This Data Protection Notice explains how we process personal data. It is subject to our applicable contractual terms and conditions.
In this Data Protection Notice "we" refers to each entity of the Mirabaud Group which acts as a data controller (alone or jointly determining the purpose and means of processing).
"Personal data" includes any information relating to an identified or identifiable natural person (e.g., name, ID card and passport numbers, nationality).
As a data controller, we are responsible for collecting and processing some of your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such personal data, how long we keep them, what your rights are and how you can exercise them. Further information may be provided where necessary when you apply for a specific service.
We kindly ask you to read this Data Protection Notice. Please note that we may also process personal data in respect of an individual who is a "Related Person" to you.
A "Related Person" means an individual or entity whose information you or a third party provide to us and/or which otherwise comes to our knowledge in connection with our business relationship. A Related Person may include, but is not limited to, (i) any director, officer, employee or authorized signatory of a company, (ii) a trustee, settlor, beneficiary or protector of a trust, (iii) any nominee or beneficial owner of an account, (iv) a substantial interest owner in an account, (v) a controlling person, (vi) a payee of a designated payment, or (vii) any representative(s) or agent(s).
In this context, we ask that you liaise with and transmit to your Related Persons this Data Protection Notice, respectively the information contained there
1. Which personal data do we process about you?
We collect and use your personal data to the extent necessary in the context of our activities, in particular to achieve a high standard of services. We may collect various types of personal data about you depending on the nature of the particular service we provide, including:
- identification information (e.g., full name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
- contact information (e.g., address and email address, phone number);
- family situation (e.g., marital status, number of children);
- tax status (e.g., tax ID, tax status);
- education and employment information (e.g., level of education, remuneration);
- banking, financial and transactional data (e.g., bank account details, transfer of assets, source of wealth);
- data relating to your habits and preferences;
- data which relates to your use of our services;
- data from your interactions with us (e.g., our meetings, calls, chats, emails, phone conversations);
- background checks; and
- cookie information (e.g.,cookies and similar technologies on websites and in emails – for more information, please refer to our Cookies Policy).
We never ask for sensitive data (i.e.,personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences) unless it is required by law. If we need to process sensitive data for other purposes, we will inform you and obtain your explicit prior consent.
2. From which source do personal data originate ?
The data we use about you may be directly provided by you or obtained from other sources, such as:
- publications/databases made available by official authorities;
- databases made publicly available by third parties;
- an entity we provide services to; and
- any other third parties including, without limitation, recruitment agencies.
3. Specific cases of personal data collection, including indirect collection
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or previously had, a direct relationship such as:
- visitors to our websites, including subscribers to our newsletters, funds documentation and investment recommendations;
- prospective or existing clients; or
- attendees of our events.
We may also collect information about you where you do not have a direct relationship with us. This may happen, for instance, when your personal data are provided by one of our clients, a contracting party or an investor in collective investment schemes for which a Mirabaud entity acts as management company (the "Investment Funds") if you are, for example:
- a family member;
- a legal representative (acting under a power of attorney or acting professionally as an agent);
- a beneficiary of a payment transaction made by our clients;
- a beneficiary of a trust;
- an ultimate beneficial owner;
- a representatives of a legal entity (which may be a client); and
- a staff member of a service provider or a commercial partner.
4. Why and on which basis do we use your personal data ?
A. To comply with our legal and regulatory obligations
We use your personal data to comply with legal and regulatory obligations (including any legal and regulatory guidance, codes or opinions) and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions), which may include laws outside the country you are located in, including to:
- comply with regulations dealing with prevention of money-laundering, financial crime, financing of terrorism and market abuse;
- comply with regulations relating to sanctions and embargos;
- comply with regulations relating to financial markets in particular with regard to investor protection;
- set up security measures in order to prevent abuse and fraud;
- detect transactions which deviate from normal patterns;
- record, when necessary, our interactions (such as phone calls, chats, email);
- define your credit risk score and your reimbursement capacity;
- identify and manage risks (e.g.,intra-group risks, risk of credit concentration, Cyber risks);
- reply to an official request from an administrative or judicial authority which may include authorities outside your country;
- fight against tax fraud and fulfilment of tax control and notification obligations(such as, without limitation, AEOI and FATCA obligations); and
- comply with any applicable transaction reporting obligations.
B. To perform a contract with you or to take steps at your request before entering into a contract
We use your personal data to enter into and perform our contracts, including to:
- provide and perform our obligations with respect to the services we provide (e.g.,ancillary and investment activities services, including management, advisory or payment services) or otherwise in connection with fulfilling your instructions;
- enforce applicable terms of contracts;
- send administrative information, such as change of our terms, conditions and policies;
- manage, administrate and distribute Investment Funds, including any ancillary services related to these activities;
- process of subscription, conversion and redemption requests in Investment Funds, as well as for maintaining the ongoing relationship with respect to holdings in such Investment Funds;
- provide you with information, including reports, regarding our services;
- assist you and answer your requests as a necessary part of the provision of our services to you, and to administer account(s) and manage our relationships; and
- evaluate if we can offer you a service or a product and under which conditions.
C. To fulfill our legitimate interest
We use your personal data in order to deploy and develop our services, to improve our risk management, to defend our legal rights and to protect our privacy, safety or property and/or that of our affiliates, yours or others, including:
- to prove transactions;
- to prevent, detect, investigate about fraud;
- to manage our IT infrastructure, customer and third party configurations and ensure the security of our IT systems;
- to ensure the security of our premises / infrastructures
- to train our personnel (e.g., by recording phone calls);
- to personalize our offering of services to you;
- to provide customer management and administration;
- to analyse, evaluate and improve our business
- to develop our business relationship with you and to improve the quality of our services;
- to provide you with marketing information on services that match with your circumstances and characteristics or those of the legal entity that you represent; and
- to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.
D. To respect your choice if we request your consent for specific processing
If we need to carry out further processing for purposes other than those above in Section 4, we will inform you and, where necessary, obtain your consent.
5. Who do we share your personal data with ?
Personal data may be disclosed to third parties in connection with the services we are providing to you. The recipients of any such information will depend on the services that are being provided. In order to fulfill the aforementioned purposes and subject to any confidentiality restriction we may have expressly agreed with you or any transaction parties, we may disclose your personal data to:
- Mirabaud Group entities (e.g., so that you may benefit from our full range of group services);
- service providers (including Mirabaud Group entities) which perform services on our behalf, such as payment, banking, investment management and communication infrastructure providers, third party storage providers and trade data repositories, third party IT providers, third party distribution platforms and courier services;
- to other deal/transaction participants, counterparties, vendors and beneficiaries;
- financial, taxation, regulatory or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
- certain professionals such as lawyers, notaries or auditors; and
- to any other persons as agreed with you.
We reserve the right to make personal data accessible to other recipients, as disclosed to you from time to time or if required by applicable laws or requested by a competent authority.
The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. Please be aware that not providing such information may preclude us from pursuing a business relationship with, and/or from rendering our services to you.
6. Are personal data transferred outside of our jurisdiction of incorporation ?
In certain circumstances, we may transfer your personal data to another country than the country of establishment of the Mirabaud Group entity acting as data controller for the relevant personal data processing.
In case of international transfers to a country for which the competent local authority has recognized that it provides an adequate level of data protection, your personal data may be transferred on this basis.
For transfers to a country where the level of personal data protection has not been recognized as "adequate" by the competent authority, we will rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you such as when making an international payment) or implement appropriate safeguards to ensure the protection of your personal data (such as standard contractual clauses or corporate binding rules approved by competent authorities). To obtain details on the applicable safeguards, please contact us at the address provided under Section 11 below.
7. How long do we keep your personal data for ?
We will retain your personal data for the longer of:
- the period required by applicable law or contractual obligations; or
- such other period necessary for us to meet our operational obligations, such as proper account maintenance, facilitating client relationship management and responding to legal claims or regulatory requests.
Most personal data collected in relation to a specified client is kept for the duration of the contractual relationship with such client plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable law. If you would like further information on the period for which your personal data will be stored or the criteria used to determine that period please contact us at the address provided under Section 11 below.
8. What are your rights and how can you exercise them ?
Depending on the data protection laws which apply to your situation, you have the following rights:
- To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
- To rectify: where you consider that your personal data is inaccurate or incomplete, you can require that such personal data be modified accordingly.
- To erase: you can require the deletion of your personal data, to the extent permitted by law.
- To restrict: you can request the restriction of the processing of your personal data.
- To object: you can object to the processing of your personal data, on grounds relating to your particular situation.
- To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
- To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
Even if you object to the processing of personal data, we are nevertheless allowed to continue the same if the processing is (i) legally mandatory, (ii) necessary for the performance of a contract to which you are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we follow, including the establishment, exercise or defense of legal claims. We will not, however, use your personal data for direct marketing purposes without your consent or if you ask us not to do so.
If you require further information, or if you wish to exercise the rights listed above, please contact us at the address provided under Section 11 below.
In accordance with applicable regulation, in addition to your rights above you are also entitled to lodge a complaint with the competent supervisory authority.
9. Do we rely upon automated decision-making ?
We do not use automated decision-making in connection with your personal data. Should we do so in the future, we shall comply with applicable legal and regulatory requirements.
10. How can you keep up with changes to this Data Protection Notice?
We may need to update this Data Protection Notice from time to time. We will publish updates of this Data Protection Notice on our website and, as the case may be, inform you of any material changes through our usual communication channels.
11. How to contact us?
If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officers as follows:
Wealth Management (WM) Data Protection Officers:
Mirabaud & Cie Ltd
29, boulevard Georges-Favon
Attn : Data Protection Officer
Mirabaud & Cie (Europe) SA
25, avenue de la Liberté
Attn : Data Protection Officer
Mirabaud Canada Inc.
1501, McGill College Avenue
Montréal (Quebec) H3A 3M8
Attn : Data Protection Officer
Asset Management (AM) Data Protection Officer:
Mirabaud Asset Management (Suisse) SA
29, boulevard Georges-Favon
Attn: Data Protection Officer