1. Who is responsible for Data Processing & how can I contact them?
The legal entity responsible is:
Swisscanto Asset Management International S.A.
19, rue de Bitbourg
Tel.: +352 27 84 35 99
As responsible entity we take all legally required measures to protect your personal data.
Every concerned person can contact us at any time for questions or suggestions in relation to data protection. You can contact us by writing to the above mentioned postal address, email or phone.
2. What Data & Sources do we use?
We process personal data that we obtain from our clients in the context of our business relationship or from their legal representative and employees or when a person contacts us in writing, per email or by phone. We also process personal data that we obtain legitimately (e.g. in case of the organisation of a client event, for the execution of agreements concluded with clients or service providers or that is legitimately transferred to us by other companies within the Zürcher Kantonalbank group. Furthermore, we process personal data that we obtain legitimately from publicly accessible sources (e.g. trade register, media).
Relevant personal data can be:
- Name, professional address/other contact details (email, phone number), gender and optional position within the employing entity and job title.
- In the context of our business relationship, in particular through personal, written contact or contact by phone other personal data is provided, e.g. information about the contact channel, date, occasion, result, electronic copies of the correspondence.
- Special categories of personal data, also known as “sensible data”, e.g. religion, are neither collected nor processed. We neither collect personal data from children.
3. What do we process your data for & on what legal basis?
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR).
a. For fulfilment of contractual obligations (Art. 6 Para 1b GDPR)
Data is processed in accordance with the legal agreements with our clients or to carry out pre-contractual measures that occur as part of a request from an interested party. The purposes of data processing are primarily in compliance with the specific product or service and can include analysis of needs, advice as well as carrying out transactions. You can find other details about the purposes of data processing in the related legal documentation.
b. In the context of balancing interests (Art. 6 Para 1f GDPR)
Where required, we process your data beyond the actual fulfilment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples:
- Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions.
- Marketing or market and opinion research, unless you have objected to the use of your data.
- Obtaining personal data from publicly available sources for client acquisition purposes.
- Measures for business management and further development of services and products.
- Asserting legal claims and a defence in legal disputes.
- Prevention and investigation of crimes.
c. As a result of your consent (Art. 6 Para 1a GDPR)
As long as you have granted us consent to process your personal data for certain purposes (e.g. reception of our newsletter), this processing is lawful on the basis of your consent. If a consent was given it can be withdrawn at any time. This also applies to the withdrawal of your consent given to us before the entry into force of GDPR, i.e. before May 25, 2018. Please note that such withdrawal is only valid for the future. The withdrawal of consent does not affect the legality of data processed prior to it.
d. Due to legal provisions or in the public interest (Art. 6 Paras 1c & 1e GDPR)
Moreover, as a management company to investment funds we are subject to various legal obligations, meaning legal and regulatory requirements (e.g. law about undertakings for collective investments, anti-money laundering, CSSF regulation and circulars, tax laws) and supervisory guidelines (e.g. from the CSSF). The purposes of processing include identity checks, fraud and money laundering prevention, fulfilling control and reporting obligations under financial regulation, and measuring and managing risks within the Zürcher Kantonalbank group.
4. Who receives your data?
We will share your personal data with other entities within the Zürcher Kantonalbank group where required to fulfil our contractual and legal obligations. We will also transfer your personal data to service providers and agents appointed by us for the relevant purposes, subject to maintaining applicable data protection rules. These companies include fund administrator services, advisors and consultants, and distributors and marketers.
We may transfer your personal data if you have given your consent or if legal or regulatory requirements demand it to the following external recipients:
- public entities and institutions (e.g. financial authorities, law enforcement authorities) upon providing a legal or regulatory obligation.
- other credit and financial service institutions or comparable institutions in order to carry out a business relationship with you (depending on the agreement, e.g. correspondent banks, custodian banks, brokers, stock exchanges).
Other recipients may be those for which you have given us your consent to transfer personal data to.
5. Will data be transferred to a third country or an international organization?
Data transfers to legal entities in states outside the European Union (known as third countries) takes place so long as:
- it is necessary for the purpose of carrying out your orders (e.g. payment and securities orders),
- it is required by law (e.g. reporting obligations under financial regulation), or
- you have granted us your consent.
In case of a data transfer to Switzerland the European Commission has taken an adequacy decision confirming in accordance with Article 13 Para. 1f GDPR that the data protection level is sufficient. There are no other special safeguards necessary within the meaning of Article 45 GDPR.
6. For how long will your data be stored?
We will process and store your personal data for as long as it is necessary in order to fulfil our contractual, legal and regulatory obligations. Please note that our business relationship is a long-term obligation, which is set up for an indefinite period of time.
We will delete data provided that the data is no longer required in order to fulfil contractual, legal or regulatory obligations, unless legal or regulatory record keeping obligations apply.
7. What data privacy rights do you have?
Every data subject has in relation to their personal data:
- the right of access - according to Article 15 of the GDPR.
- the right to rectification - according to Article 16 of the GDPR.
- the right to erasure - according to Article 17 of the GDPR.
- the right to restrict processing - according to Article 18 of the GDPR.
- the right to object - according to Article 21 of the GDPR.
- the right to data portability - according to Article 20 of the GDPR.
If applicable, you also have the right to make a complaint to the competent data protection authority (Art. 77 GDPR).
You can withdraw your consent granted to us for the processing of your personal data at any time. This also applies to withdrawing consent that was granted to us before May 25, 2018, the entry into force of the GDPR. Please note that such withdrawal only applies for the future. Processing that was carried out before the withdrawal was notified will not be affected.
8. Am I obliged to provide data?
In the context of our relationship, you must provide all personal data required for accepting and carrying out a business relationship and the fulfilment of the relevant contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to enter into a legal agreement with you.
In particular, anti-money laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose. In order to be able to comply with these legal obligations, you must provide us with the necessary information and documents in accordance with the applicable anti-money laundering regulations, and to immediately disclose any changes over the course of our relationship. If you do not provide us with the necessary information and documents, we cannot enter into or continue the business relationship.
9. To what extent does Swisscanto Asset Management International S.A. use automated decision making?
We generally do not use any fully automated decision-making pursuant to Art. 22 GDPR.
10. May the present data privacy protection notice be amended?
The present data privacy notice may be subject to changes in case of legal or regulatory changes or in case of changes in the provided service or data processing. Please visit our website regularly in order to be informed of such changes of the content of the data privacy notice.
Information on your right to object in accordance with Art. 21 GDPR
On grounds relating to your particular situation, you shall have the right to object to the processing of your personal data at any time, in line with Art. 6 Para 1e GDPR (data processing in the public interest) and Art. 6 Para 1f GDPR (data processing based on balancing interests).
If you object to the processing of your personal data we will stop processing it unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedom, or processing serves the enforcement, exercise, or defence of interests. Please note, that in such cases we will not be able to provide further services and maintain a business relationship.
The objection does not need to be made in a particular form. However, it should be addressed to:
Swisscanto Asset Management International S.A.
19, rue de Bitbourg