1. Data protection
  2. Privacy notice for counterparties

Data Protection

Privacy Notice for Counterparties (including Suppliers, Prospective Counterparties and Candidates)

Download the PDF version

1.       Introduction

Welcome to the Privacy Notice of Union Bancaire Privée, UBP S.A. (hereinafter, “UBP”, “we” or “us”) for counterparties including suppliers, prospective counterparties and candidates.

UBP (and/or any affiliates and branches of UBP Group) respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you about how we look after your personal data when we obtain it from you, your privacy rights and how the law protects you.

UBP is a “data controller”. This means that, except when we are obliged to process data for legal reasons, we are responsible for deciding how we hold and use your personal information. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.

Data protection principles

We will comply with data protection laws. These require that the personal information we hold about you must be:

  • Used lawfully, fairly and transparently
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about (and/or as required by the applicable laws)
  • Kept securely

2.       General information and Data Protection Officer

Purpose of this Privacy Notice

This Privacy Notice aims to provide you with information on how UBP collects and processes your personal data, including any data you may have provided us with before becoming a counterparty working with UBP or an employee working for UBP.

It is important that you read this Privacy Notice, together with any other privacy notice(s) we may provide on specific occasions when we are collecting or processing personal data about you as a candidate, a counterparty or as an individual employed by a counterparty, so that you are fully aware of the personal information we collect about you, what we do with your information, and who your information may be shared with.

This Privacy Notice supplements the other notices and is not intended to supersede them.

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights as explained in this Notice, please contact the Data Protection Officer using the details below.

Contact details:  

Mr Constantin Bratsiotis
Group Data Protection Officer
Union Bancaire Privée, UBP SA
Rue du Rhône 96-98 | P.O. Box 1320 | CH-1211 Geneva 1
T. + 41 58 819 37 66 

In case you are based within the EU, you may prefer to contact our EU Data Protection Representative using the details set out below.

Contact details:

Union Bancaire Privée (Europe) SA,
EU Data Protection Representative
287-289 route d'Arlon,
L-1150 Luxembourg

You have the right to make a complaint to the local data privacy authority at any time. We would, however, appreciate the chance to deal with your concerns before you approach the local data privacy authority and we ask that you please contact us in the first instance.

3.       The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect and process personal data about candidates, counterparties and prospective counterparties such as suppliers, their employees, officers and directors (including suppliers, sub-contractors and individuals associated with those suppliers and sub-contractors), in order to engage them, manage our relationship with them, contract to receive services from them and, where relevant, to facilitate the provision of services or any ancillary services related thereto as part of our business activities.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, and photocopies of passports.
  • Contact data includes work and business addresses, billing address, e-mail address and telephone numbers.
  • Financial data includes bank account details, financial status and history.
  • Professional data includes information about your business such as the company name and contact person.

We do not collect any special categories of personal data about you, such as details about your race or ethnicity, religious or philosophical beliefs, sex life or sexual orientation, political opinions, trade union membership, information about your health or genetic or biometric data. We do not collect any information about criminal convictions and offences, unless required for legal reasons.

If you fail to provide personal data

When we need to collect personal data by law and/or because of regulatory requirements, or for any of the purposes required during the onboarding process and/or engagement process when requested, we may not be able to complete the process or enter into the contract we are trying to enter into with you or use the services/product you offer.

4.       How your personal data is collected

Throughout the engagement process, we may use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, e-mail, handing us your business card or by some other means.
  • Indirect interactions. We may have received your personal data in a variety of ways from our counterparties and prospective counterparties, and their employees, officers and directors (including suppliers, sub-contractors and individuals associated with such suppliers and sub-contractors).
  • Background checks.

5.       How we use your personal data

We will use the personal information we collect about you to:

  • Facilitate the provision of the (potentially outsourced) services you render, including using third-party software to facilitate these services or ancillary matters such as the billing of these services. It is indeed beneficial to our business and to our relationship in more general terms to use third-party software to optimise the services you render or ancillary matters such as the billing of these services.
  • Keep information about you in order to manage our (future) relationship in a more efficient way.
  • Assess your suitability as a counterparty to our business activities.
  • Carry out background checks and due diligence to comply with our policies and legal obligations.
  • Assess if there are any potential risks posed by our prospective new relationship.
  • Communicate with you about the engagement process and manage the engagement process.
  • Keep records related to the engagement process.
  • Administer, facilitate and manage our relationship with you as our counterparty.

It is in our legitimate interest to assess your suitability as an employee, candidate or counterparty as it is beneficial to our business to ensure employees and any third parties we do business with or candidates are suitable for the services we offer and do not pose potential risks to our business.

We will also be required to process your personal data in certain circumstances (listed above) to enable us to enter into, facilitate and carry out any contract we may have with you. 

We store data based on our legitimate interests or because we are legally obliged to.

6.       Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you (for example by amending this Notice) and we will explain the legal basis that allows us to do so.

7.       Disclosures of your personal data

We may have to share your personal data with the parties set out below:

  • Other entities within UBP Group (e.g. affiliates and branches of UBP).
  • Regulatory authorities and agencies involved in helping us with any background checks.
  • Third parties that provide services such as software or other related services or devices that allow us, for example, to manage or optimise your data and/or the services you render or products you offer and/or any ancillary matter related thereto.
  • Third parties who may carry out due diligence on you.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Similarly, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8.       International data transfers

We may share your personal data within UBP Group or with third-party service providers, including third parties who provide cloud-computing services.

Some of our external third parties or members of UBP Group are based outside the EEA and/or outside Switzerland (for example in the United States, Singapore, Dubai, India and China), so their processing of your personal data will involve a transfer of data outside the EEA and/or outside Switzerland, or accessing this data from such countries, including to or from countries that do not offer the same level of data protection as EEA countries or Switzerland.

Whenever we transfer your personal data outside the EEA and/or outside Switzerland, or to third parties who may do so, we ensure a similar degree of protection by ensuring that at least one of the following safeguards is implemented:

  • We will only transfer your personal data to or allow access from countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or by Switzerland.
  • Where this is not the case, we will use specific contracts, if needed, that have been approved by the relevant data privacy authority and which give personal data the same protection it has in the EEA and/or in Switzerland.

9.       Data security

We have put in place appropriate security measures to protect your personal data and prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Personal data may be processed as part of the security monitoring we undertake, such as automated scans to identify harmful e-mails, which involves detecting, investigating and resolving security threats. As much as possible, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business-related need to access that information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.

10.    Data retention

How long will you use my data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Personal data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights.

Details of retention periods for different aspects of your personal data are available upon request.

11.    Your legal rights

Your rights in connection with personal information

Under certain circumstances you have the legal right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which you will be notified of, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing of it on these grounds. You also have the right to object when we process your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you wish to exercise any of the rights set out above, please contact us.

Your duty to inform us of changes

It is also important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us or even after, as we may need to contact you after our relationship has come to an end.

12.    Right to withdraw consent

In the limited circumstances where you may have provided your consent for the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.

13.    Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time and a new privacy notice will be uploaded onto UBP’s website (www.ubp.com) when we make any updates. We may also notify you in other ways from time to time about the processing of your personal information.

14.    Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements/notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.