Data Privacy Notice of the Rhone Group
This Privacy Notice sets out the manner in which Rhone Trust and Fiduciary Services SA, 20, rue Adrien-Lachenal, 1207 Geneva (“Rhone“) and all its affiliates (collectively, the “Rhone Group“) processes personal data. This Privacy Notice is addressed to you as client or as person related to a client of the Rhone Group (see below the definition of “Related Person”).
We, the Rhone Group, intend to abide by the highest standards of data protection. The various entities forming part of the Rhone Group are responsible, as data controller, for collecting and processing some of your personal data in relation to our activities. The purpose of this Data Privacy Notice is to let you know which personal data we collect about you, the reasons why we use and share such personal data, how long we keep it, what your rights are and how you can exercise them. We kindly ask you to read this Data Privacy Notice. Further information may be provided where necessary when you apply for a specific service.
Please note that we may also process personal data in respect of an individual who is a “Related Person” to you.
A “Related Person” means an individual or entity whose information you or a third party provides to us and/or which otherwise comes to our knowledge in connection with our business relationship. A Related Person may include, but is not limited to, (i) any director, officer or employee of a company, (ii) a trustee, settlor or protector of a trust, (iii) any nominee or beneficial owner of an account, (iv) a substantial interest owner in an account, (v) a controlling person, (vi) a payee of a designated payment or (vii) any representative(s) or agent(s).
Please transmit to all your Related Persons this Data Privacy Notice, respectively the information contained therein.
1. Which personal data do we process about you?
We collect and use your personal data to the extent necessary in the context of our activities, in particular to achieve a high standard of personalized services. We may collect various types of personal data about you, including:
- identification information (e.g., name, ID documents and passport numbers, nationality, place and date of birth, gender, photograph, IP address);
- contact information (e.g., mailing address and email address, phone number);
- family situation (e.g., marital status, number of children);
- tax status (e.g., tax ID, tax status);
- education and employment information (e.g., level of education, remuneration);
- banking, financial and transactional data (e.g., bank account details, transfer of assets);
- data relating to your habits and preferences;
- data which relates to your use of our services; and
- data from your interactions with us (e.g., our meetings, calls, chats, emails, phone conversations).
The data we use about you may be directly provided by you or obtained from other sources, such as:
- publications/databases made available by public authorities; and
- databases made publicly available by third parties.
Please be aware that not providing such information may preclude us from pursuing a business relationship with, and/or from rendering our services to you.
2. Specific cases of personal data collection, including indirect collection
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or previously had, a direct relationship such as:
- visitors to our website;
- prospective or existing clients; or
- attendees of our events.
We may also collect information about you where you do not have a direct relationship with us. This may happen, for instance, when your contact details are provided by one of our clients if you are, for example:
- a family member;
- a legal representative (power of attorney);
- a beneficiary of a payment transaction made by one of our clients;
- a beneficiary of a trust;
- an ultimate beneficial owner;
- a representative of a legal entity (which may be a client); or
- a staff member of a service provider or a commercial partner.
3. Why and on which basis do we use your personal data?
A. To comply with our legal and regulatory duties
We process your personal data to comply with our legal and regulatory duties, including to:
- comply with regulations dealing with prevention of money-laundering and financing of terrorism;
- comply with regulations relating to sanctions and embargos;
- fight against tax fraud and fulfilment of tax control and notification obligations;
- set up security measures in order to prevent abuse and fraud (e.g., by recording telephone conversations);
- detect transactions which deviate from normal patterns;
- record, when necessary, our interactions (e.g., our meetings, calls, chats, emails, phone conversations); and
- reply to an official request from an administrative or judicial authority
B. To perform a contract with you or to take measures at your request before entering into a contract
We process your personal data to enter into and perform our contracts, or to take measures before entering into a contract, including to:
- provide you with information regarding our services;
- assist you and answer your requests; and
- evaluate if we can offer you a service and under which conditions.
C. To fulfil our legitimate interests
We process your personal data in order to develop our services, to improve our risk management and to defend our legal rights, including:
- to prove transactions;
- to prevent fraud;
- to manage our IT infrastructure;
- to train our personnel;
- to personalize our offering of services to you;
- to improve the quality of our services; and
- to advertise services that match with your circumstances and profile.
D. Who do we share your personal data with?
In order to fulfill the aforementioned purposes, we may share your personal data with:
- Rhone Group entities (e.g., so that you may benefit from our full range of group services);
- service providers which perform services on our behalf;
- financial, tax, administrative or judicial authorities, public bodies or self-regulatory organizations, to the extent permitted by law; and
- certain service providers such as lawyers, notaries or auditors.
The provision of personal data may be mandatory, e.g., in relation to our compliance with legal and regulatory obligations to which we are subject.
4. How long do we keep your personal data for?
We will retain your personal data for the longer of:
- the period required by applicable law; or
- such other period necessary for us to meet our operational obligations, such as proper client relationship management or responses to legal claims or regulatory requests.
Most personal data collected in relation to a specified client is kept for the duration of the contractual relationship with such client plus a specified number of years after the end of the contractual relationship or as otherwise required by applicable law. If you would like to obtain further information on the time period during which your personal data will be stored or the criteria used to determine that time period, please contact us at the address provided under Section 10 below.
5. Transfers of personal data outside Switzerland or the EEA
In certain circumstances, we may transfer your personal data to another country.
- In case of international transfers to a country for which the competent authority (in Switzerland: the Federal Data Protection and Information Commissioner) has recognized that country provides an adequate level of data protection, your personal data may be transferred on this basis.
- In case of international transfers to a country for which the competent authority (in Switzerland: the Federal Data Protection and Information Commissioner) has not recognized that such country provides an adequate level of data protection, we will either (i) rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary to perform our contract with you such as when making an international payment) or (ii) implement standard contractual clauses (“SCCs“) approved by the competent authority to ensure the protection of your personal data. To obtain a copy of these safeguards or details on where they are available, please contact us at the address provided under Section 10.
Countries to which your personal data may be transferred, and the respective safeguards put in place, are:
- Singapore, based on SCCs;
- Hong Kong, based on SCCs;
- Bahamas, based on SCCs;
6. Data Security
Security is a high priority. We take appropriate precautions to protect personal data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information.
Please note that communications over the internet are never totally secure and that the forms on our website employ standard email technology and as such are only as secure as sending us a normal email directly. Your communications may pass through third party servers in a number of countries before they reach us.
We do not accept responsibility for any unauthorised access to or loss of personal data that stems from a cause beyond our control. Nor can we be held responsible for the actions or omissions of other users or third parties who may misuse your personal data which they collect from the website.
7. Disclosure of information
Unless otherwise stated in this policy (and only when required to fulfil the purpose for which the information was given), we do not share, sell, distribute, modify, lease or otherwise disclose the information you give us to any third party for marketing or any other purpose unless:
- we are instructed to do so by law or appropriate authority
- we have reason to believe that a criminal act has been committed
- we have your explicit consent.
Except as otherwise specifically included in this policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to third parties, whether they are other users of our site or other websites, different rules may apply to their use or disclosure of your information.
8. What are your rights and how can you exercise them?
Depending on the data protection laws which apply to your situation, you have the following rights:
- To access: you can obtain information regarding the processing of your personal data and a copy of such personal data;
- To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
- To rectify: where you consider that your personal data is inaccurate or incomplete, you can request that such personal data be modified accordingly;
- To erase: you can request the deletion of your personal data, to the extent permitted by law;
- To restrict: you can request the restriction of the processing of your personal data;
- To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time;
- To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You also have the right to complain to a regulatory authority about our processing of your personal data.
- You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing;
Even if you object to the processing of personal data, we are nevertheless allowed to continue the same if the processing is (i) legally mandatory, (ii) necessary for the performance of a contract to which you are a party, (iii) necessary for the performance of a task carried out in the public interest or (iv) necessary for the purposes of our legitimate interests (e.g., the establishment, exercise or defense of legal claims). As indicated, we will not, however, use your personal data for direct marketing purposes if you ask us not to do so.
If you require further information, or if you wish to exercise the rights listed above, please contact us at the address provided under Section 10 below. Please include a scan/copy of your identity card for identification purpose.
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority.
9. How can you keep up with changes to this Data Privacy Notice?
We may need to update this Data Privacy Notice from time to time. We will inform you of any material changes through our usual communication channels.
10. How to contact us?
For data subjects resident in EU, EEA or UK, as per requirements of article 27 of the EU’s or the UK’s General Data Protection Regulation (“GDPR”)), if you have questions regarding this Data Privacy Notice, please contact our Data Representative, DataRep with contact details found here.
For non-EU, non-EEA or non-UK resident data subjects, if you have questions regarding this Data Privacy Notice, please contact Rhone directly at the following address:
dataprotection@rhoneservices.com
INFORMATION ON THE COMMON REPORTING STANDARD
The Common Reporting Standard (CRS) is the result of the efforts by the G20 nations to develop a global Standard for the Automatic Exchange of Information (AEOI). AEOI is about improving transparency in the fight against tax evasion and thus protecting the integrity of the tax systems of the participating jurisdictions.
Rhone Group and all its entities are committed to implementing the necessary requirements to fulfil the standard and will start exchanging data in 2018.
We have published articles about the CRS copies of which may be obtained on request. As part of the requirements under the Swiss legislation, we are required to provide a list of Switzerland’s partner jurisdictions which may be obtained in the following link.
If you require further information about how the CRS may affect you and your structure, please contact us.
Version of the Data Privacy Notice: August 31, 2023