Privacy Policy


SGR Compliance ('SGR', 'we', 'us', 'our') helps financial intermediaries minimise their risk exposure, protect themselves against financial crime, and constantly remain compliant with anti-money laundering and anti-terrorism ('AML') laws and Know Your Customer ('KYC') regulations. This Privacy Policy, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

SGR is a company based in Switzerland. Our address is Via al Nido 4, 6900 Lugano, Switzerland. Our website is https://www.sgrcompliance.com/ and is owned and operated by SGR Compliance. This Privacy Policy is based, in particular, on the Swiss Federal Act on Data Protection 1992 ('FADP'). Furthermore, this Privacy Policy is also based on the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Although the GDPR is a regulation of the European Union, it is of relevance to us. Just for convenience, in this document we shall also refer to GDPR definitions and rules.

PERSONAL DATA

Under the FADP personal data is defined as 'all information relating to an identified or identifiable individual'. Under the GDPR personal data is defined as 'any information relating to an identified or identifiable natural person ('Data Subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.

THE DATA CONTROLLER

Under the FADP a data controller is the private person or federal body that decides on the purpose and content of a data file. SGR is the data controller as defined by FADP ('Data Controller'). Under the GDPR a data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. SGR is the Data Controller as defined by the GDPR.

LAWFUL PROCESSING

The lawful bases for processing personal data are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:

  1. Consent: you have given SGR your freely, specific, informed or unambiguous consent for your personal data to be processed for a specific purpose.
  2. Contract performance: the processing is necessary for the performance of a contract you have with SGR, which had asked you to take specific steps before entering into a contract.
  3. Compliance with legal obligation: the processing is necessary for SGR to comply with the law in the jurisdictions where SGR operates (not including contractual obligations).
  4. Protection of vital interests: the processing is vital to an individual's survival.
  5. Public interest: the processing is necessary for SGR to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: the processing is necessary for SGR's legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

DATA RIGHTS

Your Data Subject rights are listed below:

  • right of access.
  • right to rectification.
  • right to erasure or right to be forgotten.
  • right to restriction of processing.
  • right to be informed.
  • right to data portability.
  • right to object.
  • right not to be subject to a decision based solely on automated processing. If you wish to exercise any of the above rights, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

PERSONAL DATA WE COLLECT

Information that you provide by completing forms in writing, email, through our web sites or social media. This includes information provided at the time of registering with us, to use our website (where applicable), to login into our database, to participate to our events (webinar, fair, conference), to receive newsletter, to become a member of staff, to enter into a contract for our services, to support or subscribe to our services (where applicable), to request materials or to request further services, when you respond to a survey and/or when you report a problem with any of our communication channels or services. We collect the following classes of information:

  • name(s) and address(es), email, phone number(s) and other relevant (e.g. age group, subscriptions, company, work, and etc.) personal details and preferred (e.g. activities, events, news, and etc.);
  • staff details relevant to their employment status with us;
  • use of social media such as our Linkedin or Twitter page;
  • information about our relationship with you, correspondence, meeting notes, attendance at events etc.;
  • occupation, skills and professional activity, network(s) and interests where relevant to our needs; and
  • financial information (e.g. bank details) where they may be relevant in relation to contracts with SGR.

If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. Details of transactions you carry out and of the fulfilment of your orders. Details of your access to our databases or other materials. To help us improve our services, if you send us personal information which identifies you via email, we may keep your email, your email address and 'screen' name. We may also collect information that is available from your browser. We may also collect cookies during your visits to our websites. Please refer to our Cookie Policy here.

HOW WE COLLECT YOUR PERSONAL DATA

There are two main ways in which we collect your personal data:

a) directly from you

  • that you provide to us; and
  • that we automatically collect (e.g. IP addresses, OBA); and

b) from third parties.
Personal data that you give to us may be through one of a number of ways. These may include:

  • directly via our websites (www.sgrcompliance.com, www.controltheflow.ch and other SGR’s websites);
  • emailing your CV to our HR team or via our emails with regard to a voluntary appointment;
  • providing information via on-line forms, surveys, our websites, our Linkedin or Twitter page;
  • collecting your data through a contractual or commercial relationship with you e.g. for membership subscriptions, attending an event, being supplier or client, partner;
  • via a form which could be online as part of our website or a form provided to us as a hard copy or electronically or when registering to our events or newsletter; and
  • contacting us with enquiries or comments by telephone, email or hard copy correspondence. Personal data may be given to us through another organisation with which you have registered, and we may be required to process that data in order to fulfil services that you expect of us. This could include one of the following:
  • via another authorized body with whom joint education or professional development takes place; and
  • via professional bodies with whom there is a sharing of registration for events or activities;
  • company you are employed with for performance of contractual obligations between SGR and your company.

HOW WE USE YOUR PERSONAL DATA

We will process any of your personal data, in accordance with our obligations under the FADP and the GDPR, for the following reasons:

  • to provide you with the services you have requested;
  • to comply with the FADP and the GDPR;
  • for administrative purposes;
  • to assess enquiries; and
  • to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

SHARING YOUR PERSONAL DATA

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.

THIRD PARTY WEBSITES

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

PROTECTING YOUR PERSONAL DATA

The data that we collect from you will be processed at our servers in Switzerland. It may also be processed by organisations operating in the EEA that SGR has instructed and with which Data Processing Agreements have been implemented. If we send personal data to a country that does not have appropriate data protection legislation, nor is deemed as an adequate country under the adequacy rating of Switzerland or the European Commission, we will ensure an appropriate level of protection by employing contracts accordingly, or we will act on the basis of the following statutory requirements, consent, performance of the contract, execution or enforcement of legal claims, in accordance with the requirements imposed by FADP. We may also use the binding corporate rules, standard contractual clauses or ad hoc contractual clauses that stipulate that the data will be processed in accordance with the GDPR. At any time, you have the right to request information about the contractual guarantees mentioned. However, we reserve the right to censor copies, or to supply them only in part in order to protect the privacy of any third parties mentioned or to protect our confidentiality duty.

SECURITY OF YOUR INFORMATION

To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

HOW LONG WE STORE YOUR PERSONAL DATA FOR

We store your personal data in accordance with our Data Retention Policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely. We process and store your personal data to the extent that it is required to fulfil our contractual and legal obligations or for the purposes pursued by the processing, which means, for example, for the entire duration of the business relationship (from the initiation and performance of a contract to its conclusion) and beyond that in accordance with legal obligations for storage and documentation. It is therefore possible that personal data is stored for the period of time when claims can be made against the SGR and to the extent that we are legally obliged or authorised to do so, or legitimate business interests necessitate this

CHANGES TO THIS PRIVACY POLICY

This privacy policy was last updated on August 2020. SGR reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to the SGR will be deemed to signify your acceptance to the variations.

COMPLAINTS

If you think we are not handling your personal data in accordance with this Privacy Policy and with the relevant data protection framework outlined in this Privacy Policy, please file a complaint with the Supervisory Authority in your country of residence or contact the Federal Data Protection and Information Commissioner.

Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1 CH - 3003 Berne
Telephone: +41 (0)58 462 43 95 (mon.-fri. 10-12 am)
Telefax: +41 (0)58 465 99 96