The purpose of this Data Privacy Notice (hereinafter referred to as the "Notice") is to inform data subjects about how we collect, store and process data (hereinafter referred to as the "Subjects").
1. Entity Responsible for Processing and Principles
The responsible entity for processing, Octogone Group, Rue de-Candolle 26, 1205 Geneva, Switzerland (hereinafter referred to as "Octogone"), recognizes the importance of keeping the personal data of its customers confidential and protecting their privacy rights. Regarding its activities and the data collected by it, Octogone intends to apply the most restrictive principles and standards that are identifiable with respect to the protection of personal data.
Consequently, all personal data and information (hereinafter referred to as "Data") provided in connection with our services will be processed lawfully, fairly, transparently and confidentially by Octogone.
By contracting the services offered by Octogone (hereinafter referred to as the "Services"), and in accordance with the legal provisions in force, you acknowledge and agree that, in connection with our Services, Data is or will be collected by Octogone. The Data will be collected and used solely for the purposes of the Services offered by Octogone or any subsequent contractual relationship with Octogone.
Therefore, entering into an engagement with Octogone means that you agree to the collection, processing of Data and agree to this Notice.
3. Legal Basis and Purposes of Data Collection and Processing
3.1 Legal Basis
The Subject concerned acknowledges that the collection and processing of Data by Octogone is necessary for the fulfilment of the mandate entrusted to Octogone to which the Subject concerned is a party in connection with the Services, but also for the preservation of the legitimate interests of Octogone and for the fulfilment of legal obligations incumbent upon Octogone.
The Data is collected and processed by Octogone for the following purposes (hereinafter referred to as "Purposes"):
• The opening and maintaining of the contractual relationship with the Subject or the beginning of a business relationship with Octogone (hereinafter referred to as "Business Relationship"), including all formalities relating to the identification of the Subject and of any person or entity over whom the Subject or a third party provides information and / or of which Octogone has knowledge in any other way in connection with the Business Relationship (hereinafter referred to as "Related person").
• Any other related services provided by Octogone' service providers and subcontractors in a Business Relationship.
• The management, administration, placement and distribution of financial products, including all services related to these activities.
• Compliance with legal and regulatory obligations to which Octogone is subject under regulations applicable to Swiss financial intermediaries (Money Laundering and Enforcement Act, International Financial Regulations (eg FATCA, Automatic exchange of information)).
• Weighing interests, to protect the interests of Octogone or third parties: prevention and elucidation of criminal offenses, risk management, exercise of rights and defense in litigation, consultation and exchange of information with information desks, computer security, safety of buildings and facilities.
• Octogone Customer Management: Octogone's customer administration, invoicing services, marketing (newsletters, event invitations, etc.) and others.
4. What Data is Collected?
4.1 Types of Data
As part of the Services, Octogone collects the following data (contemplative, non-exhaustive list) from its counterparties (customers, administrators of private equity vehicles, lawyers, banks, other financial intermediaries):
- Identification data: personal identification data (name, surname, title, tax identification number) and structural identification data (information relating to investment entities).
- Identification data issued by public authorities and other registers: identity cards, passports, certificate of incorporation, articles of association, share registers.
- Location data: personal and business addresses of investment entities.
- Communication and electronic identification data (personal and business): telephone number, e-mail address.
- Financial data: identification number and bank account numbers, financial means / assets, financial transactions.
4.2 Information Collected Directly from Subjects
Octogone collects and records all information provided to it in connection with the Services or by any other means in its Customer Relationship Management (CRM) system. The Subject may choose not to provide Octogone with certain information, however this decision may have the effect of depriving the Subject of certain Services or features offered in connection with the Services.
4.3 Information Collected from Third Parties - Subcontractors
As part of its Services, Octogone may also collect data from third parties (introducer, trustees, administrators of private equity vehicles, lawyers, banks, other financial intermediaries, list of international sanctions, information available to the public (e.g. Bloomberg, World-Check, FACTIVA or LexisNexis)). Data collected from third parties is treated in the same way as Data collected directly from the Subjects (see paragraph 4.2 above).
Octogone may be considered as a processor of personal data in the context of information collected from third parties, according to the applicable regulations. Should this be the case and necessary, Octogone will enter into a subcontracting agreement with the third parties concerned to ensure compliance with the present Notice.
5. Methods of Data Processing
The Data is processed by Octogone - or by third parties selected on the basis of their reliability and competence, as well as by duly appointed data controllers - solely for the purpose of carrying out the purposes specified in paragraph 3.2 above, mainly by means of computer tools, but also on paper.
Octogone retains the Data for as long as necessary for the fulfilment of the Purposes for which it was collected and in accordance with the regulations applicable to the Services (for example, ten years in connection with banking services or seven years in accordance with FATCA regulations).
Similarly, Octogone deletes or anonymizes personal data (or takes equivalent measures) as soon as they are no longer necessary to achieve the Purposes, subject however (i) to legal or regulatory requirements applicable to the data retention for a longer period of time, or (ii) to ascertain, exercise and / or defend actual or potential rights in legal proceedings, investigations or similar proceedings, including legal holds that Octogone might impose to preserve relevant information.
Specific measures are applied to prevent the risk of loss of data, unlawful or improper use and unauthorized access (see paragraph 7 (Confidentiality, Security and Data Protection) below).
Octogone may evaluate certain characteristics of the Subjects and Related Persons on the basis of automatically processed Data in order, in particular, to offer them personalized offers and advice or information about its Services. Octogone may also use technologies to identify the level of risk associated with a particular Subject or Business Relation activity.
In contrast, Octogone does not use automated decision making in relation to a Business Relationship, a Subject, or a Related Person.
7. Access to Data and Data Transfers
The Data transmitted to Octogone will be known and used by Octogone employees and/or its subsidiaries (national or foreign) for the sole purpose of performing the Services that constitute the purpose for which the Data was collected.
As part of the performance of the Services, Octogone may transmit the Data to third parties, in particular to custodian banks or national and international tax authorities, in accordance with fiscal reporting obligations.
The transmission of data to third parties abroad is alternatively based on (i) an adequacy decision, (ii) appropriate safeguards or (iii) a waiver for specific situations (execution of a mandate related to the Services offered by Octogone, in particular).
It is already stated that:
- In dealings with custodian banks, Data transfers may take place towards national and international banks, as well as towards any other financial intermediary.
- As part of the implementation of FATCA regulations, data transfers may be made to the Internal Revenue Service (IRS) or any other competent tax authority recognized by the IRS.
- In the context of the implementation of the Automatic Exchange of Information (AEOI), data transfers may take place with any competent tax authority, it being specified that the condition of confidentiality of data is a sine qua non stipulated by the OECD to adhere to the AEOI Mechanism.
- As part of the implementation of any other regulations and Services, GCG carries out an assessment of Data recipients in accordance with applicable data standards.
Octogone does not sell or rent the Data to any third party.
Finally, Octogone may have to share the personal data:
- To put the needed Service to the Subjects disposal;
- Where permitted or required by law to comply with a valid legal process;
- To protect and defend Octogone' rights or property, including the security of its products and services;
- To protect the personal safety, property or other rights of the public, Octogone or its customers or employees; or
- In connection with the sale of all or part of Octogone' operations.
If Octogone is required by law to disclose the Data to third parties, Octogone will take all commercially reasonable steps to notify you in advance, unless otherwise required by law. If Octogone engages in a process of merging, acquiring or selling assets, Octogone will comply with this Notice.
8. Privacy, Security and Data Protection
Octogone undertakes to ensure that there are adequate levels of protection of Data, in particular those relating to banking secrecy and data protection.
Subjects’ Data will be transmitted to and stored on Octogone' servers, access to which is strictly limited. Octogone has taken the appropriate technical and organizational precautions to ensure that its servers are accessible exclusively to duly authorized persons, as well as special precautions with regard to the protection of its technical environment (e. g. use of anti-viruses and Firewalls). Octogone' servers also comply with the ISO 27001 standard, combined with strong authentication and encrypted communications.
9. Rights of the Subjects
In accordance with the applicable regulations, Subjects may exercise the following rights with respect to their data in connection with the processing of Data:
- Right to request access to stored data;
- Right to request the rectification of stored data;
- Right to request the deletion of stored data, subject to the applicable legal provisions on data retention;
- Right to request a limitation of the processing of stored data, subject to the applicable legal provisions regarding the processing of data; and
- Right to request a prohibition on the processing of stored data, subject to the applicable legal provisions regarding the processing of data.
Even if a Subject contests the processing of its Data, Octogone is entitled to continue such processing if it is (i) legally binding, (ii) necessary for the performance of the Contract to which the Subject is party, (iii) necessary for the performance of a public interest mission or (iv) necessary for the legitimate interests that Octogone pursues, including the finding, exercise or defense of a right in justice.
Generally speaking, the Subject has the right to require Octogone to protect their data. Octogone works tirelessly to protect itself and its users from unauthorized access, alteration, disclosure or destruction of information that is held. More specifically:
- Octogone respects this Notice in all circumstances with respect to all Data that Octogone collects about the Subject concerned.;
- Octogone limits the use and disclosure of Data and ensures that anyone with whom Octogone shares this information will treat it with the confidentiality and security it deserves.; and
- Octogone has implemented physical, technical and administrative procedures to protect the information collected.
The exercise of any right set forth in the paragraph shall be carried out in accordance with the communication provisions of paragraph 10 (Communication and Remarks) below.
10. Communication and Remarks
If you have any questions about Octogone' data protection, a detailed message can be sent to (email@example.com) and Octogone will address them as soon as possible.
You may exercise any of your rights related to Personal Data (paragraph 9) by sending your request to the aforementioned address.
Octogone' business is constantly evolving and this Notice and the Terms of Service may change. Unless otherwise stated, our Notice applies to the use of all information collected about any Subject.