Information on data protection under the Swiss Law on
Data Protection (DPA)
In the context of its business, Taurus Asset Management SA (hereinafter also the "Company," "Taurus," or "we") processes data about individuals and legal entities (hereinafter "personal data"). This personal data includes information about customers (current and past), potential customers, business partners and their employees, and any other persons interacting with the Company (also referred to hereafter as "You").
The Company complies with applicable laws and regulations in order to ensure the protection and secrecy of personal data. This document provides an overview of how we process your personal data and your personal rights.
1.Type of data processed
Based on the product or service provided, the Company collects the following personal data in particular:
- personal information such as first and last name, date and place of birth, nationality, domicile, gender, telephone number, postal address and e-mail address, as well as data on family members or close persons such as the name of spouse/domestic partner and/or children;
- financial information, such as payment and transaction records, information about the customer's property (movable and immovable), balance sheets, liabilities, taxes, income, gains and investments;
- tax domicile and other tax documents and information such as tax identification number
- professional information about the customer, such as position and work experience;
- knowledge and experience in the investment field;
- details of contacts with the customer and the products and services requested as well as details of any mandates given;
- in some cases (where permitted by law), special categories of personal data, such as biometric data, political opinions and affiliation, medical/health information, racial or ethnic origin, religious or philosophical beliefs, and, to the extent permitted by law, data relating to any criminal convictions or offenses.
In some cases, the Company may also collect the above information by consulting public records, government departments, or other third-party sources such as the custodian bank. Where relevant to the services provided to customers, the Company also collects information on any card or account co-holders, partners (including other shareholders or beneficiaries), dependents or family members, representatives and agents. When a customer accesses the Company's Web site (http://taurusfamily.ch), data transmitted by his or her browser is automatically recorded by our server (including date and time of access, name of file accessed, as well as volume of data transmitted and performance of access, customer's browser, language and domain, IP address). Additional data will be recorded through the Taurus website only in the event of voluntary consent, for example in the course of a registration or request The Company may use cookies, tracking technologies and other means (e.g. web beacons, pixels, gifs, tags, unique identifiers) to collect and process the above information from various channels, including email and the devices you use to interact with us through our website. For our use of cookies and other tracking technologies, please also refer to our Cookie Management Policy, available on our website.
2.Purpose of data processing and legal basis
The Company processes the above-mentioned personal data in accordance with the provisions of the Swiss Federal Data Protection Act (DPA). Your personal data are always processed for a specific purpose and only to the extent necessary to achieve that purpose. The main purposes of such data processing are as follows:
2.1. Fulfillment of contractual obligations
Data are processed to provide financial services as part of the execution of contracts concluded with clients or to carry out pre-contractual activities in anticipation of the conclusion of the mentioned contracts. The purposes of data processing depend primarily on the specific service requested by clients and may include a needs analysis.
2.2. Fulfillment of legal obligations
The Company is subject to various legal obligations (e.g., the Financial Institutions Act, the Money Laundering Act, the Financial Services Act) and provisions of the Supervisory Board with which the Company is affiliated (AOOS - Supervisory Board for Asset Managers and Trustees) and FINMA, which may require the processing of personal data.
2.3. Pursuit of Legitimate Interests
Where necessary, we process data beyond what is strictly necessary for the effective performance of our contractual obligations in order to pursue our legitimate interests or those of a third party, provided that these do not override the interests or fundamental rights and freedoms of customers. In addition to the following examples, we also obtain personal data from publicly available sources for customer acquisition purposes:
- to make legitimate claims and develop a line of defense in the event of litigation;
- to ensure IT security and the operation of the Company's IT systems;
- to prevent and ascertain crimes;
- video surveillance, in order to prevent unauthorized access, collect evidence in case of theft or fraud, or ascertain availability and deposits;
- measures for the security of buildings and places (e.g. access control);
- measures to manage activities and further develop services and products.
Where the Company processes personal data pursuant to Sections 2.1, 2.2 and 2.3, it is not necessary to obtain the data subject's prior explicit consent to data processing.
3.Access to and protection of personal data
Within the Company, access to data is granted to employees who need it in order to fulfill contractual, legal and supervisory obligations. Service providers and representative agents (typically providers of banking, IT, logistics, printing, telecommunications, collection, consulting, sales, and marketing services) that may be commissioned by the Company may also receive data for these purposes, provided that they comply with the applicable regulations on the processing of personal data. Regarding the transfer of data to recipients outside the Company, it should first be pointed out that Taurus employees are obliged to observe secrecy regarding any customer-related facts and evaluations of which they may become aware.
Under certain conditions, the Company is allowed to disclose information to third parties, e.g.:
- public authorities and institutions (e.g. FINMA, Supervisory Board, auditing companies, financial authorities,
- criminal prosecution authorities), provided that there are legal obligations;
other financial service provider institutions, similar institutions and data processors, to whom we pass on personal data in order to carry out our mandate (e.g. support / maintenance of data processing / IT applications, archiving, document processing, compliance and risk management services). Appropriate technical and organizational measures have been taken to prevent any unauthorized or unlawful access to personal data provided by customers.
4.Transfer to a third country
Data may only be transferred to countries outside Switzerland if this is necessary for the performance of the agreed service (e.g. stock exchange orders), if it is required by law (e.g. reporting obligations under the Tax Act) or if the customer has given consent. If we use service providers in a third country, they are obliged to comply with the data protection levels applicable in Switzerland.
5. Duration of storage
The Company retains personal data only for as long as necessary to achieve the purpose for which it was collected or to comply with legal, regulatory or internal regulatory requirements. To this end, specific criteria are applied to determine the appropriate periods for retaining personal data based on the purpose, such as proper accounting management, facilitating customer relations, defending against legal action, or responding to requests from the regulator. In general, the Company retains personal data for the duration of the relationship or contract plus an additional ten years, which reflects the time period allowed for filing legal actions following the termination of that relationship or contract. A pending or threatened legal or regulatory proceeding may result in retention beyond that period.
6.Data protection rights
6.1. In general
Every data subject has the right to be informed about his or her data, the right to have his or her data rectified or erased and to restrict and/or object to its processing, and to obtain a transfer of such data to the extent applicable. Provision is also made, within applicable limits, for the right to complain before a competent data protection supervisory authority.
Withdrawal of consent to the processing of one's personal data may take place at any time. Such revocation will only be applicable for the future, any processing performed prior to revocation will not be affected. Each data subject's rights of access, revocation, or objection are not absolute as they are not applicable in certain circumstances or may be subject to exceptions (e.g., for compliance with legal obligations). We will follow up on requests received under applicable data protection regulations. In addition, when a data subject exercises his or her rights we may first ask him or her to provide proof of identity. We may also ask you to provide additional information if your request is unclear. If we are unable to comply with the request, we will provide an explanation. To exercise your rights, please use the contact information provided in Section 11.
6.2. Right to object to data processing for marketing purposes
In certain cases, we process personal data for direct marketing purposes. The data subject has the right to object at any time to the processing of personal data for such purposes, including profiling insofar as it is related to such direct marketing. In case of an objection to processing for direct marketing purposes, personal data are no longer processed for these purposes. To file an objection, please use the contact information provided in Section 11.
7.Obligation to provide data
As part of the performance of our service, the data subject is required to provide personal data necessary to enter into and perform the mandate and to fulfill the related contractual and legal obligations. Without such data, we are in principle unable to enter into or execute a contract with our clientele.
Specifically, the provisions of the Anti-Money Laundering Act require us to verify identity before entering into a business relationship. To enable us to comply with this legal obligation, the persons concerned are required to provide us with the necessary information and documents and to notify us without delay of any changes that may occur during the course of the mandate. Without the necessary information and documents, we are not permitted to provide our services.
8.Use of automated decision-making procedures
As a rule, the Company does not make decisions solely on the basis of automated procedures to establish and implement the business relationship. Should the Company use these procedures in individual cases, it will separately inform to the extent required by law. A right of objection will be granted in certain circumstances.
9. Profiling by the Company
In some cases we automatically process customer data for the purpose of assessing certain personal aspects (profiling). The following are some examples:
the law requires us to take anti-money laundering, anti-fraud and anti-terrorist financing measures and crimes that pose a threat to assets. Data assessments may also be performed in this context (as, for example, in payment transactions);
we may perform customer profiling to comply with regulatory and contractual requirements (example
determination of the customer's investment profile).
10. Data Security
The Company takes appropriate technical (e.g., encryption, pseudonymization, logging, access control, data backup, etc.) and organizational (e.g., instructions to our employees, confidentiality agreements, audits, etc.) measures to ensure the security of the information we collect and process and protect it from unauthorized access, misuse, loss, falsification, and destruction. Access to your personal information is permitted only when truly necessary.
However, it is generally impossible to completely rule out security risks: some residual risks are most often unavoidable. In particular, since perfect data security cannot be guaranteed for communications via e-mail, instant messaging or similar means of communication, we recommend that you send confidential information via particularly secure means.
11. Data controller and contacts
The responsible unit is the Company's data protection officer, who can be contacted at:
Taurus Asset Management SA
Riva Giocondo Albertolli 1
CH-6900 Lugano
Tel: +41 91 911 11 40
E-mail: info@taurus-lugano.ch
https://www.taurusfamily.ch/