INTRODUCTION
This Charter applies to all the personal data of clients, prospects as well as of internal and external employees (hereinafter referred to as the "data") processed by Edmond de Rothschild REIM (Suisse) S.A. (hereinafter referred to as "EdR REIM Suisse") acting as data controller.
This Charter also applies to the data of other natural persons, when this data is processed by EdR REIM Suisse in the context of a business relationship with a client (hereinafter referred to as the "related person(s)"). A related person may, in particular, be a representative, a signatory, a proxy, an asset manager, a beneficial owner or a
controlling person.
What data do we collect?
The data we collect or hold about the data subject may come from a variety of sources. Some will have been collected directly from the data subject. Some data, may also have been collected in compliance with applicable regulations, in the past or by other entities within the Edmond de Rothschild Group offering financial services (hereinafter referred to as "EdR Group"). We may also collect data in the context of meetings or communications (e.g. when the data subjects call us, write us or visit us) or when the data subjects visit our website or use our online services or applications. The data subjects have to ensure that the data about them collected by us are accurate, relevant and up to date.
Some data may come from sources that are accessible to the general public (e.g., public registers, press and websites) or may have been collected from external companies (e.g. electronic databases).
The data that we process will usually fall into the categories listed below:
information about data subject’s identity, such as name, gender, date and place of birth, the information on identification documents;
- contact details, such as mailing address, email address, telephone numbers;
- information provided to us by filling in forms or by contacting us;
- information about our business relationship, the channels of communication used with us, claims;
- information that we use to identify and authenticate the data subject, including that collected during visits to our website ( online identifier (IP address), contact details and authenticator when the data subjects register for our online services);
- any information contained in the client documentation or forms that the data subject might fill in as a prospect;
- any business information, such as details of the products or services that the data subjects benefit from;
- data collected via Internet cookies (please refer to the Cookie Policy on site Internet for more
- information about our use of Internet cookies);
- data related to our internal investigations, in particular verification relating to screening carried out before we enter into a relationship with a client, verification carried out during the course of our business relationship, verification relating to the application of the rules on sanctions, anti-money laundering and the fight against terrorism financing obligations and all information related to verification carried out on our means of communication;
- records of all correspondence and communication between us, including telephone calls, emails, social
media communications or any other type of exchanges and communications;
- photographic or audio-visual and also voice recordings of the data subject or during visits to our offices;
- any information we need to meet our legal and regulatory obligations.
If we do not have certain data about the data subject (or if the data subjects exercises the right to oppose data processing or request a restriction on data processing (see the "Data Subjects’ Rights" Section below), we may not be able to provide the service or product for which the processing of such data is required.
How do we use the data?
We only use the data if the data subjects have consented to it or if such use is founded on a legal basis provided for by the regulations in force:
- the performance of a contract entered into, an undertaking for which the data subject and/or ourselves are engaged or a pre-contractual measure;
- compliance with a legal or regulatory obligation;
- preservation of a public interest, such as the prevention or detection of fraud or financial crime;
- the pursuit of our legitimate interests (e.g., (i) interest in the development of the business relationship and the provision of information on services and products offered by EdR REIM Suisse, by entities affiliated to EdR REIM Suisse or by third party partners, (ii) interest in improving EdR REIM Suisse’s internal organisation and processes, (iii) interest in any risk assessment to which EdR REIM Suisse is subject and decision-making in risk management, and (iv) EdR REIM Suisse's interest in protecting its interests, defending or exercising rights in court and cooperating in investigations initiated by authorities in Switzerland or overseas).
We collect and process data for various purposes, including but not limited to the following purposes:
- providing products and services, processing client operations and executing client instructions;
- compliance with laws and regulations, including:
- monitoring compliance with legal requirements for accounting and regulation of financial markets;
- any form of cooperation with the authorities, in particular prudential supervisory authorities, authorities in charge of anti-money laundering and the fight against terrorism financing and authorities involved in the automatic exchange of information on tax matters (including the Foreign Account Tax Compliance Act);
- any measure taken to implement international sanctions in accordance with the procedures established by EdR REIM Suisse, including the processing of data for screening purposes.
- prevention and detection of fraud or other offences (including through the recording of telephone conversations and electronic communications);
- security and pursuit of our activities;
- risk management, including market risk, operational risk, liquidity risk, legal risk and reputational risk;
- providing online services, mobile applications and other online product platforms;
- improvement of products, services, organisation and internal processes of EdR REIM Suisse;
- Internet cookies, when using online applications (please refer to the Cookie Policy on site Internet for more information about our use of Internet cookies);
- analysis of data for the purpose of targeting clients, including automated data processing ("profiling");
- marketing and business relationship development, in particular to provide information about the products and services of the EdR Group as well as about the products and services of our partners and other third parties, unless the data subjects are opposed to the use of the data for this purpose;
- the organisation of events, to invite or allow the data subject to participate in dedicated events, organised in particular to promote our products and services to existing or potential clients;
- disclosure of data to entities affiliated to EdR REIM Suisse, in particular to ensure an efficient and
harmonised service and to inform of services offered by entities affiliated to EdR REIM Suisse;
- any treatment necessary to enable EdR REIM Suisse to establish, exercise or defend a present or future
claim, or to enable EdR REIM Suisse to assist with an investigation by a public authority, in Switzerland or overseas.
You may have expressed the request not to have your data used but we still have to use it for different reasons. In such a case, we will continue to use it (i) if required by law, (ii) if we have to perform a contractual obligation, (iii) if it is in the public interest to do so (unless your interests, freedoms or fundamental rights prevail) or (iv) if we have a legitimate interest in doing so (unless your interests, freedoms or fundamental rights prevail) and, in all cases, (v) in proportion to the purpose pursued.
We would like to specifically draw your attention to the fact that you may, at any time and without justification, object to the use of your data for marketing purposes, including profiling by EdR REIM Suisse or third parties when linked to this purpose, or, where the consent is the legal basis for the processing, withdraw your consent by contacting us in accordance with the contact information provided at the end of this Charter.
Automated decision support systems
We may use automated decision support systems, such as when the data subject wants to buy a product or service, or during checks aimed at preventing the risk of fraud, money laundering or terrorist financing. Such processes may help us to determine whether the activity of a client or account involves a risk (credit, fraud or other risk).
We do not resort to "automated individual decisions" as part of our business relationships with clients. If we were to use "automated individual decisions" in the future, we would do so in accordance with the applicable legal and regulatory requirements.
Monitoring and recording exchanges with the data subject
Subject to compliance with applicable local regulations, we may record and retain the conversations and communications the data subject has with us, including telephone calls, letters, emails and any other type of messaging service to verify the data subject’s instructions. We may also use these records to appraise, analyse and improve our services, train our staff, manage risks, or prevent and detect fraud and other financial crimes from this data.
We use a video surveillance system in and around our offices for security purposes, so we may collect images, photos, or videos of the data subject, or record the data subject’s voice through this process.
Who are we likely to share the data subject’s data with?
We may share the data subject’s data for the following reasons:
- to provide the data subject with products or services that the data subject has requested, such as opening an account, responding to a subscription request or executing your instructions;
- to comply with a legal or regulatory obligation (for example to help detect fraud or tax evasion, to prevent financial crime);
- to respond to a request from an authority, manage litigation or to act in defence of our rights;
- to act on the basis of a legitimate interest, e.g., to manage an operational risk or assess the relevance or effectiveness of the marketing campaigns of our products or services;
- to act in accordance with the data subject’s consent that was previously obtained.
We may transfer and disclose your data to:
- other entities of the EdR Group;
- subcontractors, agents or service providers who work for us or other EdR Group companies (including their employees and managers);
- related persons, intermediary, correspondent and custodian banks, clearing houses, any stakeholder or market counterparty, stock exchanges or any company in which you hold financial instruments through us (e.g., shares or bonds);
- other financial institutions, tax authorities, professional associations, credit control agencies and debt collection agencies;
- fund managers who provide the data subject with asset management services and all intermediaries, distributors, independent asset managers and brokers who put the data subject in touch with or deal with us on the data subject’s behalf;
- any person, company or other body which has an interest in or assumes a risk with respect to or in connection with the products or services we provide to the data subject;
- any entity (new or potential) of the EdR Group (e.g., in the event of restructuring or merger and/or acquisition transactions) or any entity that acquires all or part of an EdR Group entity;
- companies that conduct business or market studies for us;
- our external audit firm;
- any other person involved in the event of litigation with respect to an operation;
- any other legal or administrative authorities and any dispute resolution bodies in order to comply with
their requests.
How long do we keep the data for?
We shall retain the data subject’s data as long as the data subject continues to use our services and platforms (e.g., our website or our mobile applications). We may also retain it even if the data subject chooses not to use our services or platforms, including for compliance with applicable law, defend our interests, or enforcement of our rights. We do not keep it longer than necessary and when we no longer need it, we destroy it safely, in accordance with our internal policy.
In principle, the data will be kept for a period of ten (10) years after the end of the business relationship.
Certain data may be retained for an additional period of time for the management of claims and/or litigation as well as to meet our legal or regulatory obligations or to respond to requests from authorities.
International data transfers
In principle, the data subject’s data may be transferred to, hosted in or accessed exclusively from a country located in the European Union or Switzerland.
However, the data subject’s data may also be transferred to, hosted in or accessed from another country (outside the European Union or Switzerland) when the competent Swiss or European authorities have found/acknowledged that the country in question provides an adequate level of protection.
In addition, even in the absence of such recognition by the competent Swiss or European authorities, the data subject’s data may also be transferred to a country outside the European Union if one of the following conditions is met:
- the transfer is protected by appropriate guarantees in accordance with applicable regulations; • the transfer is necessary for the execution of a contract between the data subject and us or for the implementation of pre-contractual measures undertaken at the data subject’s request;
- the data subject has agreed to the transfer;
- the transfer is necessary for the conclusion or execution of a contract concluded in your interest between us and one of our counterparties;
- the transfer is necessary for important reasons of public interest;
- the transfer has been requested by a court or administrative authority of a third country whose decision is recognised in Switzerland or has the force of res judicata; or
- the transfer is necessary for the recognition, exercise or defence of our rights in court.
The data subject can obtain further information on how we transfer the data subject’s data outside the European Union or Switzerland, including a copy of the appropriate guarantees mentioned above, by contacting us directly using the contact details at the end of this Charter.
The data subject’s rights
Subject to the restrictions provided by law, each data subject has the right:
- to obtain information about the data we hold about the data subject and the processing implemented, as well as the right to request access to the said data;
- to withdraw consent to the processing of the data at any time (please note that we may continue to process the data if we have another reason to do so. Additionally, any withdrawal of consent is only valid for the future and does not affect the legality of processing based on consent and carried out before the withdrawal thereof);
- in certain circumstances, to receive data in electronic form and/or to request us to transmit such information to a third party where technically possible (this "right to data portability" is subject to certain restrictions and is only applicable to the data the data subject has provided us);
- to rectify data;
- to request the deletion of data in certain circumstances (please note that legal or regulatory provisions or legitimate reasons may require us to retain data);
- to ask us to restrict or oppose the processing of data in certain circumstances (please note that we may continue to process data if we have a reason to do so).
The data subject can exercise his or her rights by contacting us directly using the contact details provided at the end of this Charter. The data subject also has the right to file a complaint with the competent supervisory authority.
Exercising the rights described above or the non-provision of data requested by EdR REIM Suisse may be an obstacle to entering into or continuing our business relationship.
What do we expect from the data subject?
The data subject must ensure that the data provided is relevant and up-to-date. In addition, the data subject must inform us of any change affecting this data.
The data subject must ensure that the information contained in this Charter has been communicated to related persons as defined above.
How do we ensure the security of the data subject’s data?
We implement technical, procedural and organisational measures to provide an adequate level of protection for data, for example, in some cases, this is achieved through encryption, anonymization, and the implementation of logical and physical security procedures.
We require our staff and all third parties working for the EdR Group to adhere to strict standards of security and data protection. Contractual obligations, under which the latter undertake to protect all data and apply strict data transfer measures, have been put in place.
If you wish to contact us
For any queries concerning the processing of data described in this Charter or to exercise the above mentioned rights, the data subject may contact our Data Protection Officer at the following email address: dpo-ch@edr.com.
Furthermore, we would like to draw attention to the fact that, if the data subject is a European Union resident, the data subject may also send any request concerning the processing of data to our representative established in the European Union, at the following address: Edmond de Rothschild (France), Data Protection Officer (DPO), 47 rue du Faubourg Saint-Honoré, 75008 Paris, France - “dpo@edr.com”