Legal Information

Privacy Policy

Pursuant to the revised Swiss Federal Act on Data Protection (revFADP) and the EU General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for the processing of personal data on this website is:

Entity
Kuruvilla Worldwide AG
Registered office
Weiherweg 25, 5502 Hunzenschwil, Switzerland
Office address
Bahnhofstrasse 12, 8001 Zurich, Switzerland
UID
CHE-398.813.028
Email
info@swissinvestorconcierge.com

We have not appointed a separate Data Protection Officer; data protection enquiries should be addressed to the email above.

2. Data We Collect

2.1  Lead enquiry form

When you submit the “Apply for Access” form on the home page, we collect the following information:

  • First and last name (mandatory)
  • Email address (mandatory)
  • Phone number (optional)
  • Country of residence
  • Investment experience (years)
  • Investable capital range (€1M–2M, €2M–5M, €5M–10M, €10M–25M, €25M+)
  • Any UTM parameters present in the page URL at the time of submission

2.2  Payment data (Diligence Deposit)

When you initiate a payment for the Diligence Deposit on the /access page, the payment is processed exclusively by our payment service provider Stripe Payments Europe Limited. Card data is entered on Stripe’s hosted checkout and is never transmitted to or stored by Kuruvilla Worldwide AG. We receive only: name on card, billing address, email address, country, the amount paid, the Stripe session and payment-intent identifiers, and the payment status.

2.3  Server logs

Our web server automatically records the following technical data on every request: IP address, user-agent string, HTTP referrer, request URL, response status, and timestamp. These logs are kept for a maximum of 30 days and are used solely for security monitoring and abuse prevention.

2.4  Cookies

The public website does not set any first-party tracking cookies. A session cookie (sic_admin) is set only inside the protected administration area when authenticated administrators log in.

3. Purposes & Legal Basis

  • Lead processing · to evaluate your enquiry, assess fit with our mandate criteria, and respond. Legal basis: pre-contractual measures and our legitimate interest in operating an investor-relations process (Art. 6(1)(b)+(f) GDPR; Art. 31 revFADP).
  • Payment processing · to fulfil the contract for the Diligence Deposit. Legal basis: contract performance (Art. 6(1)(b) GDPR; Art. 31(2)(a) revFADP).
  • Communication · to respond to enquiries by email or phone. Legal basis: consent and legitimate interest.
  • Security & anti-abuse · server logs and signed-webhook verification. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Legal & regulatory obligations · retention of accounting and AML records as required by Swiss law (Art. 6(1)(c) GDPR; Art. 31(2)(c) revFADP).

4. Third-Party Services

4.1  Stripe (payment processing)

Provider: Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Dublin 2, Ireland; further processed by Stripe, Inc., USA. When you initiate a payment, you are redirected to Stripe’s hosted checkout. Stripe processes payment-related personal data on the basis of its own privacy policy, available at stripe.com/privacy. Adequacy: Stripe is certified under the EU–U.S. Data Privacy Framework and uses Standard Contractual Clauses for non-EU transfers.

4.2  Google Fonts

This website embeds web fonts from Google Fonts (Google Ireland Limited). When you visit the site, your browser may transmit your IP address to Google to download the fonts. We have configured the page to use the standard fonts.googleapis.com distribution. See policies.google.com/privacy.

4.3  Calendly (call booking)

Provider: Calendly LLC, 271 17th Street NW, Atlanta, GA 30363, USA. The booking widget on our thank-you page loads from assets.calendly.com. When you select a time slot, Calendly processes the data you enter (name, email, optional phone, time-zone) on its own infrastructure under its privacy policy: calendly.com/privacy. Calendly is GDPR-compliant and uses Standard Contractual Clauses for transfers to the United States.

We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, advertising-network cookies, or any third-party behavioural tracking on the public website.

5. International Data Transfer

Personal data may be transferred to recipients located outside Switzerland and the European Economic Area, in particular in connection with payment processing through Stripe (Ireland and the United States) and call booking through Calendly (United States). Such transfers are protected by appropriate safeguards (EU–U.S. Data Privacy Framework certification and/or EU Standard Contractual Clauses approved under Art. 46 GDPR; Art. 16 revFADP).

6. Storage Duration

  • Lead data · retained for the duration of the active enquiry and up to 36 months thereafter to evidence pre-contractual communications, then deleted or anonymised.
  • Order & payment data · retained for 10 years pursuant to Article 958f Swiss Code of Obligations (accounting retention).
  • Server logs · up to 30 days, then deleted automatically.
  • Email correspondence · for as long as necessary to evidence the business relationship, in line with statutory limitation periods.

7. Your Rights

Subject to the conditions of the revFADP and the GDPR, you have the right to:

  • Request information about the personal data we process about you (right of access);
  • Request rectification of inaccurate or incomplete data;
  • Request the deletion of your data, where statutory retention obligations do not apply;
  • Restrict or object to specific processing activities;
  • Receive your data in a structured, commonly used and machine-readable format (data portability);
  • Withdraw your consent at any time, with effect for the future;
  • Lodge a complaint with the competent supervisory authority — in Switzerland, the Federal Data Protection and Information Commissioner (edoeb.admin.ch); in the EU, your local data-protection authority.

To exercise any of the above, please write to info@swissinvestorconcierge.com. We may ask you to verify your identity before processing the request.

8. Data Security

Communications between your browser and our server are encrypted using TLS 1.2+ (HTTPS). Stored personal data resides on dedicated Swiss-hosted infrastructure, with restricted administrative access and signed-webhook verification for payment events. No system, however, can be regarded as fully secure; please notify us immediately of any suspected security incident.

9. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects concerning you. All investor-fit assessments are reviewed personally by Kuruvilla Worldwide AG.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in applicable law, our services, or industry practice. The current version is always published at this URL with the “Last updated” date below.

Last updated: 15 May 2026