Your regional office
Montreal
1000, Rue de la Gauchetière West, Suite 3100, Montreal - Quebec H3B 4W5Telephone : +1 514 288 8161
Contact us1. Who is responsible for your personal data and whom can you contact?
We process information and personal data relating to you and/or any Related Person of yours [Related Person(s) and you together hereafter the “Data Subject(s)”]. We essentially do so in connection with our existing and/or prospective business relationships, including your use of our websites (together hereafter the “Business Relationship”). We can do so either as controller or as joint controller (hereafter the “Controller”).
In this regard, we ask you to liaise with any and all of your Related Persons and transmit to them this Privacy Notice and the information contained therein.
Should you have any questions about this Privacy Notice, your Controller or, more generally, the processing of your (or your Related Persons’) personal data, you can contact your relationship manager or our Data Protection Officer at any of the following addresses:
Route des Acacias 60
1211 Geneva 73
Switzerland
switzerland-data-protection@pictet.com
Data Protection Officer EUROPE (EXCL. SWITZERLAND)
Avenue J.-F. Kennedy 15A
L-1855 Luxembourg
Luxembourg
europe-data-protection@pictet.com
Data Protection Officer ASIA
10 Marina Boulevard #22-01
Marina Bay Financial Center - Tower 2
Singapore 018983
asia-data-protection@pictet.com
Data Protection Officer BAHAMAS
P.O. Box N-4837
Bayside Executive Park, Building No. 1
West Bay Street and Blake Road, Nassau – Bahamas
bahamas-data-protection@pictet.com
Data Protection Officer NORTH AMERICA
1000 de la Gauchetiere West, Suite 3100
Montreal QC H3B 4W5
Canada
north-america-data-protection@pictet.com
Data Protection Officer PICTET ASSET MANAGEMENT (PAM)
Route des Acacias 60
1211 Geneva 73
Switzerland
pam-data-protection@pictet.com
2. How do we handle your personal data?
We are subject to certain confidentiality and/or secrecy obligations, e.g. arising under data protection, contract, professional or banking secrecy, as the case may be. Personal data we process are also subject to said obligations.
This Privacy Notice deals with the way we process (i.e. collect, use, store, transmit or otherwise handle or process, operations collectively defined hereafter as the “Processing” or “Processing Operations”) personal data. This Privacy Notice does not replace, and is subject, to our applicable contractual terms and conditions.
We may conduct our Processing Operations either directly or indirectly, through other parties that process personal data on our behalf (hereafter the “Processors”). We are responsible only for the Processing of personal data as per this Privacy Notice.
3. What personal data do we process?
“Personal data” include any information that makes it possible to identify a natural person directly (e.g. first name, surname) or indirectly (e.g. passport number or data combination).
Personal data of Data Subjects we process may include:
4. For what Purposes and on what legal bases do we process personal data?
We collect and process personal data for the purposes (hereafter the “Purposes”) and based on the legal bases set out in this Privacy Notice.
As a general comment, we essentially base our Processing on: (i) performance of a contract to which you are a party or a Related Person is related (as well as to take pre-contractual steps at your or a Related Person’s request); (ii) our duty to comply with a legal or regulatory obligation; (iii) the pursuit of our legitimate interest (including that of other Pictet Group entities); and (iv) performance of a task carried out in the public interest (e.g. to prevent or detect offences).
More specifically, we collect and process personal data as necessary for performance of a contract to which you are a party and/or a Related Person is related, which encompasses the following Processing Operations (which may also be based on other lawful bases):
We also collect and process personal data in connection with compliance with legal and regulatory obligations to which we are subject, including to:
The Processing Operations outlined above may rely on other lawful bases and potentially do substantially rely on the performance of a task carried out in the public interest.
Furthermore, we may process personal data in connection with legitimate interests we pursue in order to:
To the extent one or more of our Processes of personal data presupposes that you give your prior consent thereto, we will contact you and seek your consent in due time.
The provision of personal data may be mandatory, e.g. with regard to our compliance with legal and regulatory obligations to which we are subject. Please be aware that failing to provide such information may preclude us from pursuing a Business Relationship with, and/or from rendering our services to, you.
5. Do we rely upon profiling or automated decision-making?
We may assess certain characteristics of the Data Subjects on the basis of personal data processed automatically (profiling) in particular to provide Data Subjects with personalised offers and advice or information on our products and services or those of our affiliates and business partners. We may also use technologies that allow us to identify the level of risks linked to a Data Subject or to activity on an account.
Furthermore, we generally do not use automated decision-making in connection with our Business Relationship and/or Data Subjects. Should we do so, we will comply with applicable legal and regulatory requirements.
6. What sources do we use to collect your personal data?
To achieve the Purposes, we collect or receive personal data:
7. Do we share your personal data with third parties?
If necessary or useful to achieve the Purposes, we reserve the right to disclose or make accessible the personal data to the following recipients, provided this is legally or otherwise authorised or required:
We undertake not to transfer personal data to any third parties other than those listed above, except as disclosed to Data Subjects from time to time or if required by applicable laws and regulations applicable to them or by any order from a court, governmental, supervisory or regulatory body, including tax authorities.
8. Are personal data transferred outside our jurisdiction of incorporation?
In the course of our Business Relationship, we may disclose, transfer and/or store personal data abroad (hereafter “International Transfer”): (i) in connection with the conclusion or performance of contracts directly or indirectly related to our Business Relationship, e.g. a contract with you or with third parties in your interest; (ii) when the communication is necessary to safeguard an overriding public interest; or (iii) in exceptional cases duly foreseen by applicable laws (e.g. disclosures of certain trades made on an exchange to international trade registers).
International Transfers may include the transfer to jurisdictions that: (i) ensure an adequate level of data protection for the rights and freedoms of Data Subjects as regards to Processing; (ii) benefit from adequacy decisions as regards their level of data protection (e.g. adequacy decisions from the European Commission or the Swiss Federal Data Protection and Information Commissioner); or (iii) do not benefit from such adequacy decisions and do not offer an adequate level of data protection. In the latter case, we will ensure that appropriate safeguards are
provided, e.g. by using standard contractual data protection clauses established by the European Commission.
Should you wish to have further information as regards International Transfers or appropriate safeguards, you can of course contact our Data Protection Officer (see Section 1 above).
9. What are your rights in connection with data protection?
You have the right, subject to applicable local data protection legislation, to:
Even if a Data Subject objects to the Processing of personal data, we are nevertheless allowed to continue the same if the Processing is: (i) legally mandatory; (ii) necessary for performance of a contract to which the Data Subject is a party; (iii) necessary for performance of a task carried out in the public interest; or (iv) necessary for the purposes of the legitimate interests we pursue, including the establishment, exercise or defence of legal claims. We will not, however, use the Data Subject’s personal data for direct marketing purposes if the Data Subject asks us not to do so.
Subject to the limitations set forth in this Privacy Notice and/or in applicable local data protection laws, you can exercise the above rights free of charge by contacting our Data Protection Officer.
10. How long are your personal data kept or stored?
As a matter of principle, we retain personal data for as long as we need the same to achieve the Purposes. By the same token, we will delete or anonymise personal data (or equivalent) once they are no longer necessary to achieve the Purposes, subject however: (i) to any applicable legal or regulatory requirements to store personal data for a longer period; or (ii) to establishing, exercising and/or defending actual or potential legal claims, investigations or similar proceedings, including legal holds, which we may enforce to preserve relevant information.
* * * *
Status as of June 2020