We, Alpian SA (Alpian or we or us) care about the protection and confidentiality of your personal data and are committed to comply with data protection laws and regulations. The following information provides an overview of how we process your personal data and your rights under data protection laws and regulations.
1. Who is responsible for your personal data and whom can you contact?
We are the entity responsible for the processing of your personal data. For any question that you may have in connection with the processing of your personal data, you may contact our Data Protection Officer at the following address:
ALPIAN SA Data Protection Officer Chemin des Crêts, 17 1209 Genève Switzerland e-mail : firstname.lastname@example.org
2. What types of personal data do we collect and what sources do we use?
The personal data we process may include
- personal identification details (e.g., name, place of birth, date of birth, citizenship, address, telephone numbers, email addresses, family details, other KYC (Know your customer) information, any additional information collected during our exchanges with you),
- identification data (e.g., copy of passport or identity card, social security number, tax identification number),
- identifiers we assign to you, such as your client, business relation, contract, partner or account number, including identifiers for accounting purposes
- tax information (e.g., tax domicile and other tax-related documents and information) (d) professional information about you (e.g., job title, job experience),
- financial information (e.g., financial history information, transaction data, bank details),
- your risk profile and investment preferences based on - among other things- your investment knowledge and experience,
- records of communications between you and us,
- details of interactions with you and the products and services you use,
- when you access our websites or our application, your activity in our products and services, data transmitted by your browser or device you are using and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your device, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our website if their disclosure is made voluntarily, e.g., in the course of a registration or request), and
- cookie information (e.g., cookies and similar technologies on websites).
We collect and receive personal data either:
- directly from you (e.g., when you are providing us information via our mobile banking application), or
- indirectly from third parties who legitimately transferred us your data or publicly available sources (e.g., commercial register, sanctions list, press, media, internet).
3. For what purposes and on what legal bases do we process your personal data?
We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP). Your personal data may also be protected by banking secrecy or other contractual or professional confidentiality obligations applicable to us.
We process personal data for the following purposes (the Purposes):
- for the fulfillment of contractual obligations We collect and process personal data as necessary for the performance of a contract to which you or a related person is a party, or to carry out pre-contractual measures that occur as part of a request, which includes in particular the following processing operations: (i) opening and management of an account and business relationship with us, (ii) the execution of transactions, (iii) the provision of investment services, and (iv) the conduct of asset and portfolio management activities.
- for compliance with a legal obligation or in the public interest As a bank, we are subject to various legal obligations which require us to process and collect personal data, including in relation to accounting requirements, the provision of information about products and services, the prevention of money laundering activities, bribery, corruption, tax frauds as well as other frauds and crimes, the recording of phone or videocalls, the satisfaction of any requirements of cooperation with, or reporting to, any competent public prosecution, supervisory, administrative or tax authority or court, as well as the assessment and management of risks.
- for the purposes of safeguarding legitimate interests When necessary, we process your personal data for the purpose of the legitimate interests pursued by us or a third party, if such processing does not unduly affect your interest or fundamental rights and freedoms. Examples include (a) the development of our business relationship with you (b) measures for the security of our properties and systems (c) the recording of phone conversations and videocalls to verify instructions, improve the quality of our services or to safeguard our rights (d) the exercise or defense of actual or potential legal claims, or the conduct of investigations or similar proceedings and (e) the review and improvement of our internal processes and organization, including for the purpose of risk management.
- on the basis of your consent To the extent that the processing of your personal data requires that you give your prior consent thereto, we will ask for your consent in due time. Any consent granted may be revoked at any time. Please be advised that the revocation of your consent shall only have effect for the future. Any processing that was carried out prior to the revocation shall not be affected thereby.
The provision of personal data may be mandatory, for instance in connection with compliance with applicable laws and regulations. If the required data are not provided, this may preclude us from establishing or pursuing a business relationship or from rendering services to you.
The processing of personal data as referred to above can include all details related to you as a client, the existence of a relationship between you and Alpian, and details on any beneficial owners, controlling persons, beneficiaries, authorized agents and representatives, and other individuals involved in the banking relationship.
4. Who has access to your personal data and with whom are they shared?
Within our bank, each unit that requires your personal data to achieve the Purposes will have access to it, based on the need-to-know principle. If necessary or useful to perform our services and achieve the Purposes, we may disclose or transfer your personal data to (i) public or governmental authorities, administrations or courts (e.g. financial market supervisory authorities, tax authorities, anti-money laundering authorities) or financial institutions (e.g. third party central depositories, brokers, exchanges, registers, third party banks, etc.) or (ii) third party service providers that process personal data on our behalf and/or to which we outsource certain tasks (outsourcing).
Other data recipients may be the entities for which you have given us permission to share data with or for which you have released us from bank client confidentiality in accordance with our general terms and conditions or any other declaration of consent.
5. Are your data transferred outside of Switzerland?
Your personal data may be transferred to countries outside Switzerland (i) if this is required for the execution of your orders or the fulfillment of our contractual obligations (e.g. payment and securities transactions), (ii) in line with our General Terms and Conditions to enable the outsourcing of certain tasks to third party service providers, (iii) if prescribed by law (e.g. reporting obligations under tax law), (iv) if necessary to safeguard an overriding public interest, or (v) if you have given us your consent. A transfer of your personal data outside of Switzerland may include the transfer to jurisdictions that: (i) ensure an adequate level of data protection according to the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission or (ii) do not benefit from adequacy decisions from the FDPIC or the European Commission and do not offer an adequate level of data protection. In the latter case, we will ensure that appropriate safeguards are provided, e.g., by using standard contractual clauses established by the European Commission. Access to your personal data will be safeguarded by appropriate technical and organizational measures.
Whenever personal data or processing personal data are processed in a country considered as not complying with the FDPIC or the UE Commission, adequate measures will be taken such as SCC to guarantee the confidentiality of your personal data.
6. How long will your data be stored?
As a matter of principle, we process and store your personal data as long as it is necessary in order to fulfil contractual as well as national and international legal obligations, to pursue business interests, or for the purposes for which processing is used. We will delete or anonymize your personal data regularly once they are no longer necessary in order to achieve the Purposes, unless a further processing of your personal data is necessary for the following purposes:
- compliance with longer records retention periods under applicable law or regulations and
- preservation of all forms of relevant information to exercise or defend actual or potential legal claims or to conduct investigations or similar proceedings.
7. Do we rely upon profiling or automated decision making?
In some cases, we process your personal data automatically with the aim of evaluating certain personal aspects (profiling), in particular to provide you with targeted information and advice on our products or services or those of our business partners. We may also use technologies that allow us to identify the level of risks linked to a data subject or to the activity on an account.
Furthermore, as a rule, we do not make decisions based solely on automated processing in order to perform our services. Should we do so, we shall comply with applicable legal and regulatory requirements.
8. What are your rights in connection with data protection?
Subject to applicable local data protection legislation, you have the right:
- to request access to, and receive a copy of the personal data we hold (fees can be charged if requests are considered as too extensive, charge fees will be fixed on the amount of workload process only)
- to ask us to rectify or erase inaccurate personal data we collect and process.
- where we process your personal data on the basis of your consent, to withdraw that consent at any time;
- to ask us to stop processing your personal data, or to request deletion of your personal data, in which case we will no longer process the personal data unless the processing is (i) required by law, (ii) necessary for the performance of the contract, (iii) necessary for performance of a task carried out in the public interest or (iv) necessary for the purposes of the legitimate interests we pursue, including the establishment, exercise or defense of legal claims.
- to obtain a copy of, or access to, the appropriate or suitable safeguards which we may have implemented for transferring the personal data outside the European Union or Switzerland.
Furthermore, you have the right to complain to our Data Protection Officer and, if applicable, to lodge a complaint with a competent data privacy regulatory authority. You can exercise the rights set out above by contacting our Data Protection Officer using the details in section 1 of this Policy.
9. Protection of Minors
People under 18 years of age should not transmit any personal data to Alpian without the consent of their parents or legal guardians. Alpian does not request personal data from children or young people. Such data are not knowingly collected and /or passed on to third parties.
10. Amendement to this privacy notice
Due to the further development of our website, application and offers or due to changed legal or regulatory requirements, we may need to change our Privacy Notice. We may therefore at any time and without prior notice modify this Privacy Notice. The currently valid version of our Privacy Notice is accessible at any time on our website as well as in our mobile banking application.
11. Further information and contact
Alpian is responsible for processing your personal data as described in this Privacy Notice. If you have any questions about the processing of your personal data, you can contact Alpian at the following address:
ALPIAN SA Chemin des Crêts, 17 1209 Genève Switzerland Email : email@example.com