1. Preliminary remarks
In this privacy statement we, Gailloud Asset Management AG (CHE-105.590.650) (hereinafter "GAM", "we" or "us"), explain how we collect and otherwise process personal data. This is not an exhaustive description; other statements, terms and conditions, information sheets or contracts may govern specific matters
Personal data is understood to be all information that relates to an identified or identifiable person.
We are responsible for the data processing described here unless otherwise stated in individual cases. If you have any data protection concerns, you can inform us of them at the above contact address, by e-mail to firstname.lastname@example.org or by telephone at GAM.
3. Collection and processing of personal data
We primarily process personal data that we receive from our clients and other business partners in the course of our business relationships with them and other persons involved in these relationships (e.g. names, addresses, e-mail addresses, passport and ID information and numbers, bank account details, financial and professional circumstances, investment objectives, knowledge and experience in financial matters and other data that must be collected for the provision of financial services and compliance with regulatory requirements (such as the Anti-Money Laundering Act) or that we collect from users of our website in the course of operating it (see examples at the end of this section). 3).
n addition to data about you that you provide to us directly (which may also include sensitive personal data), the data relating to you may also include, in particular, the following information:
- Information and data from publicly accessible sources/registers, from authorities or other third parties (e.g. commercial register, land registers, press, internet);
- Information we receive in connection with official and legal proceedings;
- Information related to your professional functions and activities;
- Information from correspondence and meetings with third parties;
- Creditworthiness information (insofar as we transact business with you personally);
- information about you provided to us by people close to you (family, advisors, legal representatives, etc.) to enable us to enter into or perform contracts with you or involving you (e.g. references, CV details, powers of attorney, information to comply with legal requirements such as anti-money laundering, financial market regulation and export restrictions); or
- Information from the media and internet about your person (insofar as this is indicated in the specific case, e.g. in the context of an application or a compliance customer check).
- Your addresses and, if applicable, data in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, details of your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location details).
4. Purposes of data processing and legal basis
We use the personal data we collect primarily to conclude and process our contracts with our clients and business partners, so in particular in the context of our provision of financial services in the areas of professional asset management and investment advice for individual clients, as well as to comply with our legal obligations in Switzerland and abroad (e.g. financial market regulatory requirements). If you work for such a client or business partner, your personal data may of course also be affected in this capacity.
Where permitted and appropriate, we also process personal data about you and other individuals for the following purposes, which we (and sometimes third parties) have a legitimate interest in pursuing:
- Offer and further develop our services;
- Client screening and background checks (KYC) to meet our regulatory requirements;
- Review and administration of staff applications;
- Review and optimisation of demand analysis procedures for the purpose of customer targeting and acquisition;
- Advertising and marketing (including the organisation of events), insofar as you have not objected to the use of your data in this respect (you can object to the advertising of our services at any time);
- Assertion and defence of claims in connection with legal disputes and official proceedings;
- Prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
- Guarantees of our operations, in particular IT and data security;
- Video surveillance to maintain house rights and other measures for IT, building and facility security and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
- Purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data
f you have given us consent to process your personal data for certain purposes (for example, when you register to receive newsletters or carry out a background check), we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
5. Data transfer and data transmission abroad
To the extent necessary, permitted and compatible with the principles of professional secrecy, we disclose information in the course of our business activities and for the purposes set out in para. 4 we also disclose personal data to third parties, either because they process the data for us or because they need the data for their own purposes. The data transfer may be made to the following persons (the "Recipients"), among others:
- GAM's service providers (e.g. banks, insurance companies), including contract processors (e.g. IT providers);
- Subcontractors and other business partners of GAM or you (e.g. custodians, funds, providers of financial instruments);
- GAM clients;
- domestic and foreign authorities, official agencies or courts (e.g. the Swiss Financial Market Supervisory Authority FINMA or the supervisory organisation supervising us pursuant to the Financial Market Supervision Act);
- Sector organisations, associations, organisations and other bodies;
- Acquirers or parties interested in acquiring the Company or business units;
- other parties in potential or actual legal proceedings.
These recipients may be located at home or abroad and a transfer of your data in particular to other countries in Europe and to the USA, where the service providers we use or their headquarters are located (e.g. Microsoft), is possible.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented to the transfer or if it is a matter of data made generally accessible by you, the processing of which you have not objected to.
6. Duration of the retention of personal data
We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against GAM and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as a matter of principle and as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less generally apply.
7. Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, for example by issuing instructions, selecting suitable IT and network security solutions, access controls and restrictions, encrypting data carriers and transmissions or pseudonymising personal data.
8. Obligation to provide personal data
You should provide us with such personal data as is necessary for the establishment and performance of your business relationship with GAM and the performance of the related contractual obligations. Without this data, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent).
9. Rights of the data subject
Within the scope of the data protection law applicable to you, you have the right to information, correction, deletion, restriction of data processing and objection to our data processing as well as to the release of certain personal data for the purpose of transfer to another office (so-called data portability). However, we reserve the right to apply the restrictions provided for by law, for example if we are legally obliged to retain or process certain data, have an overriding interest in doing so or require personal data for the assertion of claims. We will inform you in advance if you incur costs in connection with the assertion of claims under data protection law. We have already informed you about the possibility of revoking your consent to certain data processing in section 4. 4 informed you about this. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract.
The exercise of claims under data protection law generally requires that you clearly prove your identity (e.g. by means of a copy of your identity card, if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in para. 2 address given in section 2.
They also have the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent Swiss data protection authority is the Federal Data Protection and Information Commissioner https://www.edoeb.admin.ch.