Privacy Notice

BACKGROUND

REYL & Cie Ltd places the utmost importance on the protection of your privacy. In the interests of transparency and accountability towards our clients as well as to all of our stakeholders, we have decided to provide you with the following information in this Privacy Notice: 

  • the way we handle your personal data, including how we collect, use, store and communicate it, as well as
  • your rights arising under data protections laws and regulations.

RESPONSIBILITY WITH REGARD TO PERSONAL DATA

We are responsible both as data processor or as joint data processor. Such processing activities are carried out in the course of either an existing or a potential business relationship, including your usage of our website. For this reason, we have established a policy on the use of cookies (“cookies policy”), which is available on our website.

We process information and personal data that we receive that either relates to you directly or relates to any other person connected to you, that is to say a person or entity upon which we are obtaining information in connection with our business relationship (namely shareholders, controlling persons, beneficial owner, legal representatives, agents, employees, subcontractors, ordering parties or the beneficiaries of a transaction). 

It is your responsibility to contact these individuals and/or entities directly and to send them this Privacy Notice.

If you have any questions about the use of your personal data, you can contact our Data Protection Officer by post or via email:

Postal address:

REYL & Cie Ltd Data Protection Officer, DPO, Rue du Rhône 4, 1204 Geneva, Switzerland

E-mail :

dpo@reyl.com
 

NATURE OF PERSONAL DATA

We only process personal data that is necessary in the context of our activities for the purposes of offering you products and services suitable for your specific needs. 

The different types of personal data that we may have cause to process can be categorised in the following way (this list is not exhaustive):

  • General identification information (surname, first name, place and date of birth, picture, postal and email addresses, telephone number, gender, age, signature, family and employment status); 
  • Identification data issued by public authorities and bodies (passports, national identity cards, certificates of incorporation etc.);
  • Data available in the public domain (articles in newspapers or the trade press, public databases (Bloomberg, WorldCheck, Factiva, LexisNexis));
  • Identifying information in the course of using online banking services (technical logs, IP address);
  • Tax data (tax number, tax status, country of residence) ;
  • Banking and financial information (income and assets, banking details, data on transactions and discretionary portfolios).
     

LEGAL BASES AND PURPOSE OF PROCESSING PERSONAL DATA

We process your personal data in accordance with relevant legal provisions and for the purposes specified in this Privacy Notice. Several objectives may form the basis for the same data processing.

As a general rule, the following objectives are pursued:

Fulfilling our contractual (including precontractual) obligations, in particular:

  • Opening and ensuring the ongoing monitoring of a business relationship;
  • Providing information on products and services that we offer;
  • Assisting with the implementation of specific products and services that you have selected, in particular a discretionary management mandate, an investment advice mandate, a Corporate Advisory & Structuring mandate or investment fund subscriptions and transactions related to such a subscription.

This list is not exhaustive; the general terms and conditions as well the relevant contractual documentation will provide you with more detailed information.

Implementing the legal and regulatory framework, in particular: 

  • Complying with banking regulation and legislation that applies to us as a bank under regulatory supervision;
  • Cooperating with competent public authorities and government bodies;
  • Preventing fraud, in particular tax evasion, money laundering, financing of terrorism, corruption, as well as the provision of services to individuals and entities subject to economic or trade sanctions;
  • Managing risks within the REYL Group.

In view of the legal and regulatory requirements, we hereby inform you that failure to provide any information or documents that may be requested from you on that basis may prevent us from continuing a business relationship with you.

Pursuing legitimate interests, in particular:

  • Enhancing business relationships and improving our service and product offering ;
  • Improving our internal business structure and operational activities, especially in terms of risk management;
  • Recording telephone calls and emails in order to check instructions received, enforce or defend our interests or rights, evaluate, analyse and improve the quality of our services, train our employees and manage risks; 
  • Guaranteeing the security and proper functioning of the bank’s IT systems and preventing unauthorised access to the bank’s premises, to sensitive areas and to IT systems (for example PCs) by installing badge systems; 
  • Exercising our rights through claims and litigation (legal action, inquiries or similar proceedings); 
  • Informing relevant authorities of potential criminal acts or threats to public security, including by forwarding relevant personal data;
  • Maintaining our ownership rights or collecting evidence in the event of armed raids or fraud by installing a video surveillance system;
  • Passing personal data to other entities in the REYL Group.

Obtaining your consent for a specific type of processing: 

If the processing of your personal data requires your prior consent (for example, automated processing for the purposes of defining and establishing the business relationship), we will ask you to provide such consent for this specific type of processing.
 

PROFILING / AUTOMATED DECISION-MAKING

We are able to evaluate certain characteristics of data subjects by means of automated processing (for example, in order to suggest customised offers and services). We can also use technologies that allow us to identify the level of risk associated with a person subject to processing or associated with the activity on a particular account.

However, as a general rule no decision will be taken based solely on automated processing. In the event of there being an exception to this principle, and to the extent provided by law, we will inform you accordingly and in some instances you may be able to object to this exception.


SOURCE OF PERSONAL DATA

We process personal data that has been provided to us either by you or by individuals or entities connected to you in the context of a business relationship, either via other publicly available sources or from third parties.

Data collected directly from data subjects :

We collect and record all personal data given to us in relation to services that we offer in our IT systems, and more specifically in our CRM system. 

Data collected from third parties :

In the context of services that we offer, we may also collect personal data from third parties (external asset managers, trustees, administrators, law firms) or based on information available in the public domain (articles in newspapers or the trade press, public databases (Bloomberg, WorldCheck, Factiva, LexisNexis)). 
Data collected from third parties are processed in the same way as the data that we collect directly from data subjects. 
In some instances, we can be considered as a personal data processor/subcontractor. In such circumstances, we may be required to enter into a personal data processing contract in order to safeguard the rights of data subjects.


SHARING DATA WITH THIRD PARTIES

In accordance with applicable legal standards and regulations, we may be required to disclose personal data:

  • To administrative, civilian, prosecution or regulatory authorities and other public institutions;
  • To entities from the REYL Group or subcontractors to which certain duties have been delegated;
  • To external consultants such as companies providing audit, tax, regulatory and legal services;
  • In order to defend our rights and our legitimate interests, including those of our staff.

We do not sell your personal data.
 

TRANSFER OF PERSONAL DATA IN THIRD COUNTRIES

In some specific cases, such as contract execution and execution of your instructions or pursuant to a legal obligation, we may be required to transfer your personal data overseas.

Such a transfer can be made to jurisdictions:

  • that provide the same level of data protection to the level applicable in Switzerland; 
  • for which decisions on the adequacy of the level of data protection have been issued by competent authorities in this field (in particular the Swiss Federal Data Protection and Information Commissioner and the European Commission); or 
  • for which no adequacy decision has been issued. In this case, certain guarantees must be provided, for example by means of standard contractual clauses approved by the European Commission.


YOUR DATA PROTECTION RIGHTS

Within the framework laid down by applicable regulation, you have the following rights:

  • Right of access to personal data that we hold and the right to receive a copy thereof;
  • Right to rectification of inaccurate or incomplete personal data; 
  • Right to erasure of personal data, subject to the provisions on retaining banking records;
  • Right to restriction of processing of personal data where you disagree with its accuracy;
  • Right to object to processing of personal data due to considerations in relation to your particular circumstances, it being specified that this right could be ineffective if such processing is legally mandatory, is in the public interest, is necessary to the performance of a contract or to defending our interests. Any objection to data processing for direct marketing purposes will be duly noted and we will no longer process your personal data for this purpose; 
  • Right to portability of your personal data in an open and machine-readable format (applicable solely to REYL Group entities with headquarters in a Member State of the European Union);
  • Right to withdraw consent on processing of personal data at any time, it being specified that such a revocation of consent would only take effect in the future; 
  • Right to lodge a complaint with the competent supervisory authority for data protection.


DATA RETENTION AND ARCHIVING PERIOD

We process your data for as long as we are required to do so by our contractual, legal and/or regulatory obligations. Accordingly, we delete or anonymise personal data after the end of the legal and regulatory retention period to which we are subject.


TECHNICAL PROTECTION OF PERSONAL DATA

We are committed to ensuring an adequate level of data protection, especially data regarding bank secrecy and personal data.

The data that we collect and process are stored on our servers, located in a secure area with controlled and strictly limited access. We have taken all appropriate technical and organisational precautions in order to ensure that our servers can be accessed solely by duly authorised individuals, and implement best practices and current standards for safeguarding our technical environments (ISO/IEC 27001, cryptography). 
 

UPDATES OF THE PRIVACY NOTICE

As data protection regulations are constantly evolving, the current Privacy Notice may be updated at any time in order to adapt to the most recent regulatory developments. Such updates shall be effective as soon as they are published on our website. We therefore invite you to visit our website regularly.