Skip to main content

Data protection notice marketing

DATA PROTECTION NOTICE FOR PROCESSING FOR MARKETING PURPOSES

1. DEFINITIONS AND PURPOSES OF PROCESSING

In order to meet its marketing needs, improve its service offering, and process requests addressed to it, Mirabaud & Cie SA (hereinafter also referred to as “the Bank” or “We”), acting as data controller, processes personal data relating to you.

“Personal data” means any information relating to an identified or identifiable natural person within the meaning of applicable data protection legislation.

This data protection statement for marketing activities (hereinafter the “Marketing Statement”) describes how we process personal data in the context of:

  • the provision of marketing services; and 

  • the handling of requests submitted to us, in particular via contact forms available on our websites. 

“Service” includes in particular:

  • the sending of newsletters and personalized communications based on your preferences; 

  • the transmission of information likely to be of interest to you; 

  • the sending of brochures or other promotional materials; 

  • invitations to events; and 

  • the management and follow-up of your requests (e.g., via a contact form or appointment request). 

“Visitor” means a natural person who browses the Mirabaud Group website and does not have a banking relationship with Mirabaud & Cie SA.

“Client” means a natural person who has a banking relationship with Mirabaud & Cie SA.

“You” refers, depending on the context, to the Visitor and/or the Client.

 

2. WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU WHEN PROVIDING MARKETING SERVICES?

In the above context, we may collect and process the following categories of personal data:

  • identification data (e.g., first name, last name); 

  • contact details (e.g., email address, telephone number); 

  • data relating to your interactions with our communication and collaboration tools; 

  • data relating to your habits and preferences; 

  • information transmitted via cookies (cookies and similar technologies on websites and in emails). 

We may also process any other information that you choose to communicate to us voluntarily, in particular in free-text fields.

The provision of sensitive data is not required for the Service. We ask you not to provide such data. However, if you do provide sensitive data, whether voluntarily or inadvertently, such data may be processed in accordance with this Statement and applicable legislation.

 

3. WITH WHOM DO WE SHARE YOUR PERSONAL DATA WHEN PROVIDING MARKETING SERVICES?

By completing our online contact form in order to use our Service, you consent to the collection, transfer, and processing of your personal data abroad, as well as to the sending of marketing communications by the Bank, which may contact you to discuss your wealth management needs.

You may unsubscribe from marketing communications at any time by following the instructions included at the bottom of the emails received.

As part of the provision of the Service, we use the services of Brevo, located in Paris, France (hereinafter “Brevo”), which in turn subcontracts certain operations to its own subprocessors. An up-to-date list including the names and locations of these subprocessors is available here.

 

4. ARE PERSONAL DATA TRANSFERRED OUTSIDE OUR JURISDICTION WHEN PROVIDING MARKETING SERVICES?

Your personal data may be processed in the following countries: France, Germany, Austria, Canada, the United States, and India.

In the case of international transfers, your data may be transferred to countries recognized by the competent authority as providing an adequate level of data protection.

For transfers to countries not recognized as providing an adequate level of protection, we rely on:

  • your consent when completing our online contact form; and/or 

  • the implementation of appropriate contractual, technical, and/or organizational safeguards to ensure the protection of your personal data (such as standard contractual clauses or binding corporate rules approved by competent authorities, access control processes, privilege management, and data segregation). 

For further details on the applicable safeguards, please contact us at the address indicated in our Mirabaud Data Protection Statement.

Despite all precautions and safeguards implemented, the following risks may arise due to the transfer of your personal data:

  1. possible access to your personal data by local authorities; 

  2. possible extraterritorial access by foreign authorities (e.g., under the US CLOUD Act); 

  3. lack of sufficient enforcement or sanctions in case of breach of contract between the Bank and Brevo or of applicable foreign law; and 

  4. inability for the Bank or the Visitor and/or Client to defend themselves effectively through legal means. 

Brevo’s Data Processing Agreement (DPA) can be accessed here.

 

5. BANKING SECRECY

a) Visitors

If you are a Visitor, you understand and accept that Swiss banking secrecy under Article 47 of the Federal Act on Banks and Savings Banks does not apply to these personal data, as they cannot be considered banking data under the meaning of the law.

b) Clients

If you are a Client, Swiss banking secrecy under Article 47 applies to part of your personal data, namely information relating to your assets held with the Bank (e.g., bank account or securities account numbers, balances, and performance), which qualify as banking data under the law.

If such data are transmitted by you in the context of our Service, your informed consent is required to disclose to a third party—here, Brevo—the existence of a client relationship, in compliance with Article 47.

 

6. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

Depending on the applicable data protection laws, you have the following rights:

  • right of access: to obtain information about the processing of your personal data and receive a copy of such data; 

  • right to rectification: to request correction if your personal data are incomplete or inaccurate; 

  • right to erasure: to request deletion of your personal data where permitted by law; 

  • right to restriction of processing: to request limitation of processing; 

  • right to object: to object to processing based on your particular situation; 

  • right to withdraw consent: to withdraw your consent at any time; 

  • right to data portability: where permitted by law, to receive your personal data or have them transferred to a third party where technically feasible. 

Even if you object to processing, we may continue if it is:
(i) required by law,
(ii) necessary for the performance of a contract,
(iii) necessary for a task carried out in the public interest, or
(iv) necessary for our legitimate interests, including the establishment, exercise, or defense of legal claims.

For further information or to exercise your rights, please contact us at the address indicated in our Mirabaud Data Protection Statement.

In accordance with applicable regulations, you also have the right to lodge a complaint with the competent supervisory authority.

This Data Protection Notice (the “Notice”) explains how we process personal data. This Notice is subject to and forms an integral part of our General Terms and Conditions and General Terms and Conditions governing Custody (hereafter, the “General Terms and Conditions”). 

In this Data Protection Notice, “we” refers to each entity of the Mirabaud Group, which acts as a data controller (alone or jointly determining the purpose and means of processing). Not all the processing activities mentioned in this Data Protection Notice necessarily apply to all Mirabaud Group entities. In particular, processing activities identified with the "*" sign are currently only carried out by Mirabaud & Cie SA and Mirabaud & Cie (Europe) SA and are therefore limited to data processed by such entities. 

Personal Data” includes any information relating to an identified or identifiable natural person (e.g., name, ID card and passport numbers, nationality), to the extent permitted by the applicable data protection legislation. 

As a data controller, we are responsible for collecting and processing some of your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such personal data, how long we keep them, what your rights are and how you can exercise them. Further information may be provided where necessary when you apply for a specific service. 

We kindly ask you to read this Data Protection Notice. Please note that we may also process personal data in respect of a “Related Person”. 

A “Related Person” means an individual or entity whose information you or a third party provide to us and/or which otherwise comes to our knowledge in connection with our business relationship or before its conclusion. A Related Person may include, but is not limited to, (i) any director, officer, employee or authorised signatory of a company, (ii) a trustee, settlor, beneficiary or protector of a trust, (iii) any nominee or beneficial owner of an account, (iv) a substantial interest owner in an account, (v) a controlling person, (vi) a payee of a designated payment, or (vii) any representative(s) or agent(s). 

In this context, we ask you to contact the Related Persons and provide them with this Data Protection Notice and the information it contains.

1. Which personal data do we process about you?

1. Which personal data do we process about you?

We collect and use your personal data to the extent necessary in the context of our activities and as described in our General Terms and Conditions and this Data Protection Notice, in particular to achieve a high standard of services. We may collect various types of personal data about you depending on the nature of the particular service we provide, including: 

• identification information (e.g., full name, ID card and passport numbers, nationality, place and date of birth, gender, photograph, IP address); 

• contact information (e.g., address and email address, phone number); 

• family situation (e.g., marital status, number of children); 

• tax status (e.g., tax ID); 

• education and employment information (e.g., level of education, remuneration); 

• banking, financial and transactional data relating to assets deposited with us and investments made through our services, such as the numbers, balances and performance of bank accounts and securities portfolios held with us, the history of transactions carried out, the status of financial positions held, order execution notes, investment advices provided and related documentation (e.g., bank account details, transfer of assets, source of wealth); 

• data relating to your habits and preferences; 

• data relating to your use of our services, in particular your internal and external IDs, information about the browser or device you use to access our websites and applications, how you use our websites and applications and the pages you visit, traffic and location data, information related to your history of use and interaction with our services, web pages and applications (including electronic logging (such as audit logs, security logs and application logs), the date and duration of use of our services, web pages and applications, the users of the services, web pages and applications and the approximate geographical location (city, country) of their devices, the websites visited by the users, and the type of service provided; 

• data from your electronic, voice and visual interactions with us (e.g., our meetings, calls, chats, emails, phone conversations, and the documents exchanged); 

• Data from our video surveillance systems (e.g. video image); 

• background checks; 

• cookie information (e.g., cookies and similar technologies on websites and in emails – For more information, please refer to our Policy on the use of cookies. 

We never ask for sensitive data without your express consent (i.e., in particular, personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences) and/or unless it is required by law.

2. From what source do personal data originate?

The data we use about you may be directly provided by you or obtained from other sources, such as:

  • publications/databases made available by official authorities;
  • databases made publicly available by third parties;
  • an entity we provide services to; and
  • any other third parties including, without limitation, recruitment agencies.

3. Specific cases of personal data collection, including indirect collection

In certain circumstances, we may collect and use personal data of individuals with whom we have, could have or previously had a direct relationship such as:

• visitors to our websites, including subscribers to our newsletters, funds documentation and investment recommendations;

• prospective or existing clients; or

• attendees of our events.

We may also collect information about you where you do not have a direct relationship with us. This may happen, for instance, when your personal data are provided by one of our clients, a contracting party or an investor in collective investment schemes for which a Mirabaud Group entity acts as management company (the “investment funds”) if you are, for example:

• a family member;

• a legal representative (acting under a power of attorney or acting professionally as an agent);

• a beneficiary of a payment transaction made by our clients;

• a beneficiary of a trust;

• an ultimate beneficial owner;

• a representative of a legal entity (which may be a client);

• a user of certain online functions or services and

• a staff member of a service provider or a commercial partner.

4. Why and on what basis do we process your personal data?

A. TO COMPLY WITH OUR LEGAL AND REGULATORY OBLIGATIONS

We process your personal data to comply with legal and regulatory obligations (including any legal and regulatory guidance, codes or opinions) and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions), which may include laws outside the country you are located in, including to:

• comply with regulations dealing with prevention of money-laundering, financial crime, financing of terrorism and market abuse;

• comply with regulations relating to sanctions and embargoes;

• comply with regulations relating to financial markets (including self-regulation standards), in particular with regard to investor protection and contactless and dormant assets;

• comply with our prudential obligations (particularly in terms of risk management and organisation);

• set up security measures in order to prevent abuse and fraud; 2/4/898/9

• detect transactions which deviate from normal patterns;

• record, when necessary, our interactions (such as phone calls and videoconferences, chats, email);

• define your credit risk score and your reimbursement capacity;

• identify and manage risks (e.g., intra-group risks, risk of credit concentration, Cyber risks);

• reply to an official request from an administrative or judicial authority which may include authorities outside your country of residence;

• fight against tax fraud and comply with applicable tax supervision and reporting obligations (such as, without limitation, AEOI and FATCA obligations); and

• comply with any applicable transaction reporting obligations.

B. TO PERFORM A CONTRACT WITH YOU OR TO TAKE STEPS AT YOUR REQUEST BEFORE ENTERING INTO A CONTRACT

We use your personal data to enter into and perform our contracts, including to:

• fulfil our obligations with respect to the services we provide (e.g., ancillary and investment activities services, including management, advisory or payment services) or otherwise in connection with fulfilling your instructions;

• enforce applicable terms of contracts; • send administrative information, such as changes of our terms, conditions and policies;

• manage, administer and distribute investment funds, including any ancillary services related to these activities;

• process subscription, conversion and redemption requests in investment funds, as well as to maintain ongoing relationships with respect to holdings in such investment funds;

• provide you with information, including reports, regarding our services;

• assist you and answer your questions as a necessary part of the provision of our services to you, and to administer account(s) and manage our relationships; and

• evaluate whether we can offer you a service or a product and the associated conditions.

C. TO PURSUE OUR LEGITIMATE INTEREST

We use your personal data in order to deploy and develop our services and associated security, to improve our risk management, to defend our legal rights and to protect our privacy, safety or property and/or that of our affiliates, yours or others, including:

• to prove transactions;

• to prevent, detect and investigate fraud;

• to manage our IT infrastructure, customer and third party configurations and ensure the security of our IT systems;

• to ensure the security of our premises/infrastructures;

• to train our personnel (e.g., by recording phone calls);

• to personalise our offering of services to you;

• to provide customer management and administration;

• to analyse, evaluate and improve our business;

• to analyse, evaluate and improve the performance, innovation and attractiveness (including financial attractiveness) of our services;

• to analyse and predict certain of your personal preferences, interests and behaviours based on your use of our services, website and applications (profiling); 2/5/898/9

• to develop our business relationship with you and to improve the quality of our services;

• to undertake data analytics to learn more about how you interact with our websites, our applications and our advertising; and

• to establish, exercise and/or defend actual or potential legal claims, investigations or similar proceedings.

D. TO RESPECT YOUR CHOICE IF WE REQUEST YOUR CONSENT FOR SPECIFIC PROCESSING

If we need to carry out further processing for purposes other than those listed above in Section 4, we will inform you and, where necessary, obtain your consent.

5. Who do we share your personal data with?

Personal data may be disclosed to third parties in connection with the services we are providing to you. The recipients of any such information will depend on the services that are being provided. For the abovementioned purposes and subject to any confidentiality restriction we may have expressly agreed with you or any transaction parties, you authorise us to disclose your personal data to: 

• Mirabaud Group entities; 

• Third party banking service providers (including Mirabaud Group entities) which perform services on our behalf or perform specific services according to your needs, such as payment service providers, card service providers, investment management service providers, as well as central counterparties, central securities depositories, and securities settlement systems; 

• Third party information and communication technologies (ICT) service providers involved, in particular, in (i) the process of developing, printing, and/or mailing of banking documents*; (ii) the provision of internal and external collaboration and communication platforms, including email services; ( i i i ) the development and/or operation and provision of a core business platform and other software; or (iv) the monitoring and management of alerts (including event logging) related to activities carried out on our internal and outsourced ICT systems, hosted partially or entirely in the cloud; 

• other deal/transaction participants, counterparties, suppliers and beneficiaries; 

• financial, taxation, regulatory or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law; 

• certain professionals such as lawyers, notaries or auditors; and 

• to any other persons as agreed with you. 

We reserve the right to make personal data accessible to other recipients, as disclosed to you from time to time or if required by applicable laws or requested by a competent authority.

The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject. If you withdraw your consent and/or object to the transfer of your personal data, you should be aware that not providing such information may preclude us from pursuing a business relationship with you and/or from rendering our services to you and/or performing certain transactions.

6. Are personal data transferred outside of our jurisdiction of incorporation?

We may transfer your personal data to all countries where a Mirabaud Group entity is located (https://www.mirabaud.com/en/mirabaud-group/contact/our-offices) and, depending on the services requested and/or provided, to other countries such as, in particular, the United States, India, the United Kingdom or countries of the European Union. 

In the case of a transfer abroad, your data may be transferred to a country where the local competent authority recognises that the level of data protection is adequate. 

For transfers to a country where the level of personal data protection has not been recognised as “adequate” by the competent authority, we will rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you such as when making an international payment), we will implement appropriate contractual, technical and/or organisational safeguards to ensure the protection of your personal data (such as standard contractual clauses or binding corporate rules approved by competent authorities, encryption of transmitted data, implementation of processes to manage and control access to data and IT systems, definition and management of privileges to access data and/or segregation of data), or we will obtain your consent (including through our General Terms and Conditions and/ or this Data Protection Notice). To obtain details on the applicable safeguards, please contact us at the address provided in Section 11 below.

7. How long do we keep your personal data for?

We will retain your personal data for the longer of the purpose for which they are intended and the period required by applicable law or contractual obligations and/or for the period necessary to protect our legitimate interests (such as satisfying legal claims or responding to requests from regulatory authorities).

Most personal data collected in relation to a specified client are kept for the duration of the contractual relationship with that client plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable laws. If you would like further information on the period for which your personal data will be stored or the criteria used to determine that period please contact us at the address provided in Section 11 below.

8. What are your rights and how can you exercise them?

Depending on the data protection laws applying to your situation, you have the following rights: 

• to access: you can obtain information relating to the processing of your personal data, and ask to receive a copy of such personal data. 

• to rectify: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified accordingly. 

• to erase: you can request the deletion of your personal data, to the extent permitted by law. 

• to restrict: you can request that the processing of your personal data be restricted. 

• to object: you can object to the processing of your personal data, on grounds relating to your specific situation. 

• to withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time. 

• to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party. 

Even if you object to the processing of personal data, we are nevertheless permitted to continue that processing if it is (i) legally mandatory, (ii) necessary for the performance of a contract to which you are a party, (iii) necessary for the performance of a task carried out in the public interest, or (iv) necessary for the purposes of the legitimate interests we pursue, including the establishment, exercise or defence of legal claims. However, we will not use your personal data for direct marketing purposes if you ask us not to do so. 

If you require further information or if you wish to exercise the rights listed above, please contact us at the address provided in Section 11 below. 

In accordance with applicable regulations, in addition to your rights above you are also entitled to lodge a complaint with the competent supervisory authority.

9. Do we use automated decision-making or profiling?

We do not use automated decision-making in connection with your personal data. If we do so in the future, we will comply with applicable legal and regulatory requirements.

In accordance with applicable laws and regulations, we may process your personal data automatically to determine certain characteristics such as your personal preferences, interests and behaviours based on your use of our services, applications and websites (profiling) in order to provide you with personalised information on our products and services.

10. How can you keep up with changes to this Data Protection Notice?

We may need to update this Data Protection Notice from time to time. We will publish updates of this Data Protection Notice on our website and inform you of any material changes where applicable through our usual communication channels.

11. How to contact us?

If you have any questions relating to our use of your personal data under this Data Protection Notice, please contact our Data Protection Officers as follows:

Wealth Management (WM) data protection officers:

Mirabaud & Cie SA
29, Boulevard Georges-Favon
1204 Geneva 
Switzerland
Attn: Data Protection Officer
wm.ch.dataprivacy@mirabaud.com

Mirabaud & Cie (Europe) SA
6B, rue du Fort Niedergrünewald
2226 Luxembourg
Luxembourg
Attn: Data Protection Officer
wm.eu.dataprivacy@mirabaud.com

Mirabaud Canada Inc.
1 Place Vile Marie, bureau 2810
H3B 4R4 Montreal (Quebec) 
Canada
Attn: Data Protection Officer
wm.ca.dataprivacy@mirabaud.com

Mirabaud (Middle East) Limited
24th Floor - North Tower Emirates Financial Towers
Dubai International Financial Centre
P.O. Box 50666
Dubai
Attn: Data Protection Officer 
dpo-dubai@mirabaud.ae

Asset Management (AM) data protection officers:

Mirabaud Asset Management (Suisse) SA
29, Boulevard Georges-Favon
1204 Geneva 
Switzerland
Attn: Data Protection Officer
am.dataprivacy@mirabaud-am.com

Download

Data Protection Notice

Download of PDF version of this Data Protection Notice:

Login