Client Information on Data Protection

Consilior Ltd (hereinafter: the company) provides this client information document to inform you about the collection and processing of your personal data in relation to your asset management / investment advisory mandate.

Identity and contact details of the Data Controller:

Consilior AG
Hauptstrasse 53
CH-4127 Birsfelden
+41 61 201 11 80
mail@consilior.ch
www.consilior.ch

This document is aligned with the EU General Data Protection Regulation («GDPR»), the Swiss Data Protection Act («DPA») and aims to fulfill the company’s information duties. However, the application of these laws depends on each individual case.

A.  Collection and Processing of Personal Data

Personal data includes any information relating to an identified or identifiable natural person. As part of its mandate, the company collects several types of your personal data.

These include in particular:

  • Personal detail (e.g. name, address, date of birth, civil status)
  • KYC information (e.g. source of wealth / funds, profession, transaction details)
  • Bank account information (e.g. IBAN)
  • Investment profile

This also includes all other information that you provide to us or is inevitably collected while providing the agreed-upon service.

Insofar as it is permitted to us, we may also receive your personal data from affiliated companies, authorities or other third parties (such as e.g. internet, custodian banks). Apart from data you provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public registers, data received in connection with administrative or court proceedings, information about you in correspondence and discussions with third parties, information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. powers of attorney), information related to legal requirements such as anti-money laundering regulations, information about you found in the media or internet (insofar as indicated in the specific case).

In principle, we retain this data for a period of 10 years after the purpose of processing has been fulfilled. This period may be extended if it is necessary for evidentiary purposes or to comply with legal or contractual requirements.

B.  Purpose of Data Processing and Legal Bases

The company primarily uses collected data in order to perform the agreed-upon services vis-a-vis our as well as in order to comply with domestic and foreign legal obligations.

In addition, in line with the applicable law and where appropriate, we may process personal data for the following purposes, which are in our (or, as the case may be, any third parties) legitimate interest, such as:

  • Providing and developing our products, services and websites, apps and other platforms, on which we are active.
  • Advertisement and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our client base and you receive advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings).
  • Asserting legal claims and defense in legal disputes and official proceedings.
  • Prevention and investigation of criminal offences and other misconduct.
  • Ensuring the operation of our IT systems, websites, apps, and other devices.
  • Audit requirements

C.   Data Subject Rights

In accordance with the applicable law, individuals whose personal data is processed («data subjects”) are guaranteed several rights in relation to the processing of their data. It is important to the company that you can exercise your rights easily and transparently, should you wish to do so.

In particular, you have the following rights:

  • The right to request and receive information as to whether and which of your data we are processing.
  • The right to have inaccurate or incorrect data corrected.
  • The right to object to all or specific instances of processing.
  • The right to request the deletion of your data.
  • The right to request that we provide you with certain personal data in a commonly used electronic format or transfer it to another data controller (data portability).
  • The right to withdraw consent where our processing is based on your consent.
  • The right to obtain further information on the exercise of these rights upon request.

In general, to exercise these rights, it is necessary for you to provide proof of your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us in writing using the details provided above. It is important to note that we reserve the right to enforce statutory restrictions or exceptions in certain cases. For example, if we are obligated to retain or process specific data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.

Please further note that the exercise of these rights may be in conflict with your contractual obligations, and this may result in consequences such as premature contract termination and may involve costs. If this is the case, we will inform you in advance unless this has already been contractually agreed upon.

In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner.

D.   Sharing Data with Third Parties and Transfer of Data Abroad

In connection with our mandate, services, products, and legal obligations, and in accordance with the previously stated purposes of data processing, we may transfer data to third parties. Such transfers will occur when permitted and considered appropriate, either for the purpose of data processing on behalf of the company («data processors») or, as the case may be, their own purposes («joint controllers»). In particular, the following categories of recipients may be concerned:

  • Domestic and foreign authorities, official bodies and courts
  • Other parties in potential and actual court proceedings

All recipients are located in Switzerland and your personal data is not transferred abroad.

E.    Changes to this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply. If the Privacy Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.