This information is applicable for current and potential clients of 1291 Group (hereinafter referred to as “1291” or “we”).
1291 is committed to comply with business-client confidentiality as well as data protection laws and regulations and to thus ensuring the protection and confidentiality of your Personal Data. The following information shall provide an overview of how we process your Personal Data and your rights under data protection laws and regulations. Which speciﬁc data are processed and how they are used depends largely on the services requested or agreed in each case. However, we process data about individuals (“Personal Data”), including data about the employees and contractors of our suppliers (“Affected Persons”).
Please also forward this information to the current and future authorized representatives and beneﬁcial owners. These include, e.g. beneﬁciaries in the event of death, commercial attorneys-in-fact or guarantors.
1. Who is responsible for the data processing and who can I contact in this regard
For the data processing the following entity (including its sister companies) is responsible:
1291 Group Ltd.
8032 Zurich, Switzerland
Phone: +41 44 266 21 41
Additionally you can contact directly our 1291 Group Data Protection Officer (DPO): email@example.com
2. What source and what type of data do we process?
We process Personal Data that we receive from you in your capacity as an Affected Persons in the context of our business relationship. Should it be necessary for the provision of our services, we process Personal Data that we lawfully received from other independent entities within the 1291 Group or other third parties (such as private commercial databases). Additionally, we process Personal Data from publicly available sources (e.g., commercial registers and registers of associations, press, Internet) which we lawfully obtain and are permitted to process.
Further, we process Personal Data in dealing with current and potential clients (such as name, address) and other contact details (telephone, e-mail address), title, date of birth, gender, nationality, marital status, partner type data, identification data (such as ID, tax-ID), certification data (such as specimen signature), contract related data and information regarding your family and financial situation (such as household composition and source of funds), CVs, bank details for processing future payments (e.g. account number), details of the insured person and contact details, details of the beneficiary and contact details, details of the addressee’s representative and contact details, criminal records or any other information publicly available or accessible through third party providers. In addition to the categories mentioned, we also process documentation data (such as consultation protocol) and other data comparable with the above categories.
3. Does 1291 collect special categories of data (Art. 9 GDPR)
To the extent that we process any special categories of data relating to Affected Persons, we will do so because the processing is necessary for the establishment, exercise or defense of a legal claim, for reasons of substantial public interest or you have given your explicit consent to 1291 to process that data (where legally permissible). In that sense, we might process health data that is classified as sensitive Personal Data (Art. 9 (1) GDPR). In this respect, your explicit consent will be required in a separate procedure.
4. For what purpose do we process your data and on what legal basis
We process the aforementioned Personal Data in compliance with the provisions of the EU General Data Protection Regulation (GDPR).
4.1. For fulfillment of contractual obligations (Art. 6 (1) (b) GDPR)
Data is processed in order to provide business, consultancy and financial services in the context of carrying out contracts of our clients or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific product and can include needs assessments, advice. You can find other details about the purposes of data processing in the relevant contract documents.
4.2. For compliance with a legal obligation (Art. 6 (1) (c) GDPR) or in the public interest (Art. 6 (1) (e) GDPR
As an intermediary, we are also subject to various legal obligations i.e., statutory requirements (such as Anti-Money Laundering Act [if applicable], financial supervisory ordinances and circulars) and regulatory requirements . Other purposes of processing include identity and age verification, anti-fraud and anti-money laundering measures, and reporting obligations as well as the assessment and management of risks in the Group.
In order to comply with legal requirements, we may also be required to process your information and disclose it to other third parties (e.g. inquiries from public authorities). For example, due to the Automatic Exchange of Information (“AEOI”) and the Foreign Account Tax Compliance Act (“FATCA”) we are required to forward detailed information about your tax domicile or tax liability to other financial intermediaries or the (tax) authorities of your (main) country of residence.
4.3. For the purposes of safeguarding legitimate interests (Art. 6 (1) (f) GDPR)
Where necessary, we process your data beyond the actual performance of our contractual obligations in order to safeguard the legitimate interests pursued by us or a third party, which does not unduly affect your interest or fundamental rights and freedoms. Besides the following examples, we also obtain Personal Data from publicly available sources for client acquisition purposes:
- Consulting and exchanging data with information offices;
- Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions;
- Asserting legal claims and defense in legal disputes;
- Guarantee of IT security and IT operation;
- Prevention and clarification of crimes;
- Measures for business management and further development of services and products;
- Group risk management.
For all the data processing foreseen in point 4.2. – 4.4. the juridical base of the data processing is constituted by the necessity of carrying out a legal obligation. Therefore in those cases the obtaining of your preventive consent to this data processing is not necessary.
4.4. On the basis of your consent (Art. 6 (1) (a) GDPR)
Insofar as you have granted us consent to the processing of Personal Data for specific purposes (such as transfer of Data within the 1291 independent units), the lawfulness of such processing is based on your consent. Any consent granted may be revoked at any time. This also applies to the revocation of declarations of consent that are granted to us prior to the entry into force of the GDPR, i.e., prior to 25th of May 2018.
Please be advised that the revocation shall have effect only for the future and only applies to those areas where a revocation does not contradict our activity. Any processing that was carried out prior to the revocation shall not be affected thereby.
5. Who receives your data?
Within 1291, those units are given access to your data which require them in order to perform our contractual, legal and regulatory obligations.
With regard to transferring data to recipients outside 1291, it must first of all be noted that as an intermediary we are under a duty to maintain secrecy about any client-related facts and evaluations of which we may have knowledge (business secrecy). We may only disclose information about you if we are legally required to do so, if you have given your consent, if we are authorized to provide information and / or if processors commissioned by us guarantee compliance with business secrecy and the provisions of GDPR.
Under these requirements, recipients of Personal Data might be, for example:
- Public authorities and institutions (such as financial supervisory authorities, criminal prosecution authorities) insofar as a statutory or official obligation exists;
- Other companies within 1291 Group in the context of the exercise of functions for the purpose of risk control due to statutory or official obligation;
- Other financial service and credit institutions/providers, comparable institutions and processors to whom we transfer your Personal Data in order to perform any business relationship with you (specifically: processing of bank references, support / maintenance of electronic data processing/ IT applications, archiving, document processing, compliance services, controlling, data screening for anti-money laundering purposes (if applicable), data destruction, collection, customer management, reporting, research, risk controlling, expense accounting, website management, auditing services).
Other recipients of data might be any units for which you have given your consent to the transfer of data or with respect to which you have exempted us from insurance business secrecy by agreement or consent.