With the following information, we would like to give you an overview of the processing of your personal data by sensusplus AG and your rights under the data protection law. Which data are processed and how the data are processed depends to a large extent on the requested or agreed services.
1. Who is responsible for data processing and whom can I contact?
Data Protection Officer of sensusplus:
Ruedi Hug, Data Protection Officer
Telephone +41 62 855 05 81
2. Which sources and data do we use?
We process personal data that we receive from our customers as part of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data that we legitimately gain from publicly available sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or which we obtain from other entities within the company Group or by other third parties (e.g. a credit agency or cooperation partners).
Relevant personal data are personal details (name, address and other contact details, date and place of birth as well as nationality), legitimacy data (e.g. identity card data) and authentication data (e.g. signature sample). In addition, this may also include order data (e.g. payment order), data from the fulfillment of our contractual obligations (e.g. turnover data in payment transactions), information about the financial situation (e.g. credit rating data, scoring / rating data, origin of assets), advertising and sales data (including advertising scores), documentation data (e.g. consulting protocol) as well as other data comparable to the mentioned categories.
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the relevant data protection regulations:
a. Based on the performance of a contract
The processing of data is carried out for providing financial services as part of the execution of our contracts with our customers or for carrying out pre-contractual measures, which are executed on clients’ request. The purpose of the data processing is primarily based on the specific product and may include, but is not limited to, needs analysis, consulting, asset management and servicing and the execution of transactions. Further details on the data processing purposes can be found in the relevant contract documents as well as in the terms and conditions.
b. Based on legitimate interests
If necessary, we process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of third parties or us. Examples for processing activities based on a legitimate interest include: - Consultation and exchange of data with information centers (e.g. debt collection registers) - Review and optimization of need analysis procedures for direct customer approach or customer acquisition, - Asserting legal claims and defense in legal disputes, - Ensuring of IT security and IT operations, - Prevention and investigation of criminal offenses, - Measures for business control, risk management within sensusplus and the company Group and further development of services and products.
c. Based on your consent
Insofar as you have given us consent to the processing of personal data for specific purposes, the processing of your personal data is based on this consent. A given consent can be revoked at any time. The revocation of consent does not affect the lawfulness of the data processed until the revocation.
d. Based on legal obligations or on public interest
In addition, as a financial service provider we are subject to various legal obligations, i.e. legal, regulatory or professional requirements (e.g. Collective Investment Schemes Act, Money Laundering Act, Pfandbrief Act, tax laws as well as other financial supervisory decrees and requirements, e.g. the FINMA and self-regulating organisations).
The purposes of processing include, but are not limited to, the examination of creditworthiness, identity and age verification, fraud and money laundering prevention, the fulfillment of tax control and reporting obligations, and the assessment and management of risks within Sensusplus or the company group
4.Who receives my data?
Within sensusplus, those entities gain access to your data, which need it in order to fulfill the contractual and legal obligations. Our service providers may also receive data for these purposes. The involvement of service providers (especially so-called order processors or processors) is carried out in accordance with financial and data protection regulations. In this way, external service providers are obliged to obtain to the legal obligations and data protection requirements. These are in particular companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, consulting as well as sales and marketing.
We may only disclose or make available to third parties information about you if there is a legal basis for this, or if you have given your consent (e.g. to carry out a financial transaction commissioned by you) or if we are authorized to issue information. Under these conditions, recipients of personal data may be, for example:
- Public authorities (e.g. law enforcement authorities, supervisory authorities such as, in particular, the Swiss Financial Market Supervisory Authority FINMA, debt collection and bankruptcy offices, inheritance authorities) if there is a legal or other juridical basis or obligation.
- Other credit and financial services institutions or similar entities to which we provide personal information to conduct the business relationship with you (such as correspondent banks, custodians, brokers, exchanges, PEP-Check, etc.).
- Public notaries, attorneys and auditors for drafting contracts, testaments, etc. as well as for the audit of sensusplus AG and for compliance tasks.
5. Is data transmitted to a third country?
A transfer of data to locations in countries outside of Switzerland (so-called third countries) takes place, as far as
- it is required to execute your orders (e.g. payment and securities orders),
- it is required by law (e.g. tax reporting obligations) or
- you have given us your consent.
6. How long will my data be stored?
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is construed to last for years.
If the data is no longer required for the fulfillment of contractual or legal obligations, these are deleted on a regular basis, unless their temporary processing is necessary for the following purposes:
- Fulfillment of commercial and tax-related retention requirements: particularly noteworthy are the Swiss Code of Obligations, the Federal Law on Value Added Tax Act, the Swiss Federal Law on Direct Tax, the Federal Law on the Harmonization of Direct Taxes of the Cantons and Municipalities, the Federal Stamp Duty Act and the Withholding Tax Act.
- The assertion, execution or defense of any legal claim or special retention policy may oblige sensusplus to retain information for a specified or indefinite period.
7. Which data protection rights do I have?
Each affected person, depending on his/her habitual residence, has the right to request information, the right of rectification, the right to deletion, the right to a restriction of processing and a right to objection, with respect to the data concerning him/her. In addition, insofar as applicable to you, there is a right of complaint to a competent data protection supervisory authority.
You may revoke your consent to the processing of personal data at any time. Please note that the revocation only is effective for the future. Data processing that took place before the revocation is not affected.
8. Is there an obligation for me to provide data?
As part of our business relationship, you must provide the personal data necessary to enter into a business relationship and perform the related contractual obligations that we are required to collect by law. Without this data, we will generally be unable to conclude the contract with you, to provide the services you require, or to provide products.
In particular we are required under the anti-money laundering regulations to identify you prior to the establishment of the business relationship on the basis of your identity document and thereby to collect and record information such as name, place of birth, date of birth, nationality, address and identity card information. In order for us to be able to fulfill this legal obligation, you must provide us with the necessary information and documents in accordance with the Federal Act on Combating Money Laundering and Terrorist Financing and immediately notify us of any changes resulting from the business relationship. If you do not provide us with the necessary information and documents, we may not take up or continue the desired business relationship.
9. To what extent is there an automated decision-making process?
In principle, we do not use fully automated decision-making to establish and implement business relationships. If we use these procedures in individual cases, we will inform you about this separately, if law requires this.
10. We may collect biometric data about you
Biometric data is generally regarded as particularly sensitive personal data. Therefore, to the extent required under applicable law, your explicit consent will be obtained separately in order to use your fingerprint or other biometric recognition system to access certain applications.
11. Information on the right to object
1. Case-specific right to object
You have the right to object at any time for reasons arising out of your particular situation to the processing of personal data relating to you based on a legitimate interest of sensusplus; this also applies to a profiling based on these reasons. If you object, we will no longer process your personal data, unless we can prove compelling legitimate grounds for processing that outweigh your personal interests, rights and freedom, or the processing is for the purposes of asserting, exercising or defending legal claims.
2. Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should be directed to sensusplus’ data protection office:
Ruedi Hug / 062 855 05 81 /
Thank you for your attention.