Privacy Policy
Global Strategic Advisory Group AG (“GSAG”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, why, and with whom we share it, in accordance with the Swiss Federal Act on Data Protection (nDSG, in force since 1 September 2023).
1. Controller
Global Strategic Advisory Group AG
- Bahnhofstrasse 22, Paradeplatz, 8001, Switzerland
- Contact us
- www.advisory-group.one
2. Personal Data We Collect
Depending on your relationship with us, we collect and process the following categories of data: identity and contact data (name, date of birth, nationality, address, ID documents); financial and investment data (assets, income, investment objectives, risk profile, tax status); transaction and portfolio data (orders, custody account details, valuations, performance); compliance and due diligence data (KYC/AML documentation, beneficial ownership, PEP status, sanction screening); and communication data (correspondence by email, letter, and telephone).
If you visit our website, we also collect certain technical data (IP address, browser type, pages visited) via cookies. Please refer to our Cookie Policy for details.
3. Purposes and Legal Bases
We process your data for the following purposes and on the following legal bases:
Contract performance: to enter into and perform portfolio management and investment advisory agreements, including suitability assessments, transaction execution and reporting.
Legal obligations: to comply with FinSA, FinIA, AMLA, nDSG and applicable tax regulations, including KYC/AML checks, sanction screening and reporting to FINMA, AOOS and the Money Laundering Reporting Office Switzerland (MROS) where required.
Legitimate interests: to manage our operations, maintain IT security and business continuity, conduct risk management and compliance monitoring and defend or pursue legal claims, where our interests are not overridden by your privacy rights.
Consent: where required by law or where we have sought your agreement, for example in connection with non-essential cookies.
4. Recipients of Personal Data
We share your data only to the extent necessary with the following categories of recipients:
Custodian banks: to establish and maintain your custody relationship and execute transactions on your behalf.
Outsourced service providers: including SwissComply AG (Compliance, Risk Management, AML), Care4IT AG (IT infrastructure and data hosting) and accounting and audit providers. All providers are bound by confidentiality obligations and process data only on our instructions. Client data is hosted in Switzerland via a Microsoft 365 environment on an ISO/IEC 27001:2022 certified infrastructure.
Regulatory and supervisory authorities: including FINMA, AOOS – Schweizerische Aktiengesellschaft für Aufsicht (Clausiusstrasse 50, 8006 Zurich), MROS and tax authorities. Our regulatory audit is conducted by Grant Thornton AG, Claridenstrasse 35, CH-8027 Zurich, which may access client data within the scope of its statutory audit mandate.
Legal and professional advisers: where necessary to obtain advice or to establish, exercise or defend legal claims.
Other financial intermediaries: brokers, counterparties, or correspondent banks involved in transaction processing or cross-border financial services.
We do not sell or transfer your personal data to third parties for their own marketing purposes.
5. International Data Transfers
GSAG primarily processes client data within Switzerland. Where data is transferred to countries without an equivalent level of data protection, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Federal Data Protection and Information Commissioner (FDPIC).
6. Retention
We retain your data for as long as necessary to fulfil the purposes for which it was collected and to meet our legal obligations. Client identification, KYC/AML documentation and transaction records are retained for a minimum of 10 years after termination of the business relationship, in accordance with the Anti-Money Laundering Act and the Code of Obligations. Data is securely deleted or anonymised after the applicable retention period.
7. Your Rights
Under the Swiss nDSG, you have the right to access, rectify, erase, restrict or port your personal data, and to object to processing based on our legitimate interests. Where processing is based on your consent, you may withdraw it at any time. To exercise any of these rights, contact us via the Contact Us form. We will respond within 30 days.
If you believe our processing violates applicable law, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at (www.edoeb.admin.ch).
8. Data Security
GSAG implements appropriate technical and organisational measures to protect your data, including encrypted data transmission, multi-factor authentication, password-protected systems, a clean-desk policy and regular security monitoring. Our IT infrastructure is managed by Care4IT AG and hosted in Switzerland through an ISO/IEC 27001:2022 certified provider. In the event of a significant security incident, we will notify the relevant authorities and affected individuals in accordance with applicable law.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The current version is always available on our website. We will notify you of material changes where required by law.