Data Protection

Table of Contents

This Privacy Policy (“Policy”) outlines the accountability and obligations of Bordier & Cie (Singapore) Ltd (collectively “Bordier Singapore”, “the Bank”, “us”, “our” or “we”) in relation to the collection, use and disclosure of your personal data. It explains:

how your personal data is processed; the rights given to you by data confidentiality and privacy laws. In formulating our Policy, we primarily refer to the Personal Data Protection Act 2012 (the “PDPA”) and the European Union General Data Protection Regulation (GDPR).

We may update this Policy from time to time to ensure that it is consistent with the way we process your personal data and/or any changes in laws and regulations applicable to Bordier Singapore.

By continuing to use our services, you signify that you have read and understood this Policy.

Who is responsible for processing your data?

Bordier Singapore is responsible for processing your personal data.

What sources of data do we use?

We process personal data that we obtain from our clients in the context of our business relationships. To the extent that this is necessary to deliver our services, we also process personal data that we obtain from sources accessible to the public (e.g. debt registers, registers of commerce and of associations, press, Internet) or which have been legitimately notified to us by other Bordier group companies or third parties (such as a credit agency).

The data concerned include personal information (e.g. name, address and other particulars, date and place of birth, nationality), identification data (e.g. particulars shown on an identity card) and authentication data (e.g. specimen signature). These may also be data taken from orders received (e.g. trade order), data obtained in the performance of our contractual obligations (e.g. data from payment transfers), information about your financial situation (e.g. solvency, scoring/rating data, origin of assets), marketing and sales data (e.g. information obtained from advertising campaigns), data included in documents (e.g. consultation record), and other similar data.

Why do we process your data and what is the legal basis for doing so?

We may collect, use or disclose personal data for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent, and must limit its collection, use or disclosure of personal data only to such purpose.

We process personal data in compliance with the provisions of the PDPA and the GDPR:

a) For the fulfilment of contractual obligations

We process data to provide banking and financial services in the context of the performance of contracts signed with our clients or to take pre-contractual measures in connection with an application. The data is primarily processed in a manner consistent with the product concerned (e.g. bank account, credit, securities, deposits), in particular to assess needs, provide advice, asset management and assistance, and to execute transactions. You will find further information about the purpose of data processing in the general terms and conditions of the Bank.

b) For the purposes of legitimate interests

If necessary, we process your data beyond the performance of the contract for the purposes of our own legitimate interests or those of a third party. For example:

  • verification and optimisation of procedures to assess needs with a view for direct discussions with you;
  • exercise of legal claims and defence in litigation;
  • safeguarding of IT security and the bank’s IT operations;
  • prevention and clarification of offences and risk checks;
  • video surveillance to protect the owner of property rights in premises against intruders, to gather evidence of a hold-up or fraud, or proof of availability and payments measures to protect buildings and sites (e.g. access controls);
  • measures for the management of business and development of products and services.

We also procure personal data from sources accessible to the public in order to approach prospective clients.

c) On the basis of consent given by you

As long as you agree to the processing of your personal data by us for certain purposes, that processing is lawful because it is based on your consent. Consent may be withdrawn at any time. If you withdraw your consent, it does not affect the legality of the processing of data which took place before such withdrawal. We will then cease such collection, use or disclosure of the personal data.

d) To comply with a legal obligation or in the public interest

Unless otherwise mentioned, all information provided through any E-Service is protected by copyright and such copyright may be vested in the Bank, another member of the Bordier Group or other third parties. The Client is granted a limited, non-transferable and non-sublicensable licence to use the Services only for the purposes of accessing information relating to those of his Accounts which he has chosen to be able to access through the E-Service and of transactions undertaken on such Accounts. The Client does not acquire any intellectual property rights by merely using the Web Access Service or by merely downloading and storing software in connection with the Mobile Access Service. The E-Services are for private and personal use only and the provision of the E-Services shall not be construed as a grant to the Client of any wider license or right to use information or content (including text, charts, images, registered trademarks, service marks, and logos) for any other purposes (including any commercial or business purposes). The Client undertakes not to reproduce or distribute any information which he obtains through the E-Services to third parties.

Is your data transferred to third parties and data intermediaries?

Inside the Bank, all departments that require your data to comply with our contractual and legal obligations have access to them. Third parties and data intermediaries such as service providers and vendors designated by us may likewise have access to such data for the reasons cited if they respect banking secrecy. These are companies in banking services, IT services, logistics, printing services, telecommunications, debt recovery, consultancy, sales and marketing.

regards to the transfer of data to third parties, please note that we are required to deal in confidence with all matters and assessments linked to our clients (banking secrecy in compliance with our general terms and conditions). We may have to communicate data concerning you, but only if statutory provisions require so, if you have given your consent or if we have been authorised to undertake a bank investigation. Pursuant to those requirements, the recipients of your data may include:

  • law enforcement agencies and regulatory authorities on the basis of a legal or official obligation;
  • other credit institutions and financial services institutions or comparable institutions to which we forward your personal data to enable us to put in place a business relationship with you (e.g. depending on the particular contract that has been signed: bank correspondents, custodian banks, brokers, stock exchanges, information agencies);
  • other Bordier group companies for necessary checks on the basis of a legal or official obligation.

you have given your consent or if you have released us from banking secrecy by way of written consent, your data may be disclosed to other recipients.

Is your data transferred to another country or international organisation?

Bordier Singapore may transfer personal data to another country only according to the requirements prescribed under the law to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the Personal Data Protection Commission. This is typically where:

  • it is necessary for the purpose of execution of your orders (e.g. for payment on transferable securities);
  • this is required by law (e.g. compulsory declarations under tax law),
  • or you have given your consent to us.

How long is your data stored?

We retain your personal data for as long as the purpose for which it was collected remains and to comply with our legal and contractual obligations and internal policy relating to retention of records and documents.

We will cease to retain your personal data or remove the means by which the personal data can be associated with you when it is no longer necessary for any business or legal purpose. This practice is also extended to our third parties and data intermediaries.

What are your rights with regards to data protection?

We must, upon request, provide an individual with information about the ways in which personal data has been or may have been used or disclosed within a year before the request. Upon request, we are required to correct any error or omission in an individual’s personal data; and send the corrected data to other organisations to which the personal data was disclosed by Bordier Singapore within a year before the correction is made.

We must make reasonable effort to ensure that personal data collected by or on its behalf is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.

Under GDPR, every interested party has a right of access pursuant to GDPR Article 15, a right of rectification pursuant to GDPR Article 16, a right of erasure pursuant to GDPR Article 17, a right to restriction of processing pursuant to GDPR Article 18, a right to object pursuant to GDPR Article 21 and, as the case may be, a right to data portability pursuant to GDPR Article 20. In certain cases, you also have the right to lodge a complaint with the appropriate authority responsible for the protection of personal data (GDPR Article 77).

You may at any time withdraw consent given to us for processing of your personal data. You may also do so for declarations of consent that you gave us before the GDPR entered into force, i.e. before 25 May 2018.

Please note that withdrawal of consent applies only to the future. It does not concern data that has already been processed.

Are you obliged to give us your data?

In the context of our business relationship, you must provide all the personal data required to enable us to accept and establish a business relationship and fulfil the accompanying contractual obligations, together with the data that the law requires us to collect. Without such data, we cannot establish or continue the business relationship desired by you. Pursuant to the regulatory provisions concerning the prevention of money laundering in particular, we must identify you on the basis of your identity documents before opening a business relationship with you. For this purpose, personal data will be obtained from you. Please let us know immediately of changes to your personal data that may occur in the course of our business relationship.

To what extent is automated processing used for decision-making?

When we establish and implement a business relationship, we do not generally use automated processing for decision-making, pursuant to GDPR Article 22. If we have to apply this procedure in individual cases, we will inform you separately to the extent that we are required by law.

Are your data used for profiling?

When we establish and implement a business relationship, we do not generally use automated processing for decision-making, pursuant to GDPR Article 22. If we have to apply this procedure in individual cases, we will inform you separately to the extent that we are required by law.

What is the right to object to data processing for direct marketing purposes?

In some cases, we use your personal data for direct marketing purposes. You are entitled to object to processing of this type at any time. The same applies to profiling insofar as this is directly linked to direct marketing.

If you object to your personal data being used for direct marketing, we will no longer process them for that purpose.

Please notify your Relationship Manager if you prefer not to receive marketing materials.

What is your right to object?

You are entitled at any time to object to the processing of your personal data within the meaning of GDPR Article 6, para. 1e (data processing in the public interest) and GDPR Article 6, para. 1f (data processing for the purposes of legitimate interests) for reasons linked to your particular situation. This likewise applies to profiling within the meaning of the provision of GDPR Article 4, para. 4.

If you file an objection, we will no longer process your personal data unless we are able to show that there are legitimate and overriding reasons in favour of processing which take precedence over your own interests, rights and freedoms, or to establish, exercise or defend your rights in the courts of law. Please note that, in that case, we may no longer be able to provide products or services for you or continue our business relationship.

Access Requests

Bordier Singapore must make information about its data protection policies, practices and complaints process available on request. If you would like to access to your personal data held by Bordier Singapore, please contact your Relationship Manager.

Contact us