Privacy Policy

Thrivo Wealth Partners AG

Version: April 2026  ·  Governing law: Swiss nDSG / revDSG

1. Controller (Responsible Party)

The entity responsible for processing personal data in connection with this website and our services is:

Company:  Thrivo Wealth Partners AG
Address:  c/o Fidura Treuhand AG, Gotthardstrasse 20, 6300 Zug, Switzerland
Register:  HR-Nr. CH-170.3.051.905-2  ·  UID: CHE-151.643.172
E-mail:  privacy@thrivo.com

For data protection matters, please contact us at the e-mail address above. We do not have a statutory obligation to appoint a Data Protection Officer under Swiss law at this time, but inquiries will be handled with the same standard of care.

2. Applicable Law

This Privacy Policy is governed by the Swiss Federal Act on Data Protection (nDSG / revDSG, in force since 1 September 2023). To the extent Thrivo Wealth Partners AG processes personal data of individuals located in the European Economic Area, the General Data Protection Regulation (GDPR, EU 2016/679) applies additionally and in parallel. Where GDPR applies, the legal bases referenced are those set out in Article 6 GDPR; under nDSG, processing must be lawful, conducted in good faith, and proportionate.

In all cases, Thrivo applies the more protective standard where the two regimes diverge.

3. Scope of This Policy

This Policy covers personal data collected when you:

  • visit and interact with our website (thrivo.com and associated subdomains);
  • submit an enquiry, contact form, or expression of interest;
  • engage with us in the context of our investment and partnership activities;
  • receive communications from us, including newsletters and investor updates; or
  • apply for employment or advisory roles at Thrivo.

It does not cover data processed by third-party websites linked from our website, or data processed by partner wealth management firms in their own right as independent data controllers.

4. Categories of Personal Data We Process

Depending on how you interact with us, we may process the following categories of personal data:

Contact and identity data:

  • Name, title, employer, role or function
  • E-mail address, telephone number, postal address

Website usage data:

  • IP address (pseudonymised), browser type, device information
  • Pages visited, referrer URL, session duration
  • Cookie identifiers (see Section 7)

Business and relationship data:

  • Information you provide in connection with a potential partnership, acquisition, or advisory engagement
  • Financial firm details, AUM figures, and related business information shared voluntarily
  • Correspondence and meeting notes

Employment and candidate data:

  • CV, cover letter, professional history, references
  • Assessment outcomes where applicable

We do not knowingly collect special categories of personal data (e.g., health, religious, or political data) through our website. We do not process data of individuals under the age of 18.

5. Purposes and Legal Basis

We process personal data for the following purposes and on the following legal grounds:

(a)  Operation of this website and delivery of information
Legal basis: Legitimate interests (Article 6(1)(f) GDPR / nDSG Art. 31). We have a legitimate interest in making our website available and secure.

(b)  Responding to enquiries and managing relationships
Legal basis: Pre-contractual measures or contract performance (Art. 6(1)(b) GDPR) and/or legitimate interests. Responding to enquiries from potential partners and investors is directly related to our business purpose.

(c)  Investment and partnership due diligence
Legal basis: Legitimate interests. When evaluating potential acquisitions or partnerships, we process business-related personal data to assess counterparty suitability, regulatory fit, and commercial viability.

(d)  Regulatory and compliance obligations
Legal basis: Legal obligation (Art. 6(1)(c) GDPR / nDSG). To the extent required by applicable financial regulation (including Swiss FINMA requirements, BaFin Inhaberkontrollverfahren procedures, and AML/KYC obligations), we are required to process and retain certain personal data.

(e)  Communications and marketing
Legal basis: Consent (Art. 6(1)(a) GDPR) or legitimate interests where permitted. You can unsubscribe from any marketing communications at any time.

(f)  Recruitment
Legal basis: Pre-contractual measures. Candidate data is processed solely for the purpose of evaluating suitability for the advertised role.

6. Retention Periods

We retain personal data only for as long as necessary for the stated purpose or as required by law. In practice:

  • Website log and analytics data: up to 13 months, then anonymised or deleted.
  • Enquiries and correspondence not resulting in a commercial relationship: deleted or anonymised within 2 years.
  • Data associated with a concluded or ongoing investment transaction: retained for the duration of the relationship and thereafter for a minimum of 10 years in accordance with Swiss commercial law (OR Art. 958f) and applicable financial regulatory obligations.
  • Candidate data for unsuccessful applications: deleted within 6 months of conclusion of the process, unless you consent to longer retention for future consideration.

Where retention beyond these periods is required by a specific regulatory obligation, we will retain data for the mandatory period and no longer.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. These fall into the following categories:

Strictly necessary cookies: Required for the website to function (e.g., session management, security). These cannot be disabled.

Analytics cookies: Used to understand aggregate website usage (e.g., pages visited, session duration). We use privacy-respecting analytics configured to avoid cross-site tracking and to anonymise IP addresses. Where required, we obtain consent before setting these cookies.

Preference cookies: Used to remember settings you have chosen.

On your first visit, we will present a consent banner for non-essential cookies. You may withdraw consent at any time via the cookie preferences link in our website footer. Most browsers also allow you to block or delete cookies directly.

We do not use advertising cookies or cross-site behavioural tracking.

8. Disclosure to Third Parties

We do not sell, rent, or trade personal data. We may share data in the following limited circumstances:

  • Service providers: Trusted providers assisting with IT infrastructure, cloud hosting, CRM, e-mail delivery, and similar operational functions. These parties act as data processors under binding agreements and may not use data for their own purposes.
  • Professional advisors: Lawyers, auditors, tax advisors, and similar professionals bound by confidentiality obligations.
  • Investors and co-investors: Where required in the context of a transaction, on a strictly need-to-know basis and under appropriate confidentiality undertakings consistent with our SHA obligations.
  • Regulators and authorities: Where required by applicable law, court order, or lawful request from a competent authority (e.g., FINMA, BaFin, Swiss cantonal authorities).
  • Group companies: Affiliated entities within the Thrivo group, to the extent necessary for internal operational and compliance purposes.

9. International Data Transfers

Our primary operations and data storage are based in Switzerland. Where we transfer personal data to service providers or partners located outside Switzerland or the EEA, we ensure that an adequate level of protection applies through one or more of the following mechanisms:

  • Adequacy decision by the Swiss Federal Council or European Commission;
  • Standard contractual clauses approved by the relevant authority;
  • Other appropriate safeguards as recognised under nDSG or GDPR.

Transfers to Germany in connection with our investment activities are covered by the adequacy framework applicable within the EEA and by the relevant bilateral legal arrangements between Switzerland and EU Member States.

10. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

  • Right of access: To obtain confirmation of whether we hold personal data about you and to receive a copy.
  • Right to rectification: To request correction of inaccurate or incomplete data.
  • Right to erasure: To request deletion of your data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful.
  • Right to restriction: To request that we limit processing of your data in certain circumstances.
  • Right to data portability: To receive your data in a structured, machine-readable format (where processing is based on consent or contract and is carried out by automated means).
  • Right to object: To object to processing based on legitimate interests, including for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at privacy@thrivo.com. We will respond within 30 days. In exceptional cases, this period may be extended by up to 60 additional days where justified.

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch, or with the competent supervisory authority in your country of residence.

11. Data Security

We implement technical and organisational measures appropriate to the risk involved in our processing activities. These include, without limitation: access controls and authentication, encryption in transit and at rest, regular security reviews, contractual obligations on processors, and incident response procedures.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with applicable law.

12. Links to Third-Party Websites

Our website may contain links to external websites or resources. This Privacy Policy does not apply to those third-party sites. We encourage you to review their privacy policies independently. We are not responsible for the content or data practices of any third party.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. The version date at the top of this document indicates when the most recent revision was made. Where changes are material, we will provide appropriate notice (e.g., a notice on the website homepage). Continued use of our website after any update constitutes acceptance of the revised Policy.

14. Contact

For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact us:

E-mail:  privacy@thrivo.com
Post:  Thrivo Wealth Partners AG, c/o Fidura Treuhand AG, Gotthardstrasse 20, 6300 Zug, Switzerland

We will handle all enquiries with the diligence and confidentiality appropriate for a regulated financial services group.