Privacy policy.

Geneva Wealth Partners (hereinafter "we") places the highest importance on the confidentiality and protection of your personal data. This policy describes how we collect, use and protect your information when you use our website and our services, in accordance with the Swiss Federal Act on Data Protection (FADP, in force since 1 September 2023) and, where applicable, the European General Data Protection Regulation (GDPR).

Geneva Wealth Partners — Geneva, Switzerland. info@genevawealthpartners.ch. For any question relating to your personal data, please contact us at this address with the subject "Personal data".

We collect only the data strictly necessary for our services:

• Contact data you provide voluntarily: first name, last name, email, phone, message, nature of the request.
• Wealth qualification data you choose to share via our virtual assistant or client questionnaire (tax residence, profile, nature of the need).
• Booking data: chosen slot, attendees, content of the preparatory conversation with the virtual assistant where applicable.
• Technical data for security, abuse prevention and aggregated statistics: IP address, browser type, pages visited, dates and times.
• Client portal data (private area): credentials, exchanged documents, mandates, tasks, messages with your advisor. This data is accessible only to you and authorised Geneva Wealth Partners advisors.
• Wealth and tax data shared during an engagement: composition of your assets (real estate, financial, professional), assets and liabilities, banking information, wealth and tax objectives, tax residence and tax rate.

• Respond to your enquiries, contact you back, organise your meetings.
• Manage the contractual relationship if you become a client (mandates, documents, exchanges).
• Comply with our Swiss legal obligations, in particular the Anti-Money Laundering Act (AMLA) and KYC obligations (identity verification, source of funds).
• Secure the site, prevent fraud, detect abuse and manage risks.
• Measure traffic in an aggregated and anonymised way to improve the site (only with your consent).

Depending on the context, processing relies on the performance of a contract or pre-contractual measures (your information or booking request), our legitimate interest in securing the site and conducting our business, compliance with legal obligations (AMLA, accounting), or your explicit consent (audience-measurement cookies, marketing communications).

To run the site and our services, we use technical sub-processors selected for the quality of their data-protection commitments. Each is bound by a sub-processing agreement strictly framing the processing and access to data.

• Application hosting (EU region) — runs the site and APIs.
• Database (EU / United Kingdom region) — stores accounts, mandates, documents and messages.
• Conversational AI model — powers our virtual assistant. Conversations are sent to generate the reply but are not used for training in our integration.
• Transactional email delivery — booking confirmations, client portal notifications.
• Professional calendar (Switzerland) — receives and organises bookings.
• Audience measurement — only if you consent via the cookie banner, with anonymised IP and no advertising data.

The detailed and named list of sub-processors, together with the corresponding contractual safeguards, is available upon request at info@genevawealthpartners.ch.

Beyond the technical sub-processors listed above, your personal data is strictly confidential and shared only with:

• Authorised members of Geneva Wealth Partners.
• Professional partners required to carry out our engagements — chartered accountants, fiduciaries, notaries, lawyers, banking institutions — bound by confidentiality obligations.
• Administrative or judicial authorities where required by law (in particular FINMA and tax authorities).

No data is sold or transferred to third parties for commercial purposes.

We distinguish two categories of cookies:

• Strictly necessary: session cookies (authentication for the client portal and CRM, security, preferences). They are active without prior consent as they are essential to the site.
• Audience measurement: Google Analytics 4 in "Consent Mode v2" with anonymised IP. Activated only after your consent. No advertising data, no marketing sharing.

You can change your preferences at any time via the cookie management banner or by clearing the data stored by your browser for the genevawealthpartners.ch domain.

• Prospect data: up to 3 years after the last contact.
• Client data: for the duration of the contractual relationship, then archived in line with Swiss legal obligations (10 years for accounting and KYC documents).
• Conversations with the virtual assistant: 6 months if no booking is made, up to 3 years if a booking has been made.
• Technical logs: 30 days on average, for security purposes.

In accordance with the FADP and GDPR, you have the following rights:

• Access to the personal data we hold about you.
• Rectification of inaccurate or incomplete data.
• Erasure ("right to be forgotten") where provided by law, subject to our legal retention obligations.
• Restriction of and objection to processing.
• Portability of your data in a structured format.
• Withdrawal of your consent at any time for processing based on it.

To exercise these rights, please write to info@genevawealthpartners.ch. We respond within 30 days. In case of disagreement, you may file a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or with the supervisory authority of your country of residence in the EU.

Some sub-processors may be established outside Switzerland or the European Union, notably in the United States. Such transfers are framed by the European Commission’s standard contractual clauses and, where applicable, by recognised adequacy mechanisms (for instance the US Data Privacy Framework). You may request a copy of these safeguards at the address indicated above.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration or disclosure:

• Strictly restricted access on a need-to-know basis.
• Servers located in Switzerland and the European Union.
• End-to-end HTTPS encryption and strict security headers (HSTS, CSP, X-Frame-Options).
• Password hashing (bcrypt) and secure session cookies (HttpOnly, SameSite).
• Two-factor authentication on sensitive accounts.
• Encrypted daily backups and access logging for sensitive documents.
• Continuous confidentiality training for our staff.

This policy may be updated to reflect changes to our services or applicable regulations. The date of last update appears at the top of this page. In case of significant change, we will notify you via the site or by email.

• Terms of use
• Legal notice