Personal data is defined as all information relating to an identified or identifiable natural or legal person. Processing means any handling or personal data, regardless of the means and procedures used, in particular the acquisition, storage, use, modification, archiving, disclosure or destruction of personal data.
For certain data processing, e.g., in the context of concluding contracts with BCM, there are further regulations (such as General Terms and Conditions) which are available in the relevant contracts.
BCM is the data controller and as such responsible for deciding how to hold and use your personal information. You can contact us at the following address if you have any concerns about data privacy: Talstrasse 82, CH-8001, Zurich, Switzerland; firstname.lastname@example.org
Collection and Processing of Personal Data
We primarily process personal data that we collect within the context of our activities for you, in particular the provision of portfolio management services, investment advisory services or execution only services from our business partners and other involved persons.
We may, at our discretion, modify or discontinue any of the content of this site, or any portion thereof, with or without notice.
We may collect, use, store and transfer different kinds of personal data, such as:
- Identity Data (e.g. names, identification number, marital status, title, date of birth, place, place of birth, nationality, gender, passport copies, professional background, business numbers, information from third parties affected by data processing such as spouses, authorized representatives, advisors etc.)
- Contact Data (e.g. residence/domicile address, email address, phone/fax numbers etc.)
- Financial Data (e.g. information regarding account, custody account, payment card details, financial position, financial status, financial history, wealth, source of wealth, revenues, professional activity, solvency reports, knowledge and experience, risk and investment profile, preferences, needs, investment products etc.)
- Transaction Data (e.g. details about payments to and from you, concluded transactions and contracts, information on beneficiaries of transfers, beneficiary bank, amount of transfers, explanations for the reasons for the transfers including related documents, source of funds, details of products and services purchased/invested in from or through us etc.)
- Usage Data (e.g. country of connection, IP address, pages visited on our website, date and time of connection, messages exchanged, voice calls, video calls etc.)
Sensitive data is collected and stored only if required by lawful grounds and/or for the improvement of our services based on the agreement between you and BCM. Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to carry out the contract we have in place or are trying to enter into with you (e.g. to provide you with selected products or services). In this case we may have to cancel a service you have with us or refuse/sell an investment in a product due to the lack of provided data. We will notify you if this is the case at the time.
It is also important that the personal information we hold about you is correct and up-to-date. Please keep us informed if your personal information changes during your business relationship with us or even after in case we need to contact you after the our business relationship has terminated.
We use different methods to collect data from and about you, e.g.
- Personal data provided to BCM when opening a business relationship, in the course of the execution of contracts, the use of products and services, through our website, by filling in forms, by corresponding with us by post, phone or email, by handing us your business card or other similar means.
- Personal data that is generated in the course of using products or services and is transmitted to BCM by the technical infrastructure e.g. in payment transactions, securities trading, websites or on the occasion of cooperation with other financial or IT service providers, market places and stock exchanges.
- We may have to seek further information about you using publicly accessible sources such as the internet, the media and carry out a background check on you using third party sources such as authorities, official sanctions lists, data-collection companies such as World Check, debt registers, commercial registers etc.
Purpose and Legal Basis of the Data Processing
BCM may process personal data to provide our own services, for our own purposes and for purposes provided by law. In particular, we process the data for:
- Conclusion and fulfilment of contracts, execution, processing and administration of products and services (e.g. account openings, payments, invoicing, accounting, financial planning, investments, consolidation etc.)
- Monitoring and managing risks (e.g. definition of your investment profile, anti-money laundering, appropriateness and suitability, operational risks etc.)
- Statistics, planning, business decisions (e.g. development of new or assessment of existing services, products, processes, technologies etc.)
- Marketing, communicating, informing about and reviewing service offerings (customer or prospect outreach, identifying future customer needs, assessing of customers, market or products potential etc.)
- Fulfilment of legal or regulatory disclosure, information or reporting obligations to courts and authorities, fulfilment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders from public prosecutors in connection with money-laundering and terrorist financing etc.)
- Safeguarding our own interests and securing the claims of BCM (e.g. in case of claims against BCM or claims of BCM against third parties)
- To comply with legal obligations, for legal justifications or official orders e.g. from courts, supervisory or other authorities etc.
BCM may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data.
Cookies, tracking and other technologies associated with the use of our website
We use a similar service to Google Analytics on our website. This is a service provided by third parties who may be located in any country of the world, which we deploy to measure and evaluate the use of the website. The service provider does not receive any personal data from us (and does not store any IP addresses), but may track your use of the website, combine this information with data from other websites you have visited and which are also tracked by service providers, and use these findings for its own purposes (e.g. to control advertising). The service provider’s processing of your personal data is then the responsibility of the service provider and is carried out in accordance with its data protection provisions. The service provider merely informs us how our respective website is used (without any information about you personally).
Data Forwarding and Data Transfer Abroad
We may have to share your data with third parties (e.g. custodian banks, industry organizations, auditors, courts, parties in legal proceedings etc.) and third-party service providers (e.g. IT providers etc.). Some of these third parties are located in Switzerland, however, when using certain products or services, personal data may also have to be disclosed to third parties in other countries in Europe and the USA where some service providers that we use are located. If we transfer data to a country that does not have an adequate level of data protection (e.g. USA), we take suitable contractual safeguards (e.g. on the basis of the so-called standard contractual clauses of the European Commission or the Data Protection Agreements) to continue to protect confidentiality and personal data appropriately.
When we use your personal data as described in section IV, we may transfer and disclose it to the following parties:
- Morabanc Group SA in Andorra as our sole shareholder and owner
- Regulators and other authorities (e.g. FINMA, Supervisory organizations, fraud prevention agencies etc.) where we are legally required to do so
- Payment recipients, beneficiaries, account nominees, intermediaries, custodians, clearing houses settlement systems, brokers, other financial institutions, funds, issuers of securities etc.
- Third parties involved in the maintenance and operations of IT systems, cloud computing services, the development, operation and maintenance of databases, software and applications, the establishment and implementation of processes and guidelines to ensure or improve the availability, usability and security of data
- Third parties involved in the completion of certain administrative tasks (e.g. accounting etc.)
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies and are only allowed to process your personal data for specified purposes and according to our instructions.
Duration of the Storage of Personal Data
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of your agreement with BCM or as long as you are stored as our contact person as well as beyond the duration of your agreement with BCM in accordance with the legal storage and documentation obligations. Furthermore, your personal data may be stored for the period in which claims may be asserted against BCM, and insofar as we are otherwise legally obliged to do so or this is required by legitimate business interests (e.g. for evidential or documentation purposes). As soon as your personal data is no longer needed for the above purposes, it is in principle deleted or anonymized as far as possible.
BCM is committed to protecting personal data and privacy in compliance with applicable laws, in particular bank client confidentiality and data protection law. In this regard, BCM takes various technical and organizational security measures (such as access restrictions, firewalls, personalized passwords, encryption, training of employees etc.).
We may process your data automatically to assess certain personal aspects (profiling), e.g. when our systems scan transfers of funds to combat money-laundering as well as to monitor transactions to detect the circumvention of sanction rules etc. as required by law. We may also process some of your personal data to assess your needs for products and services.
Rights of the Data Subject
According to the data protection law applicable to you and to the extent provided for therein, you have the right of access, correction, erasure, the right to limit data processing, and otherwise to object to our data processing and to surrender certain personal data for the purpose of transferring this to another body (so-called data portability). Please note that we may not always be able to comply with your request for specific legal reasons which will be notified to you. Furthermore, we reserve the right to assert the restrictions provided for by law, for example, if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to refer to this) or if we need this data to assert claims. If this means you incur costs, we shall inform you in advance.
In certain cases where you may have provided your consent to the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent and we will no longer process your personal data for the purpose you originally agreed to unless we have another legitimate legal ground to keep processing your personal data. Please note that if you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case if you withdraw your consent.
Data subjects can also assert their rights in court and have the right to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch)