Privacy Policy
With this Privacy Policy, we, Plutus Holding AG, describe how we collect and process personal data. This Data Protection Statement is not necessarily a comprehensive description of our data processing activities. Other data protection statements (e.g., General Terms and Conditions, Conditions of Participation, or similar documents) may apply to specific circumstances.
In this Privacy Policy, the term “personal data” refers to any information that identifies, or could reasonably be used to identify, any natural person.
If you provide us with personal data of other individuals (e.g., family members, business partners, or representatives), please ensure that those individuals are aware of this Data Protection Statement. Only share their data with us if you are authorized to do so and ensure that the personal data provided is accurate.
This Privacy Policy complies with the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Data Protection Act (“DPA”). The applicability of these laws depends on each individual case.
1. Data Controller
The “controller” of data processing as described in this Privacy Policy is:
Plutus Holding AG
Suurstoffi 37,
6343 Rotkreuz, Switzerland
info@plutus-holding.ch
www.plutus-holding.ch
If you have any questions regarding how your personal data is processed, or any other data protection concerns, you can contact us using the details above.
2. Purpose of Data Processing and Legal Bases
We primarily use collected data to enter into and fulfil contracts with our clients and business partners, particularly in relation to providing wealth management, crypto brokerage, tokenization, and related services. We also process personal data to comply with domestic and foreign legal obligations, including financial market regulations.
Additionally, where permitted by law and where appropriate, we may process personal data for the following purposes, which are in our (or third parties’) legitimate interests [EU Requirement]:
Providing, developing, and improving our products, services, websites, platforms, and applications.
Communicating with third parties and handling their requests (e.g., job applications, media inquiries).
Advertising and marketing (including event invitations), provided you have not objected to the use of your data for this purpose. You may opt out at any time.
Asserting legal claims and defending against legal disputes and proceedings.
Preventing and investigating fraud, criminal offenses, and other misconduct.
Ensuring the smooth operation and security of our IT systems, websites, and other infrastructure.
Business management activities such as mergers, acquisitions, or other corporate transactions involving the transfer of personal data.
Where you have provided consent for specific processing purposes (e.g., newsletter registration), we process your data based on that consent, unless we have another legal basis. You can withdraw your consent at any time, but this will not affect data processing carried out before your withdrawal.
3. Collection and Processing of Personal Data
We primarily process personal data that we obtain directly from our clients, business partners, or other individuals as part of our business relationships. We may also collect data when you use our websites, apps, or other platforms.
Where permitted, we may obtain certain data from publicly accessible sources (e.g., commercial registers, internet, media) or receive such information from other Plutus Group entities, authorities, or third parties (e.g., custodian banks). In addition to data you provide directly, we may collect categories such as: information from public registers, data from administrative or court proceedings, details about your professional role and activities, information from your interactions with third parties, powers of attorney, legal compliance data (e.g., AML/KYC), bank details, and information about your interests and website usage.
In principle, we retain this data for 12 months after the processing purpose ends, unless a longer retention is required for legal, contractual, or evidentiary reasons.
4. Cookies, Tracking & Website Usage
Technical Data
When you visit our website, we collect and analyze technical data (e.g., IP address, device details, browser type, access times, referring URLs). This helps us ensure security, stability, optimize performance, and generate internal statistics.
If you subscribe to our newsletters, submit a contact form, or log in to a client area, we process the relevant data (e.g., name, address, email, subject matter, messages) to deliver the requested service.
Cookies & Tracking Technologies
We use cookies and similar technologies to personalize your experience, analyze website traffic, and enhance our content. You can adjust your browser settings to block or delete cookies. Note that disabling cookies may limit some functionalities.
We may use tools such as Google Analytics. These services help us understand how our website is used. Where possible, we configure such tools to limit personal data processing (e.g., IP anonymization).
You can learn more in our detailed Cookie Policy.
Social Media Plug-ins
We may use plug-ins for platforms like LinkedIn or X (formerly Twitter). These remain inactive by default; you choose to activate them. The operators of these platforms may collect data when you do. Their privacy policies apply.
5. Data Transfers
In line with the purposes described, we may share personal data with third parties, such as:
Our group entities and trusted service providers.
Domestic and foreign regulators, supervisory authorities, or courts.
Parties involved in legal proceedings.
Some recipients may be located abroad. If they are in countries without adequate data protection laws, we require them to commit to equivalent safeguards (e.g., standard contractual clauses) unless a legal exception applies (e.g., consent, public interest).
6. Data Retention
We store your personal data as long as necessary to fulfil our contractual and legal obligations or for the purposes described. This includes the duration of our business relationship and statutory retention periods. Operational data (e.g., logs) may be kept for shorter periods (e.g., 30 days).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. These include secure IT infrastructure, access controls, encryption, and regular reviews.
Please note that data transmission via the internet may carry certain security risks. Emails, in particular, may not be fully secure.
8. Your Rights
In accordance with applicable law, you have the right to:
- Access, correct, or erase your personal data.
- Restrict or object to our processing.
- Withdraw consent where processing is based on consent.
- Data portability, where applicable.
Please note that exercising your rights may impact your use of our services. Proof of identity may be required.
To exercise your rights, please contact us using the details provided above.
You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.
9. Profiling and Automated Decision-Making
We may use profiling in limited contexts (e.g., to tailor our communications and services). We do not carry out fully automated decision-making that produces legal effects, unless legally required and with prior notice.
10. Updates
We may amend this Privacy Policy from time to time without prior notice. The current version published on our website applies. If the Privacy Policy forms part of an agreement with you, we will inform you of updates via appropriate channels.
Last updated: 28.06.2025