Data Privacy is important please read the statement below.

Similar documents
Data Privacy Statement

Data Protection Information The following data protection information gives an overview of our collection and processing of your data.

Data protection information under the EU General Data Protection Regulation in Italy

Data Protection Notice pursuant to the General Data Protection Regulation (GDPR)

Data protection information under the EU General Data Protection Regulation in Germany

Privacy policy - contractors

2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

Julius Baer Trust Company (Channel Islands) Limited Lefebvre Court, Lefebvre Street, P.O. Box 87, St. Peter Port, Guernsey GY1 4BS, Channel Islands

General Data Protection Regulation (GDPR) Data Protection Notice

Duty to inform for data collection

privacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

Data protection. VTB Bank (Europe) SE Rüsterstraße 7-9 D Frankfurt am Main Tel: Fax:

DATA PROTECTION POLICY. AtonLine Limited

Edmond de Rothschild (Suisse) S.A. Personal Data Protection Charter

Deutsche Bank Aktiengesellschaft. 1. Who is responsible for the data processing and who can I contact in this regard

DATA PROTECTION NOTICE

Data Privacy Notice. Who are we and why do we register and use personal data?

1. Personal data processed by NOVO BANCO as the data controller

If you are a business partner, we will collect your business contact details. Gender. Marital Status. Criminal History

Data protection information for customers and interested parties

LEGAL PRIVACY NOTICE (EFFECTIVE MAY/2018) 12 Demostheni Severi Avenue 5th Floor 1080 Nicosia Cyprus

Privacy notice. What personal data do we register and use?

Information about Danica Pension s processing of personal data

Data Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC )

Information on the Collection and Processing of your personal data

Transborder data transfers briefly explained

CP is licenced and supervised by the Commission de Surveillance du Secteur Financier (hereinafter CSSF ).

Privacy Policy Statement

FINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: PRIVACY NOTICE

WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?

EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )

Privacy Statement v 1.1

Privacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.

Information duty pursuant to the GDPR.

European Union General Data Protection Regulation

PERSONAL DATA PROCESSING BY GOLDMAN SACHS FAIR PROCESSING NOTICE FOR REPRESENTATIVES OF CLIENTS AND PROSPECTIVE CLIENTS EFFECTIVE DATE: 25 MAY 2018

Privacy Statement. Key Definitions. Data Controller. Processing

FUNDS MANAGED BY GOLDMAN SACHS ASSET MANAGEMENT - FAIR PROCESSING NOTICE EFFECTIVE DATE: 25 MAY 2018

Claims Handling We process Your Personal Data in order to record and handle your insurance claim. This may include sharing your Personal Data with:

We protect your data and privacy by taking all relevant measures in accordance with applicable legislation.

Home Insurance. Privacy Notice

We are the Sanne Group, a listed multinational provider of alternative asset and administration services.

Chapter 2: Duties of Financial Intermediaries Section 1: Duty of Due Diligence

We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.

The EU s General Data Protection Regulation enters into force on 25 May 2018

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

ANNEXURE. Privacy Notice

EU Data Processing Addendum

WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

Mortgages and Loans Privacy policy

Privacy Policy for IFU Investment Fund for Developing Countries

Moxtra, Inc. DATA PROCESSING ADDENDUM

Quotation/Inception. Renewal. Policy administration. Claims processing PRIVACY POLICY

Ark Syndicate Management Limited. Privacy and Transparency Notice. Version 1

PROXY FORM ( 1 ) WITH THIS FORM

henriksen limited This document sets out how Henriksen processes data and your rights as the data subject.

Data Processing Appendix

Comparison of the current and future General Conditions of Credit Suisse AG

DATA PROTECTION NOTICE. The protection of your personal data is important to the BNP Paribas Group 1.

DATA PROTECTION STATEMENT

All Sorts UK Limited Data Protection Policy 17 th May 2018

Federal Act on Combating Money Laundering and Terrorist Financing

YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT

HOW TO EXECUTE THIS DPA:

GENERAL DATA PROTECTION REGULATIONS PRIVACY NOTICE

Withdrawal from the UBS vested benefits account for residential property for your own use

DATA PROTECTION NOTICE

PRIVACY NOTICE. I. Indication of the data controller

INFORMATION ON THE PROCESSING OF PERSONAL DATA

DATA PROCESSING ADDENDUM

Capital Dynamics Privacy Policy

Fair Processing Notice

Annuity Death Benefit Payment Authority

JOSTENS EUROPEAN PRIVACY POLICY

Principles of Processing the Personal Data of Clients

CUSTOMER DATA PROCESSING ADDENDUM

Notification. Collection, Process and Use of Personal Information. by Citibank

PRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd

Applicable for clients of the entities named under point 1 hereunder.

Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)

SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY

Federal Act on Combating Money Laundering and Terrorist Financing

Citi Canada. Privacy of Personal Information Statement

Purpose Explanation Legal basis Data processing duration

SECTION 1 IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

INFORMATION FORM FOR PROSPECTIVE TENANTS NON-STUDENTS

DATA PROTECTION INSURANCE MARKET CORE USES INFORMATION NOTICE

DEAL BY SEA LTD PRIVACY NOTICE

Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)

DATA PROCESSING ADENDUM

ADMIRAL MARKETS AS PRIVACY POLICY

Data Protection Privacy Notice for people not directly involved in the accident

Data Processing Addendum

DATA PROCESSING ADDENDUM

STATEMENT ON PROCESSING OF PERSONAL DATA

PRIVACY NOTICE 1. WHAT IS A PRIVACY NOTICE & WHY IS IT IMPORTANT?

Customer Privacy Notice Edition

Terms and Conditions of Use for the Credit Suisse TWINT App

BDML Connect Ltd Privacy Policy_v1.0_March updated Markerstudy Group 2018 Page 1 of 11

Transcription:

Duties of disclosure upon collection of personal data from the data subject in accordance with Article 13 paragraphs 1, 2, and 4, as well as Article 21 paragraph 3 of the EU General Data Protection Regulation (GDPR). Data Privacy is important please read the statement below. CREDIT SUISSE AG/CREDIT SUISSE (SWITZERLAND) Ltd. has issued below Privacy Statement in the light of the upcoming revision of the Swiss Data Protection Act and the enactment of GDPR, the new data protection and privacy regulation of European Union (EU). Although GDPR is an EU regulation it is relevant for CREDIT SUISSE AG/CREDIT SUISSE (SWITZERLAND) Ltd. for a couple of reasons, among others for example: Swiss data protection legislation is historically closely tied to EU regulations, anticipated changes to the Swiss data protection landscape are strongly influenced by the GDPR, and lastly, the GDPR imposes high standards of personal data protection with extra-territorial reach what means that companies based outside the EU are in certain circumstances bound by its provisions. We therefore kindly ask you to familiarize yourself with the Data Protection Information found below. 1/6

Data Protection Information The following data protection information gives an overview of the collection and processing of your data With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws. The details on what data will be processed and which method will be used depend significantly on the services applied for or agreed upon. 1. Who Is Responsible For Data Processing and How Can I Contact Them? The unit responsible is and you can reach our company privacy officer at: CREDIT SUISSE AG/CREDIT SUISSE (SWITZERLAND) Ltd. Legal Data Management Switzerland, YXSD 8070 Zurich ZH Switzerland E-Mail: switzerland.data-protection@credit-suisse.com 2/6

2. What Sources and Data Do We Use? We process personal data that we obtain from our clients in the context of our business relationship. We also process insofar as necessary to provide our service personal data that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other companies in CREDIT SUISSE 1 or from other third parties (e.g. a credit agency). Relevant data is personal information (e.g. name, address and other contact details, date and place of birth, and nationality), identification data (e.g. ID card details), and authentication data (e.g. sample signature). Furthermore, this can also be order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions), information about your financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets), marketing and sales data (including advertising scores), documentation data (e.g. consultation protocol), and other data similar to the categories mentioned. 3. What Do We Process Your Data for (Purpose of Processing) and On What Legal Basis? We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP): a. b. For fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR) Data is processed in order to provide banking business and financial services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific product (e.g. bank account, credit, saving with building societies, securities, deposits, client referral) and can include needs assessments, advice, asset management and support, as well as carrying out transactions. You can find other details about the purposes of data processing in the relevant contract documents and terms and conditions. In the context of balancing interests (Art. 6 para. 1f of the GDPR) Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples: Consulting and exchanging data with information offices (e.g. debt register) to investigate creditworthiness and credit risks in credit business and the requirement for an account maintained with a basic non-seizable balance and basic accounts Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions Marketing or market and opinion research, unless you have objected to the use of your data Asserting legal claims and defense in legal disputes Guarantee of a bank s IT security and IT operation Prevention and clarification of crimes Video surveillance to protect the right of owner of premises to keep out trespassers, for collecting evidence in hold-ups or fraud, or to prove availability and deposits, e.g. at ATMs Measures for building and site security (e.g. access controls) Measures for ensuring the right of owner of premises to keep out trespassers Measures for business management and further development of services and products Risk control in CREDIT SUISSE. In addition we obtain personal data from publicly available sources for client acquisition purposes. c. d. As a result of your consent (Art. 6 para. 1a of the GDPR) As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of trading activities for marketing purposes), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal. Due to statutory provisions (Art. 6 para. 1c of the GDPR) or in the public interest (Art. 6 para. 1e of the GDPR) Furthermore, as a bank, we are subject to various legal obligations, meaning statutory requirements (e.g. the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Mortgage Bond Act, FINMA ordinances and circulars, tax laws) and bank regulatory requirements (e.g. Swiss National Bank, FINMA). Purposes of processing include assessment of creditworthiness, identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks within CREDIT SUISSE. 1 This includes Credit Suisse companies in Switzerland and abroad. 3/6

4. Who Receives My Data? Within the bank, every unit that requires your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents appointed by us can also receive access to data for the purposes given, if they maintain banking confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing. With regard to transferring data to recipients outside our bank, to begin with it is to be noted that, as a bank, we are obliged to be discrete regarding all client-related matters and assessments of which we acquire knowledge (banking confidentiality pursuant to our general terms and conditions). We may pass on information about you only if legal provisions demand it, if you have given your consent (e.g. to process a financial transaction you have ordered us), or if we have been authorized to issue a bank inquiry. Under these requirements, recipients of personal data can be, for example: Public entities and institutions (e.g. Swiss National Bank, FINMA, financial authorities, criminal prosecution authorities) upon providing a legal or official obligation. Other credit and financial service institutions or comparable institutions to which we transfer your personal data in order to carry out a business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, brokers, stock exchanges, information offices). Other companies within CREDIT SUISSE for risk control due to statutory or official obligation. Other recipients of data can be any units for which you have given us your consent to transfer data or for which you have released us from banking confidentiality by means of a declaration or consent. 5. a. b. Will Data Be Transferred to a Third Country or an International Organization? Data transfer to units in states outside Switzerland and the EU (known as third countries) takes place so long as It is necessary for the purpose of carrying out your orders (e.g. payment and securities orders) It is required by law (e.g. reporting obligations under fiscal law), or You have granted us your consent Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information (Article 13 para 1f of the GDPR). 6. For How Long Will My Data Be Stored? We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations. It should be noted here that our business relationship is a long term obligation, which is set up on the basis of periods of years. If the data is no longer required in order to fulfill contractual or statutory obligations, it is deleted, unless its further processing is required for a limited time for the following purposes: Fulfilling obligations to preserve records according to commercial and tax law: This includes in particular the Swiss Code of Obligations, the Federal Act on Value Added Tax, the Federal Act on Direct Taxation, the Federal Act on Harmonization of Direct Taxes of Cantons and Municipalities, the Federal Act on Stamp Duties and the Federal Act on Withholding Tax. As a bank we can face legal holds 2, which require us to keep records for an undefined period of time. 7. What Data Privacy Rights Do I Have? Every data subject has the right to access according to Article 8 FADP (Article 15 of the GDPR), the right to rectification according to Article 5 FADP (Article 16 of the GDPR), the right to erasure according to Article 5 FADP (Article 17 of the GDPR), the right to restrict processing according to Articles 12, 13, 15 FADP (Article 18 of the GDPR), the right of object according to Article 4 FADP ( Article 21 of the GDPR), and if applicable the right to data portability according to Article 20 of the GDPR. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 of the GDPR). You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force, i.e. before May 25, 2018. 2 A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. 4/6

Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it. 8. Am I Obliged to Provide Data? In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you. In particular, anti-money laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose. In order for us to be able to comply with these statutory obligations, you must provide us with the necessary information and documents in accordance with the Anti-Money Laundering Act, and to immediately disclose any changes over the course of the business relationship. If you do not provide us with the necessary information and documents, we cannot enter into or continue the business relationship you desire. 9. To What Extent Is There Automated Decision-Making? In establishing and carrying out a business relationship, we generally do not use any automated decision-making pursuant to Article 22 of the GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement. 10. Will Profiling Take Place? We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance: Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and offenses that pose a danger to assets. Data assessments (including on payment transactions) are also carried out for this purpose. At the same time, these measures also serve to protect you. We use assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed including market and opinion research. We use scoring as part of the assessment of your creditworthiness. This calculates the probability that a client will meet the payment obligations pursuant to the contract. This calculation may be influenced by the client s earning capacity, expenses, pending liabilities, occupation, employer, term of employment, experience from the business relationship thus far, contractual repayment of previous credits, and information from credit information offices, for instance. Scoring is based on a mathematically and statistically recognized and established process. The calculated scores help us to make decisions in the context of product sales and are incorporated into ongoing risk management. 11. We may collect biometric data from you Biometric data is classified as sensitive personal data under the GDPR. Therefore, where required by applicable law, your explicit consent will be required in a separate process to use your Touch ID or other biometric identification to access certain applications. Thank you very much. Kind regards CREDIT SUISSE AG/CREDIT SUISSE (SWITZERLAND) Ltd. 5/6

Information on Your Right of Objection According to Article 21 of the General Data Protection Regulation (GDPR) 1. Right to Object to Data Processing for Direct Marketing Purposes In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object to the processing of your personal data for the purpose of this type of marketing at any time. This also applies to profiling, insofar as it is in direct connection with such direct marketing. If you object to processing for the purpose of direct marketing, we will no longer process your personal data for this purpose. 2. Individual Right of Objection On grounds relating to your particular situation, you shall have the right of objection, at any time to processing of your personal data which is based on Article 6 paragraph 1 subparagraph e of the GDPR (data processing in the public interest) and Article 6 paragraph 1 f of the GDPR (data processing based on balancing interests). This also applies to profiling based on this provision in terms of Article 4 No. 4 of the GDPR. If you submit an objection, we will no longer process your personal data unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defense of interests. Please note, that in such cases we will not be able to provide services and maintain a business relation. The objection does not need to be made in a particular form and should ideally be addressed to: CREDIT SUISSE AG/CREDIT SUISSE (SWITZERLAND) Ltd. Legal Data Management Switzerland, YXSD 8070 Zurich ZH Switzerland E-Mail: switzerland.data-protection@credit-suisse.com 6/6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback