Privacy Policy – Blackden Financial: Financial Planning for expats

Introduction

BLACKDEN FINANCIAL SA is a Swiss limited company (”Société Anonyme”), registered in the canton of Geneva, Switzerland, and regulated in Switzerland by ARIF
(www.arif.ch/en). References in this policy to “we”, “us”, “our” or “BLACKDEN” are references to BLACKDEN FINANCIAL S.A.

BLACKDEN is committed to protecting and respecting your personal data and privacy and using such data fairly and in accordance with the legal requirements of the 2023 Swiss Federal Data Protection Act (nLPD) and the EU’s 2018 General Data Protection Regulations (GDPR).

Please read this Privacy Statement carefully to understand our practices and policy with respect to personal data, how it is used, the conditions under which it may be disclosed to others and how it is kept secure.

Reference in this Privacy Statement to “personal data” means any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information.

The personal data that we collect and use

We need to obtain information about you, so that we can provide the financial services you require. The personal information that we collect and use may include:

– Basic information, such as your name, date of birth, nationality, your employment situation (including employer name where employed), your title or position, salary, marital status, details of family members;

– Contact information, such as your physical address, email / skype address and phone number(s);

– Financial information (e.g. portfolio numbers, balances, transaction history on bank accounts, pensions, savings and investment accounts, mortgages, insurance (life and other), as well as currency preferences, risk profile, time frame and other information which we need to be able to conduct our activity effectively and advise you; this includes data relating to third parties (such as insurance companies, fund managers etc.) with whom we may act as intermediary on your behalf;

– Technical information, such as your IP address and other information collected from your visits to our website or applications or in relation to materials and communications we send to you electronically;

– Any other information which you may provide to us to allow us to undertake the professional activities for which you have retained us;

How we collect your personal data

In our activity as your financial advisor, BLACKDEN receives personal data as part of our client onboarding and advisory procedure when you or your organization seek financial planning advice from us. This information may be obtained in a number of ways;

– Directly from you in a face to face meeting, either in our initial meetings or at a periodic review. It may also be obtained by telephone, post, email or other means;

– Via other organisations (e.g. life insurance companies, fund platforms, banks, fund management groups, pension companies etc.) where you have provided authority for them to share your information;

– We may also obtain some personal information from recording calls or meetings or by making contemporaneous notes of calls or meetings;

– When you browse or interact with our website(s) or use any of our online services, by way of ‘cookies’ registered when you visit our website to compile statistical reports on website activity. For further information visit http://www.allaboutcookies.org/ . NB – You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser, however in a few cases some of our website features may not function as a result.

– When you register on our website, either as part of an initial enquiry or to complete a financial questionnaire you may be asked to provide personal data relating to yourself and / or your family.

– When you provide data to us in other circumstances, such as when you request details about or attend a firm sponsored event;

– Ordinarily, you will therefore have provided any such data to us as part of our onboarding or review process. In some cases, however we may collect data about you from a third-party source such as public records, for example if we are to confirm address, by way of a registered electoral roll entry.

Data concerning connected individuals

We may need to gather personal information about your close family members and dependants in order to provide our service to you effectively. In such cases it will be your responsibility to ensure you have the consent of the people concerned to pass their information on to us. We will provide a copy of this Privacy Notice for them or, where appropriate, ask you to pass the privacy information to them.

How we use your personal data

We use this information to analyse your current and future financial needs so we can ensure any advice takes due account of, and is suitable to, your personal circumstances. We only use your personal data in connection with our ordinary professional activities (including the fulfilment of our financial or regulatory obligations). These “Permitted Uses” may include:

– For any purpose related to the foregoing or for any purpose for which you provided the personal data to BLACKDEN.

– Complying with our legal obligations as a registered and regulated financial intermediary.

– Processing that is necessary for purposes of the legitimate interest of the firm or third parties provided that such interests are not overridden by your interests or your fundamental rights and freedoms.

If you have given us your express consent, we may process your personal data for additional purposes. You may withdraw your consent at any time. Additional purposes for which we may process your personal data may include:

– Communicating with you with respect to legal or regulatory developments, announcements, events and products and services which may be of interest to you.

– Distributing surveys or marketing materials.

– Gathering information regarding your preferences to improve the quality of our communications and interaction with you, such as through website analytics or the tracking of our client publications.

– Any other purpose for which you have given consent.

What is the legal basis for holding the data?

Contractual – Where you have appointed BLACKDEN to undertake an assessment of your financial situation, we undertake to gather sufficient information about your personal financial situation so as to be able to make one or more specific recommendations to you.

Regulatory – the relevant European & Swiss KYC (Know Your Client) regulations require that we obtain sufficient personal relevant data about you to be able to give financial advice tailored to your individual situation.

The information we collect about you is essential for us to be able to carry out the services you require from us effectively. Without collecting your personal data we’d also be unable to fulfil our legal and regulatory obligations.

We may also process data where we have a legitimate interest in doing so as a financial services provider (and where our legitimate interests are not overridden by your or the relevant individual’s own interests or fundamental rights or freedoms).

How we share your personal data

Irrespective of how we obtain your personal data, it may be shared among any office(s) operated by, or companies connected to, BLACKDEN, where storage of such data complies with BLACKDEN data protection policy and with local data protection regulations. We may also need to transfer personal data to third parties, including third parties based outside Switzerland or the EU, for example (but not limited to), tax advisors, accountants, lawyers, insurers, investment companies, fund managers, and pension advisors, as well as other third parties involved in your matters. We will at all times ensure a data protection level equal to that of Switzerland and the EU.

Where we share or transfer your personal data, we do so in accordance with applicable data protection laws and take appropriate safeguards to ensure its integrity and protection.

BLACKDEN will not sell or rent your information to third parties and will not share your information with third parties for marketing purposes, unless you have explicitly authorised us to do so.

The exception to this is when required by law, for example by a court order or for the purposes of prevention of money laundering, fraud or other criminal activity.

Keeping your personal data secure

We take appropriate technical and organizational measures at all times against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data in accordance with our internal security procedures covering its storage, access and destruction. Personal data may be stored on our own technology systems or those of connected BLACKDEN companies, or by product suppliers or in securely held physical files.

Retaining your personal data

We can retain your personal data until it is no longer reasonably required for the permitted uses or you withdraw your consent, provided that we are not legally required or otherwise permitted to continue to hold such data. In particular, we may retain your personal data for an additional period of time to the extent that deletion would require us to overwrite our automated disaster recovery backup systems or to the extent that we deem it necessary to assert or defend legal claims during any relevant retention period.

The regulatory regime(s) under which we operate require us to hold data for our clients for as long as we are still the appointed intermediary / advisor and acting on behalf of our clients. Following the termination of an agreement, whether by BLACKDEN as advisor, or you as client, or mutually agreed, (which may be in writing or by e mail), we are required to hold your data for a period of 10 years.

Your rights regarding your personal data

Right to withdraw consent: Where you have given us your consent to use personal information, you can withdraw your consent at any time.
Access to your personal information: You can request access to a copy of your personal information, which we will supply within 30 days of receiving your request, and for which we may make a charge as permitted by law.
Portability: You can ask us to provide you or a third party with some of the personal information we hold about you in a commonly used electronic form.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. Note that we might be required by regulations to retain your information even if you want it to be deleted.
Right to object: You can object to our processing of your personal information.
Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
When your personal data is processed by automated means you have the right to ask us to move your personal data to another organisation for their use.

Who in the firm is responsible for ensuring that adequate data protection is in place?

Each individual completes training to ensure adherence to Swiss data protection regulations. Christopher Marriott as BLACKDEN’s Data Protection Officer takes ultimate responsibility to ensure adequate procedures are in place and regularly reviews policies to ensure adherence.

There is a commitment to regulatory compliance within BLACKDEN’s data protection policy and practice. Staff receive training on an annual basis and understand the importance of safeguarding data. Staff demonstrate knowledge and adherence to company policy which is applied as standard practice in BLACKDEN’s processes and services.

Do you have a process to follow in the event of receiving a data access request?

Yes, BLACKDEN has a checklist to follow when receiving such data requests. This will involve extracting all relevant personal data within any internal servers (including our CRM system, files, emails, and email attachments), offsite (cloud servers) systems as well as our physical files. Upon receipt of your written request and enough information to permit us to identify your personal data, we will disclose to you the personal data we hold about you, for which we may make a charge up to the maximum as allowed by applicable law.

How would BLACKDEN transfer data to another party upon the client’s request?

We would follow the same process for receipt of a subject data access request. This would ensure we have collected all the data we hold and make it available for transfer upon the client’s authority.

Data deletion or corrections

We would correct, amend or delete any personal data that is inaccurate and notify any third party recipients of the necessary changes. You may update any information you have given to us by contacting us at the addresses given at the end of this policy. Please note that requests to delete personal data are subject to any applicable legal document retention obligations imposed on us.

What is considered to be a breach of data and what steps are followed in the event of a breach?

Data sent to an incorrect individual / organisation
Externals persons / organisations gaining access to our servers / workstations
Paper files being taken away from our premises
Employees accessing files without a genuine purpose
A bug in software leaking data

Should a breach occur, BLACKDEN will, immediately upon discovering the breach, investigate the reasons behind why the breach occurred and take the necessary action whether that be disciplinary action and/or improving processes. Depending upon the severity of the breach, we may decide to report the breach to the Swiss Federal Data Protection and Information Commissioner’s Office, and / or the relevant EU authority. If the breach is likely to result in a high risk of adversely affecting individual’s rights and freedoms, we will also inform those individuals without undue delay. Any such notification will be within the legal required time frame, according to the jurisdiction applicable to the individual.

BLACKDEN will keep a record of all personal data breaches, regardless of whether we are required to notify the Commissioner’s office.

How does BLACKDEN ensure that data is up to date and accurate?

If there is a material change to your situation, whether financial or personal, and which may impact the advice we would give, this should be pro-actively transmitted to us by you. Failing this then the data should be updated by way of a periodic financial review. Data such as a change of address should be notified as a matter of course, in order that we can continue to communicate with you appropriately.

Do you have a process to ensure data is proactively deleted when the time limit has expired?

The regulatory regime(s) under which we operate require us to hold data for our clients for as long as we are still the appointed intermediary / advisor and acting on behalf of our clients. Following the termination of our agreement, whether by BLACKDEN as advisor, or you as client, (which may be in writing or by e mail), we are required to hold your data for a period of 10 years. BLACKDEN has a system in place so that it can identify when the 10 years is up and also delete any data which is not relevant, i.e. data which is trivial or no longer needed.

We will complete periodic reviews looking at all data held and identify whether a relationship still exists with the data subject. Data which is no longer required will, where possible, be erased and all other data will be reviewed to ensure it is still within the specified time limits.

Links to other (third party) websites

Our website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. We do not control these websites and are not responsible for their personal data processing practices. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal data about yourself.

What can you do if you are unhappy with how your personal data is processed?

In accordance with Swiss Federal law on data protection, you can exercise your right of data access and amendment by contacting BLACKDEN’s Data Protection Officer. Any questions in this regard should be sent by email to info@blackdenfinancial.com or in writing to us at Blackden Financial S.A., 19 Rue de Candolle, 1205 Geneva, Switzerland. Alternatively, you can contact us by phone on 0041 22 755 0800.

You also have a right to lodge a complaint with the relevant supervisory authority for data protection. In Switzerland the relevant authority is the Office of the Federal Data Protection and Information Commissioner (FDPIC), and whose address is Feldeggweg 1, 3003 Bern, Switzerland. Phone 0041 58 462 4395.

Clarification on the date protection and processing rules for Swiss residents

Please note that for those clients resident in Switzerland, whilst our data policy has been adapted to meet the new EU GDPR regulations for all clients, BLACKDEN will continue to be subject to the rules of the 2023 Swiss Federal Data Protection Act (nLPD).

How you can contact us

Any questions regarding this policy and our privacy practices should be sent by email to our data privacy officer at info@blackdenfinancial.com or in writing to the Data Protection Officer at Blackden Financial S.A., 19 Rue de Candolle, 1205 Geneva, Switzerland. Alternatively, you can phone 0041 22 755 0800.

Updates to this Privacy Statement

This Privacy Statement was updated in August 2023. We reserve the right to amend it from time to time to reflect changing legal requirements or our processing practices. Any amendment will be included in a new version of this Privacy Statement, posted on a link via our website and will be effective upon posting. You are responsible for regularly reviewing the policy to confirm your continued agreement to the terms. Continued use of our website following any such changes constitutes your acceptance of those amendments and your agreement to be bound by them.