SGR Compliance ('SGR', 'we', 'us', 'our') helps financial intermediaries minimise their risk exposure, protect themselves against financial crime, and constantly remain compliant with anti-money laundering and anti-terrorism ('AML') laws and Know Your Customer ('KYC') regulations. This Privacy Policy, together with any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
SGR is a company based in Switzerland. Our address is Via al Nido 4, 6900 Lugano, Switzerland. Our website is https://www.sgrcompliance.com/ and is owned and operated by SGR Compliance. This Privacy Policy is based, in particular, on the Swiss Federal Act on Data Protection 1992 ('FADP'). Furthermore, this Privacy Policy is also based on the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Although the GDPR is a regulation of the European Union, it is of relevance to us. Just for convenience, in this document we shall also refer to GDPR definitions and rules.
PERSONAL DATA
Under the FADP personal data is defined as 'all information relating to an identified or identifiable individual'. Under the GDPR personal data is defined as 'any information relating to an identified or identifiable natural person ('Data Subject'), by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
THE DATA CONTROLLER
Under the FADP a data controller is the private person or federal body that decides on the purpose and content of a data file. SGR is the data controller as defined by FADP ('Data Controller'). Under the GDPR a data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. SGR is the Data Controller as defined by the GDPR.
LAWFUL PROCESSING
The lawful bases for processing personal data are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
DATA RIGHTS
Your Data Subject rights are listed below:
PERSONAL DATA WE COLLECT
Information that you provide by completing forms in writing, email, through our web sites or social media. This includes information provided at the time of registering with us, to use our website (where applicable), to login into our database, to participate to our events (webinar, fair, conference), to receive newsletter, to become a member of staff, to enter into a contract for our services, to support or subscribe to our services (where applicable), to request materials or to request further services, when you respond to a survey and/or when you report a problem with any of our communication channels or services. We collect the following classes of information:
If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. Details of transactions you carry out and of the fulfilment of your orders. Details of your access to our databases or other materials. To help us improve our services, if you send us personal information which identifies you via email, we may keep your email, your email address and 'screen' name. We may also collect information that is available from your browser. We may also collect cookies during your visits to our websites. Please refer to our Cookie Policy here.
HOW WE COLLECT YOUR PERSONAL DATA
There are two main ways in which we collect your personal data:
a) directly from you
b) from third parties.
Personal data that you give to us may be through one of a number of ways. These may include:
HOW WE USE YOUR PERSONAL DATA
We will process any of your personal data, in accordance with our obligations under the FADP and the GDPR, for the following reasons:
SHARING YOUR PERSONAL DATA
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property, or safety of the organisation, or other individuals. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
THIRD PARTY WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
PROTECTING YOUR PERSONAL DATA
The data that we collect from you will be processed at our servers in Switzerland. It may also be processed by organisations operating in the EEA that SGR has instructed and with which Data Processing Agreements have been implemented. If we send personal data to a country that does not have appropriate data protection legislation, nor is deemed as an adequate country under the adequacy rating of Switzerland or the European Commission, we will ensure an appropriate level of protection by employing contracts accordingly, or we will act on the basis of the following statutory requirements, consent, performance of the contract, execution or enforcement of legal claims, in accordance with the requirements imposed by FADP. We may also use the binding corporate rules, standard contractual clauses or ad hoc contractual clauses that stipulate that the data will be processed in accordance with the GDPR. At any time, you have the right to request information about the contractual guarantees mentioned. However, we reserve the right to censor copies, or to supply them only in part in order to protect the privacy of any third parties mentioned or to protect our confidentiality duty.
SECURITY OF YOUR INFORMATION
To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
HOW LONG WE STORE YOUR PERSONAL DATA FOR
We store your personal data in accordance with our Data Retention Policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely. We process and store your personal data to the extent that it is required to fulfil our contractual and legal obligations or for the purposes pursued by the processing, which means, for example, for the entire duration of the business relationship (from the initiation and performance of a contract to its conclusion) and beyond that in accordance with legal obligations for storage and documentation. It is therefore possible that personal data is stored for the period of time when claims can be made against the SGR and to the extent that we are legally obliged or authorised to do so, or legitimate business interests necessitate this
CHANGES TO THIS PRIVACY POLICY
This privacy policy was last updated on August 2020. SGR reserves the right to vary this privacy policy from time to time. Such variations become effective on posting on this website. Your subsequent use of this website or submission of personal information to the SGR will be deemed to signify your acceptance to the variations.
COMPLAINTS
If you think we are not handling your personal data in accordance with this Privacy Policy and with the relevant data protection framework outlined in this Privacy Policy, please file a complaint with the Supervisory Authority in your country of residence or contact the Federal Data Protection and Information Commissioner.
Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1 CH - 3003 Berne
Telephone: +41 (0)58 462 43 95 (mon.-fri. 10-12 am)
Telefax: +41 (0)58 465 99 96