Privacy Policy

Last Updated: January 15, 2026

1. Introduction
Strategic Fintech Stewardship ("SFS", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website strategicfstewardship.ch or engage our consultancy services.
This policy complies with the Swiss Federal Act on Data Protection (FADP) and the European Union's General Data Protection Regulation (GDPR) where applicable.

2. Data Controller
The data controller responsible for your personal data is:
Madeira de Oliveira Strategic Fintech Stewardship
Website: strategicfstewardship.ch
Contact: Available through our contact page at https://www.strategicfstewardship.ch/contact

3. Information We Collect
3.1 Information You Provide Directly
We collect information that you voluntarily provide when you:

Contact us through our website contact form or email (name, email address, phone number, message content)
Engage our services (business information, project requirements, financial data as necessary for service delivery)
Create an account or join our loyalty program (name, email, account credentials)
Participate in tutoring or training (educational background, learning objectives)
Subscribe to communications (email address, communication preferences)

3.2 Information Collected Automatically
When you visit our website, we may automatically collect:

Technical information: IP address, browser type and version, operating system, device information
Usage data: Pages visited, time spent on pages, navigation paths, referring website
Cookies and tracking technologies: See Section 8 for detailed information

3.3 Information from Third Parties
We may receive information from:

Professional references provided during engagement discussions
Public sources such as LinkedIn or company websites for business context
Third-party service providers we use to deliver our services (cloud platforms, analytics tools)

4. How We Use Your Information
4.1 Legal Bases for Processing
We process your personal data based on:

Contractual necessity: To provide services you've requested
Legitimate interests: To operate our business, improve services, and communicate with clients
Consent: Where you've explicitly agreed to specific processing activities
Legal obligations: To comply with applicable laws and regulations

4.2 Purposes of Processing
We use your information to:

Deliver services: Provide consultancy, data engineering, tutoring, and other contracted services
Communicate: Respond to inquiries, send project updates, provide customer support
Improve services: Analyze usage patterns, gather feedback, develop new offerings
Manage relationships: Maintain client records, process payments, manage loyalty programs
Marketing: Send newsletters, promotional materials, and service announcements (with your consent)
Comply with legal obligations: Maintain records for tax, accounting, and regulatory purposes
Protect our interests: Prevent fraud, enforce terms and conditions, resolve disputes

5. Data Sharing and Disclosure
5.1 Service Providers
We may share your data with trusted third-party service providers who assist us:

Cloud hosting providers for website and data infrastructure
Payment processors for billing and invoicing
Analytics providers for website performance analysis
Communication tools (email services, video conferencing platforms)
Project management tools for service delivery coordination

All service providers are bound by confidentiality obligations and process data only as instructed.

5.2 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.3 Legal Requirements
We may disclose your information when required by law, legal process, or to:

Comply with regulatory requirements
Respond to lawful requests from public authorities
Protect our rights, property, or safety
Investigate fraud or security issues

5.4 With Your Consent
We may share information for other purposes with your explicit consent.

5.5 No Sale of Personal Data
SFS does not sell your personal data to third parties.

6. International Data Transfers
SFS is based in Switzerland. If you are located in the European Economic Area (EEA) or other jurisdictions, your data may be transferred to and processed in Switzerland.
We ensure appropriate safeguards are in place for international transfers:

Switzerland's adequacy status under GDPR
Standard Contractual Clauses (SCCs) where required
Other approved transfer mechanisms

7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:

Active client data: Duration of engagement plus 10 years for accounting and legal purposes
Contact inquiries: 2 years from last contact, unless you become a client
Marketing communications: Until you unsubscribe or withdraw consent
Website analytics: Typically aggregated and anonymized after 26 months
Account information: Until account closure plus applicable retention periods

After retention periods expire, we securely delete or anonymize your data.

8. Cookies and Tracking Technologies
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. We use cookies to improve functionality and analyze website usage.

8.2 Types of Cookies We Use

Essential cookies: Necessary for website operation (security, authentication, load balancing)
Functional cookies: Remember your preferences and settings
Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics)
Marketing cookies: May be used to show relevant content (with your consent)

8.3 Managing Cookies
You can control cookies through:

Browser settings: Most browsers allow you to refuse or delete cookies
Cookie consent banner: Manage preferences through our website
Opt-out tools: Such as Google Analytics opt-out browser add-on

Note that disabling certain cookies may affect website functionality.

9. Your Rights
9.1 Rights Under GDPR and FADP
You have the following rights regarding your personal data:

Right of access: Request confirmation of what data we hold about you
Right to rectification: Correct inaccurate or incomplete data
Right to erasure ("right to be forgotten"): Request deletion of your data in certain circumstances
Right to restriction: Limit how we process your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Where processing is based on consent
Right to lodge a complaint: Contact the relevant data protection authority

9.2 Exercising Your Rights
To exercise any of these rights, please contact us through:

Our website contact form
Email (address provided on our contact page)

We will respond to your request within 30 days (or as required by applicable law).

9.3 Verification
For security purposes, we may need to verify your identity before processing requests.

10. Data Security
We implement appropriate technical and organizational measures to protect your data:

Encryption: SSL/TLS encryption for data transmission
Access controls: Restricted access to personal data on a need-to-know basis
Secure storage: Protected servers and databases with regular security updates
Employee training: Staff educated on data protection principles
Vendor management: Due diligence on third-party service providers
Incident response: Procedures for detecting and responding to data breaches

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours (where required)
Notify affected individuals without undue delay
Provide information about the nature of the breach and our response

12. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

13. Third-Party Websites
Our website may contain links to third-party websites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Marketing Communications
14.1 Consent
We send marketing communications only with your consent or where we have a legitimate interest (such as to existing clients about similar services).

14.2 Unsubscribe
You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in our emails
Contacting us directly through our website
Updating your communication preferences in your account settings

You will continue to receive essential service-related communications even if you opt out of marketing.

15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in:

Our practices
Legal requirements
Business operations

Material changes will be communicated through:

Notice on our website
Email notification to registered users
Updated "Last Updated" date at the top of this policy

Your continued use of our services after changes constitutes acceptance of the updated policy.

16. Contact Information
16.1 Privacy Questions
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Strategic Fintech Stewardship
Website: strategicfstewardship.ch
Contact page: https://www.strategicfstewardship.ch/contact

16.2 Supervisory Authority
If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with:
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Website: https://www.edoeb.admin.ch
For EEA residents, you may also contact your local data protection authority.

17. Specific Service Privacy Considerations
17.1 Consultancy Services
When providing quantitative engineering, data science, or strategic consulting:

Client data is processed strictly for service delivery
We implement project-specific confidentiality agreements
Data minimization principles are applied
Client data is segregated and access-restricted

17.2 Tutoring and Training
For educational services:

We collect only information necessary for course delivery
Student progress data is kept confidential
Educational materials may contain anonymized examples

17.3 Loyalty Program
If you participate in our loyalty program:

We track points and rewards associated with your account
Program data is used to personalize your experience
You can close your account and delete program data at any time

Privacy Policy

Contact us through our website contact form or email (name, email address, phone number, message content)

Engage our services (business information, project requirements, financial data as necessary for service delivery)

Create an account or join our loyalty program (name, email, account credentials)

Participate in tutoring or training (educational background, learning objectives)

Subscribe to communications (email address, communication preferences)

3.2 Information Collected Automatically When you visit our website, we may automatically collect:

Technical information: IP address, browser type and version, operating system, device information

Usage data: Pages visited, time spent on pages, navigation paths, referring website

Cookies and tracking technologies: See Section 8 for detailed information

3.3 Information from Third Parties We may receive information from:

Professional references provided during engagement discussions

Public sources such as LinkedIn or company websites for business context

Third-party service providers we use to deliver our services (cloud platforms, analytics tools)

4. How We Use Your Information 4.1 Legal Bases for Processing We process your personal data based on:

Contractual necessity: To provide services you've requested

Legitimate interests: To operate our business, improve services, and communicate with clients

Consent: Where you've explicitly agreed to specific processing activities

Legal obligations: To comply with applicable laws and regulations

4.2 Purposes of Processing We use your information to:

Deliver services: Provide consultancy, data engineering, tutoring, and other contracted services

Communicate: Respond to inquiries, send project updates, provide customer support

Improve services: Analyze usage patterns, gather feedback, develop new offerings

Manage relationships: Maintain client records, process payments, manage loyalty programs

Marketing: Send newsletters, promotional materials, and service announcements (with your consent)

Comply with legal obligations: Maintain records for tax, accounting, and regulatory purposes

Protect our interests: Prevent fraud, enforce terms and conditions, resolve disputes

5. Data Sharing and Disclosure 5.1 Service Providers We may share your data with trusted third-party service providers who assist us:

Cloud hosting providers for website and data infrastructure

Payment processors for billing and invoicing

Analytics providers for website performance analysis

Communication tools (email services, video conferencing platforms)

Project management tools for service delivery coordination

Comply with regulatory requirements

Respond to lawful requests from public authorities

Protect our rights, property, or safety

Investigate fraud or security issues

Switzerland's adequacy status under GDPR

Standard Contractual Clauses (SCCs) where required

Other approved transfer mechanisms

7. Data Retention We retain your personal data only as long as necessary for the purposes outlined in this policy:

Active client data: Duration of engagement plus 10 years for accounting and legal purposes

Contact inquiries: 2 years from last contact, unless you become a client

Marketing communications: Until you unsubscribe or withdraw consent

Website analytics: Typically aggregated and anonymized after 26 months

Account information: Until account closure plus applicable retention periods

Essential cookies: Necessary for website operation (security, authentication, load balancing)

Functional cookies: Remember your preferences and settings

Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics)

Marketing cookies: May be used to show relevant content (with your consent)

8.3 Managing Cookies You can control cookies through:

Browser settings: Most browsers allow you to refuse or delete cookies

Cookie consent banner: Manage preferences through our website

Opt-out tools: Such as Google Analytics opt-out browser add-on

Note that disabling certain cookies may affect website functionality. 9. Your Rights 9.1 Rights Under GDPR and FADP You have the following rights regarding your personal data:

Right of access: Request confirmation of what data we hold about you

Right to rectification: Correct inaccurate or incomplete data

Right to erasure ("right to be forgotten"): Request deletion of your data in certain circumstances

Right to restriction: Limit how we process your data

Right to data portability: Receive your data in a structured, machine-readable format

Right to object: Object to processing based on legitimate interests or for direct marketing

Right to withdraw consent: Where processing is based on consent

Right to lodge a complaint: Contact the relevant data protection authority

9.2 Exercising Your Rights To exercise any of these rights, please contact us through:

Our website contact form

Email (address provided on our contact page)

We will respond to your request within 30 days (or as required by applicable law). 9.3 Verification For security purposes, we may need to verify your identity before processing requests. 10. Data Security We implement appropriate technical and organizational measures to protect your data:

Encryption: SSL/TLS encryption for data transmission

Access controls: Restricted access to personal data on a need-to-know basis

Secure storage: Protected servers and databases with regular security updates

Employee training: Staff educated on data protection principles

Vendor management: Due diligence on third-party service providers

Incident response: Procedures for detecting and responding to data breaches

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. 11. Data Breach Notification In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours (where required)

Notify affected individuals without undue delay

Provide information about the nature of the breach and our response

Clicking the "unsubscribe" link in our emails

Contacting us directly through our website

Updating your communication preferences in your account settings

3.2 Information Collected Automatically
When you visit our website, we may automatically collect:

3.3 Information from Third Parties
We may receive information from:

4. How We Use Your Information
4.1 Legal Bases for Processing
We process your personal data based on:

4.2 Purposes of Processing
We use your information to:

5. Data Sharing and Disclosure
5.1 Service Providers
We may share your data with trusted third-party service providers who assist us:

7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:

8.3 Managing Cookies
You can control cookies through:

Note that disabling certain cookies may affect website functionality.

9. Your Rights
9.1 Rights Under GDPR and FADP
You have the following rights regarding your personal data:

9.2 Exercising Your Rights
To exercise any of these rights, please contact us through:

We will respond to your request within 30 days (or as required by applicable law).

9.3 Verification
For security purposes, we may need to verify your identity before processing requests.

10. Data Security
We implement appropriate technical and organizational measures to protect your data:

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:

You will continue to receive essential service-related communications even if you opt out of marketing.

15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in:

17.2 Tutoring and Training
For educational services:

17.3 Loyalty Program
If you participate in our loyalty program: