Legal

Privacy Policy

Last updated: April 2026

Privacy Policy

Last updated: April 2026

1. Who is responsible for your data

Visconti Alliance Management (hereinafter “VAM”, “we”, “our”, “us”) is the data controller within the meaning of the Swiss Federal Act on Data Protection (nFADP/revDSG) and the EU General Data Protection Regulation (GDPR) where applicable.

Contact for data protection matters: Visconti Alliance Management Isabella Visconti, Founder and Principal 4051 Basel, Switzerland Email: privacy_office@viscontialliancemanagement.com

Data Protection Officer status

As a sole practice with limited data processing activities, VAM is not legally required to appoint a Data Protection Officer under nFADP art. 10 or GDPR art. 37. Isabella Visconti, in her capacity as Principal, is the point of contact for all privacy-related matters and requests.

2. Scope of this policy

This policy applies to the website viscontialliancemanagement.com (the “Website”). It explains what personal data we collect, why we collect it, how we use it, with whom we share it, and the rights you have in relation to your data.

3. Personal data we collect

We process the following categories of personal data:

  • Data you provide voluntarily: name, email address, telephone number, company name, and message content when you contact us or book a call
  • Booking data: when you schedule a call via our booking tool, we receive your name, email, timezone, selected time slot, and any notes you add
  • Technical data automatically collected: IP address, browser type and version, device type, referring URL, pages visited, time of visit
  • Cookie data: see section 7 below

We do not knowingly collect sensitive personal data (health, political opinions, religious beliefs, biometric data, genetic data). If you provide such data to us voluntarily in a message, we will handle it with heightened care.

4. Purposes and legal basis for processing

We process your data for the following purposes:

  • Responding to your inquiries and managing client engagements: legal basis is contractual necessity (art. 31 para. 2 lit. a nFADP / art. 6(1)(b) GDPR)
  • Scheduling and conducting business calls: legal basis is contractual necessity or our legitimate interest in operating the practice (art. 31 para. 2 lit. a nFADP / art. 6(1)(f) GDPR)
  • Website operation, security, and fraud prevention: legal basis is our legitimate interest in maintaining a secure and functioning website (art. 6(1)(f) GDPR)
  • Legal compliance: retention and disclosure where required by Swiss law, including Code of Obligations art. 958f (10 years for accounting records), or foreign laws applicable to us (art. 6(1)(c) GDPR)

5. Automated decision-making and profiling

VAM does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on data subjects (within the meaning of nFADP art. 21 and GDPR art. 22).

6. Data recipients and third parties

We share data only with the following categories of recipients and only when necessary:

  • Hosting provider: Infomaniak Network SA, Geneva, Switzerland. Your data is stored on servers located in Switzerland.
  • Booking tool: Cal.eu (operated by Cal.com). When you book a call, the following data is transmitted: name, email address, timezone, booking date and time, and any optional message. A Data Processing Agreement governs this relationship. Cal.com’s privacy policy applies at cal.com/privacy.
  • Email provider: emails sent to info@viscontialliancemanagement.com and privacy_office@viscontialliancemanagement.com are processed through our hosting provider Infomaniak in Switzerland.
  • LinkedIn: if you click the “Follow on LinkedIn” button in our footer, LinkedIn Ireland Unlimited Company (for EU/Swiss residents) or LinkedIn Corporation (for other residents) processes your interaction. LinkedIn’s privacy policy applies at linkedin.com/legal/privacy-policy.
  • Legal and professional advisors: where necessary for the exercise or defence of legal claims.

We do not sell your personal data to third parties.

7. International data transfers

Your data is primarily stored in Switzerland, which is recognised by the European Commission as providing an adequate level of data protection for EU personal data.

Where data is transferred outside Switzerland or the EU/EEA (for example to LinkedIn servers in the United States when you interact with the Follow button), the transfer is based on:

  • adequacy decisions issued by the Swiss Federal Council (a list is available at edoeb.admin.ch) or by the European Commission
  • EU Standard Contractual Clauses
  • other safeguards required by nFADP and GDPR

8. Cookies and similar technologies

This website uses cookies to ensure technical functionality, to remember your cookie consent preferences, and where you have given consent, to support additional features. Detailed information on each cookie used, its purpose, duration, and provider is available in our Cookie Policy.

You can manage your cookie preferences at any time via the cookie banner or the “Cookie settings” link in the footer.

9. How long we retain your data

We retain your personal data only as long as necessary. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you
  • Legal obligations under Swiss law (for example, art. 958f Code of Obligations requires 10-year retention of accounting and commercial records)
  • Statute of limitations and the need to defend legal claims

Specifically:

  • Contact and inquiry data: up to 3 years after last contact, unless a client engagement continues
  • Client engagement data: for the duration of the engagement and 10 years thereafter
  • Cookie data: as specified for each cookie in our Cookie Policy
  • Website server logs: typically 90 days, unless retained longer for security investigation

10. Record of Processing Activities

Although VAM as a sole practice is exempt from maintaining a formal Record of Processing Activities under the thresholds set in nFADP, we maintain an internal register of processing activities for governance purposes. This register is available to supervisory authorities upon request.

11. Your rights

Under Swiss and EU data protection law, you have the following rights:

  • Right of access: request confirmation of whether we process your data and a copy of that data
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data where legally permissible
  • Right to restriction: request that we restrict processing of your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing based on our legitimate interests
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy_office@viscontialliancemanagement.com. We respond within 30 days.

12. Appeal process for refused requests

If we refuse to act on your request (for example, because retention is legally required, or because your request would prejudice the rights of another person), we will inform you of the reason for the refusal within 30 days.

You have the right to appeal the refusal by writing to privacy_office@viscontialliancemanagement.com within a reasonable period after receiving our notice, and we will reconsider the decision.

You also retain the right to lodge a complaint with the competent supervisory authority as described in section 13.

13. Right to lodge a complaint

If you believe our processing of your data violates applicable law, you have the right to lodge a complaint with:

  • For Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland. edoeb.admin.ch
  • For the EU: the data protection authority in your country of residence
  • For the UK: Information Commissioner’s Office (ICO). ico.org.uk

Other jurisdictions

Visitors from other countries, including the United States, the Asia-Pacific region, and the Middle East, may have rights under their local data protection laws. For the fastest response, we recommend contacting us directly at privacy_office@viscontialliancemanagement.com. You may also contact your local data protection authority where one exists.

14. Data breach notification

Under Swiss nFADP art. 24 and GDPR art. 33, VAM will notify:

  • the competent supervisory authority (FDPIC for Switzerland, or the relevant EU data protection authority) without undue delay, in case of a personal data breach likely to result in high risk to the rights and freedoms of data subjects
  • affected data subjects directly, where the breach is likely to result in high risk to their rights and freedoms

VAM maintains an internal breach response procedure to detect, contain, assess, and report personal data breaches.

15. Data security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, and disclosure. These include encrypted connections (HTTPS/TLS), access controls, regular security updates, backup procedures, and limited access on a need-to-know basis.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

16. Minors

This website is not directed at minors. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it.

17. Language and governing version

This policy is published in English. If translations into other languages (German, French, Italian) are made available in the future, the English version will prevail in case of conflict, consistent with the governing language of VAM’s place of establishment and professional practice.

18. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL. The “Last updated” date at the top reflects the date of the most recent revision. Material changes will be communicated through a notice on the website.

19. Contact

For any question about this policy or about how we handle your personal data:

Visconti Alliance Management Isabella Visconti 4051 Basel, Switzerland Email: privacy_office@viscontialliancemanagement.com

Privacy Policy

Last updated: April 2026

1. Who is responsible for your data

Visconti Alliance Management (hereinafter “VAM”, “we”, “our”, “us”) is the data controller within the meaning of the Swiss Federal Act on Data Protection (nFADP/revDSG) and the EU General Data Protection Regulation (GDPR) where applicable.

Contact for data protection matters: Visconti Alliance Management Isabella Visconti, Founder and Principal 4051 Basel, Switzerland Email: privacy_office@viscontialliancemanagement.com

2. Scope of this policy

This policy applies to the website viscontialliancemanagement.com (the “Website”). It explains what personal data we collect, why we collect it, how we use it, with whom we share it, and the rights you have in relation to your data.

3. Personal data we collect

We process the following categories of personal data:

  • Data you provide voluntarily: name, email address, telephone number, company name, and message content when you contact us or book a call
  • Booking data: when you schedule a call via our booking tool, we receive your name, email, selected time slot, and any notes you add
  • Technical data automatically collected: IP address, browser type and version, device type, referring URL, pages visited, time of visit
  • Cookie data: see section 7 below

We do not knowingly collect sensitive personal data (health, political opinions, religious beliefs, biometric data). If you provide such data to us voluntarily in a message, we will handle it with heightened care.

4. Purposes and legal basis for processing

We process your data for the following purposes:

  • Responding to your inquiries and managing client engagements: legal basis is contractual necessity (art. 31 para. 2 lit. a nFADP / art. 6(1)(b) GDPR)
  • Scheduling and conducting business calls: legal basis is contractual necessity or our legitimate interest in operating the practice (art. 31 para. 2 lit. a nFADP / art. 6(1)(f) GDPR)
  • Website operation, security, and fraud prevention: legal basis is our legitimate interest in maintaining a secure and functioning website (art. 6(1)(f) GDPR)
  • Legal compliance: retention and disclosure where required by Swiss law or foreign laws applicable to us (art. 6(1)(c) GDPR)

5. Data recipients and third parties

We share data only with the following categories of recipients and only when necessary:

  • Hosting provider: Infomaniak Network SA, Geneva, Switzerland. Your data is stored on servers located in Switzerland.
  • Booking tool: Cal.eu (operated by Cal.com), used to schedule calls. When you book, your name, email and booking details are transmitted to Cal.eu. Their privacy policy applies at cal.com/privacy.
  • Email provider: emails sent to privacy_office@viscontialliancemanagement.com are processed through our hosting provider Infomaniak.
  • LinkedIn: if you click the “Follow on LinkedIn” button in our footer, LinkedIn Ireland Unlimited Company (for EU/Swiss residents) processes your interaction. LinkedIn’s privacy policy applies at linkedin.com/legal/privacy-policy.
  • Legal and professional advisors: where necessary for the exercise or defence of legal claims.

We do not sell your personal data to third parties.

6. International data transfers

Your data is primarily stored in Switzerland, which is recognised by the European Commission as providing an adequate level of data protection.

Where data is transferred outside Switzerland or the EU/EEA (for example to LinkedIn servers in the United States when you interact with the Follow button), the transfer is based on adequacy decisions, EU Standard Contractual Clauses, or other safeguards required by nFADP and GDPR.

7. Cookies and similar technologies

This website uses cookies to ensure technical functionality, to remember your cookie consent preferences, and where you have given consent, to support additional features. Detailed information on each cookie used, its purpose, duration, and provider is available in our Cookie Policy.

You can manage your cookie preferences at any time via the cookie banner or the “Cookie settings” link in the footer.

8. How long we retain your data

We retain your personal data only as long as necessary:

  • Contact and inquiry data: up to 3 years after last contact, unless a client engagement continues
  • Client engagement data: for the duration of the engagement and 10 years thereafter, in line with Swiss accounting and professional retention obligations (art. 958f CO)
  • Cookie data: as specified for each cookie in our Cookie Policy
  • Website server logs: typically 90 days, unless retained longer for security investigation

9. Your rights

Under Swiss and EU data protection law, you have the following rights:

  • Right of access: request confirmation of whether we process your data and a copy of that data
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data where legally permissible
  • Right to restriction: request that we restrict processing of your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing based on our legitimate interests
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy_office@viscontialliancemanagement.com. We respond within 30 days.

10. Right to lodge a complaint

If you believe our processing of your data violates applicable law, you have the right to lodge a complaint with:

  • For Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland. edoeb.admin.ch
  • For the EU: the data protection authority in your country of residence
  • For the UK: Information Commissioner’s Office (ICO). ico.org.uk

11. Data security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, and disclosure. These include encrypted connections (HTTPS/TLS), access controls, regular security updates, and backup procedures.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

12. Minors

This website is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL. The “Last updated” date at the top reflects the date of the most recent revision. Material changes will be communicated through a notice on the website.

14. Contact

For any question about this policy or about how we handle your personal data:

Visconti Alliance Management Isabella Visconti 4051 Basel, Switzerland Email: privacy_office@viscontialliancemanagement.com

Questions about this page?

Reach out directly and we will reply within two working days.

Contact VAM