Privacy
Privacy Notice
How personal data is processed through the HERIAT website and Private Access.
Data Controller
Francesco M. Böni, operating under HERIAT Asset Management, Switzerland, is the controller for the processing described in this notice. Contact: Contact.
Data We Process
We process information submitted through public enquiries and access requests, including name, professional email, organisation, role, counterparty type, transaction interests and message content.
For Private Access, we may also process approved account details, access status, undertaking acceptance, transaction requests, submissions and room activity. Technical data may include IP address, browser or user-agent information, timestamps, session data and security logs.
Purpose
Personal data is used to assess and respond to enquiries, administer Private Access, coordinate professional and transaction review, maintain access and security records, protect the website and comply with applicable legal or documentation requirements.
Recipients and Service Providers
Access is limited to persons who require the information for the relevant purpose. Data may be processed by hosting, email and technical service providers, professional advisers, specialist providers or transaction counterparties where necessary for the requested review. Personal data is not sold or used for third-party advertising.
International Processing
Given the international nature of HERIAT activities and service providers, personal data may be processed in Switzerland, the European Economic Area or other jurisdictions relevant to the enquiry or transaction. Appropriate contractual or other safeguards are used where required by applicable law.
Retention
Personal data is retained only for as long as necessary for the relevant purpose, professional relationship, access administration, security, record-keeping, dispute management and applicable legal obligations. Retention periods vary according to the nature of the information and relationship.
Cookies and Technical Data
HERIAT uses essential session and security technologies required for Private Access and website operation. The public website currently does not use advertising cookies, cross-site tracking pixels or public-site analytics.
Security
Reasonable technical and organisational measures are used to protect personal data and control access. No online transmission or storage method can be guaranteed to be completely secure.
Your Rights
Subject to applicable law, you may request access to personal data concerning you, correction of inaccurate data or deletion where continued retention is not required. We may request information necessary to verify identity before responding.
Requests may be sent to Contact.
Public Forms
Do not submit identity documents, banking information or confidential transaction materials through public forms. Such material should be shared only through an agreed private channel after initial alignment.