Purpose of processing and legal basis of personal data.
The Bank collects, processes and protects personal data concerning the contracting party and concerning the Related Person(s). This processing is carried out in the context of existing business relationships and in the context of relationships with potential customers, with the aim of entering into a business relationship with a customer and complying with legal and regulatory obligations.
Bank Eric Sturdza S.A. (hereinafter: "the Bank") collects, protects and processes the personal data necessary for the execution of the contract concluded with the customer and which concerns the contracting party and each of the Related Person(s). Related Persons are defined as follows: director, officer, signing officer or employee of a company, a trustee, settlor or protector of a trust, an economic beneficiary of the customer's assets, a controlling interest, representative or agent of the customer, family member(s) of the customer, any other individual or entity that has a relationship with the customer that is relevant to the business relationship we have with the customer.
The Contracting Party or Account Holder to whom this Statement is given is responsible for informing any Related Person for whom it has entrusted personal data of its contents and for providing a copy of it to him/her.
The Bank collects and processes personal data in connection with its legal and regulatory obligations arising in particular from: financial market laws, tax laws, legislation on the fight against money laundering and terrorism, due diligence rules, risk management, other Swiss or foreign legislation or regulations, and to fulfil its legal obligations of cooperation with administrative, judiciary, supervisory and other public authorities (e.g. in the fight against money laundering) or to make mandatory reports (e.g. CRS, FATCA, etc.)
The Bank processes personal data necessary to safeguard its legitimate interests in assessing risk at the Bank level, to defend, establish or exercise rights in judiciary, administrative, investigative or other proceedings. The Bank collects data on public or private bases for marketing operations.
Responsible for data processing
For all questions relating to the processing of personal data, you can contact your relationship manager or Data Protection Officer at the following address:
Bank Eric Sturdza S.A.
112, rue du Rhône
1211 Geneva 3
Data Protection Officer
Processing of personal data
The Bank is subject to obligations of confidentiality and secrecy in accordance with data protection, contracts, banking and professional secrecy. The personal data of the contracting party and those of the Related Persons are treated in strict compliance with these obligations. The Bank is responsible for the processing of the personal data of the contracting party and those of the Related Parties within the framework of this Policy and the applicable general terms and conditions.
Personal data collected
Identifying data (name, address, telephone number, e-mail address, business contact information, etc.).
Personal information (date of birth, nationality, copy of passport with photo, professional activity).
Identifiers issued by public authorities (passport, tax identification number, social security number, etc.).
Financial information (personal and family financial situation, credit history, Bank details, tax information, etc.).
Transaction and investment data (past and current investments, investment profile, investment objectives, investment and transaction details, etc...).
Payment data (originators, beneficiaries, correspondent Bank, etc.).
Data on contacts with the Bank and interviews with Bank employees on or off the premises.
Any other information or data submitted to the Bank.
Source of personal data collected
The Bank collects and receives personal data from the contracting party, Related Parties or prospects, and from various public data sources (commercial register, land register, sanction lists, etc.), from data sources accessible by subscription or from third parties.
Transfer of personal data to third parties
The Bank may be required to transfer personal data (i) for the purpose of performing the services agreed with the contracting party to counterparties, stock exchanges, exchange or central repositories, clearing or settlement houses, payment companies or institutions such as Swift, third-party fund managers; (ii) to courts, criminal prosecution authorities, market supervisory authorities such as FINMA, self-regulatory organizations (AMLA), tax authorities, government agencies, public registers, notaries, experts, correspondents, auditors, accountants, banks, trustees, heirs, executors, (iii) to service providers, in particular authorized IT service providers who process personal data on its behalf and to whom certain tasks are outsourced, (iv) to any other recipient for whom the customer has consented to the transfer of its personal data, thereby waiving its right to secrecy (v) to third parties where necessary to exercise and protect its rights.
In certain circumstances, when necessary for the execution of the mandate entrusted by the contracting party or in special cases expressly provided for by applicable laws, personal data may be transferred or stored abroad, including in jurisdictions that do not have the same level of protection for personal data as Switzerland.
When personal data is transferred to third parties domiciled in jurisdictions that do not offer an appropriate level of data protection, the Bank endeavours to obtain the appropriate guarantees so that personal data continues to be adequately protected.
Length of time for which personal data is stored and recorded
Personal data will be kept for as long as necessary for the purpose of processing, in order to enable the fulfilment of the Bank's contractual and legal obligations.
In addition, personal data may be retained for evidentiary purposes in accordance with the applicable legal provisions on prescription.
Rights under data protection legislation
The rights of any person whose personal data is held by the Bank are, in accordance with the legislation in force, as follows:
Right of access;
Right of rectification;
Right to request deletion;
Right to restrict processing in the event of contestation of the data’s accuracy, unlawful processing or exercise of a right of opposition,
Right to object to processing unless the Bank has compelling and legitimate reasons to do so;
Right to lodge a complaint with the Data Controller regarding the processing of personal data. Right to receive personal data in a current format.
The aforementioned rights are limited by the Bank's legal obligations, by the requirements of the contract agreed upon by the contracting party; by a legitimate interest of the Bank, in particular the defense, exercise or establishment of a right in court. In the event that the co-contractor decides not to provide certain personal data or to exercise one of the rights set out above to limit the processing of personal data, the Bank may not be able to provide the required services or certain services may be restricted. Revocation of consent by the data subject is effective only for the future.
The Bank is subject to a legal and contractual obligation of confidentiality. In addition, the Bank implements internal technical and organizational measures to secure the personal data of the contracting party, Related Persons and prospects, which may include access limitation and physical security measures. The Bank requires its employees and auxiliary persons, who perform tasks in its name or on its behalf, to comply with appropriate standards, including the obligation to protect all information and to take adequate measures for the use and transfer of personal data.