PRIVACY POLICY
Swiss Trade Desk Holding and any of its affiliated entities (“Swiss Trade Desk ”, “us” or “we”). Your privacy is important to us and a major concern for Swiss Trade Desk is that your data is treated in a responsible manner and in compliance with legal requirements. To this end, we take precautions, such as implementing robust technical and organizational security measures including password encryptions, firewalls, authentication technologies, access management, employee awareness-raising and training.
This Privacy Policy applies to our website visitors, current and potential clients, shareholders and investors or other business partners (including distributors, contractors, service providers, buyers, suppliers and other third parties) (“Business Partners”).
This Privacy Policy describes the way we process personal data about our Business Partners, and (if the Business Partner is an organization or legal entity) about the individuals who are acting as the representatives of (including employees, contractors or authorized signatories) or are otherwise linked to our Business Partners (“Data Subjects”, or “you”), when you visit our websites, use our products and services, use our mobile applications, register for any service (“Swiss Trade Desk Services”) or are otherwise interacting with us (for example in your capacity as a shareholder or investor).
Swiss Trade Desk is committed to complying with applicable data protection laws and regulations including the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”; “GDPR”) and the Swiss Federal Act on Data Protection of 25 September 2020 and its implementing ordinances (“FADP”) and thus to ensuring the protection and confidentiality of your personal data.
Please read this Privacy Policy carefully before registering for or using Swiss Trade Desk Services or before providing any personal data. As the processing of your personal data may depend on the Swiss Trade Desk Services requested or used by you, this Privacy Policy applies in addition to any specific privacy policy or terms for the respective Swiss Trade Desk Services.
As such term is defined by data protection laws and regulations. For example, according to Art. 4 (1) GDPR, “personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person can be identified directly or indirectly.
Within SwissTrade Desk, Swiss Trade Desk Holding and the Swiss Trade Desk affiliated entity/entities that you have a current or potential business relationship with, is/are the Controller responsible for the processing of your data. The responsibility under data protection laws and regulations for the processing of personal data lies in each case with the Swiss Trade Desk affiliated entity that decides whether and for what purposes the processing is carried out and how it is performed (“Controller”).
SOURCE AND CATEGORIES OF PERSONAL DATA – For the purposes outlined below, we may collect personal and corporate data, to the extent legally permitted, from the following sources:
We may collect personal data from you in your capacity as a Data Subject in the context of our current or potential business relationship or when using Swiss Trade Desk Services (for example, for account opening, during an advisory discussion, for enquiring, as part of your registration on our websites, when signing up for newsletters events, when participating in discussion boards or other social media functions on our websites, or when providing information relating to a job application registration); we may also collect personal data from our shareholders and investors;
Personal and corporate data may be provided to us by an organization or legal entity that is a Business Partner of Swiss Trade Desk if you are a representative of such Business Partner or otherwise linked to our Business Partner as a Data Subject;
Personal data and corporate that is necessary for the facilitation of Swiss Trade Desk Services may be transmitted to us via technical infrastructure (for example, via our websites, login information, Apps, or via collaborations with financial or information technology providers, market places, exchanges, trading infrastructures or securities houses;
We may collect personal and corporate data from third parties, such as authorities (for example, sanction lists), providers of risk management, search information or intelligence solutions (for example, World check), (credit) rating agencies, information offices, consumer reporting entities, analytics providers, as well as from Swiss Trade Desk affiliated entities;
We may collect personal data that is publicly available (for example, public register information, public social media platforms, debtor directories, land registers, commercial registers and registers of associations, the press and the Internet).
The categories of personal data processed may include the following:
Master data, such as name, address, e-mail address, phone number and other contact details, date of birth, gender, nationality, partner type data (employed / self-employed), identification data (for example, passport or ID, driver’s license number, social security number), authentication and certification data (such as specimen signature), contract-related data (for example, business/account and contract number, and other account and contract information);
Risk management, transaction and/or order data, such risk and investment profiles, fraud regulatory history, transaction data (for example, payment data), order data including online banking (such as payment orders), and information regarding your financial situation (for example, creditworthiness data, scoring/rating data), data concerning beneficiaries, data on investment products, origin of assets, information and records on your professional knowledge of and/or experience with financial instruments, CVs, criminal records or any other relevant information;
Technical data, such as IP addresses, browser plug-in types and versions, cookies, internal and external identifiers, logging data, record of access and changes, content accessed by the website user including relevant meta data (for example, time and date of access);
Marketing and sales data, such as preferences, wishes, requested reference material, advertising scores, documentation data (for example, consultation protocols);
Other data comparable with the above categories, whereby personal data may also be related to third parties (for example, family members, beneficiaries, beneficial owners, authorized representatives, or advisors who might also be affected by the data processing), and other data transmitted to us if you or a third party voluntarily provides personal data (for example, by completing a registration form or comment field, registering for a newsletter or using certain services). We also collect and process data from our shareholders and investors; in addition to master data, this includes information for the relevant registers, shareholdings, movements in holdings, payouts (in the context of dividends), information relating to the exercise of their rights and the management of events (for example, general meetings).
To the extent that we process any special categories of personal data or sensitive personal data1 relating to Data Subjects, we will do so only if the processing is necessary for the establishment, exercise or defense of a legal claim, for reasons of substantial public interest, if you have given your explicit consent to Swiss Trade Desk to process such data (where legally permissible), or where we are otherwise legally permitted to process such data.
PURPOSES AND LEGAL BASIS OF PROCESSING – We process personal data in compliance with data protection laws and regulations, for the following purposes:
FOR FULFILLMENT OF CONTRACTUAL OBLIGATIONS – We may process your personal data for the purpose of providing Swiss Trade Desk Services to our Business Partners or to perform pre-contractual measures. The processing is primarily determined by the specific product or service (for example, financing and financial planning, investments, pensions, e-Banking, succession planning, credits, securities, deposits, or client referral, etc.) and may include, for example, needs assessments, advice, asset management and support, as well as carrying out transactions. You can find additional details about the purposes of personal data processing in the relevant contract documents and terms and conditions.
FOR COMPLIANCE WITH A LEGAL OBLIGATION OR IN THE PUBLIC INTEREST – This may include, for example, legal and/or regulatory disclosure, notification and reporting obligations to authorities, and courts, including anti-money laundering and anti-terrorist financing regulation (for example, automatic exchange of information with foreign tax authorities, prosecution departments, etc.) and other suitability and due diligence assessments. Other purposes of processing may include assessment of creditworthiness, identity and age verification, anti-fraud measures, fulfilment of tax legal and regulatory (for example, reporting) obligations, fulfillment of obligations under company law (for example, keeping the share register, handling and conducting general meetings and dividend distributions, delivery of semi-annual and annual reports), as well as the assessment and management of risks within Swiss Trade Desk.
TO SAFEGUARD LEGITIMATE INTERESTS – Where necessary, we may process your personal and corporate data to safeguard the legitimate interests pursued by us or a third party, which does not unduly affect your interests or fundamental rights and freedoms; in particular:
- Consulting and exchanging data with information offices or other third parties (for example, the debt register) to investigate solvency, creditworthiness and/or credit risks;
- Measures for business management and further development of Swiss Trade Desk Services (for example, reviewing and optimizing procedures for needs assessment)
- For statistical purposes (for example, presentation of shareholder developments, preparation of overviews and evaluations);
- Marketing, marketing communications or market and opinion research, unless you have objected to the use of your personal data
- Ensuring information technology security;
- Asserting legal claims and defense in legal disputes;
- Prevention and investigation of crimes;
- Other measures for building and site security (for example, access admittance controls);
In so far as you have consented to the processing of personal data for specific purposes (such as analysis of trading activities for marketing purposes, etc.), the lawfulness of such processing is based on your consent. Any consent granted may be withdrawn at any time. Please be advised that the revocation shall only have effect for the future. Any processing that was carried out prior to the withdrawal shall not be affected thereby.
TRANSFER OF PERSONAL DATA ABROAD – Your personal data may only be transferred to countries or international organizations outside Switzerland and the EU/EEA (so-called “Third Countries”, which includes any country outside the EU/EEA) if one of the following applies:
The transfer is required for the fulfilment of our (pre-)contractual obligations (for example, for the execution of your orders) or is required by law (such as reporting obligations under tax law);
In the context of commissioned data processing, if you have given us your explicit consent and if the transfer is necessary for the establishment, exercise or defense of legal claims, or as otherwise legally permitted under data protection laws and regulations.
In the context of commissioned data processing your personal and company data will only be transferred to Third-Countries if the relevant country (or data protection framework applicable to such country) is considered to provide an adequate level of data protection by the relevant authorities or institutions, or in the absence of such adequacy decision, if the recipient guarantees adequate protection based on appropriate safeguards provided by data protection laws and regulations (for example, Standard Contractual Clauses issued by the European Commission, and adapted to local law as required), or statutory exemptions provided by data protection laws and regulations (for example, your explicit consent).
STORAGE PERIOD – We process and store your personal data as long as it is necessary for the performance of our contractual and statutory obligations. In this regard, it should be noted that our business relationship is usually a continuing obligation, which may last for several years. We have processes in place to review, at various points, the different categories of data that we hold to ensure that we do not hold these for an excessive period of time. If the data is no longer required for the processing purposes or if we are otherwise legally obliged to delete the data, it is regularly deleted, unless its further processing – for a limited time – is necessary for other legal purposes or as may be legitimate and legally permitted, such as:
Compliance with record retention periods under applicable laws and regulations (for example civil, tax, securities and other laws and regulations);
Preservation of evidence and/or all forms of relevant information when a lawsuit, litigation or government investigation is filed, threatened or reasonably anticipated, which requires us to keep records for an undefined period of time.
YOUR RIGHTS – By data protection laws and regulations, Data Subjects have under certain conditions the right of information, the right of access, the right of rectification, the right to erasure, the right to restrict processing, the right to object, and if applicable, the right to data portability.
Furthermore, if applicable, you have the right to complain with a relevant supervisory authority.
You may withdraw any provided consent to the processing of personal data at any time. Please note that the withdrawal will only take effect in the future. Any processing that was carried out prior to the withdrawal shall not be affected thereby.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on processing in the public interest and to safeguard legitimate interests; this includes any profiling based on those provisions within the meaning of the specific regulation. If you submit an objection, we will no longer process your data unless we can give evidence of mandatory, legitimate reasons for the processing, which outweigh your interests, rights, and freedoms, or where the processing serves the enforcement, exercise, or defence of interests. Please note that in such cases we may not be able to provide services or maintain a business relationship.
In certain cases, we may process your data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning yourself for such marketing purposes, which includes profiling to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
OBLIGATION TO PROVIDE PERSONAL DATA – Within the scope of our business relationship, you must provide personal data which is necessary for the initiation and execution of the business relationship and the performance of the associated contractual obligations, or which we are legally obligated to collect. Without these data, we would not be able to enter into any contract or execute a transaction or we may no longer be able to perform an existing contract and would have to terminate it.
In particular, anti-money laundering and anti-terrorist financing regulations require that we verify your identity before entering into the business relationship, for example, using your passport and that we record your name, date and place of birth, nationality and residential address. For us to be able to comply with this statutory obligation, you must provide us with the necessary information and documents and notify us without undue delay of any changes that may arise during the business relationship. If you do not provide us with the necessary information and documents, we will not be allowed to enter into or continue your requested business relationship.
KYC, AML AND PEP COMPLIANCE – We use external services to meet our ongoing regulatory and compliance obligations, for example, Know Your Customer (KYC), anti-money laundering (AML), anti-fraud, anti-terrorism, politically exposed people (PEP), we also look at how and from which geographic location you use our applications or other Swiss Trade Desk Services;
DATA SECURITY – All Swiss Trade Desk personnel who process personal data must comply with our internal policies and rules in relation to the processing of personal data to protect them and ensure their confidentiality.
We have also implemented adequate technical and organizational measures to protect personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access, as well as against all other unlawful forms of processing. These security measures have been implemented, taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, with particular care for sensitive data. Please find further details here.