The following details declare how we process your Personal Data and your rights under data protection laws and regulations. Which data is handled and how it is used is mainly determined by the services requested or agreed upon in each situation. However, we process data about persons ("Personal Data"), such as information about our suppliers' employees and contractors. Please also provide this information to any co-obligors under a loan and existing and future authorized agents and beneficial owners. Beneficiaries in the case of death, business attorneys-in-fact, and guarantors are examples of these.
In our business relationship, we process Personal Data that we obtain from you as an Affected Person. We process Personal Data that we legitimately (for example, to execute orders, implement contracts, or based on your consent) receive from other companies within the Aspen Asset Management AG Group or other parties if it is essential for the performance of our services (such as private commercial databases). We also handle Personal Data that we legitimately collect and are authorized to process from publicly available sources (such as debtor directories, land registries, trade registrations, organization registers, the press, and the Internet).
Moreover, in our dealings with current and prospective Affected Persons, we process Personal Data such as name, address, and other contact details (telephone, e-mail address), title, birth date, gender, nationality, marital status, partner type data (employed / self-employed), identification data (such as ID, tax ID), certification data (such as specimen signature), contract-related information (for example, sales data in payment transactions), order data, including online banking (for example, payment orders), and information about your financial situation (for example, creditworthiness statistics, scoring/rating data, asset origin), CVs, criminal records, or any other publicly available or accessible information through third-party providers. We also handle advertising and sales data (including advertising ratings), documentation data (such as consultation protocols), and other data equivalent to the abovementioned categories.
Suppose we process any specific categories of data on Affected Persons. In that case, we will only do so if it is essential for the establishment, exercise, or defense of a legal claim, if it is in the public interest, or if you have given Aspen Asset Management AG your explicit agreement to process that data (where legally permissible). As a result, we may handle biometric data that is categorized as sensitive Personal Data (Article 4 (14) and Art. 9 (1) GDPR). To get a biometric identity (for example, Touch ID) or other biometric identification to use for access to specific applications, your express agreement will be necessary for a separate procedure.
We comply with the rules of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) while processing the Personal Data:4.1. For contractual duties (Article 13 (2) (a) FADP; Article 6 (1) (b) GDPR)
Data is processed to offer banking and financial services to our clients as part of our contractual obligations or to carry out pre-contractual procedures in response to a request. The primary objective of data processing is to comply with the specific product (such as a bank account, credit, building society savings, securities, deposits, and client referral) and might include needs assessments, guidance, management, and assistance, as well as transaction processing. Additional information about data processing purposes may be found in the contract papers and terms and conditions.4.2. For compliance with a legal requirement (Article 13 (1) FADP; Article 6 (1) (c) GDPR) or in the public interest (Article 6 (1) (e) GDPR).
We are also bound by various legal obligations (both globally and locally), including statutory requirements (such as the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Mortgage Bond Act, financial supervisory ordinances and circulars, and tax laws) and bank regulatory requirements (such as the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Anti-Money Laundering Act, Mortgage Bond Act, financial supervisory ordinances and circulars, and tax laws (for example, Swiss National Bank and FINMA). Other processing objectives include creditworthiness evaluation, identification and age verification, anti-fraud and anti-money laundering measures, tax law control and reporting responsibilities, and risk assessment and management within the bank and the Group.4.3. For the purposes of safeguarding legitimate interests (Art. 13 (1) FADP; Art. 6 (1) (f) GDPR)
Where required, we handle your data outside the scope of our contractual duties to protect our or a third party's legitimate interests, which do not jeopardize your interests or basic rights and freedoms. We also acquire Personal Data from publicly available sources for customer acquisition objectives, in addition to the examples below:
The legal foundation for all data processing described in paragraphs 4.1–4.3 is the requirement of fulfilling a legal duty. As a result, obtaining your prior consent to handle this data is not required in certain situations.4.4. As a result of your permission (Art. 13 (1) FADP; Art. 6 (1) (a) GDPR)
The lawfulness of such processing is based on your permission insofar as you have given to the processing of Personal Data for particular objectives (such as data transfer within the Group, analysis of trade operations for marketing purposes, etc.). Any given permission can be withdrawn at any moment. This also applies to the withdrawal of consent declarations given to us before the GDPR's implementation, that is, prior to May 25, 2018.
Please keep in mind that the revocation is only effective in the future. Any processing done to the revocation is unaffected.
The divisions within Aspen Asset Management AG that have access to your information are those that need it to fulfill our contractual, legal, and regulatory responsibilities. We can also allow service providers and vicarious agents access to data for the purposes stated if they preserve banking secrecy and follow our written instructions in accordance with data protection laws and regulations. These businesses provide banking, IT, logistics, printing, telecommunications, collecting, advising and consulting, and sales and marketing services.
When it comes to sending data to receivers outside of Aspen Asset Management AG, it's important to remember that, as a bank, we have a legal obligation to keep any client-related facts and evaluations to ourselves (banking confidentiality pursuant to our general terms and conditions; Art. 47 Swiss Federal Banking Act). We may reveal information about you only if we are legally compelled to do so, if you have provided your consent, if we are allowed to release bank information, and/or if processors commissioned by us ensure compliance with banking secrecy and the FADP / GDPR requirements).
Personal Data receivers who fall under these guidelines might include, for example:
Other data recipients might include any units for which you have granted your approval to data transfer or for which you have agreed or consented to exempt us from banking confidentiality.
Data will only be transferred to countries outside of Switzerland, the EU, or the EEA (so-called third countries) if it is necessary to carry out your orders (such as payment and securities orders), if it is required by law (such as tax reporting obligations), if you have given us your consent, or if it is part of commissioned data processing. If third-country service providers are employed, they must adhere to the data protection level in Switzerland and Europe, as well as written instructions based on the EU standard contractual terms.
We take our responsibility to ensure that any transfers outside the EU or EEA are made only to organizations that can show equivalency in terms of security and other applicable data processing criteria very seriously.
We handle and retain your Personal Data for as long as it's required to fulfill our contractual and legal responsibilities. In this regard, it is important to remember that our business partnership is a long-term commitment. We have procedures in place to assess the various types of data we store at various stages to ensure that we do not keep them for an unreasonable amount of time. If the data are no longer needed to fulfill our contractual and statutory duties, they are routinely erased unless their continued processing – for a limited time – is required for other legal objectives, such as:
Every data subject has the right to access (Art. 8 FADP; Art. 15 GDPR), rectification (Art. 5 FADP; Art. 16 GDPR), erasure (Art. 5 FADP; Art. 17 GDPR), restriction of processing (Art. 12, 13, 15 FADP; Art. 18 GDPR), object (Art. 4 FADP; Art. 21 GDPR), and, if applicable, data portability (Art. 4 FADP; Art. 21 GDPR) (Art. 20 GDPR). You also have the right to file a complaint with an appropriate data privacy regulatory authority, if relevant (Art. 77 GDPR). The rights are determined by the legal basis chosen for retaining the data.
At any moment, you have the right to cancel your consent to the processing of your Personal Data. This also applies to the withdrawal of consent declarations made previous to the EU General Data Protection Regulation's entrance into effect on May 25, 2018, i.e., before May 25, 2018. Please note that the revocation is only effective in the future. Any processing done previous to the revocation is unaffected.8.2. Ad hoc right of objection (Art. 21 GDPR)
You have the right to object at any time to the processing of Personal Data about you that is based on the processing in the public interest (Art. 6 (1) (e) GDPR) or for the purposes of safeguarding legitimate interests (Art. 6 (1) (f) GDPR), including any profiling based on those provisions within the meaning of Art. 4 (4) GDPR, on grounds relating to your particular situation.
If you object, we will no longer process your Personal Data unless we can show that there are compelling, legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the enforcement, exercise, or defense of legal claims. Please be aware that we will not be able to supply services or continue a business relationship in such circumstances.8.3. Objection to data processing for marketing reasons is a legal right.
We may use your Personal Data for direct marketing purposes in some instances. You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling if it is connected to direct marketing. If you object to your Personal Data being used for direct marketing reasons, we shall no longer use it for that purpose.
You must supply Personal Data that is essential for the commencement and execution of a business relationship, as well as the fulfillment of the related contractual duties, or that we are legally obligated to collect as part of our business relationship. Without this data, we would often be unable to engage in a contract or execute an order, or we would be unable to complete an existing contract and would be forced to terminate it.
Money laundering laws, in particular, require us to verify your identification before engaging in a commercial connection, for example, by using your identity card, and to keep track of your name, birthplace, date of birth, nationality, and home address. You must supply us with the appropriate information and documentation, as well as notify us of any changes that may occur over the course of our business relationship in order for us to comply with this statutory requirement. We will not be able to get into or continue your requested business connection if you do not supply us with the appropriate information and documentation.
To create and implement the commercial relationship, we generally do not make choices based exclusively on automated processing as specified in Art. 22 GDPR. If we utilize these processes in certain instances, we will notify you separately unless the law requires otherwise. Under some situations, you will have the right to object to these processes.
In some situations, we use automated processing to evaluate some personal elements of your data (profiling). For example:
To preserve and guarantee the confidentiality of Personal Data, all staff who have access to it must follow the internal rules, policies, and processes that govern its processing. They must also comply with all technological and organizational security measures in place to safeguard Personal Data.
We've also put in place sufficient technological and organizational safeguards to protect Personal Data from unauthorized, unintentional, or illegal destruction, loss, modification, misuse, disclosure, or access, as well as any other types of unlawful processing. These security measures were established with special attention to sensitive data, taking into consideration the state of the Art of technology, the cost of implementation, the dangers posed by the processing, and the nature of the Personal Data.
Please also let us know if we don't fulfill your expectations when it comes to the processing of Personal Data or if you have a complaint about our data protection policies; this allows us to investigate the situation and make necessary adjustments. In any of these instances, please submit a written request to the entity or one of the DPOs listed in section 1 together with a clearly readable copy of a valid official ID document (for example, a passport or ID card). We will confirm receipt as soon as possible, investigate your problem, and respond as soon as possible. If, due to the complexity and quantity of requests, a comprehensive answer will take more than one month.
We must record telephone calls with regard to activities concluded in the execution of our services in some of our legal entities to comply with other regulations, such as the European Parliament's Directive 2014/65/EU (MiFID II). Please check our comprehensive information at www.aspen-am.com for further information on the treatment of your Personal Data in this regard.
This information on data protection was last updated on June 12th 2021. It may alter. Any future modifications or additions to the above-described processing of Personal Data that impact you will be informed to you via the relevant channel (for example, it will be posted on our website).