Privacy Statement and Data Protection
Version: May 2018
What is the purpose and scope of this Statement?
Falcon Private Bank Ltd. (“FPB” or “Bank”), Falcon Private Wealth Ltd. (“FPW”), Falcon Fund Management Luxembourg (“FFM”) and Independent Financial Services AG (“IFS”) process personal information in accordance with the provisions of the European General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP) and any other applicable data protection legislation. References to “Falcon” in this Privacy Statement apply to FPB, FPW, FFM and IFS.
This Privacy Statement shall serve as source of information on how Falcon ensures compliance and how you may exercise your rights in accordance with applicable data privacy laws (Art. 13 Para. 1, 2, and 4 GDPR and Art. 21 Para. 3 GDPR).
Falcon is committed to safeguarding the personal information that it collects from individuals. Accordingly, Falcon has developed this Privacy Statement to help you understand how Falcon collects, uses and safeguards personal information. Falcon also outlines reasonable precautions that it takes to keep personal information secure.
This Statement may be updated from time to time. Please consult it on a regular basis. The last line of this Statement below indicates when the Statement was last updated. It applies to any information obtained by Falcon, irrespective of the medium from which the information was obtained (including client and commercial contracts, terms and conditions, related documentation for and to support client account opening, implementation and maintenance, payments, recorded telephone calls, meetings, written forms, webpage, app, and similar mediums). Addressee of this Statement is anybody whose data is processed by Falcon, irrespective of the legal basis.
Who is responsible for data processing and how to contact?
Requests regarding data processing and your rights as data subjects may be addressed to:
For FPB and FFM
Falcon Private Bank Ltd.
P.O. Box 1376
Falcon Private Wealth Ltd. London
9th Floor, 10 Exchange Square
London EC2A 2BR
IFS Independent Financial Services Ltd.
Falcon will address your request within the timeframe as set forth by applicable law.
What information does Falcon collect?
We process personal information that we obtain from our clients and related parties in the transactions, in the context of our business relationship. We also process – insofar as necessary to provide our services – personal information that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred to us by other companies in the Falcon Group or from other third parties (e.g. a credit agency).
Falcon also collects and processes personal information resulting from the use of our website, e-banking, or other online services and means of electronic communication (app, chat etc.) This may include automatic collection of device type and browser information, operating system, internet service provider, internet protocol ( IP ) address, website that referred the user to the website and web pages users’ view. In addition we may obtain personal data from publicly available sources in our prospecting for clients.
Relevant data is personal information (e.g. name, phone number, date of birth, address and other contact details, and nationality), identification data (e.g. passport copies), and authentication data (e.g. sample signature). Furthermore, this can also be order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. sales data in payment transactions), information about the financial situation of the data subject (e.g. creditworthiness data, scoring/rating data, origin of assets), marketing and sales data (including advertising scores), documentation data (e.g. minutes of meetings), and other data similar to the categories mentioned.
What does Falcon use the information for and on what legal basis?
For fulfillment of contractual obligations (Art. 6 para. 1b of the GDPR)
Data is processed in order to provide banking and investment business and other financial services in the context of carrying out our contracts with our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific product or services (e.g. custody and related bank accounts, execution and investment services, investment advice and portfolio management, credit (FPB or chosen custodian), securities, deposits, client referral) and can include investment risk profile and needs assessments, advice, asset management and support, carrying out transactions, informing clients and authorised parties on possible investment opportunities and, where applicable, managing the relationship with your chosen custodian.
For legitimate interests (Art. 6 para. 1f of the GDPR)
Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. Examples:
- Reviewing and optimizing procedures for banking and investment needs assessment for the purpose of direct client discussions
- Marketing or market and opinion research, unless you have objected to the use of your data
- Carrying out internal analysis and research related to our business and/or the relationship with our customers, including to help Falcon to develop new investment products and services
- Undertaking business processes, such as maintaining business and statutory records, audits, forecasts, planning, transactions, and business continuity
- Asserting legal claims and defence in legal disputes
- Maintaining the security of our assets and your personal information and protecting our IT security and IT operation
- Prevention and investigation of crimes
- Video surveillance to protect the right of owner of premises to keep out trespassers, for collecting evidence in hold-ups or fraud, or to prove availability and deposits
- Measures for building and site security (e.g. access controls)
- Measures for business management and further development of services and products
- Risk control in Falcon Group.
- Implementing extraordinary operations, such as mergers and acquisitions, transfers of business, and entering into joint venture agreements.
As a result of your consent (Art. 6 para. 1a of the GDPR)
As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of trading activities for marketing purposes such as periodic investment newsletters, fund performance fact sheets), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. This also applies to withdrawing declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
Due to statutory provisions (Art. 6 para. 1c of the GDPR) or in the public interest (Art. 6 para. 1e of the GDPR)
We are subject to various legal obligations (e.g. the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, FINMA ordinances and circulars, tax laws) and regulatory requirements (e.g. Swiss National Bank, FINMA, United Kingdom Financial Conduct Authority). Purposes of processing include assessment of creditworthiness, identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks within Falcon Group.
To whom do we disclose personal information about you that we collect from a Falcon Website or are obtained in the course of business?
Does Falcon transfer personal data outside of the EEA or Switzerland?
Falcon may transfer personal information about you to countries located outside of the European Economic Area (the ‘EEA’) and Switzerland. This may happen when Falcon’s servers, suppliers and/or service providers are based outside of the EEA/Switzerland or where Falcon needs to transfer personal information about you to one of the Falcon Group companies outside the EEA/Switzerland. The data protection laws and other laws of these countries may not be as comprehensive as those that apply within the EEA/Switzerland – in these instances Falcon will take steps to ensure that your data privacy rights are respected. Data that may contain banking secrecy protected information is only transferred abroad in a form that does not allow any conclusion about the identity of the data subject. In any case, Falcon will implement appropriate contractual measures (such as standard data protection clauses, a copy of which you can obtain by contacting email@example.com to ensure that the relevant Falcon Group companies and third parties outside the EEA/Switzerland provide an adequate level of protection to personal information about you as set out in this policy and as required by applicable local law.
Falcon strictly respects the purpose of the obtained data and does not sell any data to third parties outside the Falcon Group.
How long does Falcon store personal information?
We will process and store your personal information for as long as it is necessary in order to fulfill the purpose for which it was collected including our contractual, and statutory obligations and/or to comply with legal, regulatory, accounting, reporting or internal policy requirements. It should be noted here that our business relationship with you is a long term obligation, which is set up on the basis of periods of years. Our regulators and laws impose certain record keeping retention periods. Personal information may also be anonymised, so that it can no longer be associated with you , in which case we may use such information without further notice to you.
If the data is no longer required in accordance with the above, it is deleted or anonymised, unless further processing is required for a limited time. In Switzerland for FPB this is for the following purposes:
- Fulfilling obligations to preserve records according to commercial and tax law: This includes in particular the Swiss Code of Obligations, the Federal Act on Value Added Tax, the Federal Act on Direct Taxation, the Federal Act on Harmonization of Direct Taxes of Cantons and Municipalities, the Federal Act on Stamp Duties and the Federal Act on Withholding Tax.
In general, Falcon can face litigation risks and legal orders or holds restricting destruction of personal information, which require us to keep records for an undefined period of time. Such data is deleted upon lift of the hold or disappearance of the litigation risk.
How does Falcon protect users' information?
Falcon has implemented reasonable technical and organisational security measures to protect your personal data collected in the course of business or other channels such as Falcon websites against unauthorized access, disclosure, misuse, loss or destruction.
Your rights as data subject
Every data subject has the right, in accordance with applicable law, to access according to Art. 8 FADP (Art. 15 GDPR), the right to rectification according to Art. 5 FADP (Art. 16 GDPR), the right to erasure according to Article 5 FADP (Art. 17 GDPR), the right to restrict processing according to Art. 12, 13, 15 FADP (Art. 18 of the GDPR), the right of object according to Art. 4 FADP (Art. 21 GDPR), and if applicable – the right to data portability according to Art. 20 GDPR. Furthermore, if applicable to you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Art. 77 GDPR).
You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force, i.e. before May 25, 2018.
A withdrawal of consent might lead to the termination of the business relationship as we cannot deliver our services properly to you.
An objection according to Art. 21 GDPR may be directed to your Falcon Representative or, preferably, to firstname.lastname@example.org or email@example.com. It does not need to follow a specific form, but we must be able to recognize your will to object the data processing according to Art. 21 GDPR. You also have the right to lodge a complaint before the relevant data privacy authority should Falcon violate applicable data privacy laws(s) in processing of your personal information.
Am I Obliged to Provide Data?
In the context of our business relationship, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect. Without this data, we are, in principle, not in a position to close or execute a contract with you.
In particular, anti-money laundering and the prevention of financial crime and terrorism laws and regulations require us to identify you and persons connected with you in relation to the business relationship we are establishing (e.g. authorised signatories, attorney, directors, beneficial owner), on the basis of your and their identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose. In order for us to be able to comply with these statutory obligations, you must provide us or procure the provision to us of the necessary information and documents in accordance with the Anti-Money Laundering Act, and to immediately disclose any changes over the course of the business relationship. If you do have the necessary information and documents provided to us, we cannot enter into or continue the business relationship.
Does Falcon engage in Profiling?
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance:
- Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and offenses that pose a danger to assets. Data assessments (including on payment transactions) are also carried out for this purpose. At the same time, these measures also serve to protect you.
- We may use assessment tools in order to be able to specifically notify you and advise you regarding products. These allow communications and marketing to be tailored as needed.
All electronic messages sent to either a specific Falcon employee, a Falcon group email address or distribution list and from Falcon to you are automatically retained in a distinct system which preserves the evidential weight of the emails. They are protected by reasonable technical and organizational measures and may only be accessed by Falcon employees with proper authorization (incl. team colleagues) and in justified cases in line with applicable laws and regulations (e.g. regulatory monitoring for compliance of policies and applicable laws, risk mitigation, in anticipation of litigation, complaint or error investigation, violation of internal policies, court order, suspicion of criminal conduct, violation of regulatory obligations, breach of employment contract) to specific persons in defined functions (e.g. Legal, Compliance, Audit, Risk). Every step of such latter access, as well as the search criteria used, is logged in an audit trail.
Falcon may track now or in the future the following information through our website cookies (non exhaustive):
- Remembering your preferences such as colors, text size and layout
- Remembering your settings such as search queries
- Showing you which pages you have recently visited
- Determining what legal information to show you (for example, legal regulations based on your domicile)
- Remembering your investment preferences (e.g. your domicile and investment experience) to show you only information that you are legally allowed to view
- Remembering if we have already asked you certain questions (e.g. you declined to use our app or take our survey) or if you have accepted our terms and conditions
We may also place cookies that interact with third party functions, such as social website cookies: so you can easily Like or share our content on the likes of social network websites such as LinkedIn, Twitter and possibly other. The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks.
We regularly test new designs or site features on our site. We do this by showing slightly different versions of our website to different people and anonymously monitoring how our site visitors respond to these different versions. Ultimately this helps us to offer you a better website.
Your browser settings allow you to adjust accepting or switch off cookies. Please be advised that such a change might limit the functionality or render the Falcon webpage inaccessible for you.