BankMed (Suisse) SA (the “Bank”, “we”, “our” or “us”) has issued the present Privacy Notice in accordance with the Swiss Federal Act on Data Protection (“DPA”) and its upcoming revision as well as the EU General Data Protection Regulation (“GDPR”), which has an extra-territorial effect.
In order to conduct its business activities, the Bank processes Personal Data related to you and to any natural person who has been identified within the scope of the contractual relationship that you maintain with us. This Privacy Notice describes the types of Personal Data that are processed, the purpose for which they are processed, the period for which they will be stored as well as which other parties this data may be shared with. The Notice also aims to inform you about your rights with respect to your Personal Data and how you may contact us about the information contained in this Privacy Notice.
“Personal Data” means any information relating to an identified or identifiable natural person (the “Data Subject”).
Personal Data we process are subject to confidentiality and/or secrecy obligations.
This Privacy Notice is subject to our General Terms and Conditions.
You are kindly requested to carefully read this Notice and to communicate it to any Related Individual.
1. Types of Personal Data processed by the Bank
The Bank only collects and processes Personal Data that are necessary to fulfill its activities.
The types of Personal Data the Bank may collect and process include the following:
- Identification information (e.g., name, ID card and passport numbers, nationality, place and date of birth);
- Contact details (e.g., address, email address and phone number);
- Family situation (e.g., civil status, number of children, etc.);
- Tax status (e.g., TIN, country of residence for tax purposes);
- Personal background (e.g., education, professional activity, public function, remuneration);
- Financial and banking information (e.g., banking relationships, bank account details, transfer of assets, source of wealth);
- Your use of our services;
- Your interactions with us (e.g., our meetings, phone calls, chats, emails exchanges).
2. Categories of Data Subjects
The Bank may process Personal Data on the following persons:
- Natural persons who maintain a contractual relationship with the Bank or who wish to enter into a contractual relationship with the Bank;
- Natural persons (referred to as “Related individuals”) related to a natural person or an entity having a contractual relationship with the Bank or wishing to enter into a relationship with the Bank and whose information was provided to the Bank (e.g., family members, directors, authorized signatories of companies, trustees, settlors, beneficiaries or protectors of a trust, controlling persons).
3. Sources used by the Bank to collect Personal Data
The Bank collects your Personal Data in accordance with the relevant laws and regulations and for the purpose of the services and/or products you may request.
In particular, Personal Data are collected from various sources, including:
- Directly from you;
- From GroupMed SAL entities;
- From publicly available sources (e.g. medias, internet);
- From dedicated worldwide databases;
- From third parties (e.g. intermediaries, brokers).
4. Purposes and legal basis behind the process of your Personal Data
Personal Data are collected and processed to meet statutory requirements as well as to fulfill our contractual obligations as follows:
- In order to comply with legal obligations such as regulations related to international sanctions, to the prevention of money laundering and financing of terrorism, to investor protection, to abuse and fraud prevention, to the fulfilment of tax related controls and for handling requests from administrative or judicial authorities, we are required to process your Personal Data.
- On the basis of our contractual relationship, data processing is also necessary to the fulfillment of our contractual obligations with you or to take, at your request, appropriate actions before entering into a contractual relationship with you. Your Personal Data are processed as a mean to provide you with products and services you have applied for and to fulfill additional purposes related to our contractual relationship (e.g., confirming your identity, performing your instructions, offering you other services or products, etc.).
- On the basis of your prior consent, your personal data are processed for specific purposes. Where your Personal Data needs to be processed for purposes other than those aforementioned, your consent will be requested in due time. Your consent may be revoked at any time. Such revocation shall not affect the lawfulness of data processed prior to your revocation.
- Pursuing legitimate interests, the Bank also processes data with the purposes of safeguarding its interests (e.g., preventing fraud, asserting legal claims and defending our legal rights, enhancing our banking services).
5. Third parties with whom we may share your Personal Data
On a need to know basis, we may be required to disclose your Personal Data to partner companies.
We may also share your Personal Data with regulators, other financial institutions, brokers, agents, administrative or judicial authorities, certain professional such as lawyers or auditors or to any other third party as agreed with you.
In addition to the purposes mentioned above, we reserve our right to disclose your Personal Data to other recipients if required by applicable laws.
6. Transfer of your Personal Data to a third country
Your Personal Data may be transferred to countries outside Switzerland. Such transfer may occur in the following situations:
- For the purpose of carrying out your orders (e.g. payment and securities orders);
- For the purpose of fulfilling a legal requirement (e.g. reporting obligations under tax laws);
- For the purpose of fulfilling your instructions.
7. Rights granted to you as a Data Subject
As a Data Subject, you may exercise, to the extent permitted by the applicable law, a number of rights in respect to your Personal Data:
- Right of access to your Personal Data;
- Right to rectification;
- Right to erasure (“right to be forgotten”);
- Right to restriction of processing;
- Right to withdraw your consent (where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time);
- Right to data portability;
- Right to object;
- Right to not be subject to a decision based solely on an automated processing, including profiling;
- Right to lodge a complaint with a supervisory authority.
8. Security of your Personal Data
We maintain appropriate security safeguards to protect your Personal Data and we only retain this Personal Data for a limited period of time.
9. Period during which your Personal Data are stored
Your Personal Data will be stored for as long as required to fulfill our legal or contractual obligations. They will be regularly deleted once they will no longer be necessary to achieve the aforementioned obligations, subject however to any applicable legal or regulatory requirement to store personal data for a longer period, or to any legal action faced by the Bank.
10. The provision of personal data is mandatory
In the context of a contractual or pre-contractual relationship with the Bank, the provision of your Personal Data is a legal and regulatory requirement.
Please be aware that if you are not willing to communicate the requested Personal Data, we will not be in a position to enter into or continue the business relationship.
11. Automated decision-making, including profiling
The Bank does not use any automated decision-making in connection with your Personal Data.
12. Contact information
For any questions you may have in relation to this Privacy Notice, please contact your relationship manager or the Data Protection Officer at the following address: firstname.lastname@example.org