The aim of this information is
Your trust is important to us, which is why we take the issue of data protection seriously and ensure ap-propriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA), the European General Data Protection Regulation (GDPR) and, where applicable, other provisions of data protection law.
So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.
2. What personal data do we process and for what purpose?
Depending on your activity, we process the following personal data:
2.1 Visit the website
When you visit our websites, our servers temporarily save each access in a log file. The following data is collected without your intervention and stored by us until automatic deletion (at the latest after 12 months):
The collection and processing of this data is carried out for the purpose of enabling the use of our web-sites (connection establishment), to ensure system security and stability on a permanent basis, to enable the optimisation of our internet offer as well as for internal statistical purposes.
Only in the event of an attack on the network infrastructure or suspicion of other unauthorised or abusive website use will the IP address be evaluated for the purpose of clarification and defence and, if necessary, used as part of criminal proceedings to identify and take civil or criminal action against the users con-cerned.
The legal basis is our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR in provid-ing a stable and functional website.
2.2 When opening a customer relationship
When opening a customer relationship, we process the following personal data:
This data processing is necessary in order to enter into a contractual relationship with us.
Certain data are mandatory (marked with *). If you do not provide us with the mandatory information, it is not possible to open a customer account.
Furthermore, this data is used to maintain the business relationship with you, to provide our services and to invoice you.
The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
2.3 When opening a client account with a third party
When opening a client account (e.g. with a custodian bank or broker), we process the following personal data:
Certain information is mandatory (marked with *). If you do not provide us with the mandatory infor-mation, it will not be possible to open a bank account.
We are legally obliged to carry out further clarifications when entering into and maintaining client relation-ships. In particular, we are subject to an extensive duty of identification with regard to new and existing clients and are also subject to Swiss money laundering legislation.
The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
2.4 Money Laundering Act
The following data is collected as part of audits for compliance with the Money Laundering Act:
The purpose of this data processing lies in the legal obligation to comply with the provisions of the Mon-ey Laundering Act. It is therefore necessary for the fulfilment of the legal obligations.
Certain data is mandatory (marked with *). If you do not provide us with the mandatory information, we will not be able to complete the verification of compliance with the Anti-Money Laundering Act.
The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 (1) (b) GDPR as well as legal obligation within the meaning of Art. 6 (1) (C) GDPR.
3. From which sources do we collect your personal data?
In principle, we collect personal data directly from you (e.g. via forms, in the course of communica-tion with us, in connection with contracts, when using the website, etc.).
Unless this is inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the media or the internet incl. social media) or receive data from other companies within our group, from authorities and from other third parties (such as data collections on criminal activities (such as World Check).
The categories of personal data that we receive about you from third parties include, in particular, in-formation from public registers, information that we obtain in connection with official and legal pro-ceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, creditworthiness information, infor-mation about you that people close to you provide to us so that we can conclude or process con-tracts with you or involving you (e.g. information for compliance with legal requirements such as for combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet (where this is appropriate in the specific case).e.g. information to comply with legal requirements such as those relating to combating fraud, money laundering and terrorism and export restrictions, information about you from the media and the Internet.
4. Location of data processing
Your personal data is stored in Switzerland.
5. Is the personal data passed on to third parties?
We share your personal data with the following categories of recipients:
Central services provider is our group company Arvis in the Philippines.
We disclose to these service providers the data required for their services, which may also con-cern you. These service providers may also use such data for their own purposes, e.g. infor-mation about outstanding debts and your payment history in the case of credit agencies or anonymised data to improve services. We also enter into contracts with these service providers that include provisions to protect your personal data. Our service providers may also process da-ta about how their services are used and other data arising from the use of their services as inde-pendent data controllers for their own legitimate interests (e.g. for statistical analysis or billing purposes). Service providers inform about their independent data processing in their own data protection statements.
All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
6. Transmission of personal data abroad
The personal data is processed in our group companies in Switzerland, the EU/EEA, the Philippines, the UK, the United Arab Emirates, Cyprus, Hong Kong and Singapore. Moreover, in the course of our services, personal data can be transferred to the registered agents, auditors, banks and agent companies in the EU/EAA, British Virgin Islands, Panama, Gibraltar, United Arab Emirates, Hong Kong, Philippines, Hong Kong, West Indies, Marshall Islands and – in specific cases where you wish a relation to another country – other countries.
If a recipient is located in a country without adequate legal data protection according to the EU commis-sion or to the Swiss Federal Council, we contractually oblige the recipient to comply with the applicable data protection (in particular, we use the revised standard contractual clauses of the European Commis-sion (SCC), which are available here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?] ) or we en-sure other appropriate safeguards according to Art. 16 FADP and Art. 45 GDPR, insofar as they are not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an ex-ception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have con-sented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
We have concluded SCC with all our Group companies in the Philippines, the United Arab Emirates, Hong Kong and Singapore, since these countries do not have an adequate level of data protection. Moreover, we have concluded SCC with registered agents, auditors and agent companies who regularly get data from us in the following countries without having adequate data protection: Philippines and Marshall Islands.
Occasionally, your personal data can be transferred to registered agents, auditors and agent companies in countries without adequate level of data protection: British Virgin Islands, Panama, United Arab Emirates, Hong Kong, Philippines, Isle of Man and West Indies. This transfer is necessary for the performance of the contract and the rendering of services to you.
Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.
7. Your rights
You can object to data processing at any time. You also have the following rights:
Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the ad-justments made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.
Right to restrict processing: Under certain circumstances, you have the right to have us restrict the pro-cessing of your personal data.
Right to object: You have the right to object to data processing, in particular to the processing of person-al data. Right to data transfer: In certain circumstances, you have the right to receive, free of charge, the personal data you have provided to us in a machine-readable format.
Right of withdrawal: In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past do not become unlawful as a result of your revocation.
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.
8. Retention period of personal data
We retain personal data for as long as it is needed for the purpose for which it was collected, or for a peri-od of time that we are obliged to retain it under applicable laws, regulations or contractual agreements, as well as for as long as we have an overriding interest in retaining it. After that, the data will be deleted.
Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouch-ers must be kept for up to 10 years. Likewise, certain data must be retained for up to 10 years after termi-nation of the business relationship in accordance with money laundering legislation. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.
9. Data security
We take appropriate technical and organisational security measures to protect personal data from unau-thorised access and misuse. These include IT and network security solutions, access restrictions, en-cryption of data carriers and transmissions, instructions, training and controls.
If third parties have access to our data, special measures are taken which are regulated in the order pro-cessing contract.
If you have any questions about data protection, would like information, would like to object to data pro-cessing or would like to have your data deleted, please contact us by sending an e-mail to firstname.lastname@example.org.
Please send your request by letter to the following address:
The representative of the responsible person in the EU is:
EDG Consulting Cyprus Limited
Last updated: 1 September 2023