This Data Processing Agreement (“Agreement”) is entered into by and between:
Data Controller:
INVEST55 HOLDING SA
41 Rue du 31-Décembre
1207 Geneva, Switzerland
Commercial Register No.: CH-660.2.793.012-7
Individually referred to as a “Party” and collectively as the “Parties”.
1. Purpose of the Agreement
This Agreement governs the processing of personal data by the Processor on behalf of the Controller in connection with the provision of services, including but not limited to:
- financial advisory services support
- investor relations management
- IT, CRM, and communication services
- data storage and processing activities
2. Scope and Nature of Processing
The Processor shall process personal data only:
- on documented instructions from the Controller
- for the purposes described in this Agreement
- in compliance with applicable data protection laws
Processing activities may include:
- collection
- storage
- organization
- use
- transmission
- deletion
3. Types of Personal Data
The Processor may process the following categories of data:
- Identification data (name, surname)
- Contact details (email, phone number, address)
- Financial/investor-related information
- Technical data (IP address, device data, cookies)
- Communication records
4. Categories of Data Subjects
Data subjects may include:
- clients and prospective clients
- investors (retail or professional)
- business partners
- website users
- authorized representatives
5. Obligations of the Processor
The Processor agrees to:
- process personal data only under written instructions
- ensure confidentiality of all personnel involved
- implement appropriate technical and organizational security measures
- assist the Controller in fulfilling GDPR obligations
- notify the Controller without undue delay in case of data breaches
- not engage sub-processors without prior written authorization
6. Sub-processing
The Processor shall not subcontract processing activities without prior written consent from the Controller.
Where approved, the Processor must impose equivalent data protection obligations on any sub-processor.
7. Security Measures
The Processor shall implement appropriate security measures, including:
- encryption of data in transit and at rest
- access control mechanisms
- secure authentication systems
- regular security testing
- backup and disaster recovery procedures
8. International Data Transfers
Any transfer of personal data outside the European Economic Area (EEA) or Switzerland shall only occur if:
- adequate safeguards are in place (e.g., Standard Contractual Clauses)
- the Controller has given prior authorization
- applicable data protection laws are respected
9. Data Breach Notification
The Processor shall notify the Controller without undue delay, and in any case within 48 hours, after becoming aware of a personal data breach.
The notification shall include:
- nature of the breach
- categories of data affected
- likely consequences
- measures taken or proposed
10. Assistance to the Controller
The Processor shall assist the Controller in:
- responding to data subject requests (access, rectification, deletion, etc.)
- conducting data protection impact assessments (DPIAs)
- ensuring compliance with GDPR obligations
11. Data Retention and Deletion
Upon termination of services, the Processor shall:
- delete all personal data unless legally required to retain it
- or return data to the Controller upon request
12. Audit Rights
The Controller may conduct audits or request information to verify compliance with this Agreement.
13. Liability
Each Party shall be liable for damages resulting from breach of GDPR obligations or this Agreement, in accordance with applicable law.
14. Duration
This Agreement remains in force for the duration of the service relationship between the Parties.
15. Governing Law
This Agreement shall be governed by the laws of: Switzerland
16. Final Provisions
- Amendments must be made in writing
- If any provision is invalid, the remaining provisions remain in force
- This Agreement supplements any main service agreement between the Parties
