Privacy Statement of Banque Eric Sturdza SA

Personal Data and legal basis

Bank Eric Sturdza S.A. (hereinafter: ”the Bank”) collects, processes and protects Personal Data concerning its “Contracting Parties” and /or “Related Person(s)” (together the “Data Subjects”) in the context of existing and/or potential relationships or in the context of the use of our websites and applications.

A “Contracting Party” is a Business or Employment Relationship, including, but not limited to Account Holder, Bank Employee, and Supplier.

A “Related Person” means an individual or entity whose personal data is known to us in connection with a Business Relationship. Related Persons may include, but is not limited to: director, officer, signing officer or employee of a company, a trustee, settlor or protector of a trust, an economic beneficiary of a customer’s assets, a controlling interest, representative or agent of a customer, family member(s) of a customer and any other individual or entity that has a relationship with a customer that is relevant to a Business Relationship.

When the Contracting Party entrusts Personal Data concerning any Related Persons, the Contracting Party is responsible to inform the Related Persons by providing them with a copy of this Privacy Statement.

The Bank processes Personal Data in accordance with the Swiss Federal Act on Data Protection (FADP). Personal Data may also be subject to banking secrecy or other contractual, regulatory or professional confidentiality obligations applicable to the Bank.

Collection and processing of Personal Data

The Bank collects and processes Personal Data for the following purposes:

1. As is necessary in relation to a contract to which the Data Subject is a party, or to carry out pre-contractual measures that occur as part of a request, in particular, but not limited to the following:

• Opening and management of an account and/or setting up a Business Relationship with the Bank, including all related operations for Data Subject identification;
• Any other financial services related to an account, including financial services expressly requested by the Data Subject;
• The execution of investment or payment transactions;
• The provision of advice including asset and portfolio management and the distribution of financial products.

2. Based on the Bank’s legal and regulatory obligations, for instance:

• Providing information on the Bank’s products and services to the Data Subject;
• Monitoring compliance with legal obligations in the area of financial market regulation;
• Conducting audits and/or regular reviews;
• Carrying out any form of cooperation with, or reporting to, competent authorities, in particular supervisory authorities, authorities responsible for combating money laundering and terrorist financing, authorities involved in the automatic exchange of information in tax matters (including the OECD Common Reporting Standard and the US Foreign Account Tax Compliance Act (FATCA)) and data protection authorities;
• Any measure to comply with international sanctions in accordance with the procedures established by the Bank, including the processing of Personal Data for screening purposes;
• Any risk management measures, including market, credit, operational, liquidity, legal and reputation risks;
• Recording telephone conversations and electronic communications with Data Subjects where relevant for risk management purposes (e.g. to combat fraud and other criminal offences).

3. In connection with legitimate interests of the Bank, including:

• Any processing aimed at developing a Business Relationship;
• Any processing necessary to enable the Bank to establish, enforce or oppose actual or potential legal claims, or to enable the Bank to handle internal investigations;
• Recording images (e.g. video surveillance) for ensuring the security of individuals, assets, property, buildings, as well as critical infrastructure and IT systems.

Where required, The Bank will ask Data Subject for their consent in due time before processing data.

Should Personal Data be collected and processed for purposes other than listed above, the Bank will inform the Data Subject in advance.

Processing of personal data by the Bank does not include automated decision-making.

Nature of information on Data Subjects

Personal Data include any information relating to an identified or identifiable natural person or as defined in the applicable law. The Bank processes the following categories of Personal Data in particular with regard to Data Subjects:

1. Identifying data (name, address, telephone number, e-mail address, business contact information, video and audio recordings, etc.).
2. Personal information (date of birth, country of birth, nationality, copy of identity documents with photo, professional activity, professional experience, professional skills, power of representation, possible sentences or proceedings, reputation checks and background checks; due diligence information e.g. results of anti-money-laundering checks, credit checks).
3. Identifiers issued by public authorities (passport, tax identification number, social security number, etc.).
4. Financial information (personal and family financial situation, credit history, bank details, tax information, account history information).
5. Transaction and investment data (past and current investments, investment profile, investment objectives, investment preferences, amounts invested, number and value of financial instruments held, role played in a transaction (seller / buyer), details of a transaction, investment instructions, suitability test, asset allocation).
6. Payment data (originators, beneficiaries, correspondent bank, payment instructions etc.).
7. Data on contacts with the Bank and interviews with employees of the Bank on or off the premises.
8. Any records of telephone calls with the Bank or other information related to interactions with data subjects. (visits, contact forms, connections to Bank applications).
9. Based on prior consent, certain web browsing information, e.g. cookies and similar technologies on websites (see our Cookies policy).
10. Additional data with regards to employees of the Bank, staff and job candidates (e.g. CV, job references, education, trainings, absence due to illness, holidays, business trips).

Source of Information on Data Subjects collected

The Bank collects and receives Personal Data directly from each Data Subject, for example when a Data Subject contacts the Bank or fills in a Bank form; and/or indirectly from external sources, including any publicly available sources (commercial register, land register, sanctions lists, press, media, internet), information available through subscription services or through third parties (e.g. a business introducer or external asset manager, head hunters). Personal Data are also collected through the use of the Bank’s website.

Transfer of Personal Data to third parties

The Bank may be required to disclose or make accessible Personal Data to the following recipients, provided this is legally or otherwise authorized or required:

1. To stock exchanges, trading platforms, brokers, exchange or central repositories, banking correspondents (including custodian, sub-custodians, clearing or settlement houses), payment companies or institutions such as Swift, credit card issuers;
2. To courts, criminal prosecution authorities, market supervisory authorities such as FINMA, self-regulatory organizations, tax authorities, government agencies, public registers, notaries, experts, auditors or legal advisors, trustees, heirs and will executors;
3. Service providers including IT, back office, hosting, storage, printing, communication, document destruction support; software and application service providers, market data service providers, business intelligence, accountants & payroll specialists, HR agencies;
4. Insurance companies; and
5. Financial product manufacturer and third-party fund managers.

Transfer abroad

The Bank processes and stores Personal Data in connection with the conclusion or performance of contracts directly or indirectly related to our Business Relationship in data centres located in Switzerland. In certain circumstances the Bank may disclose, transfer and/or stored Personal Data abroad (“International Transfer”).

International Transfers may include the transfer to jurisdictions that: (i) ensure an adequate level of data protection for the rights and freedoms of Data Subjects as regards Processing; (ii) benefit from adequacy decisions as regards their level of data protection (e.g. adequacy decisions from the Swiss Federal Data Protection and Information Commissioner); or (iii) do not benefit from such adequacy decisions and do not offer an adequate level of data protection. In the latter case, the Bank will ensure on best effort basis that appropriate safeguards are provided, e.g. by using standard contractual data protection clauses recognized by the Swiss data protection authority.

Length of time for which Personal Data is stored and recorded

Personal Data will be kept for as long as necessary for their processing and in order to fulfil the Bank’s contractual and legal obligations. After this retention period, the Bank safely destroys Personal Data or makes it completely anonymous.

In principle, Personal Data will be kept for a period of ten (10) years after the end of a Business Relationship.

Rights under data protection legislation

Each Data Subject has the following rights with regard to his or her Personal Data:

1. Right to access and obtain information concerning their Personal Data;
2. Right to have their Personal Data rectified if it is inaccurate, incomplete or obsolete;
3. Right to oppose the processing of their Personal Data;
4. Right to withdraw consent at any time when Personal Data Processing is based on consent;
5. Right to delivery or transmission of Personal Data;
6. Right to request a limit on the processing of their Personal Data;
7. Right to obtain a copy of, or access to, the appropriate or suitable safeguards which the Bank may have implemented in case of transferring the Personal Data abroad; and;
8. Right to request the deletion of their Personal Data when it is no longer necessary for the purposes for which it was collected or processed or when the Data Subject has withdrawn his/her consent (in cases where the processing of the Personal Data in question is based on the consent of the Data Subject).

All Data Subjects may, at any time and without justification, object to the use of their Personal Data for marketing purposes, including profiling if it serves this purpose, by the Bank or by third parties. Revocation of consent shall only have effect for the future. Any processing that was carried out prior to the revocation shall not be affected thereby.

Failing to provide certain Personal Data or revoking consent may preclude the Bank from establishing or pursuing a Business Relationship, and/or from rendering services, including maintaining the Contracting Party’s account with the Bank.

The aforementioned rights are limited by the Bank’s legal obligations, by the requirements of the contract agreed upon by the Contracting Party; by a legitimate interest of the Bank, in particular the defence, exercise or establishment of legal claims.

Security

The Bank is subject to a legal and contractual obligation of confidentiality. In addition, the Bank implements internal technical and organizational measures to secure the Personal Data of Data Subjects, which may include access limitation and physical security measures. The Bank requires its employees and affiliated persons, who perform tasks in its name or on its behalf, to comply with appropriate standards, including the obligation to protect all information and to take adequate measures for the use and transfer of Personal Data.

The Bank regularly reviews its security policies and procedures to ensure systems are secure and protected and to ensure compliance with all applicable data protection and security laws.

Responsibility for data processing

The Bank is the entity responsible for the processing of Data Subjects’ Personal Data. For any question in connection with the processing of Personal Data, a Data Subject can contact the Bank at the following address:

If a Data Subject is not satisfied with the answer provided by the Bank, he has the right to contact the Federal Data Protection and Information Commissioner.

The Bank reserves the right to amend this Notice at any time.

September 2023