1. Data protection
Golden Suisse takes your privacy seriously. Client information is strictly confidential, and Golden Suisse does not report, or has any legal obligation to report client information to third parties;
Golden Suisse adheres to high data protection standards as well as transparency of personal data collection and processing for our clients. This privacy notice contains general information on what personal data the Golden Suisse collects, what we do with that information, and what rights you have. ‘Personal data’ is any information that relates to an identified or identifiable natural person (rather than to a legal entity, such as a company).
As part of our commitment to protect your personal data in a transparent manner, we want to inform you:
why and how Golden Suisse collects, uses and stores your personal data;
the lawful basis on which your personal data is processed; and
what your rights and our obligations are in relation to such processing.
2. What types of personal data do we collect?
GoldenSuisse will, depending on the product or service we provide to you (if any), collect and process personal data about you including:
personal details such as your name, identification number, date of birth, KYC documents (including a copy of your national identity card or passport), phone number physical and electronic address, and family details such as the name of your spouse, partner, or children;
where applicable, professional information about you, such as your job title and work experience;
details of our interactions with you and the products and services you use;
any records of phone calls between you and Golden Suisse;
identifiers we assign to you, such as your client or account number;
when you access our Website, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e.g. in the course of a registration or request). When you visit our website, that website will contain additional information about how we use your information while you are visiting that website;
If relevant to the products and services we provide to you, we will also collect information about your additional card holders or account holders, business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents. Additionally, where you are an institutional or corporate client or investor, we will also collect information about your directors, employees or shareholders. Before providing GoldenSuisse with this information, you should provide a copy of this notice to those individuals.
3. On which legal basis and for which purposes do we process personal data?
3.1 Legal basis for processing
Depending on the purpose of the processing activity (see section 3.2), the processing of your personal data will be one of the following:
(i) necessary for the legitimate interests of GOLDENSUISSE, without unduly affecting your interests or fundamental rights and freedoms (see below);
(ii) necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in sections 3.2(a), (b) (c) and (j) below (as well as certain of the data disclosures described in section 4);
(iii) required to meet our legal or regulatory responsibilities, including when we conduct the checks referred to in section 3.2(a) below and make the disclosures to authorities, regulators and government bodies referred to in sections 3.2(g) and 4 below;
(iv) in some cases, necessary for the performance of a task carried out in the public interest;
(v) when we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and
(vi) in limited circumstances, processed with your consent which we obtain from you from time to time (for instance where required by laws), or processed with your explicit consent in the case of special categories of personal data.
Examples of the ‘legitimate interests’ referred to above are:
pursuing certain of the purposes in sections 3.2(a) to 3.2(k) below;
exercising our rights under Articles 26 and 27 of the Federal Constitution of the Swiss
Confederation, including our freedom to conduct a business and right to property;
when we make the disclosures referred to in section 4 below, providing products and services and assuring a consistently high service standard across the Golden Suisse Group, and keeping our customers, employees and other stakeholders satisfied.; and
meeting our accountability and regulatory requirements around the world,
in each case provided such interests are not overridden by your privacy interests.
Any consent Golden Suisse has obtained to process ordinary personal data does not apply for the purposes of the EU General Data Protection Regulation 2016/679 (“EU GDPR”). Instead, for the purposes of the EU GDPR, GOLDENSUISSE relies on the lawful grounds of compliance with a legal obligation, contractual necessity or legitimate interests (as specified in this notice) and Golden Suisse’ ability to rely on any such consent for the purposes of the EU GDPR is hereby waived or extinguished. For the avoidance of doubt, any consent given for any other reason, for instance (and if applicable) compliance with the Federal Act on Data Protection or the banking secrecy provision of the Swiss Federal Act on Banks and
Savings Banks remains unaffected by this paragraph.
Where the personal data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this personal data there is a possibility we may be unable to on-board you as a client or provide products or services to you (in which case we will inform you accordingly).
3.2 Purposes of processing
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process personal data for the following purposes:
a) client on-boarding processes, including to verify your identity and assess your application (including the need for guarantees or other securitisation tools) if you apply for credit, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud);
b) providing products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;
c) managing our relationship with you, including communicating with you in relation to the products
4. Third Parties
When receiving payments and carrying out payouts and other services to you, we will share minimum personal data with service providers involved in the transaction, including, where relevant the following types of companies.
intermediary banks, clearing houses, and clearing or settlement systems; and specialised payment companies or institutions such as SWIFT;
(if you hold a credit card with us) credit card associations, and other card payment and platform providers;
In some instances, we also share personal data with our suppliers who provide services to us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, and others. When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure.
Public or regulatory authorities
If our business is sold to another organisation or if it is re-organised, personal data will be shared so that you can continue to receive products and services. We will usually also share personal data with prospective purchasers when we consider selling or transferring part or all of a business. We take steps to ensure such potential purchasers keep the data secure.
We may need to disclose personal data to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.
6. How long do we store your data?
We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. To help us do this, we apply criteria to determine the appropriate periods for retaining your personal data depending on its purpose, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests.
6. Your rights
You have a right to ask Golden Suisse to rectify inaccurate personal data we collect and process and the right to request restriction of your personal data pending such a request being considered.
Where we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have a right to ask us to stop processing your personal data, or to request deletion of your personal data – these rights are not absolute (as sometimes there may be overriding interests that require the processing to continue, for example), but we will consider your request and respond to you with the outcome. When personal data are processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing.
Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right under applicable data protection laws to request your personal data be transferred to you or to another controller. You have the right to ask Golden Suisse for a copy of some or all of the personal data we collect and process about you.
In certain circumstances Golden Suisse may process your personal data through automated decision-making, including profiling. Where this takes place, you will be informed of such automated decision-making that uses your personal data, be given information on the logic involved, and be informed of the possible consequences of such processing. In certain circumstances, you can request not to be subject to automated decision-making, including profiling.
You can exercise the rights set out above by contacting the DPO using the details in section 8 of this notice.
7. Exercising your rights, and complaints
If you are not satisfied with any aspect of the processing of your personal data by Golden Suisse, we would like to discuss it with you to understand how we can rectify the issue. You may exercise any of your rights in relation to your personal data by writing to us. Golden Suisse in Switzerland also stores all incoming and outgoing business and private communication data (in particular e-mails with attachments, chats, instant messaging) in a separate, protected electronic archive located in Switzerland for a period of 10 years.
8. Status of this privacy notice
This privacy notice was updated in April 2018. It is a notice explaining what Golden Suisse does, rather than a document that binds Golden Suisse or any other party contractually. We reserve the right to amend it from time to time. If the notice has been updated, we will take steps to inform you of the update by appropriate means, depending on how we normally communicate with you, such as through your account statement.