Information on Personal Data Protection

The Bank may collect :

1. Personal data such as your name, first name(s), national identification number, nationality(ies), date of birth, compliance documents (including a copy of your national identity card or passport), telephone number, home, correspondence and e-mail addresses, as well as family information such as the name of your spouse or your ascendants, descendants or other relatives.
2. Financial data, including payment and transaction records and information relating to your assets (including real estate, securities and interests in companies, trusts, or legal entities of any kind), financial statements, liabilities, taxes, income, profits and investments (including your investment objectives).
3. Your tax domicile and other tax-related documents and information.
4. Where applicable, information about your professional activity, such as your resume, position, employer and professional experience.
5. Your investment knowledge and experience.
6. Details of our interactions with you and the products and services you use.
7. Any record of telephone calls, including the time and date of calls and messages, call duration, routing information and call types.
8. If applicable, the details of your appointment to a corporate or political office.
9. The identifiers we assign to you, such as your account number.
10. When you access our website, the data covering your activity is transmitted by your browser or the device you are using and automatically recorded by our server, including the date and time of access, the pages viewed, your device, your web browser, the browser language and domain name, as well as the IP address (additional data will only be recorded via our website if their disclosure is made voluntarily, for example, as part of a registration or request) ; and
11. In certain cases, sensitive personal data – such as your biometric data, your political or trade union opinions or affiliations, your religious or philosophical beliefs, your health information or information relating to your private life, your information relating to legal proceedings, administrative and criminal sanctions or social assistance measures – concerning you may be collected, processed and transmitted to third parties.

The Bank may use personal data for analytical and measurement purposes to process the above data, including profiling based on the processing of your personal data, for example by examining the data we obtain via cookies and tracking technologies.

In some cases, the Bank collects this information from public registers (which may include the beneficial owner and other registers), public administration or other third-party or public sources, such as wealth verification services, credit agencies, fraud prevention agencies.

The Bank may also collect other personal data, such as that relating to additional card or account holders, your business partners (including other shareholders or beneficial owners), your dependants or family members, your representatives or agents.

When you are a corporation, the Bank may also collect information on your directors, representatives, employees, shareholders, partners, participants or beneficial owners.

Before providing us with this information, you must inform these persons and may provide them with a copy of this document.

The Bank processes personal data for the following purposes:

1. Opening a relationship:
   In order to verify your identity and to carry out regulatory compliance checks (for example, to comply with anti-money laundering regulations and prevent fraud), see Section e. below.
2. Customer relationship management:
   To manage our contractual relationship with you, including communicating with you about the products and services we provide, processing customer service complaints, making credit decisions, locating you and closing your account (in accordance with applicable law) if it remains inactive and we are unable to contact you after a period of time.
   To determine your preferences in terms of financial products and services – this includes profiling based on the processing of your personal data, for example by examining the types of products and services you subscribe to with our Bank, the way in which you prefer to be contacted.
3. Product subscription and execution:
   To provide you with products and services and ensure their proper execution, for example by ensuring that we can identify you and make payments from your accounts in accordance with your instructions.
4. Prospection and business development :
   To determine whether and how we can offer you products and services that may be of interest to you.
   To contact you for marketing purposes about products and services that may be of interest to you.
5. Compliance and risk management:
   In order to comply with anti-money laundering, fraud prevention, tax and cross-border regulations, as well as international sanctions, we carry out checks at the time of opening and during the relationship.
   We classify our business relationships according to risk levels.
   We may be required to disclose personal data to judicial and tax authorities, financial services regulators, financial market authorities and other regulatory, judicial and governmental bodies, or for the purposes of proceedings, investigations or crime prevention.
   This involves profiling based on the processing of your personal data, for example by analyzing how and from which geographical location you request our products and services.
   Such processing is carried out on the basis of and in compliance with the applicable legal or regulatory provisions. This may result in restrictions on the right of access (art. 26 al. 1 let. a, 29 al. 1 DPA) or justified data processing without explicit consent (art. 31 DPA).
6. Technological developments:
   To improve our products and services and upgrade our systems and processes.
7. Other purposes:
   For security purposes, we keep a record of visits to our premises to ensure the security of buildings, staff and visitors, as well as property and information located, stored or accessible from the premises, to prevent and, if necessary, investigate unauthorized access to secure premises (for example : we maintain building access logs and retain CCTV footage to prevent, detect and investigate theft of equipment or assets belonging to the Bank, a visitor or member of staff, or because of possible threats to staff security).

We also need to process personal data in order to exercise our duties and/or rights towards you or third parties.

The Bank processes this data in the following ways:

• Processing based on the performance of a contractual obligation towards the Client.
• Processing based on a legal or regulatory obligation.
• Processing based on the Bank’s legitimate interests, in particular :
  • Any processing with a view to developing the business relationship.
  • Any processing with a view to improving the Bank’s organization and processes, including in the area of risk management.
  • Any processing for commercial prospection purposes (marketing/advertising), in particular to carry out market research, to adapt the product and service offering, to provide the Client with personalized advice and tailor-made offers.
  • Any processing necessary to enable the Bank to establish, exercise or defend itself against a current or future claim, or to enable the Bank to deal with an investigation by a public authority, in Switzerland or abroad.

Where appropriate, this data may also be processed automatically.

If we process particular categories of data about you, we will do so for the following reasons:

• The processing is necessary for the establishment, exercise or defense of a legal claim.
• The processing concerns Personal Data made public by you; or
• You have given us your explicit consent to process this information.

All Bank employees who have access to personal data must comply with our internal guidelines on the processing of your personal data in order to protect it and guarantee its confidentiality.

We have implemented adequate technical and organizational measures to protect personal data against destruction, loss, alteration, misuse, unauthorized, accidental or unlawful disclosure or access and against any other form of unlawful processing.

We may transfer personal data to other financial service providers, in particular when subscribing to financial products or services, when transferring data to other financial institutions, or when issuing guarantees.

We may also transfer personal data to third parties, such as service providers, lawyers, auditors, chartered accountants or insurers. These third parties are contractually bound to confidentiality and professional secrecy, and we ensure that they comply with our confidentiality and data security requirements.

Finally, we may be obliged to disclose your identity and data concerning your account or custody account to third parties in Switzerland or abroad, if required by Swiss or foreign laws, regulations or stock exchange regulations (e.g. to: an operator of a financial market infrastructure -such as a stock exchange, a broker, a correspondent bank, a sub-custodian, an issuer, a financial market supervisory authority or their representatives).

We will only retain personal data for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

We will retain your data for the duration of our banking relationship subject to applicable legal and regulatory requirements. In addition, we may process your data after the end of our banking relationship for compliance or risk management purposes in accordance with applicable laws as well as various retention and documentation obligations or where it is in the legitimate interest of the Bank. Due to the requirements of the Swiss Financial Market Supervisory Authority (“FINMA”), the Bank is also obliged to record the internal and external telephone communications of all employees working in securities trading, as well as electronic correspondence (e-mails, communications on Bloomberg or Reuters, etc.), to keep evidence of professional telephone communications made by these employees for a minimum of two years, and to make them available to FINMA if required. This obligation also applies to employees who, on the basis of a risk assessment, are particularly exposed to receiving information relevant to market supervision. In general, the Bank will retain personal data for the duration of the relationship plus a minimum of 10 years, reflecting the length of time during which legal action may be taken following the termination of such relationships or contracts. If you wish your personal data to be deleted from our databases, you can make a request which we will consider.

You have the right to access and obtain information about your personal data processed by us.

If you believe that the information we hold about you is incorrect or incomplete, you may also request that your personal data be rectified. The Bank will then assess the need for rectification.

You also have the right to:

• Object to the processing of your personal data.
• Request the deletion of your personal data.
• Request a restriction on the processing of your personal data ; and/or
• Where personal data is processed for the purposes of prospection and business development (marketing), your right to object extends solely to direct marketing (at the sole initiative of the Bank and outside the framework of any investment advisory mandate entrusted to the Bank), including profiling insofar as it is linked to such marketing.

You also have the right to ask the Bank for information concerning all or part of the Personal Data that we collect and process about you.

We will generally ask you, in response to a request, to verify your identity and/or to provide information that helps us to better understand your request. If an exemption applies to your request, we will explain it to you

If you have any inquiry about data protection, please send it by post to the Bank’s address or by e-mail to:

DPO@banorientsuisse.ch