Data Protection Notice
Protecting the privacy of clients and partners is extremely important to Rosetrust AG (hereinafter Rosetrust, we or us). We are committed to ensuring the confidentiality of your communications with us. Understanding your data protection rights and our professional practices requires an understanding of
some key terminology. Two terms are especially important to understand:
- “Controller” means the natural or legal person who determines the purposes and means of the processing of personal data. The “controller” described in this data protection notice is Rosetrust, unless we have informed you otherwise in specific cases.
- “Personal data” is any information that relates to an identified or identifiable living individual.
Different pieces of information, which when collected together can lead to the identification of a particular person, also constitute personal data. Below, we outline the basis on which we collect and process personal data, the purposes for which we use and disclose personal data provided by you and your rights in respect of such personal data. The data which is shared with us reflects our clients’ trust and recognition of our professionalism. Protecting such data is one of our highest priorities as fiduciary professionals.
Basis for processing personal data
In order to provide our services as fiduciary advisors, adhere to our obligations, assert claims in legal disputes and official proceedings, as well as to protect our legitimate interests, we process personal data we obtain from our clients. This Data Protection Notice is in line with the revised Swiss Federal Act on Data Protection (FADP) currently in force. The revised Ordinance on the Swiss Federal Act on Data Protection (DPO) also applies to this Data Protection Notice. The FADP is heavily influenced by EU law, in particular the EU General Data Protection Regulation (GDPR). As an international fiduciary services provider with strong
ties across Europe, the GDPR is highly relevant for us and informs our data protection practices both in Switzerland and when operating across borders.
What personal data do we process?
Personal data that we may process includes but is not limited to personal information such as your name, address, bank account details, nationality, place of birth and contact details. We will use your personal data:
- to manage our ongoing relationship and engagement with you, and to record and/or update your contact details and communication preferences;
- to carry out anti-money laundering, conflict and reputational checks;
- to comply with our regulatory and risk management obligations, including establishing, exercising or defending legal claims.
Collection of personal data
Personal data that we possess is obtained from various sources, including but not limited to:
- our client on-boarding forms;
- information you provide to us from time to time;
- information about you provided to us by a contracting
- party acting on your behalf (e.g. your
company, adviser, custodian of your assets or intermediary); - communications with us by telephone, fax, mail, email, or any other forms of electronic
communication; - public sources, such as online media or employment websites;
- public registers or data received in connection with administrative or court proceedings.
Protection of personal data
We protect all personal data through appropriate technical and organisational security measures, such as internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, and inspections. We store it electronically on secure servers and at physically secure premises.
Transfer of personal data
We will not transfer any data to a third party unless required to do so by law, or to comply with our legal, regulatory and risk management obligations. This may include establishing, exercising or defending legal claims, or may be required in the ordinary course of providing services to (e.g. providing information to advisers, banks and lawyers, amongst others in order to enable them to comply with their own due diligence and compliance regulations).
Your personal data may also be made available to supervisory bodies, auditors and other service providers under a professional duty of confidentiality who are subject to similar data protection legislation.
We may have to transfer your personal data to recipients abroad from time to time, including to countries that do not provide the same type of protection as Swiss or EU law. We will only do so on the basis that such a transfer is necessary for the performance of an agreement, or for an agreement or performance of an agreement concluded in the interest of the data subject, or for the establishment, exercise or defence of legal claims.
If a recipient is located in a country without adequate data protection, as per the opinion of the Swiss federal government, we will contractually bind the recipient by means of recognized standard contractual clauses or will rely on an exceptional provision, such as consent, the execution of the contract or an overriding public interest.
Retention of personal data
Any personal data we control, or process shall be retained by us for as long as is considered necessary for the purposes for which it was collected. In the absence of specific legal, security, regulatory or contractual requirements, our retention policy for records and other documentary evidence created in the provision of services is 12 years following the cessation of the business relationship.
Your rights in respect of your personal data
Under Swiss law, you have the following rights:
- Right to rectification
- Right to notification on existing personal data
- Right to restrict processing
- Right to be forgotten – erasure
- Right to object
- Right to revoke consent
- Right not to be the subject of exclusively
automated processing
For further information, please consult the original text of the FADP at https://www.fedlex.admin.ch/eli/cc/2022/491/en.
Please do note that the English-language translation of the FADP is not binding. We welcome your inquiries and comments.
Amendments to this Data Protection Notice
We may amend this Data Protection Notice at any time without prior notice. If the Data Protection Notice is part of an agreement with you, we will notify you by e mail or other appropriate means if there is an amendment.
Complaints
If you have a query or complaint about our use of your personal data, please contact our Data Protection Officer at:
Rosetrust AG
Compliance Dept.
Baarerstrasse 96
P.O Box 7262
6302 Zug
Switzerland
Email : info@rosetrust.ch
Tel : +41 41 760 28 88
You also have the right to register a complaint with the Swiss Federal Data Protection and Information Commissioner. For further information on the rights and how to make a complaint please visit their website at https://www.edoeb.admin.ch/en