DATA PROTECTION POLICY of Clariga
1. Introduction
With this Data Protection Policy, Clariga AG and its subsidiaries (hereafter Clariga) describe the extent, purpose and the methods of how Clariga collects and processes personal data.
The term “personal data” means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as for example a name, an identification number or an online identifier.
If you provide us with personal data of other persons (such as family members), you have to ensure the respective persons are aware of this Data Protection Policy and only provide us with their data if you are allowed to do so and if such personal data is correct.
In relation to the processing of personal data, Clariga complies with the Swiss Federal Act on Data Protection (FADP) and, where applicable, with the General Data Protection Regulation of the EU (GDPR).
All employees who have access to confidential data and information are bound by the aforementioned regulations and have signed a confidentiality agreement.
2. Data Controller / Processor / Representative in the EU / EWR
The “controller” of data processing as described in this Data Protection Policy is Clariga AG, Totentanz 1, 4051 Basel, Switzerland. You can notify us of any data protection related concerns using the following contact details of our Data Protection Officer according to Art. 37 GDPR: info@clariga.ch
Our representative in the EEA according to Art. 27 GDPR is: Ulrica Schmid-Mastrocola, uschmid@uliandmore.com
If Clariga processes personal data on behalf of another controller, Clariga acts as a “processor”. In that case the controller is responsible for the processing of your personal data.
3. Processing of Personal Data
Clariga processes personal data that Clariga obtains from you in the context of our business relationship (in particular, directorship and fiduciary functions, family office services, company formation, consultation, administration and accounting). Insofar as it is permitted to Clariga, Clariga also obtains certain personal data from:
- publicly accessible sources (e.g., debt registers, land registries, commercial registers, internet);
- affiliated companies of Clariga;
- authorities or other third parties;
- information about you given to us by individuals associated with you (family members, consultants, legal representatives, etc.).
Relevant personal data is personal information (e.g. name, address, contact details, date of birth and nationality) and information about your financial situation (e.g. creditworthiness data).
4. Purpose of Processing and Legal Basis
4.1 Fulfillment of a contract with you
Personal data is processed in order to provide our services in the context of carrying out our contracts with you or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided and can include fiduciary and consulting services, wealth and asset management advice. For the processing of personal data required for the fulfillment of a contract Art. 13 Sect. 2 lit. a FADP or if applicable, Art. 6 Sect. 1 lit. b GDPR is the legal basis.
4.2 Legitimate interests
When the processing of personal data is required for the preservation of legitimate interests pursued by us or a third party, Art. 13 Sect. 1 and Sect. 2 FADP or if applicable, Art. 6 Sect. 1 lit. f GDPR is the legal basis.
Examples of legitimate interests:
- providing and developing our products, services and website apps and other platforms on which Clariga is active;
- consulting and exchanging data with information offices (e.g. debt register) to investigate creditworthiness;
- communicating with you, with third parties and processing of their requests (e.g. contact form on our website, media inquiries);
- asserting legal claims and defense in legal disputes;
- reviewing and optimizing procedures regarding marketing needs and assessment for the purposes of direct customer approach as well as obtaining personal data from publicly accessible sources for customer acquisition.
- advertisement and marketing (including organising events), provided you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and Clariga will then put you on a list for barring further advertising material being sent)
- carrying out background checks and screening activities in relation to the client and the relevant persons as part of the performance of a contract;
- prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud)
- acquisition and sale of business divisions, companies, or parts of companies and other corporate transactions and associated transfer of personal data as well as measures for business management and compliance with national and international statutory and regulatory obligations as well as internal Clariga regulations
4.3 Consent
In cases where Clariga obtains consent from affected individuals for processing personal data, Art. 13 Sect. 1 FADP or if applicable, Art. 6 Sect. 1 lit. a GDPR is the legal basis. Consent to the data processing can be withdrawn at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
4.4 Statutory obligations
In cases where processing of personal data is necessary for the fulfillment of a statutory obligation which Clariga is subject to (e.g. statutory retention obligations), Art. 13 Sect. 1 FADP or if applicable Art. 6 Sect. 1 lit. c GDPR is the legal basis.
4.5 On behalf of a Controller
Where Clariga processes personal data on behalf of a controller, Clariga acts as processor.
5. Data Transfer
Only employees of Clariga who require your personal data to provide the services and fulfill the contractual and legal obligations will have access to it. Clariga transfers your data to third parties, insofar as such transfer is permitted and Clariga deems it appropriate, in order for such third parties to process data for Clariga or if it is necessary for the performance of the services. Third parties may be, for example, any of the following:
- Clariga’s service providers including processors (such as e.g. IT providers);
- domestic and foreign authorities or courts;
- other parties in possible or pending legal proceedings;
- affiliates and agents of Clariga;
- registered agents in countries in which they are required by law, provided Clariga is supporting you at your request in such country in connection with the incorporation and/or administration of a company
- dealers, suppliers, sub-contractors and other business partners
Other recipients of personal data can be any third party for which you have given Clariga your consent to transfer data. Certain recipients may be within or outside of Switzerland located anywhere in the world.
When transferring personal data internationally Clariga makes sure that it complies with applicable laws and regulations, for example, by entering into agreements which will ensure that the recipients of your personal data maintain an adequate level of data protection. Clariga is allowed to transfer personal data to another country which does not have an adequate level of data protection without further safeguards, if the transfer is necessary for the performance of its services, for the conclusion or performance of a contract concluded in your interest or for the implementation of pre-contractual measures taken at your request.
Exactly which data may be subject to a disclosure requirement within the framework of transactions and services varies from case to case, but may include the following: information about you, information about your business relationship with Clariga or information about the services provided to you.
The personal data may be disclosed in any manner. This includes, in particular, disclosure via telecommunication channels and electronic means as well as the physical provision of documents.
6. Retention Periods for your Personal Data
Clariga will process and store your personal data for as long as it is necessary in order to fulfill its contractual and statutory obligations.
As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, to the extent possible.
7. Data Security
Clariga has taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.
8. Obligation to provide Data
In the context of your business relationship with Clariga, you must provide all personal data that is required, either legally or factually, for accepting and carrying out such business relationship and fulfilling the accompanying contractual obligations. Without this data, Clariga is not in a position to provide its services to you.
9. Profiling and Automated Individual Decision-Making
Clariga neither uses automated individual decision-making (decision based solely on automated processing) nor profiling (any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person), Art. 22 GDPR. If Clariga should use such decision-making based solely on automated processing, Clariga will inform you separately, if legally required.
10. Your Rights
As an affected individual, you have the right to information regarding which data Clariga processes about you (Art. 8 FADP, Art. 15 GDPR), the right to rectification (Art. 5 FADP, Art. 16 GDPR), the right to erasure (Art. 5 FADP, Art. 17 GDPR), the right to restrict processing (Art. 12, 13, 15 FADP, Art. 18 GDPR), the right of object (Art. 4 FADP, Art. 21 GDPR) and if applicable, the right to data portability (Art. 20 GDPR). These rights exist insofar as no statutory retention obligations or other justified interests on the part of Clariga prevent their application. In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority (Art. 77 GDPR). The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
You have the right at all times to revoke a consent which was previously granted for data processing.
You can assert your rights by notifying the contact address pursuant to Sect.2.
11. Amendments of this Data Protection Policy
Clariga may amend this Data Protection Policy at any time without prior notice. The current version published on its website shall apply.
Version effective as of September 2019.