This Data Protection Notice (the “Notice”) explains how we process personal data. This Notice is subject to and forms an integral part of our General Terms and Conditions and General Terms and Conditions governing Custody (the “General Terms and Conditions”).
In this Data Protection Notice, “we” refers to each entity of the Mirabaud Group which acts as a data controller (alone or jointly determining the purpose and means of processing). Not all the processing activities mentioned in this Data Protection Notice necessarily apply to all Mirabaud Group entities. In particular, processing activities identified with the “*” sign are currently only carried out by Mirabaud & Cie Ltd and are therefore limited to data processed by such entity.
“Personal Data” includes any information relating to an identified or identifiable natural person (e.g., name, ID card and passport numbers, nationality), to the extent permitted by the applicable data protection legislation.
As a data controller, we are responsible for collecting and processing some of your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such personal data, how long we keep them, what your rights are and how you can exercise them. Further information may be provided where necessary when you apply for a specific service.
We kindly ask you to read this Data Protection Notice. Please note that we may also process personal data in respect of a “Related Person”.
A “Related Person” means an individual or entity whose information you or a third party provide to us and/or which otherwise comes to our knowledge in connection with our business relationship. A Related Person may include, but is not limited to, (i) any director, officer, employee or authorised signatory of a company, (ii) a trustee, settlor, beneficiary or protector of a trust, (iii) any nominee or beneficial owner of an account, (iv) a substantial interest owner in an account, (v) a controlling person, (vi) a payee of a designated payment, or (vii) any representative(s) or agent(s).
In this context, we ask you to contact the Related Persons and provide them with this Data Protection Notice and the information it contains.
1. WHICH PERSONAL DATA DO WE PROCESS ABOUT YOU?
We collect and use your personal data to the extent necessary in the context of our activities and as described in our General Terms and Conditions and this Data Protection Notice, in particular to achieve a high standard of services. We may collect various types of personal data about you depending on the nature of the particular service we provide, including:
- identification information (e.g., full name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
- contact information (e.g., address and email address, phone number);
- family situation (e.g., marital status, number of children);
- tax status (e.g., tax ID);
- education and employment information (e.g., level of education, remuneration);
- banking, financial and transactional data relating to assets deposited with us and investments made through our services, such as the numbers, balances and performance of bank accounts and securities portfolios held with us, the history of transactions carried out, the status of financial positions held, order execution notes, investment advices provided and related documentation (e.g., bank account details, transfer of assets, source of wealth);
- data relating to your habits and preferences;
- data relating to your use of our services, in particular your internal and external IDs, information about the browser or device you use to access our websites and applications, how you use our websites and applications and the pages you visit, traffic and location data, information related to your history of use and interaction with our services, web pages and applications (including electronic logging (such as audit logs, security logs and application logs), the date and duration of use of our services, web pages and applications, the users of the services, web pages and applications and the approximate geographical location (city, country) of their devices, the websites visited by the users, and the type of service provided*;
- data from your electronic, voice and visual interactions with us (e.g., our meetings, calls, chats, emails, phone conversations, and the documents exchanged)*;
- background checks;
- cookie information (e.g., cookies and similar technologies on websites and in emails – for more information, please refer to our Cookies Policy).
We never ask for sensitive data without your express consent (i.e., in particular, personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences) and/or unless it is required by law.
2. FROM WHAT SOURCE DO PERSONAL DATA ORIGINATE?
The data we use about you may be directly provided by you or obtained from other sources, such as:
- publications/databases made available by official authorities;
- databases made publicly available by third parties;
- an entity we provide services to; and
- any other third parties including, without limitation, recruitment agencies.
3. SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have or previously had a direct relationship such as:
- visitors to our websites, including subscribers to our newsletters, funds documentation and investment recommendations;
- prospective or existing clients; or
- attendees of our events.
We may also collect information about you where you do not have a direct relationship with us. This may happen, for instance, when your personal data are provided by one of our clients, a contracting party or an investor in collective investment schemes for which a Mirabaud Group entity acts as management company (the “investment funds”) if you are, for example:
- a family member;
- a legal representative (acting under a power of attorney or acting professionally as an agent);
- a beneficiary of a payment transaction made by our clients;
- a beneficiary of a trust;
- an ultimate beneficial owner;
- a representative of a legal entity (which may be a client); and
- a staff member of a service provider or a commercial partner.
4. WHY AND ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?
A. TO COMPLY WITH OUR LEGAL AND REGULATORY OBLIGATIONS
We process your personal data to comply with legal and regulatory obligations (including any legal and regulatory guidance, codes or opinions) and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions), which may include laws outside the country you are located in, including to:
- comply with regulations dealing with prevention of money-laundering, financial crime, financing of terrorism and market abuse;
- comply with regulations relating to sanctions and embargoes;
- comply with regulations relating to financial markets, in particular with regard to investor protection;
- comply with our prudential obligations (particularly in terms of risk management and organisation);
- set up security measures in order to prevent abuse and fraud;
- detect transactions which deviate from normal patterns;
- record, when necessary, our interactions (such as phone calls and videoconferences*, chats*, email);
- define your credit risk score and your reimbursement capacity;
- identify and manage risks (e.g., intra-group risks, risk of credit concentration, Cyber risks);
- reply to an official request from an administrative or judicial authority which may include authorities outside your country of residence;
- fight against tax fraud and comply with applicable tax supervision and reporting obligations (such as, without limitation, AEOI and FATCA obligations); and
- comply with any applicable transaction reporting obligations.
B. TO PERFORM A CONTRACT WITH YOU OR TO TAKE STEPS AT YOUR REQUEST BEFORE ENTERING INTO A CONTRACT
We use your personal data to enter into and perform our contracts, including to:
- fulfil our obligations with respect to the services we provide (e.g., ancillary and investment activities services, including management, advisory or payment services) or otherwise in connection with fulfilling your instructions;
- enforce applicable terms of contracts;
- send administrative information, such as changes of our terms, conditions and policies;
- manage, administer and distribute investment funds, including any ancillary services related to these activities;
- process subscription, conversion and redemption requests in investment funds, as well as to maintain ongoing relationships with respect to holdings in such investment funds;
- provide you with information, including reports, regarding our services;
- assist you and answer your questions as a necessary part of the provision of our services to you, and to administer account(s) and manage our relationships; and
- evaluate whether we can offer you a service or a product and the associated conditions.
C. TO PURSUE OUR LEGITIMATE INTEREST
We use your personal data in order to deploy and develop our services and associated security, to improve our risk management, to defend our legal rights and to protect our privacy, safety or property and/or that of our affiliates, yours or others, including:
- to prove transactions;
- to prevent, detect and investigate fraud;
- to manage our IT infrastructure, customer and third party configurations and ensure the security of our IT systems;
- to ensure the security of our premises/infrastructures;
- to train our personnel (e.g., by recording phone calls);
- to personalise our offering of services to you;
- to provide customer management and administration;
- to analyse, evaluate and improve our business;
- to analyse, evaluate and improve the performance, innovation and attractiveness (including financial attractiveness) of our services;
- to analyse and predict certain of your personal preferences, interests and behaviours based on your use of our services, website and applications (profiling);
- to develop our business relationship with you and to improve the quality of our services;
- to undertake data analytics to learn more about how you interact with our websites, our applications and our advertising; and
- to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.
D. TO RESPECT YOUR CHOICE IF WE REQUEST YOUR CONSENT FOR SPECIFIC PROCESSING
If we need to carry out further processing for purposes other than those listed above in Section 4, we will inform you and, where necessary, obtain your consent.
5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Personal data may be disclosed to third parties in connection with the services we are providing to you. The recipients of any such information will depend on the services that are being provided. For the abovementioned purposes and subject to any confidentiality restriction we may have expressly agreed with you or any transaction parties, you authorise us to disclose your personal data to:
- Mirabaud Group entities (e.g., so that you may benefit from our full range of Group services);
- service providers (including Mirabaud Group entities) which perform services on our behalf, such as payment, banking, investment management and communication infrastructure providers, third party storage providers and trade data repositories, third party IT providers, third party distribution platforms and courier services or providers of monitoring and alert management (including event logging) related to certain activities on our information systems, development and/or operation and provision of a core business platform and other software, including internal and external communication interfaces (including with the client)*;
- other deal/transaction participants, counterparties, suppliers and beneficiaries;
- financial, taxation, regulatory or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
- certain professionals such as lawyers, notaries or auditors; and
- to any other persons as agreed with you.
We reserve the right to make personal data accessible to other recipients, as disclosed to you from time to time or if required by applicable laws or requested by a competent authority.
The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. If you withdraw your consent and/or object to the transfer of your personal data, you should be aware that not providing such information may preclude us from pursuing a business relationship with you and/or from rendering our services to you and/or performing certain transactions.
6. ARE PERSONAL DATA TRANSFERRED OUTSIDE OF OUR JURISDICTION OF INCORPORATION?
In certain circumstances, we may transfer your personal data to a country other than the country of establishment of the Mirabaud Group entity acting as data controller for the relevant personal data processing, such as the United States, India, the United Kingdom or other European Union countries.
In the case of a transfer abroad, your data may be transferred to a country where the local competent authority recognises that the level of data protection is adequate.
For transfers to a country where the level of personal data protection has not been recognised as “adequate” by the competent authority, we will rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you such as when making an international payment), we will implement appropriate contractual, technical and/or organisational safeguards to ensure the protection of your personal data (such as standard contractual clauses or binding corporate rules approved by competent authorities, encryption of transmitted data, implementation of processes to manage and control access to data and IT systems, definition and management of privileges to access data and/or segregation of data), or we will obtain your consent (including through our General Terms and Conditions and/or this Data Protection Notice). To obtain details on the applicable safeguards, please contact us at the address provided in Section 11 below.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will retain your personal data for the longer of:
- the period required by applicable law or contractual obligations; or
- such other period as is necessary for us to meet our operational obligations, such as proper account maintenance, facilitating client relationship management and responding to legal claims or regulatory requests.
Most personal data collected in relation to a specified client are kept for the duration of the contractual relationship with that client plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable laws. If you would like further information on the period for which your personal data will be stored or the criteria used to determine that period please contact us at the address provided in Section 11 below.
8. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
Depending on the data protection laws applying to your situation, you have the following rights:
- to access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
- to rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly.
- to erase: you can request the deletion of your personal data, to the extent permitted by law.
- to restrict: you can request that the processing of your personal data be restricted.
- to object: you can object to the processing of your personal data, on grounds relating to your specific situation.
- to withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
- to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
Even if you object to the processing of personal data, we are nevertheless permitted to continue that processing if it is (i) legally mandatory, (ii) necessary for the performance of a contract to which you are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we pursue, including the establishment, exercise or defence of legal claims. However, we will not use your personal data for direct marketing purposes if you ask us not to do so.
If you require further information or if you wish to exercise the rights listed above, please contact us at the address provided in Section 11 below.
In accordance with applicable regulations, in addition to your rights above you are also entitled to lodge a complaint with the competent supervisory authority.
9. DO WE USE AUTOMATED DECISION-MAKING OR PROFILING?
We do not use automated decision-making in connection with your personal data. If we do so in the future, we will comply with applicable legal and regulatory requirements.
In accordance with applicable laws and regulations, we may process your personal data automatically to determine certain characteristics such as your personal preferences, interests and behaviours based on your use of our services, applications and websites (profiling) in order to provide you with personalised information on our products and services.
10. HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?
We may need to update this Data Protection Notice from time to time. We will publish updates of this Data Protection Notice on our website and inform you of any material changes where applicable through our usual communication channels.
11. HOW TO CONTACT US
If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officers as follows:
Wealth Management (WM) Data Protection Officers:
Mirabaud & Cie Ltd
29, boulevard Georges-Favon
Attn : Data Protection Officer
Mirabaud & Cie (Europe) SA
25, avenue de la Liberté
Attn : Data Protection Officer
Mirabaud Canada Inc.
1 Place Ville Marie
Montréal (Quebec) H3B 4R4
Attn : Data Protection Officer
Asset Management (AM) Data Protection Officer:
Mirabaud Asset Management (Suisse) SA
29, boulevard Georges-Favon
Attn: Data Protection Officer
Securities Data Protection Team:
Mirabaud Securities Limited
10, Bressenden Place
London SW1E 5DH
Attn: Data Protection Team