Legal

Privacy Policy

Version 1.0 · Effective 12 June 2026

1. Who is responsible for your data

Swiss Quantum Finance AG ("SQF", "we", "us"), Rue Robert-Céard 6, 1204 Geneva, Switzerland (commercial register no. CHE-380.703.618) is the controller of the personal data described in this Policy.

Privacy contact: privacy@swissquantumfinance.com

2. Whose data we process, and what we collect

Website visitors

  • Contact and enquiry data — name, business email, company, message content, when you submit the contact form or request a consultation;
  • Technical data — IP address, browser/user-agent, pages visited, approximate region, collected for security, rate limiting and abuse prevention;
  • Cookie and consent data — see section 9 (Cookies).

Applicants and client representatives (directors, beneficial owners, authorised signatories)

When a company applies for an account, we collect personal data about the natural persons connected to it:

  • Identity data — full legal name, date and place of birth, nationality, identity document type and number, role and ownership percentage;
  • Contact data — business email, phone, residential address;
  • Compliance data — politically-exposed-person (PEP) status, tax residency and tax identification numbers, source-of-funds and source-of-wealth declarations, sanctions and regulatory-history disclosures, screening results, signed consents and electronic-signature records;
  • Activity data — expected and actual transaction volumes, currencies, counterparty countries, payment purposes;
  • Portal technical data — IP address, user-agent, login timestamps and an append-only audit trail of actions taken in the client portal.

Where the data comes from

Directly from you (forms, document uploads, portal messages); from the company you represent; from public sources and third parties (commercial registers, sanctions and PEP screening databases, adverse-media sources); and automatically when you use the website or portal.

You are obliged to provide the data we request during onboarding: without it, Swiss anti-money-laundering law does not allow us to open or maintain the relationship.

If you give us data about other people

When you provide us with personal data about other individuals — for example your company's directors, beneficial owners, authorised signatories, employees or payment beneficiaries — you confirm that you are entitled to do so and that you have informed those individuals about this Privacy Policy.

3. Why we process personal data, and on what basis

Under Swiss law (FADP), we process personal data in line with the principles of lawfulness, proportionality and purpose limitation. Where the GDPR applies to a specific relationship, the legal bases are indicated below.

  • Client onboarding, identity verification, KYC/KYB, screening, risk assessment, ongoing due diligence and transaction monitoring — legal obligation (Swiss Anti-Money Laundering Act and SRO regulations);
  • Providing the services, operating the client portal, client communication — performance of a contract;
  • Regulatory reporting (including suspicious-activity reporting and tax-transparency regimes such as FATCA/CRS where applicable) — legal obligation;
  • Security of the website and portal, fraud prevention, audit logging — legitimate interest in the integrity and security of our services;
  • Responding to enquiries submitted via the website — steps prior to entering a contract / legitimate interest;
  • Service notifications and operational emails — performance of a contract;
  • Marketing communications — consent (opt-in); you can withdraw at any time;
  • Non-essential cookies and similar technologies — consent (see section 9).

4. Who receives personal data

We share personal data only as needed, with:

  • Regulated infrastructure partners — the banking, payment, e-money and digital asset infrastructure providers through which accounts, payments, FX and digital asset services are provided, so that they can perform those services and meet their own regulatory obligations;
  • Compliance technology and screening providers — identity-verification, sanctions/PEP/adverse-media screening, transaction-monitoring and blockchain analytics providers, for the limited purpose of running the checks described in this Policy and on our Compliance page;
  • IT and hosting providers — cloud hosting, database, storage and email delivery providers that process data on our documented instructions under data processing agreements;
  • Regulators and authorities — including our self-regulatory organisation, the Money Laundering Reporting Office (MROS) and other competent authorities, where required by law or a lawful request;
  • Professional advisers — lawyers, accountants and auditors bound by confidentiality.

We do not sell personal data.

Clients receive the identity of the specific payment-services partner(s) relevant to their account in their contractual documentation during onboarding.

5. International transfers

SQF is based in Switzerland; our infrastructure and partners process data in Switzerland, the European Economic Area (in particular Ireland and the Netherlands — hosting, database and payment infrastructure), the United Kingdom, Canada and the United States (certain IT and email service providers).

Where data is transferred to a country whose law does not provide an adequate level of data protection as determined by the Swiss Federal Data Protection and Information Commissioner (FDPIC) (or, where the GDPR applies, the European Commission), we put in place recognised safeguards — in particular the EU Standard Contractual Clauses with Swiss addenda, or transfer to recipients certified under the Swiss–U.S. Data Privacy Framework. You may contact us for more information on the safeguards used.

6. How long we keep data

  • Client due diligence, transaction and audit-trail records10 years after the end of the business relationship or the transaction, as required by the Swiss Anti-Money Laundering Act. This retention duty overrides deletion requests for the records concerned;
  • Contact-form enquiries that do not lead to a client relationship — deleted after 12 months;
  • Cookie/consent records — for the lifetime of the consent plus the period needed to evidence it;
  • Other data — only as long as needed for the purposes above or as required by law.

7. Your rights

Subject to applicable law, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion where the data is no longer required (note the retention duty in section 6);
  • object to processing based on legitimate interests, and to direct marketing at any time;
  • request restriction of processing and, where the GDPR applies, data portability;
  • withdraw consent at any time, without affecting processing before withdrawal;
  • lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, or — where the GDPR applies — with your local EU/EEA supervisory authority.

To exercise your rights, contact privacy@swissquantumfinance.com. We may need to verify your identity before acting on a request.

8. How we protect data

We apply technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit and at rest, row-level access controls, multi-factor authentication for staff, short-lived signed links for document access, append-only audit logging of staff access to client documents, and regular security reviews. Access to compliance files is restricted to authorised personnel with a legitimate business need.

9. Cookies and similar technologies

The website uses cookies in four categories, managed through the consent banner and the "Cookie preferences" link in the footer:

  • Necessary — required for the site to function (e.g. consent storage, security, load balancing). Always on;
  • Functional — remember choices such as language and enable embedded content (e.g. the office map loads only with functional consent);
  • Analytics — would help us understand how the site is used. Not currently used: no analytics tools are presently active on this website;
  • Marketingnot currently used: no marketing or advertising tags are presently active on this website.

If we introduce analytics or marketing tools in the future, they will only run with your consent and this Policy will be updated first.

Non-essential cookies are set only with your consent, which you can change or withdraw at any time via Cookie preferences. The client portal itself uses only strictly necessary session cookies and does not load marketing or analytics tags.

10. Automated decision-making

Compliance screening and risk scoring are technology-assisted, but no decision to refuse, restrict or terminate a relationship is taken solely by automated means — every such decision is reviewed by SQF's compliance staff.

11. Changes to this Policy

We may update this Policy from time to time. The version published on this page is the current version; material changes will be flagged by updating the effective date and, for clients, notified through the portal. The version of the Privacy Notice a client accepted during onboarding is recorded in the client's audit trail.

GOVERNANCE · REGULATORY POSTURE

Swiss Quantum Finance AG operates as a financial intermediary affiliated with SO-FIT, a self-regulatory organisation recognised under the Swiss Anti-Money Laundering Act (AMLA). Where client assets are held, they are kept with qualified third-party custodians and reconciled daily.