Declaration
data protection

1. What is this privacy notice about?

NUMISMATICA GENEVENSIS SA, Rue François-Bellot 4, 1206 Geneva (hereinafter also referred to as “Numismatica“, “we” or “us”) processes personal data relating to you or other individuals in different ways and for different purposes.

“Personal data” means any information relating to an identified or identifiable natural person, and “processing” means any operation with it, such as collecting, using, and disclosing it.

This privacy notice explains how we process such data (hereinafter referred to as “personal data” or “data”) when

• you visit our website https://ngsa.ch/, including our online shop,
• you use our services (appraisal of coins and medals, assistance in buying or selling coins, medals or other items),
• you buy or sell items from us, including via our online shop,
• you are otherwise associated with us by contract,
• you contact us by e-mail, by post, on social networks, by SMS, via a contact form, etc,
• you subscribe to our newsletter,
• you take part in one of our events or you give us your details so that we can inform you about other events (e.g. auctions),
• you deal with us as part of all other data processing linked to our offers.

Please take the time to read this privacy notice to find out how and why Numismatica processes your personal data, how Numismatica protects your personal data and what rights you have in this context. If you have any questions or would like more information about our data processing, please do not hesitate to contact us (par. 2).

We have aligned this privacy notice with the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR). However, whether and to what extent the GDPR is applicable at all depends on the specific case.

2. Who is responsible for processing your data?

For the processing of data in accordance with this privacy notice, the following company is the “controller”, i.e. the party primarily responsible under data protection law unless otherwise specified in individual cases (e.g. in other privacy notices, on forms or in contracts):

NUMISMATICA GENEVENSIS SA
Rue François-Bellot 4
1206 Geneva

Switzerland

If you have any questions regarding data protection, please contact us at the following address so that we can deal with your request as quickly as possible: boutique@ngsa.ch  

3. What personal data do we process?

We process different categories of personal data depending on the occasion and the purpose. You will find the most important categories below, whereby this list cannot be exhaustive.

You may provide us with data that relate to other individuals,  such as work colleagues or business partners, if relevant. If you provide us with data concerning third parties, we understand that you confirm that this data is correct and that you are authorised to provide this data to us. We ask that you inform these third parties about our processing of their data (e.g. by referring to this privacy notice).

3.1. Master data

Master data is the basic data we need to process our business relationships or for marketing and advertising purposes and which relates directly to your person and characteristics. For example, we process the following master data:

• title, first and last name, gender and date of birth;
• address, contact details such as e-mail address, telephone and mobile numbers;
• nationality;
• additional information from identity documents;
• declaration of choice of language;
• in the case of company contacts, also the relationship with the company for which you work;
• customer history;
• signature authorisations and consent forms.

We generally obtain this master data directly from you but may also obtain it from other people working for your company, but we may also obtain personal data from third parties, for example from agencies you work for or third parties such as our contracting parties, as well as from publicly accessible sources such as public registers or the Internet.

3.2. Contract data

Contract data is information that relates to the conclusion or performance of a contract, for example information on contracts and cooperative partnerships and the services to be provided or the services provided, as well as data from the period prior to the conclusion of a contract, information on the conclusion of the contract itself (for example the closing date and the purpose of the contract), as well as information necessary or used for performance. For example, we process the following contract data:

• date, information on the type and duration as well as the terms and conditions of the respective contract, details concerning the termination of the contract;
• contact details and delivery addresses;
• information on the use of services;
• information on payments and payment methods, bank details, invoices, mutual claims, contact with us, information on customer satisfaction, complaints, comments, etc;
• for services available online, also access data and identifiers.

We receive this data from you, but also from the partners we work with.

3.3. Communication data

Communication data is data in connection with our communication with you, for example when you contact us via the contact form or other means of communication. Examples of communication data are:

• title, name and contact details, such as postal address, e-mail address and telephone number;
• content of correspondence (e.g. of e-mails, written correspondence, telephone conversations, chat messages, etc.);
• responses to customer surveys and satisfaction surveys;
• information on the type, time and, if applicable, location of the communication, as well as other peripheral data of the communication.

3.4. Technical data

Technical data is generated when you use our website. This includes, for example, the following data:

• IP address and device ID;
• information about your end device, operating system or language settings;
• information about your Internet provider;
• accessed content or protocols in which the use of our systems is recorded;
• date and time of access to the website and your approximate location;
• details of the content and files accessed in the user account;
• other information necessary for the use of the user account, such as sending the access code by push message for logging into your user account via the website.

We may also assign an individual code to you or your end device (e.g. by means of a cookie; see section 5.1). This code is stored for a certain period of time, often only during your visit. We cannot usually deduce who you are from technical data, unless, for example, you register for the newsletter on our website. In this case, we can link  the technical data with  the master data – and therefore with your person.

3.5.Behavioural data

In order to tailor our offers and services to you or your company in the best way possible, we try to get to know you better and try to better taylor our services to your needs. For this purpose, we collect and use data on your behaviour. Behavioural data in particular includes information about how you use our website. It may also be collected based on technical data. This includes, for example, information about your use of electronic communications (e.g. if and when you opened an e-mail or clicked on a link, particularly when newsletters are sent). We may also use your other interactions with us as behavioural data, and we may link behavioural data to other data (e.g. to anonymous information from statistical offices) and evaluate this data on a personal and non-personal basis.

3.6. Preference data

Preference data tells us what needs you are likely to have and what services are likely to meet your interests or those of your company (e.g. when selecting topics for the newsletter). This is why we also process data relating to your interests and preferences. To this end, we can link behavioural data to other data and evaluate this data on a personal and non-personal basis. This enables us to draw conclusions about characteristics, preferences and anticipated behaviour.

3.7. Other data

We may also collect data on who enters certain buildings and when, or has corresponding access rights (including in the case of access control, on the basis of registration data or visitor lists, etc.), who attends events and who uses our infrastructure and systems and when.

4.  For what purposes do we process your personal data?

We use the personal data we collect primarily for collaboration with you. If you have subscribed to our newsletter, we use your e-mail address to send it to you. In addition, we also process your personal data, to the extent permitted and deemed appropriate, for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• For communication purposes, i.e. to contact you and to stay in contact with you. This includes responding to enquiries and contacting you in case of queries, e.g. by e-mail. For this purpose, we especially process your communication data and your master data.
• For customer care and marketing purposes, to provide you with targeted information about new offers based on your personal interests and preferences, for example via the newsletter and personalised advertising. For this purpose, we especially process technical data, master data, communication data and behavioural data.
• We also process data in order to improve our services and develop products.
• For IT security and prevention: we process personal data to monitor the performance of our company, in particular IT, our website, applications and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud and abuse, and for evidence purposes. This includes, for example, the evaluation of technical records of the use of our systems (log data), the prevention, defence and investigation of cyber-attacks and malware attacks, analysis and testing of our networks and IT infrastructures, system and error checks.
• To maintain internal rules and other security measures for IT, buildings and installations, as well as for the protection of our employees and other persons and assets belonging to us or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone records).
• To protect our rights: we may also process personal data to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. Master data and communication data may be processed for this purpose.
• To comply with legal requirements: this includes, for example, the processing of complaints and other notifications, complying with court or authority orders, measures to detect and investigate abuses and, generally, measures we are obliged to take by applicable law (e.g. under anti-money laundering law), self-regulation or industry standards. For this purpose, we may in particular process your master data, contract data and communication data.
• For administration and support: in order to organise our internal processes efficiently, we process data to the extent necessary for IT management, accounting or data archiving. In particular, we may use communication and behavioural data as well as technical data for this purpose.
• We may also process data for other purposes. These include company management, including the organisation and development of the business, other internal processes and administrative purposes (e.g. master data management, accounting and archiving), training as well as education and the preparation and processing of the purchase and sale of business units, companies or parts of companies and other transactions under company law and the associated transfer of personal data, as well as measures for the management of the business and the protection of other legitimate interests.

If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of the processing. You can  revoke your consent at any time in writing.

5. What online tracking and advertising techniques do we use?

On our website, we use various techniques to enable us and the third parties we consult to recognise you when you use our website and, in some cases, track you across multiple visits. The use of such techniques is regulated separately. The following section provides information on this topic.

5.1.  How and for what purpose do we use cookies and similar technologies?

We use the services of third-party providers for our website in order to measure and improve the user experience of the website and online advertising campaigns. For this purpose, , we may embed third-party components into our website, which may in turn use cookies. Where we track you or use similar technologies, the main purpose is to enable us to distinguish access by you (via your system) from access by other users so that we can ensure the functionality of the website and carry out statistical analysis. We do not want to identify you in this process. The technology used is designed to recognise you as an individual visitor each time you access the site, for example by causing our server (or third-party servers) to assign to you or your browser a specific identification number (so-called “cookie”).

Cookies are files that your browser automatically stores on your end device when you visit our website. Cookies contain a unique identification number (an ID) which enables us to distinguish individual visitors from others, but generally without identifying them. Depending on how they are used, cookies contain other information, such as which sites you visit and how long you stay on a site. We use both session cookies, which are deleted again when the browser is closed, and permanent cookies, which remain stored for some time after the browser is closed and are used to recognise visitors on a subsequent visit.

We use the following types of cookies and similar technologies:

Necessary cookies:
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies:
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies:
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies:
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies:
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

Other cookies:
These are cookies without a clear purpose or those that we are still in the process of classifying.

We use cookies in particular for the following purposes:

• personnalisation of content ;
• displaying personalised advertisements and offers;
• displaying ads on third-party websites and measure their success, i.e. whether you respond to these ads (remarketing);
• save your settings between visits;
• determining whether and how we can improve our website;
• collecting statistical data on the number of users and their usage habits, and to improve the speed and performance of the website;
• we may process your contact details to target you with advertisement on third-party platforms.

5.2. How can cookies and similar technologies be disabled?

When accessing our website, you have the option of activating or deactivating certain categories of cookies. You can configure your browser in the settings to block certain cookies or similar technologies or delete existing cookies and other data stored in the browser. You can also enhance your browser with software (so-called “plug-ins”) that blocks tracking by certain third parties. You can find more information on this subject on your browser’s help pages (usually under the heading “Privacy”). Please note that our website may no longer fully function if you block cookies and similar technologies.

5.3. Cookies from partners and third parties on our website

We use third-party services to help us measure and improve the user experience of the website and online advertising campaigns. Third-party service providers may be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analytical services to enable us to optimise our website. The respective third-party providers may record the use of the website for this purpose and combine their recordings with other information from other websites. This allows them to record user behaviour across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers may also use this information for their own purposes, e.g. for personalised advertising on their own website or on other websites. If a user is registered with the provider, the provider can assign the usage data to the relevant person. Detailed information on the cookies we use and for what purposes can be found in our cookie banner.

6. To whom do we disclose your personal data?

In connection with our processing activities, we also disclose your personal data to other recipients.

We disclose personal data to service providers as required for their services. This applies in particular to our auction partners (e.g. biddr, https://portal.sixbid.com/), numismatic experts, payment service providers, IT service providers, but also to consulting companies, analysis service providers, debt collection service providers, credit agencies, marketing service providers, etc. As far as service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to implement data security measures. If the service providers are themselves responsible for processing, information on data protection can be found in the privacy notice of the service provider concerned.

Data may also be disclosed to other recipients, e.g. to courts and authorities as part of legal proceedings and legal information and cooperation duties, to buyers of companies and assets, to financing companies in the case of securitisations, and to collection agencies.

In individual cases, we may also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose such data.

7. Do we disclose personal data abroad?

The recipients of the data are mainly located in Switzerland. However, in certain situations, data may be sent abroad, for example to our branch NGSA DMCC in the United Arab Emirates. Nor can it be ruled out that, in certain cases, data may be sent to other countries, for example to service providers or their subcontractors in countries in the European Economic Area (EEA) and possibly worldwide. For example, we may disclose  data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all of these countries currently guarantee an adequate level of data protection according to the standards of Swiss law. We therefore take contractual precautions to contractually compensate for the lower level of legal protection, especially with the standard contractual clauses issued by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC). For more information and a copy of these clauses, please visit https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html.

In certain cases, we may disclose data in accordance with the requirements of data protection law even in the absence of such agreements, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the execution of a contract, the establishment, exercise or enforcement of legal claims or overriding public interests.

Note that data exchange via the Internet often takes place via third countries. In this case, your data may end up abroad, even if the sender and recipient are in the same country.

8. How long do we process personal data?

We store and process your personal data as long as it is necessary for the purpose of processing (in the case of contracts, usually for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving or to ensure IT security) and for as long as the data is subject to a legal retention obligation (e.g. for certain data, a retention period of ten years applies). In the absence of legal or contractual obligations to the contrary, we will delete, destroy or anonymise your data after the expiry of the storage or processing period as part of our normal processes.

We generally retain master data for 10 years after the last exchange with you, but at least after the end of the contract. This period may be longer if necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons. For purely marketing and advertising contacts, this period is generally much shorter, usually no more than 2 years after the last contact.

We generally retain contract data for 10 years after the last contractual activity, but at least after the end of the contract. This period may be longer if necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons.

We anonymise or delete your behavioural and preference data as soon as they are not longer meaningful for the purposes pursued, which may take between [2-3] weeks (for movement profiles) and [24] months (for product and service preferences) depending on the type of data. This period may be longer if necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons.

9. What are the legal bases for data processing?

Where applicable, data may only be processed if this is expressly permitted by the applicable law. This does not apply under the DPA, but does apply, for example, under the GDPR insofar as it is applicable. In this case, we base the processing of your personal data on the following legal bases:

• on your consent (Article 6(1)(a) and Article 9(2)(a) GDPR),
• that the processing is necessary for the performance of the contract or pre-contractual measures (e.g. the examination of a contract proposal; Article 6(1)(b) GDPR),
• that the processing is necessary for the establishment or defence of legal claims or for civil proceedings (Article 6(1)(f) and Article 9(2)(f) GDPR),
• that the processing is necessary to comply with domestic or foreign legal provisions (Article 6(1)(c) and (f); Article 9(2)(g) GDPR),
• that the processing is necessary for a legitimate interest in data processing, in particular the interests mentioned in section 4 (Article 6(1)(f) GDPR).

10. How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data in order to protect it against unauthorised or unlawful processing and against the risks of loss, accidental loss or alteration and unauthorised access. However, security risks cannot be totally excluded; residual risks are unavoidable.

11. What are your rights?

Under the applicable data protection law, you have certain rights to obtain further information about our data processing and to influence it. In particular, you have the following rights:

• Access right: you can request further information about the processing of your data. We are at your disposal for this purpose. You can also submit an information request if you wish to receive further information and a copy of your data.
• Objection and deletion: you may object to our data processing and request that we delete your personal data at any time if we are not obliged to continue processing or storing this data and if it is not necessary for the purposes of the contract.
• Correction: you can have incorrect or incomplete personal data corrected or completed by sending a note indicating your objection.
• Data portability: you also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to have it transferred to a third party, as far as the respective processing of the data is based on your consent or is necessary for the performance of the contract.
• Revocation: if we process data based on your consent, you may revoke your consent at any time. Revocation is only valid for the future, and we reserve the right to continue processing data on another in the event of a revocation.

Please note that these rights are subject to legal requirements and restrictions and are therefore not fully applicable in all cases. In particular, we may need to further process and store your personal data to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject’s request in whole or in part (e.g. by redacting certain content relating to third parties or our trade secrets).

If you wish to exercise any rights against us, please contact us in writing. You will find our contact details in section 2. As a rule, we will have to verify your identity (e.g. by means of a copy of your ID card). You may also file a complaint against the processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Status of this data protection declaration: [06.06.2024]