Data protection notice - Capital Transmission

I. General

The protection of your personal data and privacy is of paramount importance to Capital Transmission SA (“CTSA”). This Notice aims to describe the processes involved in the collection and processing of Personal Data (this term is defined in Question 1 below) carried out by CTSA in its capacity as “data controller” in the course of its activities.

This Notice applies to the personal data of individuals involved in business relationships or other interactions with CTSA, including:

Parties involved in an investment transaction,
Representatives and executives of target companies or partners,
Institutional or private investors,
Prospects, professional contacts or related persons, – Website users.
Website users.

This notice supplements the contractual or regulatory information already provided in the context of business relations, as well as that provided on the CTSA website concerning the use of cookies.

II. Data processing

1. What Personal Data is processed by CTSA?

In the course of its activities, CTSA collects and processes Personal Data relating to any natural person connected with its economic activities (e.g. investors or representatives of an investor) or more generally connected with the life of CTSA as a company (e.g. suppliers or representatives of a supplier) (hereinafter “Data Subject”).

When a Data Subject or a third party (e.g. the investee company or an intermediary) transmits Personal Data to CTSA concerning a natural person (“Related Person”), it is the responsibility of that Data Subject or third party to inform the Related Person of this transmission.

The term “Personal Data” refers to all information concerning an identified (e.g. by passport) or identifiable (e.g. by reference to an AVS number or by cross-referencing several elements specific to the Data Subject, such as date of birth, place of origin and canton of residence) natural person. CTSA may process the following categories of Personal Data relating to Data Subjects:

Category of Personal Data	Examples
Identification data	Name, address, telephone number, email address, professional contact details, photographs, video and audio recordings
Personal characteristics	Date of birth, country of birth
Identifiers issued by public bodies	Passport, identity card, tax identification number, social security number
Information relating to family situation	Marital status, number of children
Professional information	Professional experience, power of representation, professional contact details, title, any sanctions or proceedings
Financial information	Income and assets, credit history information, bank details, extract from the debt and bankruptcy register
Information relating to transactions or investments	Current and past investments, investment profile, investment preferences, amounts invested, financial instruments held, role played in a transaction (seller/purchaser)
Information from exchanges between the Data Subject and CTSA	Calls, meetings, email and/or text message exchanges, telephone conversations, IP address and information on use of the CTSA website
Security and management data	References, reputation and background checks, attendance records at CTSA’s premises

2. What are the sources of the Personal Data processed by CTSA?

CTSA collects Personal Data:

directly from each Data Subject, for example when the Data Subject contacts CTSA or fills in a CTSA form; and/or
indirectly through external sources, including publicly available sources (e.g. publications or databases), information available through subscription services (e.g. Bloomberg) or through other third parties (e.g. investee or investment company, business introducer or third-party manager).

3. What Personal Data processing does CTSA carry out?

CTSA may process Personal Data for the purposes (objectives) listed below:

A. The Personal Data processing operations listed below are based on the fulfilment of a contractual obligation towards a Data Subject:

the initiation and management of business relationships and investment transactions;
all operations related to the identification of a Data Subject;
the provision of any service related to the business or investment relationship;
compliance with applicable contractual clauses;
sending administrative information (e.g. updates to general terms and conditions or terms of use of services);
any other purpose related to the performance and management of its contractual relationships;
any other purpose related to the execution and management of transactional and investment relationships.

B. The Personal Data processing procedures listed below are based on a legal or regulatory obligation:

providing Data Subjects with information about CTSA’s products and services;
checks related to the fight against money laundering and terrorist financing;
monitoring compliance with financial market regulations and making the declarations required by those regulations;
responding to requests from the competent judicial, administrative or criminal authorities and cooperating with them in any way;
any measures taken in relation to the implementation of international sanctions in accordance with the procedures established by CTSA, which involves, in particular, the processing of Personal Data for verification purposes (screening).

C. The Personal Data processing procedures listed below are based on CTSA’s legitimate interest:

any processing for the purpose of developing the business relationship;
any processing for the purpose of improving CTSA’s internal organisation and processes;
any processing related to the management of CTSA’s IT environment and website, in particular for the purposes of maintenance and security;
any processing for the purpose of ensuring the maintenance and security of CTSA’s premises and infrastructure;
the assessment of certain characteristics of Data Subjects using automated processing of Personal Data (“profiling”) (see also Question 4);
the assessment and management of risks, in particular market, credit, operational, liquidity, legal and reputational risks;
the use of Personal Data for commercial prospecting (marketing) purposes, unless the Data Subject has objected to the use of their Personal Data for this purpose;
any processing necessary to enable CTSA to establish, exercise or defend itself against a current or future claim, or to enable CTSA to respond to an investigation by a public authority, in Switzerland or abroad;
any processing necessary to enable CTSA to prove a transaction;
the recording of telephone conversations and electronic communications with Data Subjects for the purposes of protecting CTSA’s interests, combating fraud or other offences, analysing and improving the quality of the services and products provided, training CTSA employees and managing the Bank’s risks.

The Data Subject also acknowledges that, when authorising a social network (such as Facebook, Instagram, etc.) to share Personal Data with CTSA, CTSA may receive all Personal Data that the Data Subject has shared publicly on that social network, such as contact information (e.g. name, email address, gender, lists of friends or contacts) or information that they publish on their profile (e.g. profile photo or preferences).

4. Does CTSA engage in “profiling” or “automated individual decision-making”?

CTSA may assess certain characteristics of a Data Subject through automated Personal Data processing (“profiling”), in particular to provide personalised offers and advice or information about CTSA’s products and services. CTSA may also use profiling to identify the level of risk associated with a Data Subject.

If CTSA were to use “automated individual decision-making” in the future in its commercial relations with its customers, it would do so in accordance with the applicable legal and regulatory requirements.

5. Does CTSA share Personal Data with third parties?

CTSA may share Personal Data with its subcontractors or business partners in order to carry out operations related to the provision of its products and services, the management of its website, or more generally to CTSA’s activities.

CTSA therefore reserves the right to disclose Personal Data:

to judicial or administrative authorities, upon request or spontaneously in cases provided for by law;.
to subcontractors in the context of outsourcing;
to financial market infrastructure operators (notably stock exchanges), brokers, banks or issuers of financial products;
to communication service providers (e.g. in connection with the management of a newsletter and social networks used by CTSA), event organisers, marketing agencies or other service providers involved in the management of CTSA’s Data Subjects; – to CTSA’s auditors, legal advisers and/or certain CTSA service providers; – to affiliated entities.

6. Is Personal Data transferred outside Switzerland?

CTSA may disclose, transfer and/or store Personal Data outside Switzerland:

in connection with the conclusion or performance of contracts directly or indirectly related to the business relationship (i.e. a contract concluded with a Data Subject or with a third party, but in the interest of a Data Subject), for example in connection with outsourcing;
if such a transfer is necessary to safeguard an overriding public interest;
if such a transfer is necessary to enable ctsa to establish, exercise or defend itself against a current or future claim, or to enable ctsa to respond to an investigation or request from a public authority, in switzerland or abroad; or (iv) when such a transfer is required by applicable law or regulation.com

If such transfers of Personal Data are made to a country that does not offer an adequate level (from a Swiss perspective) of Personal Data protection, CTSA will ensure, if required by applicable regulations, that the necessary consents are obtained or that appropriate safeguards are put in place, in particular contractual commitments, which may take the form of standard contractual clauses established by the European Commission. In all cases, the Data Subject or third party who has transmitted the Personal Data to CTSA (see Question 1 above) confirms that they have informed the Related Persons in this regard.

Data Subjects may obtain further information regarding the transfer of their Personal Data (including recipients, countries of destination and safeguards put in place) by contacting CTSA at the address provided in Section 10 below.

7. How long is Personal Data retained?

CTSA retains Personal Data for as long as necessary to achieve the intended purpose (see Question 3 above). CTSA erases or anonymises Personal Data when it is no longer necessary to achieve a purpose,

subject to the legal and regulatory obligations applicable to CTSA with regard to the retention of documents and information.
subject to cases where a longer retention period is necessary to enable CTSA to establish, exercise or defend itself against a current or future claim, or to enable CTSA to respond to an investigation by a public authority in Switzerland or abroad (e.g. implementation of a legal hold); and
subject to the period necessary to enable CTSA to fulfil its operational obligations, such as, for example, managing its business relationships or maintaining its accounts.

8. What are the rights of each Data Subject in relation to their Personal Data?

Within the framework and limits of the applicable regulations, each Data Subject has the following rights in relation to their Personal Data processed by CTSA:

the right to access their Personal Data;
the right to request that CTSA provide them with the Personal Data concerning them that they have communicated to CTSA (excluding Personal Data that CTSA has received from other sources) and that CTSA processes automatically (i) with their consent or (ii) in direct connection with the business relationship, in a commonly used electronic format;
the right to obtain information about how CTSA processes their Personal Data;
the right to have Personal Data corrected when it is inaccurate or incomplete,
the right to object to, request the restriction of, or withdraw consent to the processing of Personal Data to the extent provided for by law (see details below under Question 8).
the right to request the erasure of Personal Data when it is no longer necessary for the purposes for which it was collected or processed or when the Data Subject has withdrawn their consent (in cases where the processing of the Personal Data in question is based on the consent of the Data Subject), subject to the applicable retention periods (see Question 7 above); and
the right to obtain additional information from CTSA at the contact details provided in section 10 below and, if the Data Subject considers that the response provided is not satisfactory, to contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/fr/home.html

CTSA specifically draws the attention of each Data Subject to the fact that they may, at any time, by contacting CTSA at the address provided in Section 10 below,

object to the use of their Personal Data for commercial prospecting (marketing) purposes by CTSA or by third parties; or
where the legal basis for processing is consent, withdraw consent (note that, in such cases, CTSA is still authorised to continue processing if it has another legitimate reason for doing so).

If certain Personal Data concerning the Data Subject is not available (or if the Data Subject exercises their right to object to the processing of Personal Data or to withdraw their consent), CTSA may not be able to provide the Data Subject with the service or product for which the processing of such Personal Data is required.

9. Data security and risks associated with the use of the Internet

Personal Data may be stored on CTSA’s technological systems or paper files or on those of its subcontractors.

In addition, Data Subjects and CTSA may share Personal Data, inter alia, via the Internet. The Internet is an open network accessible to anyone and does not provide a secure environment. Although CTSA uses standard security technologies and measures to protect Personal Data from unauthorised access, illegal or improper use, disclosure, loss, destruction or damage, the use of the Internet may still lead to the disclosure of the Data Subject’s Personal Data outside Switzerland.

Furthermore, any connection to the Internet – even if encrypted – carries the risk of unintentionally downloading viruses or cookies, or allowing third parties to surreptitiously access the Data Subject’s computer and the data it contains. The Data Subject therefore acknowledges and accepts this risk.

Similarly, no security device, even one based on the latest technical developments, can guarantee absolute security for either CTSA or the Data Subject. The terminal (e.g. the Data Subject’s computer) is beyond CTSA’s control and may constitute a weak point in the system. In particular, there is a latent risk that a third party may access the Data Subject’s terminal without their knowledge when sharing data via the Internet. Consequently, the Data Subject understands and accepts that, despite all security measures, CTSA cannot, for technical reasons, assume any responsibility in this regard.

10. Additional information about the processing of Personal Data by CTSA

For any questions regarding this Privacy Policy, as well as for the exercise of the rights mentioned above, Data Subjects may contact CTSA at the following email address: info@capitaltransmission.ch, or by post at the following address: Capital Transmission SA, Quai de l’Ile 17, P.O. Box 2251, CH1211 Geneva 2.