DATA PROTECTION
Privacy statement for Borel & Barbey activities
This Privacy Statement is issued in light of the Swiss Data Protection Act (DPA) and its upcoming revision which shall be closed to the EU General Data Protection Regulation (GDPR). Although GDPR is a EU regulation, it may, under certain circumstances, be applicable to companies outside the EU.
The purpose of this Privacy Statement is to describe how we collect, process and protect personal data relating to: (i) prospects (ii) clients (iii) individuals and/or entities which personal data are provided to us by the Client or which comes to our knowledge in connection with the services we provide (Related Persons).
Related Persons can be: (i) any director, officer, authorized signatory or employee of a company, (ii) a trustee, settlor or protector of a trust, (iii) any beneficial owner of the Client's assets, (iv) a controlling person, (v) a representative or agent of the Client, (vi) family members of the Client, (vii) any other individual or entity having a relationship with the Client that is relevant to our relationship with our Client.
This Privacy Statement also informs the Client and Related Persons of their rights.
1. Person of contact
For all questions relating to data processing the following persons can be contacted:
Me Pierre Bydzovsky
(+41 22) 707 18 00
Pierre.Bydzovsky@borel-barbey.ch
2. Types of personal data collected on Client and Related Persons
- Contact details (name, address, telephone number, email address, etc.).
-
Personal information (date of birth, nationality, passport information with picture).
-
Information on financial situation (financial assets, real estate assets, credit worthiness, origin of the assets, beneficial ownership, banking relationships, tax data).
-
Information on the professional/commercial activity.
-
Information on health.
3. Sources of the personal data collected
We collect personal data provided in the first place by the Client, Related Persons or prospects. Personal data are also collected from various public sources (commercial Register, Real Estate Register, etc.).
4. Purpose of the personal data processing
The processing of personal data is carried out in order to allow us to perform the services entrusted to us by the Client and, in order to comply with our legal obligations resulting namely from the legislation relating to the fight against money-laundering and terrorism, due diligence [obligations resulting from other Swiss or foreign legal statutory and regulatory requirements].
5. Legal basis of the processing
By entrusting us with the services agreed with the Client and which necessarily imply the processing of personal data, such processing is based on the Client and Related Persons' consent.
Furthermore, we may be subject to legal obligations which oblige us to process personal data.
6. Transfer of personal data to third parties
We may have to transfer personal data : (i) for the due performance of the services agreed with the Client to courts; criminal prosecution authorities; public authorities such as FINMA or other authorities in charge of financial markets supervision, self-regulatory organizations (MLA), tax administrations, public registers; notaries, experts, correspondents, auditors, accountants, banks, trustees, heirs, executors (ii) to service providers such as IT services (iii) to any other recipients for which the Client has given his/her/its consent to transfer personal data waiving thereby the Client's rights to confidentiality.
7. Transfer outside Switzerland
In certain circumstances, when required by the performance of the mandate entrusted to us by the Client, personal data may be transferred to and stored outside Switzerland, including in locations which may not have the same level of protection for personal data as Switzerland.
Where personal data are to be disclosed to third parties located in countries which do not have an appropriate level of data protection, we will use our best efforts to ensure that appropriate measures are taken so that personal data continue to receive appropriate protection.
8. Period during which personal data are kept and recorded
Personal data are processed and stored for as long as it is necessary in order to allow us to perform our contractual and legal obligations.
Furthermore, personal data may be kept in order to preserve evidence in accordance with statutes of limitations.
9. Rights under data protection legislation
The personal data subject's rights are the following:
-
right of access;
-
right of rectification;
-
right of erasure;
-
right of restriction of processing;
-
right to object to the processing;
-
right to revoke the consent.
The GDPR provides additional rights such as right to data portability, right to lodge a complaint.
It shall be noticed that the exercise of the right to object the processing, to restrict the processing and to revoke the consent, may render the performance of our services impossible.
The revocation of the consent will only take effect for the future.
10. Security
We are bound by legal and contractual obligations of confidentiality.
In addition, we implement internal technical and organizational measures to keep personal data of the Client, Related Persons and prospective clients safe and secure which may include access limitations and physical security measures. We require our employees and any sub-parties who carry out any work on our behalf to comply with the strict legal obligation of confidentiality owed to the Clients and Related Persons and with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of personal data.
11. Obligation of the data subject
In the context of our relationship with the Client, he/she/it or Related Persons must provide us with all personal data which are necessary for the performance of our mandate or which we are legally obliged to collect.
We will not be able to perform, any mandate without collecting and processing personal data.
Personal data subjects are responsible to provide us with accurate and up-to-date personal data.
Where the Client provides us with information about any other person connected to the relationship with us, he/she/it shall inform such person about what personal data has been provided to us and ensure that such person has received this Privacy Statement.