“Personal data” means all information relating to an identified or identifiable natural person.
“Processing” means any handling of personal data, irrespective of the means and procedures applied, in particular the collection, storage, retention, use, revision, disclosure, archiving, deletion or destruction of personal data.
You may contact IMM for data protection concerns at:
IMM Wealth Management AG
+41 43 501 05 10
COLLECTION AND PROCESSING OF PERSONAL DATA
IMM obtains and processes personal data that is provided to it by the data subject, e.g. when opening a business relationship, in the context of the execution of contracts, the use of products and services or on web-sites or other applications. IMM also processes personal data which is collected in the context of the use of products or services. IMM may, to the extent permitted, obtain personal data from publicly accessible sources, from authorities or from other third parties.
CATEGORIES OF PERSONAL DATA
IMM processes various categories of personal data. The most important categories are the following:
Master and inventory data (e.g. name, address, nationality, date of birth, information regarding account, custody account, concluded transactions and contracts, information on third parties affected by data processing, such as spouses, authorised representatives and advisors).
Technical data (e.g. business numbers, IP addresses, internal and external identifiers, records of access).
Transaction, order and risk management data (e.g. details of beneficiaries of transfers, beneficiary bank, amount of transfers, details of investment products).
Financial data (e.g. creditworthiness data, information on assets, liabilities, risk and investment profile).
User and prospect data (e.g. users of the Bank’s websites)
Marketing data (e.g. preferences, needs)
Communication data (e.g. contact data such as email address, telephone number)
Other data (e.g. video or audio recordings, access data)
Many of these data are disclosed to IMM by the data subject himself/herself. The categories of personal data that IMM receives from third parties include, in particular, information from public registers, information obtained in connection with official and legal proceedings, creditworthiness information, information on compliance with legal requirements such as those relating to combating fraud, combating money laundering and terrorism financing or export restrictions, information from banks, insurance companies, distribution and other contractual partners of IMM relating to the use or provision of services, information from the media and the internet, address and, where applicable, other sociodemographic data (in particular for marketing and research) and data in connection with the use of third-party websites and online offers where this use can be attributed to the data subject.
PURPOSES OF THE PROCESSING
IMM processes personal data primarily to provide its own services, to process contracts with clients and business partners and to comply with legal obligations.
In addition, IMM processes personal data, where permitted and appropriate, for the following purposes:
- Conclusion and fulfilment of contracts, execution, processing and administration of products and services (e.g. invoices, payments, financial planning, investments, pension provision, insurance).
Monitoring and controlling risks (e.g. investment profiles, anti-money laundering, thresholds, utilisation figures, market risks).
Planning, business decisions (e.g. development of new or assessment of existing services and products).
Marketing, communicating, informing about and reviewing the service offering (e.g. print and online advertising, customer, prospects or other events, identifying future customer needs, assessing a customer, market or product potential).
Fulfilment of legal or regulatory obligations to provide information or to report to courts and authorities, fulfilment of official orders (e.g. reporting obligations to FINMA and foreign supervisory authorities, automatic exchange of information with foreign tax authorities, orders from public prosecutors in connection with money laundering and terrorist financing).
Prevention and investigation of criminal offences or other misconduct (e.g. through internal investigations).
Safeguarding the interests and securing the claims of IMM, e.g. in the event of claims against the IMM or claims of IMM against third parties.
Ensuring operations, in particular of the IT, the website and other platforms.
Preparation and execution of transactions relating to the acquisition or sale of companies or parts of companies or other transactions under corporate law.
Insofar as consent has been given to process personal data for specific purposes (e.g. when registering for a newsletter), the personal data will be processed within the scope of and based on this consent, insofar as no other legal basis is given and necessary. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
IMM undertakes to protect personal data for the data processing’s for which it is responsible in accordance with the applicable laws. The protection of personal data includes appropriate technical and organisational security measures (e.g. access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, training of employees, etc.).
DISCLOSURE TO THIRD PARTIES AND DATA TRANSFER ABROAD
IMM discloses personal data to the following third parties (recipients) in the following cases:
For outsourcing in accordance with section 8 and for the purpose of customer care to other service providers.
For order execution, i.e. when products or services are used.
Due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties.
To the extent necessary to protect the legitimate interests of IMM, e.g. in the event of legal action threatened or initiated by clients against IMM, in the event of public statements, to secure claims of IMM against clients or third parties, in the event of the collection of claims, etc.
With the consent of the data subjects to other third parties.
Recipients of personal data are usually in Switzerland. Particularly when using certain products or services of IMM, personal data may also be disclosed to third parties outside of Switzerland (e.g. Europe or the USA).
Where a recipient is located in a country without an adequate level of data protection, IMM shall contractually oblige the recipient to comply with the applicable data protection (e.g. with standard contractual clauses), unless the recipient is already subject to a legally recognised set of rules to ensure data protection or IMM cannot rely on an exemption provision.
OUTSOURCING OF BURINSS AREAS OR SERVICES (OUTSOURCING)
IMM outsources certain business areas and services in whole or in part to third parties.
The service providers who process personal data on behalf of IMM for this purpose (so-called processors) are carefully selected. Whenever possible, IMM uses processors domiciled in Switzerland. The processors may be entitled to have certain services provided by third parties.
The processors may only process personal data received in the same way as IMM and are contractually obliged to ensure the confidentiality and security of the data.
AUTOMATED DECISIONS IN INDIVIDUAL CASES INCLUDING PROFILING
IMM reserves the right to process personal data automatically in the future, in particular in order to identify essential personal characteristics of the customer, to predict developments and to create customer profiles. This serves in particular the assessment and further development of offers and the optimization of the provision of services.
In the future, customer profiles may also lead to automated individual decisions (e.g. automated acceptance and execution of customer orders in CRM). In such cases, it is ensured that a contact person is available if a data subject wishes to comment on an automated individual decision and such a possibility to comment is provided for by law.
When a person visits the IMM’s websites, the web server automatically records details of their visit (e.g. the website from which the visit takes place, the visitor’s IP address, the content of the website that is accessed, including the date and duration of the visit). Such tracking data is used to optimise the websites visited and provide information on how the visitor informs himself about and uses the products, services and offers. As a rule, however, it does not allow any conclusions to be drawn about the identity of the visitor. In this respect, no personal data is processed.
However, if the visitor provides personal data, e.g. by filling in a registration form or message field for newsletters etc., IMM may use this data in particular for the following, in addition to the purposes set out in section 5:
for customer and user administration;
to inform the visitor about services and products;
for marketing purposes (e.g. sending newsletters);
for the technical “hosting” and further development of the websites.
When visiting the websites, the visitor’s data is transported via the internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. This entails the risk that data may be disclosed or its content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message is faked or manipulated in some other way by unauthorised persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, that data may be transmitted uncontrolled abroad, where data protection requirements may be lower than in Switzerland, etc. The risk of such manipulation may also arise.
DURATION OF STORAGE
The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal retention and documentation obligations, which amount to five, ten or more years depending on the applicable legal basis. As soon as the personal data is no longer required for the above-mentioned purposes, it is deleted or made anonymous as far as possible.
RIGHTS OF DATA SUBJECTS
Anyone can request information from IMM as to whether personal data about him/ her is being processed. There is a right of objection or restriction of processing and, where applicable, the right to data portability. Incorrect data can be corrected. Furthermore, the deletion of personal data can be requested, unless legal or regulatory obligations (e.g. legal retention obligations of business-relevant data) or technical hurdles prevent this. The deletion of data may have the consequence that certain services can no longer be provided. In addition, where applicable, there is a right of appeal to a competent authority. Where IMM processes personal data on the basis of consent, this consent may be revoked at any time. It should be noted that IMM reserves the right invoke the restrictions provided for by law on their part, for example if they are obliged to retain or process certain data, have an overriding interest in doing so (insofar as they are entitled to rely on this) or require it for the assertion of claims.
In order to support IMM in responding to your request, we ask for a corresponding, comprehensible message. We will review and respond to the concerns within a reasonable period of time.
IMM alone may amend this data protection declaration at any time without prior notice. The current version published on the website of IMM shall apply.