Privacy Policy
Last updated: December 2024
1. Scope & Principles
We handle personal data strictly in line with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the EU General Data Protection Regulation (GDPR). Processing follows the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality.
2. Controller
Controller for this website and related processing: LegaFund AG, Basteiplatz 5, 8001 Zurich, Switzerland. Contact: privacy@lega-fund.com. You may also reach our Data Protection Officer via this address.
LegaFund AG
Basteiplatz 5
8001 Zürich
Switzerland
3. Data Categories, Sources, Purposes & Legal Bases
We collect data directly from you, from your interactions with our site, from service providers, and from publicly available sources, to provide, secure, and improve our services.
Server & Security Logs
Technical metadata (e.g., IP address, timestamp, referrer, user agent, request details) are processed to ensure availability, integrity, and forensic security. Legal bases: legitimate interest (Art. 6(1)(f) GDPR) and legal obligations.
Cookies, Consent & Analytics
Essential cookies are required for operation and security. Analytics/marketing cookies run only with your prior consent and can be withdrawn at any time via browser settings or consent tools. Legal bases: consent for non-essential cookies; legitimate interest for strictly necessary cookies.
4. Processors, Transfers, Retention
We use vetted processors for hosting, security, analytics, and communications. Data may be stored in Switzerland or the EU/EEA; transfers to other countries occur only with appropriate safeguards (e.g., SCCs) and risk assessments. Retention follows statutory periods and purpose limitation; data are deleted or anonymised when no longer needed.
5. Sharing & Confidentiality
Data may be shared with advisors, auditors, IT and security providers, and, where required, courts or authorities. We do not sell personal data. Access is strictly need-to-know, and recipients are bound by confidentiality and data protection obligations.