Privacy Policy

Northlake Partners GmbH is committed to protecting your privacy and handling your personal data responsibly and transparently. This privacy policy explains how we collect, use, store and protect your personal data when you interact with our website, use our services or communicate with us.

This privacy policy is designed to comply with the Swiss Federal Act on Data Protection (nDSG/revDSG), which came into force on 1 September 2023, and the European Union General Data Protection Regulation (EU GDPR, Regulation 2016/679), insofar as it applies to our processing of personal data of individuals in the European Economic Area (EEA).

1. Data Controller

The controller responsible for the processing of your personal data is:

As a FINMA-regulated insurance broker and financial advisor, Northlake Partners GmbH is subject to strict regulatory requirements regarding the handling of client data and confidentiality obligations.

2. Types of Personal Data Collected

We may collect and process the following categories of personal data, depending on the nature of your interaction with us:

2.1 Data Provided Directly by You

• Identity data: First name, last name, title, date of birth, nationality
• Contact data: Email address, telephone number, postal address
• Financial data: Information about your insurance policies, investment portfolios, assets and financial situation (provided in the context of our advisory services)
• Communication data: Content of messages you send to us via the contact form, email, telephone or other communication channels
• Identification documents: Copies of identity documents, where required for regulatory compliance (e.g. anti-money laundering obligations)

2.2 Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages visited, date and time of visits, time spent on pages, referral source, clickstream data
• Cookie data: Information collected through cookies and similar tracking technologies (see Section 10 for details)

2.3 Data from Third Parties

• Information received from insurers, banks and financial institutions in the context of our brokerage and advisory services
• Publicly available information from official registers and databases

3. Purpose of Data Processing

We process your personal data for the following purposes:

3.1 Service Provision

• Provision of insurance brokerage, financial advisory, wealth planning and real estate advisory services
• Management of your client relationship and maintenance of your client file
• Comparison of offers from insurers and banks on your behalf
• Preparation, negotiation and administration of insurance policies and investment accounts
• Claims processing and handling of ongoing service requests

3.2 Contact Form and Communication

• Responding to enquiries submitted via the contact form on our website
• Management of email, telephone and written correspondence
• Scheduling of appointments and follow-up communication

3.3 Website Analysis and Improvement

• Analysis of website traffic and user behaviour to improve our website and services
• Ensuring the technical functionality and security of our website
• Generation of aggregated, anonymised statistical reports

3.4 Legal and Regulatory Compliance

• Fulfilment of obligations under FINMA regulations, anti-money laundering legislation and other applicable laws
• Maintenance of records in accordance with Swiss financial services legislation
• Cooperation with supervisory authorities and auditors, where required by law

4. Legal Basis for Processing

We process your personal data on the basis of one or more of the following legal grounds:

4.1 Under the Swiss Data Protection Act (nDSG)

Under Swiss law, the processing of personal data is generally permissible provided that the personality rights of the data subject are not unlawfully violated. We process your data in accordance with the principles of good faith, proportionality and purpose limitation pursuant to the nDSG.

4.2 Under the EU GDPR (where applicable)

• Consent (Art. 6(1)(a) GDPR): Where you have given your express consent for specific processing activities, such as subscribing to communications or accepting non-essential cookies. You may withdraw your consent at any time.
• Performance of a contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual measures at your request.
• Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interest (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms.

5. Data Sharing and Disclosure

We treat your personal data with the utmost confidentiality. We do not sell, rent or trade your personal data to third parties for marketing purposes. We share your personal data only in the following circumstances:

5.1 Insurers and Banks

In the context of our brokerage and advisory services, we share relevant personal data with insurers, banks and financial institutions to the extent necessary to obtain quotes, place and manage policies, open and manage accounts and process claims on your behalf.

5.2 Regulatory and Legal Obligations

As a FINMA-regulated company, we are subject to regulatory reporting obligations and may be required to disclose personal data to FINMA, tax authorities or other supervisory authorities.

5.3 Service Providers

We engage carefully selected third-party service providers who process personal data on our behalf, including hosting providers, IT service providers and communication platform providers. All such service providers are bound by data processing agreements.

5.4 Professional Advisors

We may share personal data with our professional advisors (auditors, legal advisors, tax advisors) to the extent necessary for the provision of their services.

6. Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Client data and contractual documents: For the duration of the client relationship and at least 10 years after its termination in accordance with Swiss statutory retention obligations (Art. 958f CO).
• Regulatory and compliance records: For the periods prescribed by FINMA regulations, anti-money laundering legislation and other applicable financial services laws (typically 10 years or longer).
• Contact form submissions: For the duration required to process and respond to your enquiry and up to 2 years thereafter, unless a client relationship is established.
• Website analytics data: Anonymised and aggregated analytics data may be retained indefinitely. Personal analytics data (e.g. IP addresses) is retained for a maximum of 26 months.
• Cookie data: Retention periods for cookies vary by type and purpose. Please refer to our Cookie Policy for details.

7. Data Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, including:

• Encryption of data transmissions using TLS/SSL protocols
• Secure access controls and authentication mechanisms for all internal systems
• Regular security assessments and vulnerability testing
• Employee training in data protection and information security
• Restricted access to personal data on a need-to-know basis
• Secure physical storage of paper-based records
• Procedures for detecting and handling data breaches

8. Data Subject Rights

You have the following rights with respect to your personal data, under both the nDSG and, where applicable, the EU GDPR:

8.1 Right of Access

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain access to such data (Art. 25 nDSG; Art. 15 GDPR).

8.2 Right to Rectification

You have the right to request the rectification of inaccurate personal data and the completion of incomplete personal data (Art. 6(5) nDSG; Art. 16 GDPR).

8.3 Right to Erasure (Right to be Forgotten)

You may request the erasure of your personal data where there is no overriding legal basis or legitimate interest for continued processing (Art. 17 GDPR).

8.4 Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data under certain circumstances (Art. 18 GDPR).

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format (Art. 28 nDSG; Art. 20 GDPR).

8.6 Right to Object

You have the right to object to the processing of your personal data where the processing is based on legitimate interests (Art. 21 GDPR).

8.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw such consent at any time. The withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.

8.8 Right Not to be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you (Art. 21 nDSG; Art. 22 GDPR).

To exercise any of these rights, please contact us using the contact details provided in Section 13. We will respond to your request within 30 days of receipt.

9. Cross-Border Data Transfers

Your personal data is primarily processed and stored in Switzerland. Switzerland has an adequacy decision from the European Commission.

Under certain circumstances, your personal data may be transferred to countries outside Switzerland and the EEA. In such cases, we ensure that appropriate safeguards are in place, including:

• Transfer to countries with an adequate level of data protection
• Use of Standard Contractual Clauses (SCCs)
• Binding Corporate Rules, where applicable
• Your explicit consent to the specific transfer, where appropriate

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to ensure the proper functioning of the website, analyse website traffic and enhance your browsing experience.

We use the following categories of cookies:

• Strictly necessary cookies: Essential for the operation of the website. These cookies do not require consent.
• Analytics cookies: Used to collect information about how visitors use our website.
• Functional cookies: Used to remember your preferences and improve your experience on our website.

You can manage your cookie preferences at any time through your browser settings.

For comprehensive information on the cookies we use, please refer to our separate Cookie Policy.

11. Third-Party Services

11.1 Google Fonts

Our website uses Google Fonts, a web font service provided by Google Ireland Limited / Google LLC. When visiting our website, your browser loads the required fonts from Google servers, whereby your IP address and browser data may be transmitted to Google. For more information, please refer to Google's Privacy Policy.

12. Changes to This Policy

We reserve the right to update or amend this privacy policy at any time. Changes will be published on this page with an updated date.

In the case of material changes, we will take appropriate steps to notify you. Continued use of our website and services after the publication of changes shall constitute acknowledgement of such changes.

13. Contact for Data Protection Enquiries

If you have any questions, concerns or requests regarding this privacy policy or our processing of your personal data, please contact us at:

We endeavour to respond to all data protection enquiries within 30 days of receipt.

14. Right to Complain

If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority.

14.1 Switzerland

The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC):

14.2 European Union

If you are located in the EEA and the EU GDPR applies to the processing of your personal data, you also have the right to lodge a complaint with the data protection supervisory authority of the EU Member State of your habitual residence, place of work or place of the alleged infringement.

15. Applicable Law and Jurisdiction

This privacy policy and all disputes arising from or in connection with it shall be governed by the substantive law of Switzerland, excluding its conflict of law rules and international treaties.

The exclusive place of jurisdiction for all disputes in connection with this privacy policy shall be Zürich, Switzerland, subject to mandatory statutory provisions (including the mandatory jurisdiction provisions of the GDPR for data subjects located in the EEA).