1. Name and address of the controller
Cornèr Bank Limited is the data controller, who should be contacted in writing concerning any issues relating to data protection (e.g. requests for information, erasure and/or rectification) at the following address:
Cornèr Bank Limited
Personal Data Processing
Via Canova 16
2. Definition of personal data
“Personal data” means any information relating to an identified or identifiable person (e.g. name, surname, address, date of birth).
3. General principles and legal framework
Cornèr Bank Limited operates in accordance with the general principles governing data protection laid down in the Swiss Federal Data Protection Act (DPA) and – insofar as specifically applicable – those reflected in the (EU) General Data Protection Regulation (GDPR).
Cornèr Bank Limited is also required to comply on the one hand with specific confidentiality and non-disclosure obligations provided for under Swiss law (e.g. the protection of banking secrecy) and on the other hand with various legal, regulatory and contractual obligations to provide information and/or notifications, both towards the administrative or judicial authorities and also towards other entities (e.g. custodians, stock exchanges, brokers), both in Switzerland and abroad.
4. Data subjects
Depending upon the type of banking or business relationship that is held or envisaged to be held with the Bank, the personal data processed by Cornèr Bank Limited relate mainly to the following classes of persons (“Data Subjects”):
- clients (private, business, institutional and financial intermediaries), potential clients, providers of collateral;
- suppliers and other commercial partners;
- employees and staff members, candidates;
- participants in competitions, events and other initiatives/shows promoted and/or supported by the Bank.
5. Purposes of processing
Depending upon the type of relationship and the specific context, personal data are processed by Cornèr Bank Limited for the following purposes:
- compliance with legal and/or contractual obligations;
- the management and implementation of pre-contractual and/or contractual relations with Data Subjects;
- commercial and marketing activities;
- the pursuit of legitimate interests of the Bank or of third parties.
In particular, it may be necessary and/or essential to process personal data to:
- manage and process the banking and financial transactions requested by clients (e.g. in order to execute payment orders, acquire financial instruments);
- develop, promote, manage, improve and personalise the services offered to clients (e.g. market researches, statistics, personalised analysis, marketing);
- operate in accordance with the law, the specific requirements laid down by the FINMA and the agreements concluded between Switzerland and third countries, specifically in relation to tax and/or on the basis of international standards (e.g. the automatic exchange of information, judicial/administrative assistance);
- manage and monitor corporate risks, including specifically systemic, operational and legal risks, along with credit risks, the risk of loss, execution risk and reputational risk;
- prevent and combat money laundering and the financing of terrorism;
- archive, store and/or keep banking, accounting and commercial documentation in accordance with the relevant statutory provisions;
- comply with contractual obligations and manage relations with suppliers and other commercial partners;
- manage and carry out activities pertaining to human resources (e.g. candidate selection, payment of salaries, employee assessment, planning of training and career paths);
- respond to requests for information originating from administrative or judicial authorities (e.g. FINMA, FTA, public prosecutors, courts, requests for international mutual assistance, debt enforcement offices).
6. Processing arrangements
“Processing” means in particular operations such as the collection, recording, elaboration, extraction, alignment, updating, disclosure, transfer, anonymisation or erasure of personal data. For certain purposes (e.g. compliance with anti-money laundering legislation, legal investigations, credit checks, personalised advice, marketing), the processing may also involve the use of specific techniques and methodologies for elaborating/extracting particular data (e.g. data mining, scoring, profiling).
In accordance with the applicable statutory and contractual provisions, the elaboration and storage of personal data by the Bank and/or by duly authorised third parties will be limited to the time necessary in order to pursue the specific purposes of processing, and adequate technical and organisational measures will be adopted under all circumstances, in order to safeguard data protection, with the aim, in particular, of guaranteeing the security, integrity and confidentiality thereof.
The personal data of Data Subjects is mainly collected directly from the persons concerned for the above-mentioned purposes in relation to or having regard to the prospect of a particular business or other relationship.
Personal data may also be obtained from the authorities, freely accessible public sources and/or third parties (e.g. credit information systems).
In addition to the officials charged with processing within Cornèr Bank Limited, where necessary and/or required, and in accordance with applicable legislation, personal data may be disclosed for the above-mentioned purposes also to third parties, including specifically but not limited to affiliate or associate companies, judicial and administrative authorities (e.g. FINMA), sectoral organisations (e.g. SBA), financial market operators (e.g. stock exchanges, central securities depositories, brokers), rating companies and other external service providers.
9. Transmission of personal data to third parties and/or abroad
The transmission of personal data by Cornèr Bank Limited to third parties and/or abroad occurs strictly in accordance with applicable statutory provisions, in particular where permitted and/or necessary in relation to contractual obligations, as the case may be, subject to specific contractual guarantees that ensure, where possible, an adequate level of protection.
10. Rights of Data Subjects
As a matter of principle, depending upon the circumstances, each Data Subject shall in particular have the following rights provided for under data protection legislation:
- the right to access his/her own personal data;
- the right to rectify and erase personal data;
- the right to limit and object to the processing of personal data;
- the right to revoke consent to processing.
The address of the controller, to which any requests should be submitted in writing, is provided in Article 1.