Data Protection Policy
1. General
This Data Protection Policy provides information about Basso Global Partners AG (“BGP”). BGP obtains and processes personal data on its own responsibility in its capacity as a financial institution.
“Personal data” means all information relating to an identified or identifiable natural person. “Processing“ means any handling of personal data, irrespective of the means and procedures applied, in particular the collection, storage, retention, use, revision, disclosure, archiving, deletion or destruction of personal data.
It is possible that any other documents, such as conditions of participation or similar declarations, regulate specific data processing.
If the data subject provides BGP with personal data of other persons (e.g. family members, work colleagues or employees), the data subject must ensure that these persons are aware of this Privacy Policy. Their personal data may only be disclosed to BGP if the data subject is authorised to do so and the personal data is correct.
2. Controller and contact
This Privacy Policy applies in the context of an enquiry or correspondence, a customer relationship or other contractual relationship involvingthe processing of your personal data. BGP’s contact details regarding data protection matters are as follows:
Basso Global Partners AG
St Annagasse 9
8001 Zürich
Switzerland
info@bassoglobalpartners.com
3. Collection and processing of personal data
BGP primarily obtains and processes personal data that is provided to it by a client organization or a data subject representing a client organisation, e.g. when opening a business relationship, in the context of the execution of contracts, the use of products and services or on websites or other applications. BGP also processes personal data which is collected in the context of the use of products or services and is transmitted to BGP. BGP may, to the extent permitted, obtain personal data from publicly accessible sources, from authorities or from other third parties.
4. Categories of personal data
BGP processes various categories of personal data. The most important categories are the following:
- Master and inventory data (e.g. name, address, nationality, date of birth, information regarding account, custody account, concluded transactions and contracts, information on third parties affected by data processing, such as spouses, authorised representatives and advisors).
- Technical data (e.g. business numbers, IP addresses, internal and external identifiers, records of access).
- Transaction, order and risk management data (e.g. details of beneficiaries of transfers, beneficiary bank, amount of transfers, details of investment products).
- Financial data (e.g. creditworthiness data, information on assets, liabilities, risk and investment profile)
- User and prospect data (e.g. users of BGP’s websites)
- Marketing data (e.g. preferences, needs)
- Communication data (e.g. contact data such as email address, telephone number)
- Other data (e.g. video or audio recordings, access data)
Many of these items of data are disclosed to BGP by the data subject himself/herself. The categories of personal data that BGP receives from third parties include, in particular, information from public registers, information obtained in connection with official and legal proceedings, creditworthiness information, information on compliance with legal requirements such as those relating to combating fraud, combating money laundering and terrorism financing or export restrictions, information from banks, insurance companies, distribution and other contractual partners of BGP relating to the use or provision of services, information from the media and the internet, address and, where applicable, other socio-demographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed to the data subject.
5. Purposes of the processing
BGP processes personal data primarily to provide its own services, to process contracts with clients and business partners and to comply with legal obligations. BGP processes personal data for the purpose of providing these management, coordination and control functions.
In addition, BGP processes personal data, where permitted and appropriate, for the following purposes:
- Conclusion and fulfilment of contracts, execution, processing and administration of products and services (e.g. invoices, payments, financial planning, investments, pension provision, insurance).
- Monitoring and controlling risks (e.g. investment profiles, anti-money laundering, thresholds, utilisation figures, market risks).
- Planning, business decisions (e.g. development of new or assessment of existing services and products).
- Marketing, communicating, informing about and reviewing the service offering (e.g. print and online advertising, customer, prospects or other events, identifying future customer needs, assessing a customer, market or product potential).
- Fulfilment of legal or regulatory obligations to provide information or to report to courts and authorities, fulfilment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
- Prevention and investigation of criminal offences or other misconduct (e.g. through internal investigations).
- Safeguarding the interests and securing the claims of BGP, e.g. in the event of claims against the BGP or claims of BGPagainst third parties.
- Ensuring operations, in particular of the IT, the website and other platforms.
- Preparation and execution of transactions relating to the acquisition or sale of companies or parts of companies or other transactions under corporate law.
Insofar as consent has been given to process personal data for specific purposes (e.g. when registering for a newsletter), the personal data will be processed within the scope of and based on this consent, insofar as no other legal basis is given and necessary. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
6. Data security
BGP undertakes to protect personal data for the data processing’s for which it is responsible in accordance with applicable laws. The protection of personal data includes appropriate technical and organisational security measures (e.g. access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, training of employees, etc.).
7. Disclosure to third parties and data transfer abroad
BGP might disclose personal data to the following third parties (recipients) in the following cases:
- For outsourcing in accordance with section 8 and for the purpose of customer care to other service providers.
- For order execution, i.e. when products or services are used.
- Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
- To the extent necessary to protect the legitimate interests of BGP,g. in the event of legal action threatened or initiated by clients against BGP, in the event of public statements, to secure claims of BGP against clients or third parties, in the event of the collection of claims, etc.
- With the consent of the data subjects to other third parties.
Recipients of personal data are usually in Switzerland. Particularly when using certain products or services of BGP, personal data may also be disclosed to third parties outside of Switzerland (e.g. Europe or the USA).
Where a recipient is located in a country without an adequate level of data protection, BGP shall contractually oblige the recipient to comply with the applicable data protection (e.g. with standard contractual clauses), unless the recipient is already subject to a legally recognised set of rules to ensure data protection or BGP cannot rely on an exemption provision.
8. Outsourcing of business areas or services (outsourcing)
BGP will outsource certain business areas and services in whole or in part to third parties. The service providers who process personal data on behalf of BGP for this purpose (so-called processors) are carefully selected. Whenever possible, BGP uses processors domiciled in Switzerland. The processors may be entitled to have certain services provided by third parties. The processors may only process personal data received in the same way as BGP as sole controller themselves and are contractually obliged to ensure the confidentiality and security of the data.
9. Automated decisions in individual cases including profiling
BGP reserve the right to process personal data automatically in the future, in particular in order to identify essential personal characteristics of the customer, to predict developments and to create customer profiles. This serves in particular the assessment and further development of offers and the optimization of the provision of services.
10. Use of websites and cookie policy
When a person visits the BGP’s websites, the web server automatically records details of their visit (e.g. the website from which the visit takes place, the visitor’s IP address, the content of the website that is accessed, including the date and duration of the visit). Such tracking data is used to optimise the website and provide information on how visitors use the products, services and offers. Typically, however, such tracking does not allow any conclusions to be drawn about the identity of the visitor(thus in this respect, no personal data is processed).
If a website visitor provides personal data, e.g. by filling in a registration form or message field for newsletters etc., BGP may use this data in particular for the following, in addition to the purposes set out in section 5:
- for customer and user administration;
- to inform the visitor about services and products;
- for marketing purposes (e.g. sending newsletters);
- for the technical „hosting“ and further development of the websites.
When visiting the website, the visitor’s data is transported via the internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. This entails the risk that data may be disclosed or its content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message is faked or manipulated in some other way by unauthorised persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, or that data may be transmitted uncontrolled abroad, where data protection requirements may be lower than in Switzerland, etc.
By using the website, visitors confirm their express agreement with this Privacy Policy and the risks mentioned.
In addition, by using BGP’s website, a visitor consents to the use of cookies. Cookies are small files that are stored on the visitor’s computer to track the corresponding website visit and navigation between different pages and/or to save settings (e.g. selected language). Cookies are used to collect statistical data on the frequency and time of visits to individual website areas and help to design tailored, useful and user-friendly websites. The visitor can opt out of the use of cookies at any time by deleting the cookies set by the website. Deletion is possible via the settings in the visitor’s internet browser.
Occasionally, BGP may use third-party components (such as plug-ins) to enhance the user experience and online advertising campaigns. These components may also use cookies for similar purposes. These third parties do not have access to the data collected through cookies. Finally, BGP may also use cookies in the context of advertisements on third party websites with which BGP has marketing relationships. To the extent that third parties collect anonymised information about the use of the websites and other websites, BGP may use this anonymised data to improve the effectiveness of advertising.
This Privacy Policy does not apply to personal data that BGP receives as result of a client’s or data subject’s use of third-party websites. BGP has no influence on the content and data protection practices of third-party websites and cannot accept any responsibility for them.
11. Duration of storage
The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal retention and documentation obligations, which amount to five, ten or more years depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it is deleted or made anonymous as far as possible.
12. Rights of the data subjects
Anyone can request information from BGP as to whether personal data about him/ her is being processed. There is a right of objection or restriction of processing and, where applicable, the right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, unless legal or regulatory obligations (e.g. legal retention obligations of business-relevant data) or technical hurdles prevent this. The deletion of data may have the consequence that certain services can no longer be provided. In addition, where applicable, there is a right of appeal to a competent authority. Where BGP processes personal data on the basis of consent, this consent may be revoked at any time. It should be noted that BGP reserves the right invoke the restrictions provided for by law on its part, for example if it is obliged to retain or process certain data, has an overriding interest in doing so (insofar as it is entitled to rely on this) or require such data for the assertion of claims.
In responding to your request, we ask for a corresponding, comprehensible message. We will review and respond to the concerns within a reasonable period of time.
13. Changes
BGP may amend this data protection declaration at any time without prior notice. The current version published on the BGP website from time to time shall apply.