the date and time of access;
- the name and URL of the retrieved file;
- the page and address of the website from which you were redirected to our websites and, if applicable, the search term used;
- the country from which our website is accessed;
- the operating system of your computer and the browser you use (provider, version, and language);
- the transmission protocol used (e.g. HTTP/1.1).
The collection and processing of this data is carried out for the purpose of enabling the use of our websites (connection establishment), to ensure system security and stability on a permanent basis, to enable the optimisation of our internet offer as well as for internal statistical purposes.
Only in the event of an attack on the network infrastructure or suspicion of other unauthorised or abusive website use will the IP address be evaluated for the purpose of clarification and defence and, if necessary, used as part of criminal proceedings to identify and take civil or criminal action against the users concerned.
The legal basis is our legitimate interest within the meaning of Art. 6 prar. 1 lit. f DSGVO in providing a stable and functional website.
2.2 Inquiry Form
You can contact us through a contact form on our website. In doing this, we collect the following personal data of you:
- Name
- E-Mail-Address
- Phone Number
- Inquiry Message
We will use this data to contact you and to answer your inquiry.
The processing activity is based on your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time.
2.3 Newsletter Form
If you subscribe to our newsletter, we will collect the following data:
- E-Mail-Address
The receiving of our newsletter is based on consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can unsubscribe at any moment.
2.4 When opening a customer relationship
When opening a customer relationship, we collect the following data from you:
- Name, first name*
- Address*
- Date of birth*
- Phone number*
- Gender*
- Passport/electricity bill/other proof of address*.
- Curriculum vitae and client profile
- World Check by Reuters
- Source of wealth and cumulative wealth data
- Reference letters
- Risk assessment*
- KYC form/register of beneficial owners/passport/proof of address*.
- Criminal record in case you provide such
This data processing is necessary in order for us to provide visa services to you.
Certain data are mandatory (marked with *). If you do not provide us with the mandatory information, it is not possible to use our services.
Furthermore, this data is used to maintain the business relationship with you, to provide our services, and to invoice you.
The legal basis is the necessity for the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
2.5 When opening a client account with a third party
When opening a client account (e.g. with a custodian bank or broker), we process the following personal data:
- Name, first name*
- Address*
- Date of birth*
- Phone number*
- Gender*
- Passport/electricity bill/other proof of address*.
Certain information is mandatory (marked with *). If you do not provide us with the mandatory information, it will not be possible to open a bank account.
We are legally obliged to carry out further clarifications when entering into and maintaining client relationships. In particular, we are subject to an extensive duty of identification with regard to new and existing clients and are also subject to Swiss money laundering legislation.
The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
2.6 Money Laundering Act
The following data is collected as part of audits for compliance with the Money Laundering Act:
- Name, first name*
- Address*
- Date of birth*
- Phone number*
- Gender*
- Passport/electricity bill/other proof of address*.
- Risk assessment*
- KYC form/register of beneficial owners/passport/proof of address*.
- Register of Directors/KYC Form/Passport/Proof of Address*.
- Name and contact information of the managing director or authorised representative *
- Name of directors and officers*
- Criminal record extract
- All transactional data of the entity used by the client
- Contracts and agreements
- –> plus same data as mentioned above
The purpose of this data processing lies in the legal obligation to comply with the provisions of the Money Laundering Act. It is therefore necessary for the fulfilment of the legal obligations.
Certain data is mandatory (marked with *). If you do not provide us with the mandatory information, we will not be able to complete the verification of compliance with the Anti-Money Laundering Act.
The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 (1) (b) GDPR as well as legal obligation within the meaning of Art. 6 (1) (C) GDPR.
3. From which sources do we collect your personal data?
In principle, we collect personal data directly from you (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.).
Unless this is inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the media or the internet incl. social media) or receive data from other companies within our group, from authorities and from other third parties (such as data collections on criminal activities (such as World Check).
The categories of personal data that we receive about you from third parties include, in particular, information from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, creditworthiness information, information about you that people close to you provide to us so that we can conclude or process contracts with you or involving you (e.g. information for compliance with legal requirements such as for combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet (where this is appropriate in the specific case).e.g. information to comply with legal requirements such as those relating to combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet.
4. Location of data processing
Your personal data is stored in Switzerland.
5. Is the personal data passed on to third parties?
We share your personal data with the following categories of recipients:
- Group companies of Prism Consultancy Co. (CY) Ltd.
- Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g. IT providers, accountants, registered agents, auditors, bank address checkers).
Central services provider is our group company Arvis in the Philippines.
We disclose to these service providers the data required for their services, which may also concern you. These service providers may also use such data for their own purposes, e.g. information about outstanding debts and your payment history in the case of credit agencies or anonymised data to improve services. We also enter into contracts with these service providers that include provisions to protect your personal data. Our service providers may also process data about how their services are used and other data arising from the use of their services as independent data controllers for their own legitimate interests (e.g. for statistical analysis or billing purposes). Service providers inform about their independent data processing in their own data protection statements.
- Banks: Whenever we open accounts for yourself or entities which we set up and manage for you, bank compliance data is shared with the bank. Usually they require the same data about yourself as we require.
- Authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities then process this data on their own responsibility.
All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
6. Third-Party Plugins
Third-party content may be used within our website (so-called plugins). We use the LinkedIn, Facebook YouTube, Twitter, WhatsApp and Google Maps.
If you are on our website, a connection may be established with the respective social network. This allows the content of the buttons to be transmitted to your browser, which then integrates it into the website. This means that the respective provider always receives the information that you have accessed our website. It is not relevant whether you are a member of a social network or not logged into one. Furthermore, regardless of whether you actually act with the embedded content, information is automatically collected by the social network. The following data may be transmitted in this context: IP address, browser information and operating systems, screen resolution, installed browser plugins (e.g. Adobe Flash Player), origin of visitors (if you have followed a link) and the URL of the current page.
If you are logged into one of the social networks while using our website, the information about your visit to the website may be linked to your membership data and stored. If you are a member of a social network and do not wish this data transfer, you must log out of the social network before visiting our website.
We have no influence on the scope of the data collected by the social networks. Please refer to the data protection declarations of the respective social network for the type, scope and purpose of the data processing, information on the further processing of the data as well as your rights in this regard and setting options for protecting your privacy. You also have the option of blocking social media plugins by means of add-ons in your browser and thus preventing data transmission.
LinkedIn: Our website uses functions of the LinkedIn network. The provider is LinkedIn Inc (USA). Each time one of our pages containing LinkedIn functions is called up, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the “Recommend Button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Facebook: Plugins of the social network Facebook, provider Meta Platforms Inc. (USA) are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. This allows Facebook to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its processing by Facebook. For more information, please refer to Facebook’s privacy policy at http://de-de.facebook.com/policy.php
If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account. Our website uses functions of Instagram. The provider is Meta Platforms, Inc. (USA). Each time one of our pages containing Instagram functions is called up, a connection to Instagram servers is established. Instagram is informed that you have visited our web pages with your IP address. If you click the “Recommend Button” of Instagram and are logged into your account at Instagram, it is possible for Instagram to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
You can find more information on this in Instagram’s privacy policy at: https://help.instagram.com/155833707900388
YouTube: Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube LLC (USA). When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
For more information on the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.
Twitter. Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc. (USA). By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please refer to Twitter’s privacy policy at https://twitter.com/privacy.
You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settings.
WhatsApp. We use the sharing button of the messenger service WhatsApp from the provider Meta Platforms Inc (USA). The sharing buttons allow you to share a post or website using WhatsApp. The WhatsApp sharing button is merely a link to the provider WhatsApp. Therefore, no data flows to WhatsApp just by calling up our website.
If you actively use the WhatsApp button, a direct connection between your browser and the WhatsApp server is established via the plugin. WhatsApp thereby receives the information that you have visited our website with your IP address. If you click the WhatsApp button while logged into your WhatsApp account, you can share the content of our website via your WhatsApp profile. This allows WhatsApp to associate the visit to our website with your Whatsapp profile. We would like to point out that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by WhatsApp. If you do not want WhatsApp to be able to associate your visit to our website with your WhatsApp profile, please log out of your WhatsApp account beforehand.
For more information, please refer to the WhatsApp privacy policy at: http://www.whatsapp.com/legal/privacy-policy
Google Maps. In order to display interactive maps directly on the website and to enable the convenient use of the map function, we integrate Google Maps from the service provider Google LLC (USA) on our website. In order to use these services, the IP address of the user is transmitted to Google. The IP address is required for the display of this content, but is only used to deliver the content. Your location data will not be collected by Google without your consent (usually within the scope of your device settings).
You can access Google’s privacy policy below: https://policies.google.com/privacy
7. Transmission of personal data abroad
The personal data is processed in our group companies in Switzerland, the EU/EEA, the Philippines, the UK, the United Arab Emirates, Cyprus, Hong Kong and Singapore. Moreover, in the course of our services, personal data can be transferred to the registered agents, auditors, banks and agent companies in the EU/EAA, British Virgin Islands, Panama, Gibraltar, United Arab Emirates, Hong Kong, Philippines, Hong Kong, West Indies, Marshall Islands and – in specific cases where you wish a relation to another country – other countries.
If a recipient is located in a country without adequate legal data protection according to the EU commission or to the Swiss Federal Council, we contractually oblige the recipient to comply with the applicable data protection (in particular, we use the revised standard contractual clauses of the European Commission (SCC), which are available here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?] ) or we ensure other appropriate safeguards according to Art. 16 FADP and Art. 45 GDPR, insofar as they are not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
We have concluded SCC with all our Group companies in the Philippines, the United Arab Emirates, Hong Kong and Singapore, since these countries do not have an adequate level of data protection. Moreover, we have concluded SCC with registered agents, auditors and agent companies who regularly get data from us in the following countries without having adequate data protection: Philippines and Marshall Islands.
Occasionally, your personal data can be transferred to registered agents, auditors and agent companies in countries without adequate level of data protection: British Virgin Islands, Panama, United Arab Emirates, Hong Kong, Philippines, Isle of Man and West Indies. This transfer is necessary for the performance of the contract and the rendering of services to you.
Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.
8. Your Rights
You can object to data processing at any time. You also have the following rights:
Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.
Right to restrict processing: Under certain circumstances, you have the right to have us restrict the processing of your personal data.
Right to object: You have the right to object to data processing, in particular to the processing of personal data.
Right to data transfer: In certain circumstances, you have the right to receive, free of charge, the personal data you have provided to us in a machine-readable format.
Right of withdrawal: In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past do not become unlawful as a result of your revocation.
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.
9. Retention period of personal data
We retain personal data for as long as it is needed for the purpose for which it was collected, or for a period of time that we are obliged to retain it under applicable laws, regulations or contractual agreements, as well as for as long as we have an overriding interest in retaining it. After that, the data will be deleted.
Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. Likewise, certain data must be retained for up to 10 years after termination of the business relationship in accordance with money laundering legislation.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.
10. Contact
If you have any questions about data protection, would like information, would like to object to data processing, or would like to have your data deleted, please contact us by sending an e-mail to [email protected]
Please send your request by letter to the following address:
Prism Consultancy Co. (CY) Ltd.
Orfeos 2b & Makariou III Avenue 1st floor, office 102 1070, Nicosia, Cyprus
The representative of the responsible person in the EU is:
EDG Consulting Cyprus Limited
Orfeos 2B & Makariou III Avenue, 1st Floor, Office 102,
CY-1070 Nicosia
Cyprus
11. Adaptation
This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on https://prismvisas.cy is the current version.
Last updated: [10-01-2023 ]