Nexia

Remaco is a member of Nexia, a leading global network of independent accounting and consulting firms offering a comprehensive portfolio of audit, accounting, tax and advisory services. As a member of Nexia, Remaco leverages the knowledge of over 34,000 employees, led by approximately 3,450 partners within some 260 member firms in over 165 offices worldwide. This allows us to draw on experts in over 100 countries and meet the increasingly international concerns of our clients. Further information: www.nexia.com

E-Banking | English

U

Privacy policy

Privacy policy of the REMACO Group

 

1. General information

Please read the following privacy policy carefully and take note of it. It explains how we collect and process personal data. The term “personal data” refers to all information relating to an identified or identifiable natural person. By “processing” we mean any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, use, modification, disclosure, archiving, deletion or destruction of personal data.

REMACO publishes the data protection declaration on the basis of the Swiss Data Protection Act (Federal Act on Data Protection, FADP) and the Ordinance on Data Protection (DPO).

With this information, REMACO is fulfilling its duty to provide information in connection with the collection and processing of personal data from data subjects. In addition to this overview, we inform you about your rights under data protection law. For certain data processing, e.g. for e-banking, REMACO social media sites, there are further provisions (such as General Terms and Conditions or Terms of Use). These are available on the relevant websites.

2. Responsible body / contact for exercising your rights / representative

The office responsible for data protection issues is

REMACO Group

Data protection

Hirzbodenweg 103, P.O. Box

4020 Basel

info@REMACO.com

Data protection concerns can be addressed in writing to the above contact address.

If you are not satisfied with REMACO’s response, you have the right to lodge a complaint with the data protection authority

https://www.edoeb.admin.ch/edoeb/de/home/meldeportale.html)

 3. Categories of personal data

REMACO processes the personal data that REMACO receives from the data subjects. It also obtains data from service providers (e.g. public registers) that the company requires for the provision of the service and/or for legal or regulatory reasons. REMACO processes as little personal data as necessary. The customer data that REMACO processes can be divided into the following categories in particular:

  • Master and inventory data such as surname, first name, postal and electronic addresses, date of birth, nationality, authentication data
  • tax residence and any other tax-relevant documents and information.
  • Transaction, order and risk management data, such as details of beneficiaries for transfers
  • If applicable, records of telephone calls between you and REMACO.
  • Marketing data, e.g. needs, wishes, preferences.
  • Technical data, such as internal and external identifiers, business numbers, IP addresses, records of access or changes.

REMACO processes data relating to interested parties or visitors (i.e. visitors to the offices or websites, for example). This includes the following in particular:

  • Master and inventory data such as surname, first name, postal and electronic addresses, date of birth, telephone.
  • Technical data such as internal and external identifiers, IP addresses, records of access or changes.
  • Marketing data such as needs, wishes, preferences.

REMACO processes supplier data. This includes the following in particular:

  • Master data and inventory data such as name, postal and electronic addresses, date of birth, contract number and duration, information on the account or on concluded transactions.
  • Technical data such as internal and external identifiers, business numbers, IP addresses, records of access or changes.

REMACO processes employer data. This includes the following in particular:

  • Employee master data
  • Application documents

 4. Origin

REMACO may collect personal data of the following origin to fulfill the purposes set out in Section 6:

  • Personal data that is disclosed to REMACO, e.g. as part of the opening of a business relationship, a consultation, for products and services or on REMACO websites.
  • Personal data that is generated because of the use of products or services and is transmitted to REMACO through the technical infrastructure or through processes based on the division of labor, e.g. websites, e-banking, payment transactions, securities trading or cooperation with other financial or IT service providers or marketplaces and stock exchanges

Personal data from third-party sources, e.g. land registers, commercial registers, authorities, other subsidiaries of

REMACO or sanctions lists of the UN, SECO and the EU.

5. Data protection principles

5.1 Principles

REMACO processes

  • Personal data in accordance with the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (DSV);
  • Data lawfully, in good faith and proportionately. In addition, REMACO ensures that the data is correct and complete.

The data is only processed for the recognizable purpose.

5.2 Data security

REMACO attaches great importance to data security. In addition to compliance with the legal requirements (including professional secrecy, data protection law), REMACO takes a variety of precautions to protect your privacy, such as the implementation of technical and organizational security measures.

With the technical and organizational measures, REMACO ensures (or the commissioned service providers) that the personal data

  • are only accessible to authorized persons;
  • are available when they are needed;
  • are not altered without authorization or unintentionally and
  • are processed in a traceable manner.

6. Purposes of processing

REMACO may process the personal data described above to provide its own services and for its own purposes or those provided for by law. This includes the following in particular:

  • Customer admission procedures, implementation, processing and administration of business relationships and of products and various services.
  • Statistics, planning or product development.
  • Monitoring and management of risks, business review, opening of business, timely processing of business.
  • Marketing, market research, comprehensive support, advice and information on the range of services, preparation and provision of customized services.
  • Legal or regulatory disclosure, information or reporting obligations to courts, authorities, compliance with official orders.
  • Safeguarding the interests and securing the claims of REMACO in the event of claims against REMACO or bank customers and safeguarding the security of customers and employees.
  • Any other purposes of which you will be informed by us.

7. Basis for Data Processing

Depending on the products and services REMACO provides for you or the purpose for which personal data is processed, the data processing is based on the following grounds:

  • The initiation, conclusion, or execution of a contract or business relationship with you, or the fulfillment of REMACO’s obligations arising from such a contract or business relationship.
  • Where applicable, to protect REMACO’s legitimate interests, such as statistics, planning, or product development; business decisions; monitoring and control of risks; evidence preservation (including video surveillance); ensuring IT security, IT operations, and the security of buildings and facilities; business audits; marketing; market research; comprehensive support, consultation, and information on the range of services; preparation and delivery of tailored services – provided no objection has been raised; safeguarding the interests and securing the claims of REMACO, its clients, and employees.
  • Where applicable, to fulfill legal or regulatory obligations of REMACO or to perform tasks in the public interest.
  • Where applicable, based on your consent. Consents obtained for other reasons, for example, due to the provisions of professional secrecy under Art. 69 FINIG, are not affected by this chapter.

8. Duration of storage

The duration of the storage of personal data is determined by statutory retention obligations or the purpose of the respective data processing. In principle, REMACO stores personal data for the duration of the business relationship or contractual term and then for a further five, ten or more years (depending on the applicable legal basis). This corresponds to the period during which legal claims can be asserted against REMACO. Ongoing or anticipated legal or regulatory proceedings may result in storage beyond this period.

 9. Is there an obligation to provide personal data?

If personal data processed by REMACO is required for the fulfillment of legal or regulatory obligations or for the initiation

or for the initiation, conclusion or performance of a contract or business relationship with you, REMACO may not be able to accept you as a customer or provide you with a product or service if REMACO is unable to process this personal data. In this case, we will inform you accordingly. In particular, money laundering regulations require us to identify you using an identification document and to process information such as your name, date of birth, nationality, address and identification data (etc.).

10. Automated individual decision-making and profiling

REMACO does not carry out profiling and does not use automated individual decision-making.

11. Intended recipients of personal data and disclosure abroad

Within REMACO, those departments have access to your personal data that require it for the initiation, conclusion or performance of a contract or business relationship, due to legal or regulatory obligations or for the performance of tasks in the public interest.

REMACO only discloses customer data to third parties in the following cases – depending on the type of products and services purchased:

  • For order execution, i.e. use of products or services, e.g. to payees, beneficiaries, authorized account representatives, intermediaries and correspondent banks, other parties involved in a transaction, service providers, stock exchanges or marketplaces, reports of certain stock exchange transactions to international trade repositories.
  • With the client’s consent to subsidiaries for the purpose of comprehensive client support and for outsourcing.

Due to legal obligations, legal justification reasons or official orders, e.g. to courts or supervisory authorities in the area of financial market or tax law or, if necessary, to protect the legitimate interests of REMACO in Germany and abroad. The latter applies in particular in the event of legal action threatened or initiated by the customer against REMACO or public statements, to secure REMACO’s claims against the customer or third parties, to collect REMACO’s claims against the customer and to re-establish contact with the customer after contact has been broken off with the competent Swiss authorities.

Processors are third parties who process personal data on behalf of and for the purposes of REMACO, e.g. IT, marketing, sales or communication service providers, debt collection agencies, fraud prevention agencies or consulting companies. If personal data is disclosed to such a processor, the processor may only process the personal data received in the same way as REMACO itself. REMACO selects its processors carefully and contractually obliges them to guarantee confidentiality, bank client secrecy in Switzerland and the security of personal data.

As a matter of principle, data is not transferred abroad. If personal data has to be transferred abroad, this is done in compliance with the statutory provisions and where necessary to fulfill the contract.

12. Rights

You have the right to information, rectification, erasure, restriction, objection and – where applicable – the right to data portability. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (see section 2). REMACO accepts requests for information in writing, together with a legible copy of a

legible copy of a valid official identification document (e.g. passport, identity card) at the address stated in section 2.

The rights to erasure and objection are not unrestricted rights. Depending on the individual case, overriding interests may make further processing necessary. REMACO examines each individual case and informs you of the result. If personal data is processed for direct marketing, your right to object also extends to direct marketing, including profiling for marketing purposes. You can object to direct marketing at any time by sending REMACO a corresponding notification (see section 2).

You can revoke any consent you may have given to REMACO for the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

If REMACO does not meet your expectations with regard to the processing of personal data, if you wish to complain about REMACO’s data protection practices or if you wish to exercise your rights, please inform REMACO (see section 2). Among other things, this gives REMACO the opportunity to examine your concerns and, if necessary, to improve. In order to assist REMACO in responding to your request, you will be asked to provide meaningful information. REMACO will review and respond to your request within a reasonable period of time.

REMACO is obliged to process the personal data correctly and to keep it up to date. Please inform REMACO of any changes to your personal data using the usual communication channels.

If the provision of information, the issuing or transfer of data involves a disproportionate effort, REMACO may insist on a contribution to the costs up to a maximum of CHF 300.

13. Data in relation to the website

13.1 General information

13.2 The following information sets out how the company processes data on the website.

The Internet pages of REMACO use cookies. Cookies are data that are stored and saved on a computer system via an Internet browser, and numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific internet browser in which the cookie was stored. This enables the websites visited

and internet services to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, the REMACO can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on the REMACO website can be optimized for the benefit of the user. Cookies enable REMACO (as explained above) to recognize the users of its website. The purpose of this recognition is to make it easier for users to use the REMACO website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, as this is done by the website and the cookie stored on the user’s computer system.

cookie stored on the user’s computer system. A data subject can deactivate the use of cookies by our website at any time by means of a corresponding setting in the Internet browser and thus object to the use of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates cookies, the use of Internet pages may be restricted.

13.3 Collection of general data and information in connection with the website

The REMACO website collects general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following can be recorded

  • browser types and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system accesses our website (so-called referrer)
  • Sub-websites which are accessed via an accessing system on our website
  • Date and time of access to the website
  • Internet protocol address (IP address)
  • Internet service provider of the accessing system
  • other similar data and information used for security purposes in the event of attacks on REMACO’s information technology systems

When using these general data and information, REMACO does not draw any conclusions about the data subject. Rather, this information is required to

  • deliver the content of the REMACO website correctly
  • optimize the advertising;
  • ensure the long-term viability of the information technology systems and technology of the REMACO website;
  • to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

This anonymously collected data and information is evaluated statistically by REMACO and with the aim of ensuring data protection and data security at REMACO. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

13.4 Use of Google Analytics
The REMACO website uses Google Analytics, a web analytics service provided by Google Ireland Limited. If the controller responsible for data processing on this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google.”

Google Analytics uses “cookies,” which are text files placed on the visitor’s computer, to help the website analyze how users interact with the site. The information generated by the cookie about the use of this website by the site visitor (including the shortened IP address) is usually transmitted to a Google server and stored there.

Google Analytics is used exclusively with the “anonymizeIp()” extension on this website. This extension ensures the anonymization of IP addresses by shortening them and excludes the possibility of direct personal identification. The extension shortens the IP address of Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the respective browser as part of Google Analytics will not be merged with other Google data.

On behalf of the website operator, Google will use the collected information to evaluate the use of the website, compile reports on website activity, and provide the website operator with other services related to website activity and internet usage. The legitimate interest in data processing lies in optimizing this website, analyzing its use, and tailoring its content. Users’ interests are adequately protected through pseudonymization.

Google LLC provides a guarantee to maintain an appropriate level of data protection based on standard contractual clauses. The data transmitted and linked with cookies, user identifiers (e.g., User-ID), or advertising IDs will be automatically deleted after 50 months. Data whose retention period has been reached is automatically deleted once a month.

The collection of data by Google Analytics can be prevented by adjusting the cookie settings for this website. Furthermore, the collection and storage of the IP address and the data generated by cookies can be objected to at any time with future effect. The corresponding browser plugin can be downloaded and installed from the following link: https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set to prevent the future collection of data when visiting this website.

Further information on Google’s use of data, settings, and options to object can be found in Google’s Privacy Policy (https://policies.google.com/privacy) and in the settings for the display of Google ads (https://adssettings.google.com/authenticated).

13.5. Use of Social Media Plugins

The REMACO website uses so-called “social bookmarks” or “social media plugins” from third-party companies (e.g., Facebook, X, Xing, LinkedIn, etc.). The processing of data by third-party companies is beyond REMACO’s control. By clicking on a plugin, the third-party companies receive information that the corresponding page of the website was accessed. REMACO has no influence over the data processing carried out by these third-party companies. To prevent the use of plugins, it is necessary to log out of any existing accounts with the third-party companies in advance. Further information (e.g., on the purpose and scope of data collection by third-party companies) can be found directly on the websites of the respective third-party companies.

 14. Version of the Privacy Policy

This Privacy Policy was last updated in September 2023. It provides an overview of how REMACO processes personal data. REMACO reserves the right to amend this Privacy Policy from time to time. In the event of such amendments, you will be informed in an appropriate manner, depending on the usual means of communication with you, e.g., via the website at www.REMACO.com.

The legal notices at www.REMACO.com apply.