Data protection notice

The data we use about you may be directly provided by you or obtained from other sources, such as:

• publications/databases made available by official authorities;
• databases made publicly available by third parties;
• an entity we provide services to; and
• any other third parties including, without limitation, recruitment agencies.

In certain circumstances, we may collect and use personal data of individuals with whom we have, could have or previously had a direct relationship such as:

• visitors to our websites, including subscribers to our newsletters, funds documentation and investment recommendations;

• prospective or existing clients; or

• attendees of our events.

We may also collect information about you where you do not have a direct relationship with us. This may happen, for instance, when your personal data are provided by one of our clients, a contracting party or an investor in collective investment schemes for which a Mirabaud Group entity acts as management company (the “investment funds”) if you are, for example:

• a family member;

• a legal representative (acting under a power of attorney or acting professionally as an agent);

• a beneficiary of a payment transaction made by our clients;

• a beneficiary of a trust;

• an ultimate beneficial owner;

• a representative of a legal entity (which may be a client);

• a user of certain online functions or services and

• a staff member of a service provider or a commercial partner.

A. TO COMPLY WITH OUR LEGAL AND REGULATORY OBLIGATIONS

We process your personal data to comply with legal and regulatory obligations (including any legal and regulatory guidance, codes or opinions) and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions), which may include laws outside the country you are located in, including to:

• comply with regulations dealing with prevention of money-laundering, financial crime, financing of terrorism and market abuse;

• comply with regulations relating to sanctions and embargoes;

• comply with regulations relating to financial markets (including self-regulation standards), in particular with regard to investor protection and contactless and dormant assets;

• comply with our prudential obligations (particularly in terms of risk management and organisation);

• set up security measures in order to prevent abuse and fraud; 2/4/898/9

• detect transactions which deviate from normal patterns;

• record, when necessary, our interactions (such as phone calls and videoconferences, chats, email);

• define your credit risk score and your reimbursement capacity;

• identify and manage risks (e.g., intra-group risks, risk of credit concentration, Cyber risks);

• reply to an official request from an administrative or judicial authority which may include authorities outside your country of residence;

• fight against tax fraud and comply with applicable tax supervision and reporting obligations (such as, without limitation, AEOI and FATCA obligations); and

• comply with any applicable transaction reporting obligations.

B. TO PERFORM A CONTRACT WITH YOU OR TO TAKE STEPS AT YOUR REQUEST BEFORE ENTERING INTO A CONTRACT

We use your personal data to enter into and perform our contracts, including to:

• fulfil our obligations with respect to the services we provide (e.g., ancillary and investment activities services, including management, advisory or payment services) or otherwise in connection with fulfilling your instructions;

• enforce applicable terms of contracts; • send administrative information, such as changes of our terms, conditions and policies;

• manage, administer and distribute investment funds, including any ancillary services related to these activities;

• process subscription, conversion and redemption requests in investment funds, as well as to maintain ongoing relationships with respect to holdings in such investment funds;

• provide you with information, including reports, regarding our services;

• assist you and answer your questions as a necessary part of the provision of our services to you, and to administer account(s) and manage our relationships; and

• evaluate whether we can offer you a service or a product and the associated conditions.

C. TO PURSUE OUR LEGITIMATE INTEREST

We use your personal data in order to deploy and develop our services and associated security, to improve our risk management, to defend our legal rights and to protect our privacy, safety or property and/or that of our affiliates, yours or others, including:

• to prove transactions;

• to prevent, detect and investigate fraud;

• to manage our IT infrastructure, customer and third party configurations and ensure the security of our IT systems;

• to ensure the security of our premises/infrastructures;

• to train our personnel (e.g., by recording phone calls);

• to personalise our offering of services to you;

• to provide customer management and administration;

• to analyse, evaluate and improve our business;

• to analyse, evaluate and improve the performance, innovation and attractiveness (including financial attractiveness) of our services;

• to analyse and predict certain of your personal preferences, interests and behaviours based on your use of our services, website and applications (profiling); 2/5/898/9

• to develop our business relationship with you and to improve the quality of our services;

• to undertake data analytics to learn more about how you interact with our websites, our applications and our advertising; and

• to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.

D. TO RESPECT YOUR CHOICE IF WE REQUEST YOUR CONSENT FOR SPECIFIC PROCESSING

If we need to carry out further processing for purposes other than those listed above in Section 4, we will inform you and, where necessary, obtain your consent.

Personal data may be disclosed to third parties in connection with the services we are providing to you. The recipients of any such information will depend on the services that are being provided. For the abovementioned purposes and subject to any confidentiality restriction we may have expressly agreed with you or any transaction parties, you authorise us to disclose your personal data to:

• Mirabaud Group entities (e.g., so that you may benefit from our full range of Group services);

• service providers (including Mirabaud Group entities) which perform services on our behalf, such as payment, banking, investment management and communication infrastructure providers, third party storage providers and trade data repositories, service providers involved in the process of developing, printing, and/or mailing of banking documents*, third party IT providers, third party distribution platforms and courier services or providers of monitoring and alert management (including event logging) related to certain activities on our information systems, development and/or operation and provision of a core business platform and other software, including internal and external communication interfaces (including with the client);

• other deal/transaction participants, counterparties, suppliers and beneficiaries;

• financial, taxation, regulatory or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;

• certain professionals such as lawyers, notaries or auditors; and

• to any other persons as agreed with you.

We reserve the right to make personal data accessible to other recipients, as disclosed to you from time to time or if required by applicable laws or requested by a competent authority.

The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. If you withdraw your consent and/or object to the transfer of your personal data, you should be aware that not providing such information may preclude us from pursuing a business relationship with you and/or from rendering our services to you and/or performing certain transactions.

We may transfer your personal data to all countries where a Mirabaud Group entity is located (https://www. mirabaud.com/en/network) and, depending on the services requested and/or provided, to other countries such as, in particular, the United States, India, the United Kingdom or other countries of the European Union.

In the case of a transfer abroad, your data may be transferred to a country where the local competent authority recognises that the level of data protection is adequate.

For transfers to a country where the level of personal data protection has not been recognised as “adequate” by the competent authority, we will rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you such as when making an international payment), we will implement appropriate contractual, technical and/or organisational safeguards to ensure the protection of your personal data (such as standard contractual clauses or binding corporate rules approved by competent authorities, encryption of transmitted data, implementation of processes to manage and control access to data and IT systems, definition and management of privileges to access data and/or segregation of data), or we will obtain your consent (including through our General Terms and Conditions and/ or this Data Protection Notice). To obtain details on the applicable safeguards, please contact us at the address provided in Section 11 below.

We will retain your personal data for the longer of the purpose for which they are intended and the period required by applicable law or contractual obligations and/or for the period necessary to protect our legitimate interests (such as satisfying legal claims or responding to requests from regulatory authorities).

Most personal data collected in relation to a specified client are kept for the duration of the contractual relationship with that client plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable laws. If you would like further information on the period for which your personal data will be stored or the criteria used to determine that period please contact us at the address provided in Section 11 below.

Depending on the data protection laws applying to your situation, you have the following rights:

• to access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.

• to rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly.

• to erase: you can request the deletion of your personal data, to the extent permitted by law.

• to restrict: you can request that the processing of your personal data be restricted.

• to object: you can object to the processing of your personal data, on grounds relating to your specific situation.

• to withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.

• to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party. 

Even if you object to the processing of personal data, we are nevertheless permitted to continue that processing if it is (i) legally mandatory, (ii) necessary for the performance of a contract to which you are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we pursue, including the establishment, exercise or defence of legal claims. However, we will not use your personal data for direct marketing purposes if you ask us not to do so.

If you require further information or if you wish to exercise the rights listed above, please contact us at the address provided in Section 11 below.

In accordance with applicable regulations, in addition to your rights above you are also entitled to lodge a complaint with the competent supervisory authority.

We do not use automated decision-making in connection with your personal data. If we do so in the future, we will comply with applicable legal and regulatory requirements.

In accordance with applicable laws and regulations, we may process your personal data automatically to determine certain characteristics such as your personal preferences, interests and behaviours based on your use of our services, applications and websites (profiling) in order to provide you with personalised information on our products and services.

We may need to update this Data Protection Notice from time to time. We will publish updates of this Data Protection Notice on our website and inform you of any material changes where applicable through our usual communication channels.

If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officers as follows:

Wealth Management (WM) data protection officers:

Mirabaud & Cie Ltd

29, Boulevard Georges-Favon

1204 Geneva Switzerland

Attn: Data Protection Officer

wm.ch.dataprivacy@mirabaud.com

Mirabaud & Cie (Europe) SA

6B, rue du Fort Niedergrünewald

2226 Luxembourg

Luxembourg

Attn: Data Protection Officer

wm.eu.dataprivacy@mirabaud.com

Mirabaud Canada Inc.

1 Place Vile Marie

Suite 2810

H3B 4R4 Montreal (Quebec) Canada

Attn: Data Protection Officer

wm.ca.dataprivacy@mirabaud.com

Mirabaud (Middle East) Limited

24th Floor - North Tower

Emirates Financial Towers

Dubai International Financial Centre

P.O. Box 50666

Dubai

Attn: Data Protection Officer

anne.mbuthia@mirabaud.ae

Asset Management (AM) data protection officers:

Mirabaud Asset Management (Suisse) SA

29, Boulevard Georges-Favon

1204 Geneva Switzerland

Attn: Data Protection Officer

am.dataprivacy@mirabaud-am.com