1. Introduction
This privacy policy applies to all personal data (the « data ») processed by Edmond de Rothschild (UK) or any of its subsidiaries (Edmond de Rothschild Asset Management (UK) Limited; Edmond de Rothschild Capital Holdings Limited and Edmond de Rothschild Private Merchant Banking LLP (“the EdR UK Group”, “Bitsuisse”, “we” or “us”), acting as controllers towards the natural persons whose data we process in the context of our activities.
Bitsuisse Index (“Bitsuisse”) is the trading name of the platform owned by Edmond de Rothschild Holding S.A., property of the Edmond de Rothschild Group, trading under Edmond de Rothschild Asset Management (Luxembourg). Such data may relate to categories of natural persons, such as (without being limited to) prospects, clients, representatives, board members, signatories, employees, officers, attorneys, contact persons, agents, service providers , promoters, initiators, controlling persons, (potential) investors and beneficial owners and (potential) investors’ and beneficial owners’ relatives (each being referred to as a « data subject »).
2. Which data do we process?
The data, which we process, may come from various sources. Some data may be collected directly from the relevant data subject. Some data may also be collected, in compliance with the applicable laws and regulations, from other sources such as the data subject’s employer or the entity on behalf of, or for which, the data subject is acting, the clients, the prospects, the counterparties, the partners, the contact persons, the (potential) investors, the (potential) beneficial owners , the attorneys, the service providers, the promoters, the initiators or the other entities of the Edmond de Rothschild Group (« Bitsuisse »). We may also collect data in the context of meetings or communications (e.g. through paper or electronic correspondence, during phone conversations or meetings) or when the data subject visits our website or uses our online services or application forms.
Some data may also come from publicly available sources (e.g. public registers, press, websites, social networks, global providers of financial, business and economic information such as Bloomberg, FACTIVA and World-Check databases) or from external companies (e.g. from investigation firms).
Certain categories of data may be processed by us, including but not limited to:
contact information: such as the name and (private and professional) contact details, including the telephone number, e-mail address, postal address and/or other contact information; and/or
information in the context of legal and/or regulatory requirements or in the context of the relationship with us: such as the contact details, identification data (including identity documents, gender, marital status, date of birth and country of residence), tax identification number and/or tax status, banking details (including the account number and the account balance), type of relationship, title or function, profession, curriculum vitae , knowledge, experience, skills, wealth, risk rating, invested amount and origin of the funds, record of transactions (including the transactional behaviour), potential convictions or sanctions, complaints, copies of invoices and/or any other data processed in accordance with the applicable legal and/or regulatory requirements or in the context of the relationship with us; and/or
information in the context of communication and/or meetings: such as data provided in paper or electronic correspondence, telephone and video recordings, pictures and/or any other relevant data in the context of communication and/or meetings; and/or
We draw your attention to the fact that we may also, as the case may be, act as processor (or sub-processor) when we process the data directly (or indirectly) on behalf of distinct controllers.
information in the context of the visit of our website and/or the use of our online applications/services: such as the data provided in written or electronic forms (e.g. contact information, function or title, the name of the entity on behalf of or for which the data subject is acting), online identifier (address IP), data traffic records, login details and/or any data provided by communicating with us through our website or via social media.
3. Why do we process the data?
We process the data for the following purposes:
for the purpose of our legitimate interests
This may include the processing of data for:
- risk management (in particular regulatory, legal, financial and reputational risks); and/or fraud prevention purposes; and/or
- the on-boarding of new clients; and/or
- the provision of products and services; and/or
- benefiting from services; and/or
- entering into and/or managing relationships with prospects, clients, counterparties, service providers, entities of the EdR Group and/or other third parties; and/or
- improvement of our products and services; and/or
- marketing purposes (including the organisation of marketing events and management of the related invitations); and/or
- administering the site and for internal purposes including data analysis; and/or
- preventing or facilitating the settlement of any claims, disputes or litigation; and/or the exercise or defence of our rights or the rights of other natural or legal persons; and/or disclosure to our processors in order to process it on our behalf.
The provision of data for this purpose may be a necessary requirement or us to enter into a relationship, or to continue the relationship, with the relevant client or prospect, service provider, counterparty, EdR Group entity or other third party. In this case, the data subject is obliged to provide the relevant data if they wish the relationship to be opened/continued;
and/or
for the execution of a contract to which the data subject is party or in order to take steps at the data subject’s request prior to entering into a contract
This may include the form or contract signed, or to be signed, by the relevant data subject for specific purposes, including but not limited to, being contacted by us, entering into a relationship with us or being authorised to use the Bitsuisse Index online services or applications (e.g. Bitsuisse Investor Platform). The provision of data for this purpose will be obligatory in order to provide the service;
and/or
• for the compliance with legal and/or regulatory obligations to which we are subject
• this includes compliance with legal and/or regulatory obligations such as: accounting,
• banking and financial; and/or
• anti-money laundering and fight against terrorism financing; and/or
• identification and reporting e.g. under the foreign account tax compliance act (“FATCA “) and other comparable exchange tax information mechanisms, such as the common reporting standard (“CRS ” or DAC 6) ; and/or
• compliance with, requests emanating from, and the requirements of, local or foreign authorities.
The provision of data for this purpose has a statutory/regulatory nature. In this case, the data subject is obliged to provide the relevant data;
and/or
• for any other specific purposes to which the data subject has consented.
Not providing data for the above-mentioned purposes may result (to the extent applicable) in us being unable (i) to enter into a relationship with the relevant client or prospect, service provider, counterparty, EdR Group entity or other third party, and/ or (ii) to execute a payment instruction or a transaction, and/or (iii) to provide our products or services, and/or (iv) to arrange the use of EdR Group online services or applications, and/or (v) to continue our relationship with the relevant client or prospect, service provider, counterparty, EdR Group entity or other third party.
4. Automated individual decision-making
No automated individual decision-making is conducted by us, meaning that the data subject is not subject to decisions based solely on automated processing
5. Recording of telephone conversations and video surveillance
• Telephone conversations
For the purpose of serving as evidence of commercial transactions and/or any other commercial communications and then preventing or facilitating the settlement of any disputes or litigation, the data subject’s telephone conversations with and/or instructions given to us may be recorded in accordance with the applicable laws and regulations. These recordings will not be disclosed to any third parties, unless we are compelled or entitled to do so under the applicable laws and/or regulations, in order to achieve the purpose previously mentioned in this paragraph.
• Video surveillance
We also use a video surveillance system in and around our offices for security reasons and we may therefore record videos in which the data subject may appear.
6. With whom could we share the data?
In accordance with the applicable laws and regulations, we may transfer and communicate the data to recipients, such as (to the extent applicable):
other entities of the EdR Group (including branches and subsidiaries of the EdR Group) and in particular our parent company Edmond de Rothschild (Suisse) S.A.; and/or
our counterparties, nominees , contractors, sub-contractors, attorneys or service providers and/or those of our clients; and/or
our correspondents, the custodians or other third party financial institutions, the Central Securities Depositories , the Central Clearing Counterparties, any entities or investment vehicles in which our client invests (even through EdR Group nominee services) and their own service providers; and/or
companies carrying out investigations on our behalf; and/or
our external auditors, lawyers, notaries and/or those of our clients; and/or
any natural person or entity having an interest in, or involved in, our relationship with the relevant client, prospect, service provider, counterparty, EdR Group entity or other third party; and/or
external agencies or providers involved in the organisation of marketing events; and/or
any judicial, market, tax, law enforcement, regulatory or other administrative authorities and/or government agencies.
These recipients may process the data as processors (when processing the data on our behalf or as distinct controllers (when processing the data on their own behalf. These recipients may also in turn transfer the data to their own processors and/or to distinct controllers.
7. For how long do we retain the data?
We will retain the data for as long as necessary for the above mentioned purposes for which it is processed.
In general, we will store the data for a period of up to 5 years after the end of our relationship with the relevant client (except for the telephone recordings and the video recordings which are kept in general for a period of respectively seven (7) years and one (1) month after their recording).
However, the data storage periods may be shorter or longer, in compliance with the applicable laws and/or regulations, in particular in order to enable us to comply with our legal and/or regulatory obligations, to manage claims and/or litigation, to exercise or defend our rights or those of any other person and/or to meet authorities’ requests.
8. The data subject’s rights
Under certain conditions set out by the applicable data protection laws and/or regulations, each data subject has the right:
– to access his/her data and to know, as the case may be, the source from which his/her data originates and whether such data came from publicly accessible sources;
– to request copies of his/her data;
– to ask for a rectification of his/her data in cases where such data is inaccurate and/or incomplete;
– to ask for a restriction of processing of his/her data;
– to object to the processing of his/her data;
– to ask for the deletion of his/her data; and
– to data portability with respect to his/her data.
The data subject is also entitled to withdraw at any time his or her consent regarding any specific processing to which he or she has consented, without affecting the lawfulness of processing based on consent before his or her withdrawal.
In addition to the rights listed above, should a data subject consider that we do not comply with the applicable data protection laws and/or regulations, or has concerns with regard to the protection of his or her data, the data subject is entitled to lodge a complaint with a supervisory authority.
9. Contacting us
For any queries concerning the processing of data described under this Policy or to exercise the above-mentioned rights, the data subject may contact us at the following address: 4, rue Robert Stumper, L-2557, Luxembourg attention Compliance Department.
Our compliance department may also be contacted at the following email address: