Skip to content

Data Protection Declaration

1. General terms

This data pro­tec­tion de­c­la­ra­tion ex­plains how we process per­sonal data.
“Per­sonal data“ means all de­tails re­lated to a spe­cific or iden­ti­fi­able nat­ural or legal per­son. „Pro­cess­ing“ means all ways of deal­ing with per­sonal data, ir­re­spec­tive of the means and pro­ce­dures used, in par­tic­u­lar procur­ing, stor­ing, using, re­vis­ing, dis­clos­ing, archiv­ing and de­stroy­ing of per­sonal data.

2. Data security

We un­der­take to pro­tect your pri­vacy in ac­cor­dance with the ap­plic­a­ble laws, es­pe­cially the code of con­duct and data pro­tec­tion law. For this rea­son, we take a num­ber of pre­cau­tions, such as im­ple­ment­ing tech­ni­cal and or­ga­ni­za­tional se­cu­rity mea­sures (e.g. ac­cess re­stric­tions, fire­walls, per­sonal pass­words such as en­cryp­tion and au­then­ti­ca­tion tech­nolo­gies, staff train­ing).

3. Categories of personal data

We can process the fol­low­ing cat­e­gories of per­sonal data while lim­it­ing the pro­cess­ing to the nec­es­sary min­i­mum.
Client data such as:

  • Master data and data on holdings (e.g. name, address, nationality, date of birth, information about accounts, custody accounts, concluded transactions and contracts, information about third parties who are also affected by the data processing, such as spouses, authorized representatives and advisors).
  • Transaction data, order data, and risk management data (e.g. data regarding beneficiaries of payments, the beneficiary’s bank, the amount of payments, data on risk and investment profiles, investment products).
  • Technical data (e.g. business numbers, IP addresses, internal and external identifiers, records of access).
  • Marketing data (e.g. preferences, needs).

Data of in­ter­ested par­ties and vis­i­tors (i.e. our vis­i­tors or vis­i­tors of our web­site) such as:

  • Master data and data on holdings (e.g. name, address, date of birth).
  • Technical data (e.g. IP addresses, internal and external identifiers, records of access).
  • Marketing data (e.g. preferences, needs).

Sup­plier data such as:

  • Master data and data on holdings (e.g. name, address, date of birth, concluded transactions and contracts).
  • Technical data (e.g. IP addresses, internal and external identifiers, records of access). 

4. Origin of personal data

For the pur­poses of sec­tion 5, we can col­lect per­sonal data from the fol­low­ing sources:

  • Personal data given to us, e.g. for the entering into a business relationship, the execution of contracts, or our products and services.
  • Personal data necessary for the use of products or services and transmitted to us via the technical infrastructure or complex processes.
  • Personal data from third parties, e.g. authorities or UNO/EU sanction lists.

5. Purposes of data processing

We can process per­sonal data for the pro­vi­sion of own ser­vices and for own or legally pre­scribed pur­poses. In par­tic­u­lar, the pur­poses of our data pro­cess­ing are the fol­low­ing:

  • Entering into and executing of contracts, processing and managing products and services (e.g. payments, investments).
  • Monitoring and managing risks (e.g. investment profiles, combating of money laundering, limits, market risks).
  • Planning, business decisions (e.g. developing of new or assessing of existing services and products).
  • Marketing, communication, information about and review of the range of services (e.g. advertisements in print and online; events for clients and interested parties as well as other events, determination of future client needs).
  • Compliance with legal or regulatory disclosure, notification or reporting obligations to courts and authorities, fulfilment of official orders (e.g. reporting obligations towards FINMA and foreign supervisory authorities, orders of prosecution departments in connection with money laundering and terrorist financing).
  • Protecting our interests and securing our rights in case of claims against us or own claims against third parties.

6. Disclosure to third parties, categories of recipients

We may dis­close client data to the fol­low­ing third par­ties in the fol­low­ing cases:

  • For outsourcing activities according to section 7 and for the purpose of comprehensive customer service to third party service providers.
  • For the execution of orders, i.e. when using third party products and services.
  • Based on legal obligations, legal justifications or official orders, e.g. to courts, supervisory authorities, tax authorities, or other third parties.
  • Where necessary, to protect our legitimate interests, e.g. with respect to any legal action threatened or initiated against us by clients, in case of public statements, to safeguard our claims against clients or third parties, or for debt collection proceedings.
  • With the consent of the person concerned, to other third parties.

In par­tic­u­lar in con­nec­tion with cer­tain prod­ucts or ser­vices, per­sonal data must also be dis­closed to third par­ties domi­ciled in coun­tries which do not have an ap­pro­pri­ate level of data pro­tec­tion (e.g. the United States). If data has to be trans­ferred to such a coun­try, we will take mea­sures for a con­tin­u­ous ap­pro­pri­ate pro­tec­tion of per­sonal data.

7. Outsourcing of business units or services

We are out­sourc­ing cer­tain busi­ness units and ser­vices, wholly or par­tially, to third par­ties.

We care­fully se­lect any con­trac­tors who process per­sonal data on our be­half. Where pos­si­ble, we use ser­vice providers domi­ciled in Switzer­land. The ser­vice providers might be en­ti­tled to out­source cer­tain ser­vices to other third par­ties. 

The ser­vices providers are only per­mit­ted to process the data re­ceived to the ex­tent that we do our­selves. Ad­di­tion­ally, they are con­trac­tu­ally re­quired to guar­an­tee con­fi­den­tial­ity and the se­cu­rity of per­sonal data.

8. Automated individual decisions in specific cases, including profiling

We re­serve the right to process client data in the fu­ture in an au­to­mated man­ner, in par­tic­u­lar to iden­tify sig­nif­i­cant per­sonal char­ac­ter­is­tics of the clients, to pre­dict de­vel­op­ments and to cre­ate client pro­files.

This is used, in par­tic­u­lar, to re­view and de­velop our of­fer­ing and to im­prove our ser­vices. 

Client pro­files may, in the fu­ture, also lead to au­to­mated in­di­vid­ual de­ci­sions (e.g. au­to­mated re­ceipt and ex­e­cu­tion of client or­ders in our CRM sys­tem). 

We en­sure that a suit­able con­tact per­son is avail­able to the client if the client wishes to ex­press a view on any au­to­mated in­di­vid­ual de­ci­sion where such op­por­tu­nity to ex­press a view is re­quired by law.

9. Duration of storage

The du­ra­tion of stor­age for per­sonal data de­pends on the pur­pose of the data pro­cess­ing and/or statu­tory stor­age pro­vi­sions (de­pend­ing on the ap­plic­a­ble legal basis, five, ten or more years).

10. Rights of the affected persons

You can ask us whether per­sonal data about you is being processed. You have the right to ob­ject to the data pro­cess­ing, the right to re­stric­tion of pro­cess­ing, and, if ap­plic­a­ble, the right to data porta­bil­ity. You also have the right of rec­ti­fi­ca­tion and, pro­vided that there are no com­pelling statu­tory or reg­u­la­tory re­quire­ments (such as stor­age pro­vi­sions) or tech­ni­cal bar­ri­ers, the right to era­sure. The era­sure of your per­sonal data may lead to the re­sult that we can­not pro­vide cer­tain ser­vices any longer. Fur­ther­more, if ap­plic­a­ble, there is also a right to lodge a com­plaint with an ap­pro­pri­ate data pri­vacy su­per­vi­sory au­thor­ity. Where we process per­sonal data based on your granted con­sent, you may re­voke your con­sent at any time.

To help us reply to your re­quest, please send us a clear mes­sage. We will ex­am­ine your issue and reply in good time.

11. Contact data

We are re­spon­si­ble for the pro­cess­ing of per­sonal data. If you have any ques­tions re­lat­ing to data pro­tec­tion, please con­tact the fol­low­ing ad­dress: 

Ara­bel­la Group AG 
Stadt­gar­ten­weg 6
7000 Chur