We are committed to protecting your personal data. We’ll use your information for a number of different purposes, for example to provide our services to you and others and to meet our legal and regulatory obligations. If you’re an existing customer, for more detailed information on how and why we use your information, including the rights in relation to your personal data, and our legal grounds for using it, please read our "Data Privacy Statement", which explains our data management policies in more detail.
B Capital SA (the “Company”) has issued this Data Privacy Statement in light of the Swiss Federal Act on Data Protection (“DPA”) and its upcoming revision as well as the EU General Data Protection Regulation (“GDPR”) which is the new privacy regulation of the European Union (“EU”). Although GDPR is a regulation of the EU it is relevant for the Company for a number of reasons. Swiss data protection legislation is historically closely tied to EU regulations and its future amendment will be substantially influenced by GDPR. Furthermore although GDPR is an EU-regulation, under certain circumstances it may apply to companies outside the EU such as the Company (extraterritorial effect).
In this Data Privacy Statement the Company would like to outline how it collects, processes and protects personal data about the following persons: (i) prospective clients, (ii) persons that have or are in the process of applying for services with the Company (“Clients”) and (iii) individuals or entities whose information is provided by a Client to the Company or comes otherwise to the Company’s knowledge in connection with services provided by the Company to a Client (“Connected Individuals”). A Connected Individual may include, but is not limited to, (i) any director, officer, authorised signatory or employee of a company, (ii) a trustee, settlor or protector of a trust, (iii) any beneficial owner of Client’s assets, (iv) a controlling person, (v) a payee of a designated payment, (vi) representative(s) or agent(s) of a Client, (vii) a co-obligor under a loan (e. g. guarantor of a credit) or (viii) any other individual or entity having a relationship with a Client that is relevant to this Client’s business relationship with the Company. Furthermore this Data Privacy Statement shall also inform Clients, Connected Individuals and prospective clients of their rights in relation to personal data collected and processed by the Company. Please note: Which specific personal data are processed and how they are used depends largely on the products and services requested or agreed in each case.
Wherever the Company uses “you” or “your” in this Data Privacy Statement, this is meant as a reference to a prospective client, a Client and any Connected Individual as defined herein.
If the Company provides separate or further information about how it collects and uses Clients’ or Connected Individuals’ personal data for a particular product or service, those terms will also apply. Furthermore this Data Privacy Statement continues to apply even if Client’s agreements for investment management or other products and services with the Company end.
Please familiarise yourself with this Data Privacy Statement and also forward it to any Connected Individuals before the Company is provided with personal data of such Connected Individual.
1. Who is responsible for Data Processing and who can you contact in this regard?
The controller for data processing purposes is and the Company’s Data Protection Officer (according to GDPR) can be reached at:
B Capital SA
Data Protection Officer
Rue Jean Calvin 14
E-Mail Address: firstname.lastname@example.org
The Company’s representative (within the meaning of Article 27 GDPR) is B Capital Partners LLP, 48 Dover Street, London W1S 2FF, United Kingdom.
2. What sources and data does the Company use?
The personal data the Company collects or has about Clients, Connected Individuals and prospective clients come from different sources. This includes personal data relating to the business relationship or a prospective business relationship with the Company or any of the Company’s products or services that the Client or a Connected Individual or prospective client has applied for or held previously.
Some of the personal data will come directly from the Client, the Connected Individual or the prospective client. Some might be obtained from another advisor, a business introducer or from other third parties. Personal data might also come from other B Capital group entities or the Company might obtain such personal data lawfully by accessing publicly available sources or combining different sets of information.
Personal data collected may include, in particular:
a) Information that a Client, a Connected Person or a prospective client provides to the Company such as:
Contact details (e.g. name, address and other contact details such as date and place of birth, and nationality);
Information about a Client, a Connected Person or a prospective client given to the Company by filling in forms or by communicating with the Company, whether face-to-face, by phone, e-mail, on-line or otherwise;
Information concerning a Client’s, Connected Person’s or prospective client’s identity (e.g. passport information which does also contain a photograph) or which is relevant for authentication purposes (e.g. sample signature).
b) Information that the Company collects or generates about the Client, a Connected Person or a prospective client, such as:
• Client relationship data (e.g. products held and services rendered), securities and payment transaction data and other financial information;
• Information regarding a Client’s, a Connected Person’s or a prospective client’s financial situation such as credit data (e.g., information regarding Client’s creditworthiness, individual credit application history);
• Information the Company collects or generates to comply with its obligations under the anti-money laundering regulatory framework (e.g. information on origin of assets, beneficial ownership);
• Information the Company collects or generates for risk management purposes such as client due diligence data (including periodic review results), client risk profiles, data to assess suitability/appropriateness, client qualification data (e.g. status as qualified investor), screening alerts (transaction screening, name screening), tax data or complaint information; Geographic information;
• Information included in relevant client files and client documentation and other comparable information;
• Marketing and sales information (e.g. newsletters, documents received, invitations to and participations at events and special activities, personal preferences and interests, opt-in and opt-out declarations);
• Information used in ‘cookies’ and similar technologies on websites, mobile applications and in emails to recognise a data subject, remember a data subject’s preferences and show a data subject content the Company thinks he/she/it is interested in.
c) Information about the Client, a Connected Person or a prospective client that the Company collects from other sources, for example:
Communication information (e.g., information contained in emails, chat messages or other digital communications);
Information from publicly available sources and combined information from external sources (e.g. corporate and media broadcasts, information pertaining to social interactions between individuals, organisations, prospects and other stakeholders acquired from companies that collect combined information).
The Company may also collect and process additional personal data about which the Company will inform you from time to time.
3. What does the Company process personal data for (purpose of the processing) and on what legal basis?
The Company processes personal data of Clients, Connected Individuals and prospective clients for various purposes in accordance with the provisions of the European GDPR and the Swiss DPA and only uses such personal data where the Company has a lawful basis for using it. The lawful basis and purposes include processing:
a) For the fulfilment of contractual obligations (article 6 para. 1 b) of the GDPR)
• The processing of personal data is carried out in order to perform transactions and offer financial services pursuant to contracts with the Company’s Clients and their Connected Individuals or to take steps prior to entering into a contract (e.g. with prospective clients).
• The purposes of data processing are primarily dependent on the specific product and can include needs assessments, advisory, asset management and other financial or support services, as well as the carrying out of transactions. Additional details about the purposes of data processing may also be included in the applicable contractual or product documentation.
b) In the context of balancing interests and the purposes of safeguarding legitimate interests respectively (article 6 para. 1 f) of the GDPR)
Where required, the Company processes personal data beyond the actual fulfilment of the contract for the purposes of safeguarding the legitimate interests pursued by the Company or a third party (including the entities of the B Capital group).
• Reviewing and optimising procedures for needs assessment for the purpose of direct client discussions;
• Keep track of the Company’s conversations with Clients, Connected Individuals and prospective clients (by phone, in person, by email, by chats in social media applications or by any other kind of communication);
• Asserting legal claims and mounting a defence in the event of legal disputes;
• Correspond with legal advisers and counterparties;
• Manage the Company’s internal operational requirements for credit and risk management, system or product development and planning, insurance, audit and administrative purposes;
• Ensuring Company ‘s IT security and IT operations;
• Prevention and solving of crimes;
• Video surveillance to safeguard Company’s premises against trespassers, for collecting evidence in the event of hold-ups or fraud, or to document disposals and deposits, e.g. at the Company safes
• Measures for building, site and systems security (e.g. access controls);
• Measures for ensuring the right of owner of premises to keep out trespassers;
• Measures for business management and further development and improvement of services and products;
• Risk control in the B Capital group;
• Marketing or market and opinion research, to the extent that Clients, Connected Individuals and prospective clients have not objected to having their personal data used;
• Gather insights from information through data analytics and for statistical purposes;
• Complying with applicable Swiss and other legal statutory and regulatory requirements.
c) On the basis of your consent (article 6 para. 1 a) of the GDPR)
Insofar as you have granted the Company consent to process your personal data for specific purposes (e.g. analysis of transactional activities for marketing purposes), this processing is lawful on the basis of your consent. A consent given may be revoked at any time. This also applies to withdrawal of declarations of consent that were given to the Company before the GDPR came into force, i.e. prior to May 25, 2018. Please be advised that a withdrawal of consent does not affect the lawfulness of the processing of data prior to revocation of such consent. Note however that the Company may still be entitled to process your personal data if it has another legitimate reason for doing so.
d) Due to legal obligations (article 6 para. 1 c) of the GDPR) or in the public interest (article 6 para. 1 e) of the GDPR)
Furthermore, the Company is subject to various legal obligations, i.e. statutory requirements (e.g. the Anti-Money Laundering Act, ordinances and circulars of regulatory authorities and tax laws) as well as Company regulatory requirements. Purposes of processing include for example assessment of creditworthiness, identity and age verification, fraud and money laundering prevention measures, fulfilment of control and reporting obligations under fiscal and other laws, and measuring and managing risks within the Company and the B Capital group (including for consolidated supervision purposes).
The Company may also collect and process additional personal data for other purposes about which the Company will inform you from time to time.
4. Who receives personal data?
Within the Company those units are given access to personal data of Clients, Connected Individuals and prospective clients which require them in order to perform the Company’s contractual and statutory obligations or as further described in this Data Privacy Statement. Service providers and auxiliary persons appointed by the Company may also receive data for these purposes if they observe the required banking confidentiality rules. These could mainly be companies in the categories of banking services, IT services, logistics, printing services, telecommunications, advice and consulting.
With regard to transferring data to other recipients outside the Company, to begin with, it is to be noted that, as a Company, the Company is generally obliged to maintain secrecy about any customer-related facts and evaluations which the Company may acquire or have knowledge of (banking secrecy). The Company may pass on information about you only if legal provisions demand it, if you have given your consent (e.g. to process a financial transaction a Client or Connected Individual has ordered the Company to perform), and/or if the Company is authorised to provide information. Under these requirements, recipients of personal data can be, for example:
Public authorities and institutions (e.g. the Swiss National Bank, Swiss Financial Market Authority (FINMA), other financial authorities, tax authorities, criminal prosecution authorities, courts) insofar as a statutory or official obligation exists;
Other credit and financial service institutions, comparable institutions and data processors to which the Company transfers a data subject’s personal data in order to perform the business relationship with such data subject (depending on the contract, e.g. market counterparties, correspondent and agent banks, custodian banks, clearing houses, clearing or settlement systems, brokers, stock exchanges, information offices, service providers, companies that a data subject holds securities in, credit/debit card processing supplier(s));
Other companies within the B Capital group for risk control purposes due to statutory or official obligations or for the purpose of outsourcing data processing activities within the B Capital group mainly in the categories of banking services, IT services, logistics, printing services, telecommunications, advice and consulting;
Joint account holders, trustees, beneficiaries, power of attorney holders or executors;
Any bank that provides custody and banking services to you or deals with the Company for you;
Auditors or dispute resolution bodies.
Additional recipients of personal data may be those for which you have given your consent to transfer your personal data or with respect to which you have exempted the Company from banking secrecy by agreement or consent.
5. Is data transferred to a third country or to an international organisation?
In certain circumstances personal data may be viewed at a destination outside Switzerland, including locations which may not have the same level of protection for personal data as Switzerland. The Company will always do this in a way that is permissible under data protection rules. The Company may need to transfer your information in this way for example:
To perform its contract with you (e.g. due to the kind of product or service that is used and in order to fulfil a legal obligation);
Where enforceable under applicable data protection laws to protect the public interest;
For the Company’s legitimate business interests (e.g. for example in the context of a credit transaction).
Transfer of personal data to recipients in countries outside Switzerland, the EEA and the EU (so-called third countries) will take place if:
• It is necessary for the execution of orders or a contract (e.g. payments and securities orders);
• It is necessary in order to support the day to day activity of the Company
• It is required by law (e.g. reporting obligations under fiscal law);
• It is in the context of commissioned data processing; or
• You have given your consent to the Company.
Where your personal data is to be disclosed to third parties domiciled in countries which do not have an appropriate level of data protection, the Company ensures that where necessary it takes appropriate measures (e.g. contractual arrangements - such as the EU Standard Contractual Clauses / see Article 46 para. 2 (c) of the GDPR- or other precautions or justifications) so that personal data continues to receive appropriate protection.
You can obtain more details of the protection given to your information when it is transferred outside Switzerland by contacting the Company in accordance with the information provided in section 1 above.
6. How long will personal data be stored?
The Company will process and store personal data of Clients, Connected Individuals or prospective clients for as long as it is necessary in order to fulfil the Company’s contractual and statutory obligations. It should be noted here that the business relationship with the Company is a continuing and long term obligation, intended to last for several years.
If the personal data are no longer required in order to fulfil contractual or statutory obligations, they are regularly deleted, unless their further processing – generally for a limited time - is required for the following purposes:
Compliance with records retention periods under commercial and tax law: this includes for example the Swiss Code of Obligations (CO) and its related relevant ordinances, the Federal Act on Value Added Tax (VATA), the Federal Act on Direct Taxation (DTA), the Federal Act on Harmonisation of Direct Taxes of Cantons and Municipalities (THA), the Federal Act on Stamp Duties (SDA) the Federal Act on Withholding Tax (WTA), the Swiss Bankers Association‘s Guidelines on the treatment of assets without contact and dormant assets held at Swiss banks (Guidelines on Dormant Assets).
Preservation of evidence in accordance with statutes of limitations.
Compliance with special retention regulations, such as «legal holds», i.e. processes put into effect by the Company in order to preserve all forms of relevant information when litigation is reasonably anticipated or ongoing. In such cases the Company might be required to keep the information for an undefined period of time.
7. What data protection rights do you have?
Under the applicable data protection laws you may have the following rights: the right of access (as defined in article 8 DPA and 15 GDPR), the right to rectification (as defined in article 5 DPA and 16 GDPR), the right to erasure (as defined in article 5 DPA and 17 GDPR), the right to restriction of processing (as defined in articles 12, 13, 15 DPA and 18 GDPR), the right to object to the data processing (as defined in article 4 DPA and 21 GDPR) and, if applicable, the right to data portability (as defined in article 20 GDPR). The right of access and the right to erasure are subject to certain restrictions (under articles 9, 10 and 13 DPA and, in particular, 23 GDPR). Furthermore, if applicable on a person, there is also a right to lodge a complaint with an appropriate data privacy supervisory authority (article 77 GDPR).
Where the Company processes personal data based on your granted consent, you may revoke your consent specifically granted to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were granted to the Company prior to the entry into force of the GDPR, i.e. before May 25, 2018. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby. Please note however that the Company may still be entitled to process your personal data if it has another legitimate reason for doing so.
8. How is personal data kept secure?
The Company implements internal technical and organisational measures to keep personal data of Clients, Connected Individuals and prospective clients safe and secure which may include encryption, anonymisation, access limitations and physical security measures. The Company requires its employees and any third parties who carry out any work on the Company’s behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of personal data.
9. Is there an obligation to provide data?
In the context of a business relationship with the Company a Client or a Connected Individual, must provide all personal data which is necessary for the establishment and maintenance of such business relationship and the performance of the associated contractual obligations or which the Company is legally obliged to collect. As a rule, the Company would not be able to enter into or perform any contract or – consequently - accept and execute any order without collecting and processing personal data.
Data subjects are responsible to make sure the information provided to the Company is accurate and up to date.
In particular, provisions of anti-money laundering law require that the Company verifies a data subject’s identity before entering into the business relationship by means of a document of substantive value (e.g. passport or national identity card) and that the Company collects and records a data subject’s name, place of birth, date of birth, nationality, residential address and other data for that purpose. In order for the Company to be able to comply with this statutory obligation, a data subject must provide the Company with the necessary information and documents in accordance with the Anti-Money Laundering Act and notify the Company without undue delay of any changes that may arise during the course of the business relationship. If a data subject does not provide the Company with the necessary information and documents, the Company will not be allowed to enter into or continue the requested business relationship.
If you give the Company any information about another person connected to your bank account (such as a Connected Individual), you must inform such person about what personal data you have given to the Company, and make sure they are informed of the content of this Data Privacy Statement.
10. Is “profiling” or “automated decision-making” used?
In some cases, the Company processes personal data of Clients, Connected Individuals or prospective clients automatically with the aim of evaluating certain personal aspects (profiling). For instance, the Company uses profiling in the following cases:
Due to legal and regulatory requirements, the Company is obliged to take anti-money laundering, anti-terrorist-financing, anti-fraud and anti-financial crime measures. Data evaluations (including on payment transactions) are also carried out in this context. At the same time, these measures also serve to protect you.
In order to provide you with targeted information and advice on products, the Company may use evaluation tools. These enable demand-oriented communication and advertising, including market and opinion research.
The Company reserves its right to further analyse and evaluate personal data in an automated manner in the future, so as to identify significant personal characteristics of yourself or to predict developments and to create client profiles. These may in particular be used for business-related checks, individual management, advisory or financial services and the provision of offers and information that the Company may make available to you.
When providing you with services, the Company may make decisions about you by automated means. The Company will ensure that a suitable contact person is available if you wish to express a view on any automated individual decision where such opportunity to express a view is required by law. In such event, please refer your request to the address contained in section 1.
11. Changes to the Data Privacy Statement
You may request a copy of this Data Privacy Statement from the Company using the contact details set out in section 1 above. The Company may modify or update this Data Privacy Statement from time to time by providing a revised version to its Clients or making such a revised version available on the Company’s website at awww.bc
Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)
1. Ad hoc right to object
In case GDPR is applicable to you, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 para 1 e) GDPR (processing in the public interest) and article 6 para.1 f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 para. 4 GDPR.
If you lodge such an objection, the Company will no longer process your personal data, unless the Company can demonstrate mandatory legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defence of legal claims. Please note, that in such cases the Company will not be able to provide services and maintain a business relationship with you either.
2. Right to object to the processing of data for direct marketing purposes
In individual cases the Company processes your personal data for direct marketing purposes, If GDPR is applicable to you, you have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the Company will no longer process your personal data for such purposes.
There are no formal requirements for lodging an objection. It should ideally be in writing and addressed to:
B Capital SA
Data Protection Officer
Rue Jean Calvin 14
E-Mail Address: email@example.com