PRIVACY

PRIVACY

Privacy Policy

Privacy Policy

Privacy Policy

1. General Information

1.1 Company Information

Olymp AG ("Olymp", "we", "our", or "us") is a Swiss technology company with its registered office in Küsnacht, Zürich, specializing in AI-driven software solutions for external asset managers (EAMs), family offices, and medical professionals. Our flagship products include Apollo (back-office automation and compliance tooling for FINMA-regulated Swiss EAMs) and Artemis (AI-powered documentation and CRM platform for Swiss therapeutic professionals).

This Privacy Policy explains how we collect, use, disclose, transfer, and protect your personal data in compliance with the Swiss Federal Act on Data Protection (FADP/DSG), the Ordinance on the Federal Act on Data Protection (DPO/DSV), and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).

1.2 Scope

This Policy applies to:

  • Visitors to our websites and portals

  • Users of our software (Apollo, Artemis) and APIs

  • Customers and prospective customers

  • Users of Olymp for Word, our Microsoft Word add-in

  • Business partners and sub-processors' personnel interacting with our systems

By using our services or interacting with us, you acknowledge that you have read and understood this Policy.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

  • Controller: Olymp AG, which determines the purposes and means of the processing of personal data.

  • Processor: A natural or legal person that processes personal data on our behalf.

  • Sub-processor: A third party engaged by Olymp to process personal data on behalf of a customer.

  • Customer Data: Personal data uploaded to, or generated within, our services by or on behalf of a customer.

3. Data Collection

3.1 Types of Data Collected

Depending on your interaction with us, we may collect:

  • Identification Data: Name, email address, phone number, company details, login credentials.

  • Technical Data: IP address, browser type, device identifiers, operating system, language settings, time zone, log files.

  • Usage Data: Activity logs, interaction with our software and APIs, preferences, feedback, and support requests.

  • Contractual & Business Data: Contracts, service agreements, and communications relevant to our business relationship.

  • Support/Correspondence Data: Content of communications when you contact our support or sales team.

  • Customer Data (as Processor): Where Apollo or Artemis is used by a customer, that customer's uploaded documents, client records, portfolio data, and KYC information are processed by Olymp strictly on the customer's behalf under a Data Processing Agreement (DPA).

3.2 How We Collect Data

  • Directly: When you register for an account, subscribe to services, sign a contract, or contact us.

  • Automatically: Through cookies, analytics, log files, and telemetry when you use our services.

  • From Third Parties: Banking APIs, partner systems, business partners, or publicly available sources when permitted by law.

4. Legal Bases for Processing (GDPR Article 6 / FADP Art. 31)

We process personal data based on the following legal grounds:

  • Performance of a Contract: To provide our services, fulfill orders, and maintain customer accounts.

  • Legitimate Interests: To improve our products, secure our systems, prevent fraud, and conduct business analysis.

  • Legal Obligations: To comply with tax, accounting, and regulatory requirements.

  • Consent: For marketing communications or optional cookies where required.

5. Use of Personal Data

We use personal data to:

  • Provide, maintain, and enhance Apollo, Artemis, Olymp for Word, and related APIs.

  • Process transactions, manage billing, and provide customer support.

  • Ensure the security, integrity, and availability of our infrastructure.

  • Conduct product analytics and user-experience improvements (on aggregated or pseudonymized data only).

  • Comply with legal and regulatory obligations.

  • Send administrative notifications and, where legally permissible, marketing communications.

6. Data Residency and Hosting — Switzerland Exclusively

Olymp operates a Swiss-sovereign infrastructure. All production systems that store or process Customer Data are located in Switzerland.

6.1 Infrastructure Stack

  • Application and database hosting: Hostpoint AG (Rapperswil-Jona, Switzerland), a Swiss-owned and Swiss-operated hosting provider. This includes SPF, DKIM, and DMARC configuration for all Olymp domains.

  • AI/LLM processing: Azure Switzerland North (Zürich region) exclusively. No production workload is deployed to non-Swiss regions.

6.2 No Cross-Border Transfers of Customer Data

Customer Data processed through Apollo and Artemis does not leave Switzerland in the ordinary course of service delivery. Where Olymp uses international corporate tools for internal operations (e.g., CRM, analytics), these tools do not receive Customer Data and are limited to contact and contractual metadata, with appropriate transfer safeguards (EU Standard Contractual Clauses and, where applicable, the Swiss-U.S. Data Privacy Framework).

7. AI Processing — Zero Retention and Zero Training

We treat Customer Data processed by AI models as strictly confidential input that is never used to train or improve any model, ours or a third party's.

8. Data Sharing

8.1 Principles

We share personal data only where necessary to deliver our services, comply with law, or protect our legitimate interests. Every sub-processor is bound by a written agreement imposing confidentiality, security, and data-protection obligations at least equivalent to those set out in this Policy.

9. Regulatory Alignment

Olymp's infrastructure and operating model are designed to support our customers' own regulatory obligations, including:

  • FINMA / FINIG Art. 14 (outsourcing): Apollo is hosted and operated in a manner that enables FINMA-regulated EAMs to meet their outsourcing obligations, including auditability, data localization, and the right to instruct.

  • Swiss FADP/DSG and GDPR: Our data-processing practices, DPAs, and sub-processor arrangements are aligned with both frameworks.

  • Professional secrecy: Artemis is designed to respect the confidentiality duties applicable to Swiss therapeutic professionals, including Heilpädagogische Früherziehung practitioners.

10. Data Security

Olymp applies defense-in-depth across infrastructure, application, and operational layers.

10.1 Encryption

  • In transit: TLS 1.2+ with modern cipher suites for all client, API, and internal service traffic.

  • At rest: AES-256 at the storage layer for all databases, blob storage, and backups.

10.2 Access Control

  • User-based access control (RBAC)

  • Multi-factor authentication (MFA)

  • Principle of least privilege; production access is limited to a small number of named personnel and is logged.

11. Data Retention

We retain personal data:

  • As long as necessary for the purposes stated in this Policy.

  • Until consent is withdrawn, where processing is based solely on consent.

Customer Data is deleted or returned to the customer within a reasonable period after contract termination, except where retention is legally required. AI prompts and completions are not retained (see Section 7).

12. User Rights

Under the GDPR and FADP, you have the right to:

  • Access your personal data and receive a copy.

  • Rectify inaccurate or incomplete data.

  • Erase data ("right to be forgotten") where legally permissible.

  • Restrict or object to processing, including profiling.

  • Data Portability: Receive your data in a structured, commonly used format.

  • Withdraw Consent at any time without affecting lawfulness of prior processing.

  • Lodge a Complaint with a supervisory authority, such as the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local EU data-protection authority.

Where Olymp acts as a processor (for Customer Data inside Apollo or Artemis), requests should generally be addressed to the relevant customer (the controller); Olymp will assist customers in responding to such requests.

To exercise your rights or ask questions, contact: info@olymp.finance.

13. Cookies and Tracking Technologies

We use first- and third-party cookies and similar technologies for:

  • Essential functionality and security

  • Analytics and performance measurement

  • Remembering user preferences

You can manage or disable cookies via your browser settings or through our cookie banner. Some features may not function if cookies are disabled.

14. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in technology, legislation, or our practices. Material changes will be communicated via email (if you have an account) or prominent website notice. Please review this Policy periodically for updates.

15. Contact

Olymp AG Küsnacht, Zürich, Switzerland Email: info@olymp.finance

‹ COOKIES