Privacy notice for counterparties

Privacy Notice for Counterparties (including Suppliers, Prospective Counterparties and Candidates)

Download the PDF version

1. Introduction

At Union Bancaire Privée (UBP) Group (“UBP Group,” “we,” or “us”), your privacy and the security of your Personal Data are our top priorities. This Privacy Notice applies to all affiliates and branches of UBP Group and explains how we collect, use, and protect your Personal Data. It is relevant to Counterparties (including Suppliers and Prospective Counterparties). The Notice also outlines your privacy rights and how the law safeguards you.

For the purposes of this Notice, “UBP Group” refers to Union Bancaire Privée (UBP) S.A., and all its affiliates and branches. Each of these entities acts as a “data controller,” meaning that, unless required to process data for legal purposes, they are responsible for determining how your Personal Data is collected, stored, and used. In compliance with applicable data protection laws, we are committed to informing you about the categories of Personal Data we process and the purposes for which it is used.

Data protection principles

We comply with applicable data protection laws. These require that the Personal Data we hold about you must be:

• Used lawfully, fairly and transparently;
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about (and/or as required by the applicable laws); and
• Kept securely.

2. Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights as explained in this Notice, please contact the Data Protection Officer using the details below.

Raphaël Courtinat
Group Data Protection Officer
Union Bancaire Privée, UBP S.A.
Rue du Rhône 96-98 | P.O. Box 1320 | CH-1211 Geneva 1
T +41 58 819 22 07
dataprotectionoffice@ubp.ch

In case you are based within the EU, you may prefer to contact our EU Data Protection Representative using the details set out below.

Union Bancaire Privée (Europe) S.A., EU Data Protection Representative
Email:  DataPrivacy_Lux@ubp.com
Postal address: 8, Rue Henri M. Schnadt, L-2530 Luxembourg

In case you are a customer of Union Bancaire Privée (UK) Limited or one of its branches (Jersey, Guernsey or Gibraltar), you may prefer to contact the UBP UK Data Protection Officer using the details set out below.

Union Bancaire Privée (UK) Limited
Email: ubpuk-data-protection@ubp.com
Postal address: UBP UK Data Protection Officer, Union Bancaire Privée (UK) Limited, 38 Esplanade, St Helier, Jersey, JE4 8PR

3. The data we collect about you

Personal information, or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data) (“Personal Data”).

We collect and process Personal Data about candidates, counterparties and prospective counterparties such as suppliers, their employees, officers and directors (including suppliers, sub-contractors and individuals associated with those suppliers and sub-contractors), in order to engage them, manage our relationship with them, contract to receive services from them and, where relevant, to facilitate the provision of services or any ancillary services related thereto as part of our business activities.

We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

• Identity data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, and photocopies of passports.
• Contact data includes work and business addresses, billing address, e-mail address and telephone numbers.
• Financial data includes bank account details, financial status and history.
• Professional data includes information about your business such as the company name and contact person.

3.1. Special Categories of Personal Data

Special Categories of Personal Data refer to sensitive information that requires a higher level of protection due to its nature. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data used for identification purposes, health-related data, and data concerning a person’s sex life or sexual orientation. It also includes the processing of Personal Data relating to criminal convictions, offences or related security measures.

Under Swiss law, this also includes data related to social security measures and administrative prosecutions or sanctions[1].

We may collect, use, store and transfer different kinds of Special Categories of Personal Data about you which we have grouped together as follows:

• Data relating to criminal convictions and offences – This includes information about criminal convictions and offences, which may be obtained from publicly available sources, suspicious activity reports, or background checks conducted as part of anti-money laundering (AML) measures, fraud prevention, or to ensure compliance with legal and regulatory obligations.
• Political opinions – Where required as part of due diligence processes.

3.2.   If you fail to provide Personal Data

When we need to collect Personal Data by law and/or because of regulatory requirements, or for any of the purposes required during the onboarding process and/or engagement process when requested, we may not be able to complete the process or enter into the contract we are trying to enter into with you or use the services/product you offer.

4. How your Personal Data is collected?

Throughout the engagement process, we may use different methods to collect data from and about you including through:

• Direct interactions. You may give us your Personal Data by filling in forms or by corresponding with us by post, phone, e-mail, handing us your business card or by some other means.
• Indirect interactions. We may have received your Personal Data in a variety of ways from our counterparties and prospective counterparties, and their employees, officers and directors (including suppliers, sub-contractors and individuals associated with such suppliers and sub-contractors).
• From publicly accessible sources; background checks. We may seek further information about you from publicly accessible sources, such as the Internet, media, data-collection companies, debt or commercial registers, or from third parties we may appoint. Additionally, we may conduct background checks to verify your identity, financial standing, and compliance with legal and regulatory requirements. These checks are carried out with your consent, in compliance with applicable data protection laws, and the results are handled confidentially and stored securely.

5. How we use your Personal Data?

We will use the Personal Data we collect about you to:

• Facilitate the provision of the (potentially outsourced) services you render, including using third-party software to facilitate these services or ancillary matters such as the billing of these services. It is indeed beneficial to our business and to our relationship in more general terms to use third-party software to optimise the services you render or ancillary matters such as the billing of these services.
• Keep information about you in order to manage our (future) relationship in a more efficient way.
• Assess your suitability as a counterparty to our business activities.
• Carry out background checks and due diligence to comply with our policies and legal obligations.
• Assess if there are any potential risks posed by our prospective new relationship.
• Communicate with you about the engagement process and manage the engagement process.
• Keep records related to the engagement process.
• Administer, facilitate and manage our relationship with you as our counterparty.

It is in our legitimate interest to assess your suitability as an employee, candidate or counterparty as it is beneficial to our business to ensure employees and any third parties we do business with or candidates are suitable for the services we offer and do not pose potential risks to our business.

We will also be required to process your Personal Data in certain circumstances (listed above) to enable us to enter into, facilitate and carry out any contract we may have with you.

We store data based on our legitimate interests or because we are legally obliged to.

6. Communication recording and monitoring

To improve our services, help resolve any disagreements between you and us, comply with our legal obligations, and maintain security, we may monitor and/or record your communications with us, including telephone communications, without prior notice.

We leverage AI technologies to transcribe video calls, but only with your explicit consent, facilitating the creation of comprehensive meeting minutes.

We may also record and retain other forms of communication, such as meetings, letters, emails, and face-to-face conversations, particularly when they involve investment services or activities that result in, or may result in, the provision of client order services related to the reception, transmission, or execution of your orders. Additionally, we may record information from face-to-face conversations with you when relevant to client order services.

In the interests of security and crime prevention, we may use closed-circuit television (CCTV) in and around our premises to monitor and collect visual images. These recordings, along with telephone recordings and other records, will remain our sole property and may be used to improve our services, train our staff, manage risks, resolve disputes, and ensure compliance with applicable laws and regulations.

7. Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unrelated purpose, we will notify you (for example by amending this Notice) and we will explain the legal basis that allows us to do so.

8. Disclosures of your Personal Data

We may have to share your Personal Data with the parties set out below:

• Other entities within UBP Group (e.g. affiliates and branches of UBP).
• Regulatory authorities and agencies involved in helping us with any background checks.
• Third parties that provide services such as software or other related services or devices that allow us, for example, to manage or optimise your data and/or the services you render or products you offer and/or any ancillary matter related thereto.
• Third parties who may carry out due diligence on you.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Similarly, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Notice.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the applicable data protection laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

9. International data transfers

When we share your Personal Data within UBP Group, this may involve transferring your data outside the country where you are located, including to jurisdictions outside Switzerland, the United Kingdom (UK), the European Union (EU), or the European Economic Area (EEA). Such transfers may occur to countries where UBP Group is present, including but not limited to Switzerland, the Middle East, Asia, and other regions where UBP has established offices or conducts business activities.

Furthermore, some of our external third parties (or their sub-contractors in turn) are based in countries such as the United States, Singapore, Dubai, India and China, so their processing of your Personal Data will involve the transfer of data outside Switzerland, the United Kingdom (UK), the European Union (EU), or the European Economic Area (EEA), or a third party accessing your data from such countries.

These jurisdictions may not provide the same level of protection as the laws in your country of residence. In such cases, we implement appropriate contractual safeguards to ensure the confidentiality and protection of your Personal Data.

Whenever we transfer your Personal Data outside Switzerland, the United Kingdom (UK), or the European Economic Area (EEA), or allow access from such countries, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by Switzerland, the European Commission and/or by UK.
• If this is not the case, we will use specific contracts approved by the European Commission (and/or by Switzerland or UK) which give Personal Data the same protection it has in the EEA and/or in Switzerland or UK.

10. Data security

We have put in place appropriate security measures to protect your Personal Data and prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Personal Data may be processed as part of the security monitoring we undertake, such as automated scans to identify harmful e-mails, which involves detecting, investigating and resolving security threats. As much as possible, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business-related need to access that information. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.

11.  How long will you use my data for?

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Personal Data may be held for longer periods where extended retention periods are required by law and in order to establish, exercise or defend our legal rights.

Details of retention periods for different aspects of your Personal Data are available upon request.

12. Your legal rights

12.1. Your rights in connection with Personal Data

Under certain circumstances you have the legal right to:

• Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are processing it lawfully.
• Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which you will be notified of, if applicable, at the time of your request.
• Object to processing of your Personal Data where we are relying on legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing of it on these grounds. You also have the right to object when we process your Personal Data for direct marketing purposes.
• Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your Personal Data to another party.

If you wish to exercise any of the rights set out above, we encourage you to use the dedicated form here for a faster and more efficient process. Alternatively, you may contact our Data Protection Officer (DPO) using the contact details mentioned above.

12.2. Contact details of the relevant data protection authorities:

You have the right to lodge a complaint with your local data protection authority at any time. However, we would greatly appreciate the opportunity to address your concerns before you contact them, and we kindly ask that you reach out to us first. For the contact details of the relevant data protection authorities within EU Member States, please visit: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
 

Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg, CH - 3003 Berne.
Web: https://www.edoeb.admin.ch/en/report-form-data-subjects
Telephone: +41 (0)58 462 43 95

United Kingdom: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Web: https://ico.org.uk/concerns/
Telephone: +44 (0)303 123 1113

Jersey: Jersey Office of the Information Commissioner (JOIC), 2nd Floor, 5 Castle Street, St. Helier, JE2 3BT
Web: https://jerseyoic.org/contact/
Telephone: +44 (0) 1534 716530

Guernsey: Guernsey Office of the Data Protection Authority, Block A, Lefebvre Court, Lefebvre Street, St. Peter Port, GY1 2JP
Web: https://www.odpa.gg/contact/
Telephone: +44 (0) 1481 742074

Gibraltar: The Gibraltar Data Protection Authority, Suite 603, 1 Europort Road, Gibraltar
Web: https://www.gra.gi/data-protection
Telephone: +350 2007 4636

12.3. Your duty to inform us of changes

It is also important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your working relationship with us or even after, as we may need to contact you after our relationship has come to an end.

13. Right to withdraw consent

In the limited circumstances where you may have provided your consent for the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.

14.Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time and a new privacy notice will be uploaded onto UBP’s website (www.ubp.com) when we make any updates. We may also notify you in other ways from time to time about the processing of your Personal Data.

15. Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements/notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Addendum – Applies to Union Bancaire Privée (UK) Limited (UBP UK)

Scope

This covers the following UBP entities:

• Union Bancaire Privée (UK) Limited
• Union Bancaire Privée (UK) Limited, Jersey Branch
• Union Bancaire Privée (UK) Limited, Guernsey Branch
• Union Bancaire Privée (UK) Limited, Gibraltar Branch

 

---

[1] Please note that the definition of special categories of personal data may vary under other applicable laws, which may include additional types of sensitive information depending on the jurisdiction.