Data Protection Policy
This Data Protection Policy explains how Berclaz & Associés, hereinafter referred to as “the company” collects data from data subjects. In addition, this policy describes what the company does with this data when people deal with our company as part of a contract or when they communicate with us in any other way.
Collection of data
In its business activities, the company collects and processes the personal data of its clients and prospective customers, as well as persons linked to them (beneficial owner, controller, authorised representative, etc.). Personal data is information relating to an identified or identifiable natural person.
There are several types of data that may be processed by the company, in particular:
– Identification data (e.g. surname, first name, date of birth, gender, region of residence, identifier, access data, contract number, identity card/passport number, telephone number, e-mail address), authentication data (e.g. specimen signature, password),
– Transaction/investment-related data (e.g. beneficiary or originator details, communications)
– Contractual data (e.g. data relating to a product, a financial service or an application/granting of credit), data relating to family status (e.g. marital status, matrimonial regime, heirs)
– Professional data (business details, professional activity, employers)
– Financial data (extract from the register of debt enforcement proceedings, income, assets).
Source, consent, legitimate grounds
The personal data processed by the company comes directly from the person concerned and within the framework of the contractual relationship with the person (Consent of the declaring person).
The data held by us may also come from authorised third parties (e.g. business introducers, competent authorities), or by searching for information in public databases (e.g. commercial register, land register, search database, etc.).
Purpose of processing
The company processes your data for the conclusion, administration, and performance of contractual relations.
It may also process your data for security and statistical purposes.
Disclosure of personal data
- Communication to third parties
In the context of its mandates and the performance of contracts, the company may be required to communicate and exchange data with third parties:
– third parties involved in the relationship or acting on behalf of the customer, such as a financial infrastructure operator, a broker, a custodian bank or a bank issuer.
– outsourced service providers, such as IT, hosting, accounting, compliance or risk management service providers; and
– providers of monitoring, analysis, or consultancy services.
To guarantee a level of security that complies with the law, the company places its service providers under a contractual obligation to guarantee the confidentiality of the personal data they process and ensures that this obligation is complied with.
- Communication to authorities
At the request of public, judicial or administrative authorities or regulatory or government bodies, personal data may be transferred to them. A legal basis or decision will always justify such a transfer.
- Disclosure abroad
The company may disclose, transfer and/or store personal data outside Switzerland:
– in the context of the conclusion or performance of contracts directly or indirectly linked to the business relationship, for example in the context of outsourcing,
– if such a transfer is necessary to safeguard an overriding public interest.
– if such a transfer is necessary to enable the company to establish, exercise or defend itself against a present or future claim, or to enable the company to deal with an investigation by a public authority, in Switzerland or abroad; or
– in exceptional cases, where such a transfer is provided for by the applicable regulations (in particular in order to comply with obligations relating to the notification of stock market transactions).
If this transfer of personal data is made to a country that does not offer an adequate level of protection for personal data, the company will ensure that it obtains the client’s consent or puts in place appropriate safeguards, in particular contractual commitments, to guarantee secure and confidential processing.
Data security and confidentiality
The company collects and processes personal data in accordance with the LPD and is subject to confidentiality obligations arising from its field of activity.
Data retention
The period for which personal data is retained depends on the applicable legal and regulatory retention period, as well as the purpose for which the personal data is processed.
Generally, the company retains personal data for a period of 10 years from the end of the business relationship. A longer retention period may be justified in certain situations.
Individual rights
All the concerned person has the following rights in relation to their personal data, within the limits of the applicable regulations, in particular in the event of legal restrictions, overriding interests of third parties or abusive requests:
– the right to access personal data.
– the right to rectify inaccurate or incomplete personal data.
– the right to object to the processing of personal data and/or to request that the processing of personal data be restricted.
– the right to request the deletion of personal data. The right to deletion is not absolute, however, and may be restricted based on overriding interests that require the continued processing of personal data.
Any person concerned may exercise the rights by writing to the company at the address below. The request must be signed and accompanied by a copy of the identity document of the person concerned.
Contact
The company is responsible for processing data in accordance with this Data Protection Policy, unless otherwise required by law.
You can contact Berclaz & Associés for data protection issues and to exercise your rights at the following address.
Berclaz & Associés
Rue du Vieux Collège 8
CH – 1204 Geneva
Mail: joy.savoini@outsourcingcompliance.com