Privacy Policy
CP Trust SA protects the confidentiality and security of personal data that we collect or receive in the course of our business activities and recruitment. We process personal data in accordance with the Swiss Federal Act on Data Protection and, where applicable, the EU General Data Protection Regulation.
This Privacy Policy explains why we may collect and process your personal data and what rights you have in this regard.
We may provide you with additional privacy notices where we consider it appropriate. Such additional notices supplement this Privacy Policy and must be read together with it.
Who are we?
We are CP Trust SA, with registered office at Grundstrasse 11, 6343 Rotkreuz, Switzerland (hereinafter “we”, “us” or “our”). We are responsible for the processing of your personal data that we collect or receive in the course of our business activities, or that we process for other purposes as defined in this Privacy Policy.
What data do we collect and process?
To provide our services and run our business, we collect and process personal data about clients and prospective clients, related persons, counterparties, authorities, courts, third parties and other persons, as well as their representatives, beneficial owners and (former) employees. We also collect and process personal data when you offer us services or products, when we evaluate your products or services, and generally when you request information from us or send us information. Finally, we collect and process personal data about applicants of CP Trust SA.
The types of personal data we collect include, for example, name and contact details (such as address, email address and telephone number), nationality, areas of professional interest, professional background, as well as information of any kind from correspondence, contacts and interactions with us. We also process information of any kind that is disclosed to us in the course of our services or that we collect ourselves. Exceptionally, this information may include particularly sensitive personal data. Where your consent is required for the processing of particularly sensitive personal data, we obtain it in advance.
From applicants we collect the following personal data: personal details, contact details, application documents (e.g. cover letter, CV, work references, diplomas, references) as well as criminal-record and debt-enforcement extracts.
Finally, the server hosting our website temporarily stores information about your use of the site. This information includes, among other things, the IP address, the date and time of access, the name and URL of the file accessed, the website from which access was made, the browser used (including version), the operating system (including version) of the computer used, and the name of the access provider.
Why and on what basis do we collect and process personal data?
To provide our services and run our business
We collect and process personal data in order to provide you with our services (e.g. the conclusion, execution and administration of contracts), to manage our mandates and to run the business of our firm (e.g. carrying out administrative and organisational processes, risk management).
If we require information for accepting or carrying out a mandate and you do not provide it, we may not be able to act for you.
To develop our business relationship with you
We also use personal data to maintain and develop our business relationship with you, to identify services that may be of interest to you, to carry out business-development activities, to send you publications and communications, to invite you to events and to follow up after our events, to monitor and analyse our business, to improve our services and products, and to comply with our legal obligations regarding client identification.
To comply with legal or regulatory obligations
We collect and process personal data to comply with applicable laws (e.g. anti-money-laundering rules and the fulfilment of our tax-related or professional obligations), self-regulation, certifications, as well as for internal and external investigations in which we are a (procedural) party (e.g. by a law-enforcement or supervisory authority or a private body acting on their behalf). This also includes the processing of personal data for (data) security purposes.
To analyse the use of our website
We collect and process personal data about you in order to ensure the smooth functioning and system security of our website and to improve the website and analyse its use.
To handle applications
If you apply for a position at CP Trust SA, you must provide us with certain personal data. With your application you enable us to use and review this information (including verification of references, background, identity, debt-enforcement and criminal-record extracts) so that we can invite you to an interview and determine whether you are suitable for the position. We may work with third-party service providers to store and manage this information.
If we require information for the engagement and you do not provide it on request, we cannot continue to process your application.
Do we use cookies on our website?
To achieve some of the purposes mentioned above, we use cookies on our website. Further information about which cookies we use, the purposes for which they are deployed and the rights you have in respect of these cookies is set out in our Cookie Policy.
Where do we obtain your personal data?
We receive your personal data directly from you, our clients, other involved persons and their respective representatives and employees. We also collect personal data from third parties such as employers, other organisations with which you are in contact, supervisory authorities, government bodies, courts, other professional firms or other advisers. We further obtain personal data from publicly accessible sources (such as commercial registers, debt-enforcement and land registries, credit-reference agencies, contractual partners).
How do we protect personal data?
We take appropriate security precautions to keep your personal data secure in electronic and physical form and to protect them against unauthorised access, misuse, disclosure, unauthorised modification or deletion as well as against loss.
Access to our premises is controlled and, where necessary, monitored by video, and electronic data collections are protected by logins and passwords. Our partners, employees and third-party service providers who have access to confidential information (including personal data) are subject to confidentiality obligations and have, where necessary, signed corresponding data-processing agreements.
Why and how do we share data?
Where required or appropriate for the provision of our services or the fulfilment of the purposes defined in this Privacy Policy, we may disclose to third parties (such as advisers, related parties, courts, authorities, counterparties, firms with which we cooperate, and other persons) personal data that we collect in the course of providing our services, when you contact us or when you visit our website. We may further disclose personal data about you to third parties where:
- you have, where required, given your consent, or the organisation for which you act has, where required, obtained your consent;
- we are obliged to do so for legal, regulatory or business reasons (for example to comply with anti-money-laundering or sanctions provisions);
- this is necessary in connection with a takeover or dissolution of CP Trust SA or other similar events, as well as in the case of insolvency or a similar event;
- this is necessary in connection with legal proceedings, or to assert or defend claims.
We also work with various service providers and may share your personal data with them, e.g. with banks, insurers or IT providers, who may have access to your personal data in the context of IT support, cloud providers, marketing and media agencies.
Are your personal data transferred abroad?
In principle, we process your personal data in Switzerland. Our cloud servers are also located in Switzerland. Certain service providers of ours transfer personal data to EU member states (in particular the Netherlands or Ireland) or to the USA, or access personal data from these countries for support purposes. EU member states offer an adequate level of data protection. To ensure that your personal data continues to be protected when transferred to the USA, we enter into EU Standard Contractual Clauses (including the Swiss Annex) with the recipients.
Exceptionally, we may also transfer personal data to other countries if you instruct us to do so or if this is necessary to establish, exercise or enforce your or our claims. Where these third parties are based outside Switzerland, the United Kingdom or the EU, we share your data only on a basis that ensures an adequate level of data protection.
How long do we retain personal data?
We retain your personal data for as long as it is necessary for the purposes for which it is processed. We further retain your personal data in order to comply with statutory and regulatory documentation and retention obligations (e.g. personal data of clients is retained for ten years after the end of the client relationship), for as long as claims may be asserted against us, or as long as legitimate interests, in particular the security of our data, require.
Personal data of applicants to whom we cannot offer a position is deleted at the latest six months after rejection. With the consent of the applicant, we may retain the collected personal data for longer in order to offer the applicant any other positions with us.
What rights do you have?
You may, under certain circumstances, have the following rights:
- to request access to your personal data and certain aspects of the processing;
- to request the rectification of your personal data;
- to request the deletion of your personal data;
- to request the restriction of the processing of your personal data;
- to object to the processing of your personal data;
- to request the release or transfer of your personal data to you or another controller in a machine-readable format.
If you have consented to the collection, processing or disclosure of your personal data for a specific purpose, you may withdraw your consent at any time. Once we have received notice that you wish to withdraw your consent, we will no longer process your personal data, unless there is another legitimate interest in doing so.
Please note that the exercise of these rights may be refused or restricted on legal grounds or under data-protection law. We will inform you, where legally required or permitted, of the reasons for our decision.
You will not normally have to pay a fee to exercise your rights. We may, however, charge a fee where this is permitted by applicable data-protection law, of which we will inform you.
If you wish to exercise your rights, please contact us in writing by email at privacy@cp-trust.ch or by post at:
-
CP Trust SA
Data Protection
Grundstrasse 11
6343 Rotkreuz
Switzerland
If you consider that we have not handled your enquiry or concern to your satisfaction, or you believe that we are not processing your data in compliance with data-protection law, you may contact the competent supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC).
Updates to this Privacy Policy
We reserve the right to update and amend this Privacy Policy from time to time to reflect changes in the way we process your personal data or changes in legal requirements. Any changes we make to our Privacy Policy in the future will be published on our website. Please check regularly to see whether updates or changes have been made.