Privacy note – Personal data protection statement
Personal data protection statement
This data protection statement (hereinafter, the « Statement« ) is intended to inform persons affected by data collection, storage and processing (hereinafter, the « Data Subjects ») about how we collect, store and process data.
- CONTROLLER AND PRINCIPLES
The data controller, Octogone Group, Rue de-Candolle 26, 1205 Geneva, Switzerland (hereinafter, « Octogone« ), recognizes the importance of keeping the personal data of its customers confidential and protecting their right to privacy. Given its activities and the data collected by Octogone, Octogone intends to apply the most restrictive principles and standards identifiable in the field of personal data protection.
Therefore, all personal data and information (hereinafter, the « Data ») communicated within the framework of our services will be treated in a legal, fair, transparent and confidential manner by Octogone.
By contracting for the services offered by Octogone (hereinafter, the « Services« ), and in accordance with the legal provisions in force, you acknowledge and agree that, in the context of our Services, Data are or will be collected by Octogone. This Data will be collected and used for the sole purpose of the Services offered by Octogone or any subsequent contractual relationship with Octogone.
Therefore, by entering into an agreement with Octogone, you agree to the collection and processing of Data and to this Statement.
- LEGAL BASIS AND PURPOSES OF DATA COLLECTION AND PROCESSING
3.1 Legal basis
The Data Subject acknowledges that the collection and processing of Data by Octogone is necessary for the performance of the mandate entrusted to Octogone to which the Data Subject is a party in connection with the Services, but also for the preservation of Octogone’s legitimate interests and for compliance with Octogone’s legal obligations.
The Data are collected by Octogone for the following purposes:
– The opening and maintenance of the contractual relationship with the Concerned Person or the beginning of a business relationship with Octogone (hereinafter referred to as the « Business Relationship« ), including all formalities relating to the identification of the Concerned Person and any persons or entities about whom the Concerned Person or a third party provides information and/or of whom Octogone becomes aware in any other way in relation to the Business Relationship (hereinafter referred to as the « Related Person« ).
– Any other related Services provided by Octogone’s service providers and subcontractors in a Business Relationship.
– The management, administration, investment and distribution of financial products, including all services related to these activities.
– Compliance with the legal and regulatory obligations to which Octogone is subject by virtue of the regulations applicable to Swiss financial intermediaries (law on money laundering and the application of regulations, international financial regulations (e.g. FATCA, automatic information exchange).
– Weighing interests, protecting the interests of Octogone or third parties: prevention and elucidation of criminal offences, risk management, exercising rights and defending in litigation, consultation and exchange of information with information offices, computer security, security of buildings and facilities.
– Octogone client management: management of Octogone clients, billing services, marketing (newsletters, event invitations, etc.) and others.
- WHAT DATA IS COLLECTED?
4.1 Types of Data
In the context of the Services, Octogone collects the following data (contemplative, non-exhaustive list) from its counterparties (business providers, clients, trustees, administrators of private investment vehicles, lawyers, banks, other financial intermediaries):
- Identification data: personal identification data (name, surname, title, tax number) and structural identification data (information on investment entities).
- Identification data issued by public services and other registers: identity cards, passports, certificate of incorporation, articles of association, share registers.
- Location data: personal, business and investment entity addresses.
- Communication and electronic identification data (personal and professional): telephone number, e-mail addresses.
- Financial data: identification and bank account numbers, financial means/wealth, financial transactions.
4.2 Information collected directly from the Persons concerned
Octogone collects and records all information communicated to it in the context of the Services online or by any other means in its customer relationship management (CRM) system. The Person concerned can decide not to communicate certain information to us, however this decision can have the effect of depriving them of certain Services or functionalities offered within the framework of the Services.
4.3 Information collected from third parties – Subcontractor
In the context of its Services, Octogone may also collect Data from third parties (business providers, trustees, administrators of private investment vehicles, lawyers, banks, other financial intermediaries, international sanctions list, publicly available information (e.g. Bloomberg, World-Check, FACTIVA or LexisNexis)). Data collected from third parties is processed in the same manner as Data collected directly from Data Subjects (see paragraph 4.2 above).
In the context of information collected from third parties, Octogone may be considered a personal data processor, depending on the applicable regulations. Should this be the case, Octogone will enter into a subcontracting agreement with the relevant third parties to ensure compliance with this Statement.
- MODALITIES OF DATA PROCESSING
The Data are processed by Octogone – or by third parties selected on the basis of their reliability and competence, as well as by duly appointed data processors – solely for the purpose of carrying out the purposes specified in paragraph 3.2 above, mainly by means of IT tools, but also on paper.
Octogone retains Data for the time necessary to fulfill the purposes for which it was collected and in accordance with applicable regulations for the Services (e.g., ten years for banking services or seven years under FATCA regulations).
Similarly, Octogone will delete or anonymize personal data (or take equivalent measures) once it is no longer necessary to achieve the Purposes, subject to (i) applicable legal or regulatory requirements to retain data for a longer period of time, or (ii) to determine, exercise and/or defend actual or potential rights in judicial proceedings, investigations or similar proceedings, including legal declarations that Octogone may impose to preserve the relevant information.
Specific measures are applied to prevent the risk of data loss, unlawful or improper use and unauthorized access (see paragraph 8 (Confidentiality, Security and Data Protection) below).
Octogone may evaluate certain characteristics of Data Subjects and Linked Persons based on automatically processed data in order to, among other things, provide them with personalized offers, advice or information about its services. Octogone may also use technologies to identify the level of risk associated with a Data Subject or a specific activity.
Octogone does not use any automated decision-making process in relation to a Business Relationship, a Data Subject or a Related Person.
- KNOWLEDGE AND TRANSMISSION OF DATA
The Data that will be transmitted to Octogone will be known and used by employees of Octogone and/or its subsidiaries (domestic or foreign) with the sole purpose of performing the Services that constitute the reason for which the Data was collected.
As part of the execution of the Services, Octogone may be required to transmit the Data to third parties, in particular to custodian banks or to national and international tax authorities, in accordance with tax reporting obligations.
The transmission of data to third parties is based, alternatively, (i) on a decision of adequacy, (ii) by virtue of appropriate guarantees or (iii) according to an exemption for specific situations (execution of a mandate related to the Services offered by Octogone in particular).
It is already specified that :
- In the relationship with custodian banks, data transfers can take place to national and international banks, as well as to any other financial intermediary.
- In connection with the implementation of FATCA, transfers of Data may occur to the Internal Revenue Service (IRS) or any other competent tax authority recognized by the IRS.
- Within the framework of the implementation of the Automatic Exchange of Information (AEI), Data transfers can take place to any competent tax authority, it being specified that the condition of confidentiality of the data is a sine qua non obligation stipulated by the OECD to adhere to the Automatic Exchange of Information mechanism.
- In connection with the implementation of any other regulations and the Services, Octogone performs an assessment of the recipients of the Data in accordance with the applicable standards in this regard.
Octogone does not sell or rent the Data to any third party.
Finally, Octogone may share your personal data:
- To provide you with the service you need;
- When authorized or required by law to remain consistent with a valid legal process;
- To protect and defend, if necessary, the rights or property of Octogone, including the security of its products and services;
- To protect the personal safety, property or other rights of the public, Octogone or its customers or employees; or
- In the event of a sale of all or part of Octogone’s activities.
- PRIVACY, SECURITY AND DATA PROTECTION
Octogone is committed to ensuring the existence of adequate levels of protection in accordance with applicable legal and regulatory requirements, in particular those relating to banking secrecy and Data protection.
Data Subjects’ Data will be transmitted to and stored on Octogone’s servers, access to which is strictly limited. Octogone has taken appropriate technical and organizational precautions to ensure that only duly authorized persons have access to the servers, as well as special precautions to protect our technical environment (e.g. use of firewalls). The servers also comply with the ISO 27001 standard, combined with strong authentication and encrypted communications.
- RIGHTS OF THE PERSONS CONCERNED
In accordance with the applicable regulations, in the context of the processing of Data, Data Subjects may exercise the following rights with respect to their data:
- Right to request access to stored Data;
- Right to request rectification of retained Data;
- Subject to the applicable legal provisions on the retention of Data (banking law, FACTA law, etc.), the right to request the deletion of retained Data;
- Subject to the applicable legal provisions on Data processing (banking law, FACTA law, EAR, etc.), the right to request a limitation of the processing of the retained Data; and
- Subject to the applicable legal provisions on data processing (banking law, FACTA law, EAR etc.), the right to request a ban on the processing of stored Data.
Even if a Data Subject disputes the processing of his or her data, Octogone is entitled to continue such processing if it is (i) legally binding, (ii) necessary for the performance of the Contract to which the Subject is a party, (iii) necessary for the performance of a task in the public interest or (iv) necessary for the legitimate interests that Octogone is pursuing, including the discovery, exercise or defense of legal claims.
In general, the Data Subject has the right to require Octogone to protect his/her Data. Octogone works tirelessly to protect itself and its users from unauthorized access, alteration, disclosure or destruction of information that is held. Specifically:
- Octogone complies with this Statement in all circumstances with respect to all Data that Octogone collects about the Data Subject;
- Octogone limits the use and disclosure of your Data and ensures that anyone with whom Octogone shares such information treats it with the confidentiality and security it deserves; and
- Octogone has put in place material, technical and administrative procedures to protect the information collected.
The exercise of any rights set forth in the paragraph shall be in accordance with the provisions of paragraph 10 (Notices) below.
If you have any questions about Octogone’s data protection, you can send us a detailed message at (firstname.lastname@example.org) and we will try to resolve them as soon as possible.
You may exercise any of your rights related to personal data (paragraph 9) by sending your request to the above address.
Octogone’s business is constantly evolving and this Statement and the Terms of Service may change. Unless otherwise stated, our Statement applies to the use of all information we have collected about you.