DATA PROTECTION POLICY

1. Aims of the policy

The aim of this data protection policy is to describe how DECALIA SA and/or DECALIA Capital SA (as relevant) (“DECALIA”) collects and processes the personal data and information that it may receive and store in the context of its business activity (the “Policy”). Other provisions may supplement this Policy in accordance with the terms of the agreement or any other contractual relationship that you or your representative might have with DECALIA and that form an integral part of this Policy.

2. Types of personal data collected

The types of personal data that DECALIA is likely to collect and process in the context of prospective, past and/or existing business relationships (“Business Relationships”) are in principle:

  • personal information (such as surname, first name, date of birth, passport, telephone number, home address, postal/electronic address, telephone number);
  • family information;
  • financial information (including statements, transactions, real estate, debts, taxes, income, gains and investments);
  • tax information (including TIN, tax number, tax domicile);
  • professional information (such as CV, work experience and occupational activity);
  • any other information related to our interactions with you, whether via electronic mail, the website, contact forms, telephone calls or meetings;
  • data collected through using our cookies, as described below.

DECALIA does not perform any high-risk profiling or automated individual decision.

3. How personal data is collected or received

DECALIA collects or receives personal data:

  • directly from Business Relationships, either through you or the legal entity for which you work (e.g. if you are the contact person appointed by your employer to interact with DECALIA), through meetings or by means of documents sent to DECALIA (including pre-contractual documents and business cards);
  • indirectly, though one of our service providers or counterparties or through external sources such as DECALIA websites or publicly-accessible sources.

4. Personal information provided by you about other people

If you disclose personal data of another person, you must ensure that you are authorized to do so and that DECALIA may collect and use this personal information, as specified in the Policy, without having to take additional measures. In particular, you must ensure that the data subject has been informed of this Policy, including the identity of DECALIA, how to contact the company, the purposes of data collection and its practices regarding the communication of personal data.

5. Objectives and legal bases of personal data collection

DECALIA collects and processes personal data for the following legal reasons and purposes, to the extent that the data is necessary, in particular:

  • to provide the services you have requested from DECALIA and to develop business relationships, including in an investment fund distribution context;
  • to improve the services that DECALIA provides and/or to supply information on DECALIA products and services, undertake marketing activities related to our business activity, including the organization of meetings and events, presentation to potential or existing investors, as well as other activities (such as sending greeting cards). You can unsubscribe from our distribution lists at any time;
  • to establish and manage business relationships with DECALIA, including all the procedures necessary to verify the identity of Business Relationships when this proves necessary;
  • to protect the security of, and manage access to, our premises, our computer and communication systems, our internet platforms, our website and other systems;
  • to perform tasks in preparation or under existing contracts;
  • when processing is necessary for the purposes of our legitimate interests or those of any third party that has received your personal data, unless such interests are overridden by your interests or fundamental rights and freedoms;
  • any other purpose related to and/or ancillary to what is described above or for which the personal data has been communicated to DECALIA, or any other purpose imposed upon it by virtue of legal or regulatory obligations or by the authorities.

6. Personal data transfer

Provided that this is legally possible or required, DECALIA reserves the right to transfer personal data or to make it accessible to:

  • entities within the DECALIA Group;
  • auditors, legal advisors and/or competent authorities (a court, a national and/or international regulatory agency or authority, a stock exchange authority), when DECALIA is required to do so by virtue of the applicable law or regulations, or at their request;
  • third parties involved in a transaction or service (e.g. counterparties, banks, exchanges and trading platforms, payment system operators, brokers, custodians and other financial market actors);
  • third parties who process personal data on our behalf, such as IT system providers, web designers and hosts, payment service providers, banks, insurance companies, internet-services and e-mail-address providers, database and cloud services providers, consultants.

DECALIA undertakes not to transfer any personal data to third parties other than to those mentioned above without notifying you or unless its contractual obligations towards Business Relationships or the applicable law or regulations so require.

The transfer of personal data to the above-mentioned third parties may involve the transfer of data to jurisdictions outside Switzerland, in particular to Italy where other Decalia Group entities are located, to other countries in the European Economic Area (EEA) and to the United Kingdom, which are deemed to offer an adequate level of data protection, but also in certain cases to jurisdictions outside the European Economic Area (EEA) which do not have data protection laws equivalent to those of the jurisdiction to which you are subject, in particular to the United States of America for the use of Google Analytics services as described below in “Use of cookies”. In the event of a transfer of data to one of these jurisdictions deemed to be non-adequate, DECALIA will put in place standard contractual clauses approved by the European Commission and/or the competent Swiss authorities or other appropriate protection mechanisms provided for by the data protection legislation with the parties to whom the personal data will be transferred (e.g. the Swiss-U.S. Data Privacy Framework as soon as it comes into force).

7. Storage period of personal data

Your personal data will be erased when it is no longer reasonably necessary, or if you withdraw your consent (where consent is the ground for justification of processing) and DECLIA is not, or no longer, legally required or otherwise authorized to continue to store your personal data. DECALIA will, however, continue to store your personal data if it is necessary for it to assert a claim or defend itself from claims until the end of the corresponding storage period, or until the claim concerned has been settled.

8. Rights of Business Relationships relating to their data

Being subject to the collection or processing of personal data, Business Relationships benefit, within the limits of the applicable legislations and regulations, from certain rights, in particular the right to:

  • access their personal data and receive a copy of it;
  • correct inaccurate personal data concerning them;
  • prohibit or limit the processing of their personal data;
  • request the erasure of their personal data when processing is no longer necessary or when it is no longer legal for other reasons.

Subject to the restrictions laid down in this Policy and/or the applicable data protection laws, Business Relationships may exercise the above-mentioned rights at no expense by contacting the controller at the address given below. In the event that a Business Relationship has agreed to the processing of their personal data for the purposes mentioned above, he/she may withdraw their consent at any time by contacting the controller at the address given below.

In the event of opposition or withdrawal of previously-given consent, DECALIA will respect this choice in keeping with our legal obligations. This opposition (or withdrawal of your previously-given consent) might mean that DECALIA will no longer be able to take the actions necessary to achieve the objectives listed above, or that the Business Relationship will no longer be able to use our products and services. Please note that, even after consent has been withdrawn, DECALIA might continue to process personal data to the extent required or otherwise permitted by law, particularly in connection with the exercise and defence of its rights or in order to allow it to fulfil its legal and regulatory obligations.

As a regulated entity in Switzerland, DECALIA is bound by professional secrecy and cannot, in principle, respond directly to requests from data subjects who are not Business Relationships. If you are not a Business Relationship and believe that DECALIA is processing your personal data, we suggest that you contact the Business Relationship who may have transmitted your personal data to DECALIA (e.g. your employer who is a DECALIA client).

9. Personal data security

DECALIA takes appropriate technical and organizational measures to protect the security of your personal data from any unauthorized access, use, disclosure, modification or destruction, in compliance with applicable data protection laws.

10. Recording of telephone conversations

DECALIA may be called upon to record and check on the telephone conversations it has with Business Relationships, in order to maintain a high standard of quality, but also for security reasons and in accordance with current legal and regulatory obligations.

11. Use of cookies

A cookie is a small file which your system retrieves when you visit our website and which compiles certain items of browsing data (e.g. language preferences and analyses of how you use the site, such as pages visited and length of visit).

DECALIA uses cookies to simplify your use of the website and personalise your experience. DECALIA also uses the services of Google Analytics to manage and improve its website (in particular by analysing the use of the website and the usage statistics).

You can set your cookie preferences on our website and/or via your web browser. However, refusal to allow cookies may lead to certain parts of the website not working properly. For further information see http://www.allaboutcookies.org.

12. Updating of this Policy

This Policy may be subject to changes. Changes and additions take effect from the time they are published on DECALIA’s website.

13. Controller

The controller is the Swiss entity of the DECALIA group with which you have a contractual relationship. This may be one of the following entities:

DECALIA SA
Data Protection Officer
Rue du Rhône 31
CH-1204 Geneva
dataprotection@decalia.com

DECALIA Capital SA
Rue du Rhône 31
CH-1204 Geneva
decaliacapital@decalia.com