privacy notice.

Important Information concerning the processing of personal data by Lombard Odier

Within the framework of its business activities the entities of the Lombard Odier Group (hereinafter referred to as “Lombard Odier” or “the Lombard Odier Entity(ies)”) process personal data.

This document reflects the Lombard Odier Group’s policies in terms of processing of personal data. 

Notwithstanding anything, contained herein, the Lombard Odier Entities strictly apply the data protection rules that are in force in the jurisdictions where these entities are established.

Employees and Job candidates of Lombard Odier Entities shall also refer to the employee or to the candidate privacy notice respectively that supplements this document. In case of discrepancy between this document and the employee or candidate privacy notice, the latter shall prevail within their respective scopes.

We kindly ask you to read the following text, issued by the Lombard Odier Group, carefully. It provides you with important information (hereinafter: the “Important Information”) with regards to the processing of personal data by Lombard Odier and to the rights granted to any identified or identifiable natural person whose data are processed (the “Data Subjects”).

Please communicate the link to this Important Information to any person that is related to a contractual relationship that you maintain or that you wish to enter into with a Lombard Odier Entity. Please refer to point 3.b. in order to determine who may be such a Related Person.

Table of contents

1. Lombard Odier acting as data controller
2. Contact details of the Lombard Odier Group Data Protection Officer
3. Categories of Data Subjects whose personal data are processed
4. Categories of personal data collected from Data Subjects
5. Sources used to collect personal data
6. Purposes for which personal data are processed
7. Period for which personal data are stored
8. Recipients of personal data
9. Transmission of personal data abroad
10. Existence of automated decision-making
11. Existence of profiling
12. Obligation of Data Subject to provide personal data to Lombard Odier
13. Consequences of failure to provide personal data to Lombard Odier
14. Rights of the Data Subject
15. Right of Data Subject to object to personal data processing for direct marketing purposes
16. Periodic changes of this Important Information

1. Lombard Odier acting as data controller

The Lombard Odier Entities listed below are acting as data controller in respect to all personal data they are processing within their business activity. You can contact the Lombard Odier Entities by using the indicated contact data:

Bahamas	Lombard Odier & Cie (Bahamas) Ltd	Contact
Belgium	Lombard Odier (Europe) SA, Belgium Branch	Contact
Bermuda	Lombard Odier Trust (Bermuda) Ltd	Contact
Brasil	Lombard Odier (Brasil) Consultoria de Valores Mobiliários Ltda.	Contact
UAE	Bank Lombard Odier & Co Ltd, ADGM branch	Contact
France	Lombard Odier (Europe) SA, Succursale en France	Contact
	Lombard Odier Funds (Europe) SA, French Branch	Contact
Germany	Lombard Odier Funds (Europe) SA, German branch	Contact
Hong Kong	Lombard Odier (Hong Kong) Ltd	Contact
Israel	Bank Lombard Odier & Co Ltd, Representative Office Israël	Contact
Italy	Lombard Odier (Europe) SA, Succursale in Italia	Contact
	Lombard Odier Funds (Europe) SA, Italian Branch	Contact
Japan	Lombard Odier Trust (Japan) Ltd	Contact
Luxembourg	Lombard Odier (Europe) SA	Contact
	Lombard Odier Funds (Europe) SA	Contact
	Lombard Odier T&O Services (Europe) SA	Contact
The Netherlands	Lombard Odier Funds (Europe) SA, Dutch Branch	Contact
Singapore	Lombard Odier (Singapore) Ltd	Contact
South Africa	Bank Lombard Odier & Co Ltd, Representative Office South Africa	Contact
Spain	Lombard Odier (Europe) SA, Sucursal en España	Contact
Switzerland	Bank Lombard Odier & Co Ltd	Contact
	LO Patrimonia Ltd	Contact
	Lombard Odier Asset Management (Switzerland) Ltd	Contact
United Kingdom	Lombard Odier (Europe) SA, UK Branch	Contact
	Lombard Odier Asset Management (Europe) Ltd	Contact
USA	Lombard Odier Asset Management (USA) Corp	Contact

Two or more Lombard Odier Entities may act as joint data controllers if they jointly determine the purposes and means of the processing of personal data. A Data Subject may exercise its rights (see point 14) in respect of and against each of the Lombard Odier Entities that may act as joint data controllers.

2. Contact details of the Lombard Odier Group Data Protection Officer

Please find below the contact details of the Lombard Odier Group Data Protection Officer.

Bank Lombard Odier & Co Ltd
Group Data Protection Officer
11, Rue de la Corraterie
1204 Geneva
Switzerland
E-Mail: group-dataprotection@lombardodier.com

The Group Data Protection Office will liaise whenever relevant with local data protection officers appointed by each Lombard Odier Entity.

3. Categories of Data Subjects whose personal data are processed

Within its business activity, Lombard Odier processes personal data of the categories of Data Subjects listed below.

a) Natural person maintaining a contractual relationship with Lombard Odier (hereinafter referred to as “the Contracting Party”) or natural person being in contact with Lombard Odier prior to entering into a contractual relationship with Lombard Odier, e.g.:

• holder or potential holder of a bank account
• person receiving or intending to receive discretionary management services or advisory services
• business introducer or potential business introducer
• potential client (hereinafter referred to as “the prospect”)
• employee at Lombard Odier or job candidate

b) Natural person related to a Contracting Party or a Prospect (hereinafter referred to as “the Related Person”), e.g. :

• Director, board member of a legal entity
• trustee, settlor, protector of a trust
• member of the council, founder of a foundation
• direct or indirect shareholder, beneficial owner, controlling person of a legal entity
• beneficiary of a trust or a foundation
• authorized signatory on a bank account
• person receiving correspondence
• person to be contacted in the event of loss of contact with the Contracting Party
• family member, friend, lawyer, consultant, adviser, etc. of a Contracting Party or of a Prospect
• authorized representative and staff of directors, councils of foundations, trustees, protectors, authorized signatories, in case that these are legal entities
• authorized representatives and staff of external asset managers
• authorized representative and staff of institutional clients, fund distributors, corporate fund investors, fund providers, banking infrastructure clients, etc. to whom Lombard Odier provides products and services
• authorized representative and staff of service providers, vendors, counterparties, brokers, traders, etc. rendering services to Lombard Odier or buying or selling financial or other products from or to Lombard Odier
• authorized representative and staff of law firms, consulting firms, advisors, etc., mandated by Lombard Odier

c) Natural person not maintaining a contractual relationship with Lombard Odier but being for other reasons in contact with Lombard Odier or about whom Lombard Odier collects information (hereinafter referred to as “the Other Data Subject”), e.g.:

• social media user commenting on Lombard Odier
• authorized representative and staff of third party banks and financial service institutions
• authorized representative and staff of professional associations
• journalist
• any person contacting Lombard Odier for whatever reason

d) Natural person using online features made available by or related to Lombard Odier (hereinafter referred to as “the User of Online Features”).

4. Categories of personal data collected from Data Subjects

Personal data means any data that identifies a person or that allows, together with other information, for the identification of a person, e.g.:

• personal details, e.g. name, address, phone number, fax number, e-mail address, date of birth, place of birth, nationality(ies), handwritten and/or electronic signature
• identification numbers, e.g. passport number, ID-number, TIN-number
• personal background, e.g. professional activity, public function
• family situation, e.g. marital status, number of children, number of grand-children
• economic data, e.g. financial assets, origin of funds
• contract data, e.g. mandates granted to Lombard Odier
• account information, e.g. account number, IBAN number
• due diligence information, e.g. results of anti-money-laundering checks, credit checks
• investment related information, e.g. investment profile, risk profile, suitability test, asset allocation, investments, sustainability preferences
• transaction data, e.g. payment instructions, investment instructions
• personality profiles, such as with regards to behaviour and moods
• online identifiers, e.g. IP address and information on how the Data Subject uses the Lombard Odier website and the products and services offered on the website (please also refer to the Lombard Odier Cookie policy) including tracking information related to opening/deletion/reading of our marketing emails.
• identification and authentication data (e.g. for registration in electronic systems)
• physical data, e.g. CCTV footages, pictures
• records of telephone calls
• additional data with regards to Lombard Odier’s employees, staff and job candidates, e.g. CV, job references, education, trainings, job performance, absence due to illness, holidays, business trips.

5. Sources used to collect personal data

Personal data are collected by Lombard Odier, e.g. as part of its business activities before entering into a contractual relationship with the Data Subject and during the lifetime of a contractual relationship which exists with the Data Subject.

Lombard Odier uses different methods to collect personal data, including:

Direct interactions - In general, Lombard Odier collects personal data concerning the Data Subjects from the Data Subjects themselves, from Related Persons or from the persons with whom Lombard Odier maintains the contractual relationship (e.g. from the Contracting Party, the Prospect or the User of Online Features).

Automated technologies or automated interactions - if a Data Subject interacts electronically with Lombard Odier, e.g. with the Lombard Odier website, e-banking service, Lombard Odier may automatically collect personal data, by using cookies or similar technologies. Please refer to the Lombard Odier Cookie policy for further details with regards to cookies.

Third parties or publicly available sources - Within the scope permitted by law, Lombard Odier also collects personal data concerning Data Subjects from third parties, like banks and financial service institutions, public sources like internet, print media, electronic media, social media, social networking services, commercial and other public registers, public authorities, professional compliance databases or further information, investigation or reporting service providers. In respect to job candidates Lombard Odier also collects information it may for example receive from recruitment agencies.

6. Purposes for which personal data are processed

The Lombard Odier Entities process personal data in compliance with the applicable legal provisions. Personal data is processed, subject to the purposes mentioned below, or for any purpose related and/or ancillary to any of the below or any other purpose for which the personal data was provided to Lombard Odier, or any other instruction given by the Data Subject.

a) Processing is necessary for the conclusion or performance of a contract with Lombard Odier

Personal data are processed by Lombard Odier in order to perform a contract that has been concluded between Lombard Odier and the Data Subject. Personal data are also processed by Lombard Odier, prior to entering into a contract with the Data Subject, in order to take steps - at the request of the Data Subject - to enter into a contractual relationship.

The relevant contracts may for example belong to the following categories:

• Offering and rendering of banking and financial services, e.g. maintenance and administration of a bank account, wealth and asset management services, advisory services, execution and transaction services in respect to securities, execution of payment orders, on-line services (such as applications or solutions), global custody and global reporting services
• Information Technology and Business Process Outsourcing (e.g., back-office services).
• Providing fund administration services
• Making available general information in respect to wealth planning
• Contracts with third parties, e.g. external asset managers, business introducers, external service providers
• Employment contracts and further contracts with staff

b) Compliance with legal obligations, to which Lombard Odier is subject

Lombard Odier processes personal data in order to comply with legal obligations to which it is subject. The legal obligations, including, for the avoidance of doubt, data protection law, applicable to the Lombard Odier Entities are defined in national and/or international law and in national regulations, issued by the competent supervisory authorities (hereinafter: “the Applicable Legal Regulations”). These Applicable Legal Regulations define in particular obligations in respect to e.g.:

• Banking activity and asset management activity, e.g., establishment of individual suitability and/or sustainability tests in respect to investments, by reporting obligations to the competent authorities in respect to security holdings and shareholders' rights, protection of credit.
• Anti-money laundering and terrorist financing, e.g. identification of the contracting party, the beneficial owner, the persons which sign the contractual documentation in the name of an entity; establishment of the origin of funds, the financial situation and the family situation of an account holder and a beneficial owner; due diligence checks on the information obtained (incl. with respect to transaction monitoring); reporting obligation to the competent authorities in case of suspicion of money laundering
• Reporting to national bank, e.g. statistics on assets under management
• Fiscal and regulatory reporting
• Telephone and email recording
• Lombard Odier acting as employer with regards to the applicable labor law

c) Legitimate interest pursued by Lombard Odier or by a third party

Lombard Odier processes personal data in order to pursue (i) its legitimate / overriding interest or (ii) the legitimate interests of a third party (e.g. Lombard Odier Entities) depending on the locally applicable legislation.

The above mentioned legitimate /overriding interests are for example the following:

• Complying with legal obligations defined in national and/or international law and in national regulations, issued by the relevant national supervisory authorities as far as not already covered in point 6.b
• Ensuring network and information security
• Ensuring security on and in the premises of Lombard Odier by installing video surveillance
• Ensuring authorized access to Lombard Odier’s premises, to sensitive areas, to IT systems (e.g. PCs), etc. by installing badge systems
• Indicating possible criminal acts or threats to public security to a competent authority, including the transmission of relevant personal data
• Preventing fraud
• Transmitting personal data within the Lombard Odier Group for internal administrative purposes, consolidated compliance and risk management purposes
• Defending the interests of Lombard Odier in case of civil, administrative, criminal or regulatory requests and litigations
• Researching market trends, positioning of competitors
• Analysis of the Data Subject’s needs, trends, expectations and behavior including creating profiles to personalize and foster the quality of Lombard Odiers' communication, and interaction with the Data Subjects
• Developing, improving and analyzing products, services and communications
• Monitoring and improving email marketing and communication
• Maintaining public relation contacts with journalists
• Advertising, marketing and sales activities in order to grow the Lombard Odier Group’s business (please refer in this respect to point 15 regarding the Data Subject’s right to object)
• Lombard Odier acting as employer as far as not already covered in point 6.b

 

d) Data Subject has given consent to the processing of its personal data

In specific cases the processing of personal data is only allowed if the Data Subject has provided Lombard Odier with its consent to such processing. Consent of the Data Subject may, depending on the Applicable Legal Regulations, for example be needed if Lombard Odier should process special categories of personal data like data concerning the Data Subject’s health (e.g. within the framework of the Data Subject’s participation at a sportive or culinary social event organized by Lombard Odier) or if the Data Subject should be part of an automated decision-making (see point 10).

Should a Data Subject need to provide Lombard Odier with its consent to the processing of its personal data, it will be individually informed by Lombard Odier.

Consent granted by a Data Subject to the processing of its personal data may be withdrawn by the Data Subject at any time. The withdrawal of consent will only take effect for the future and does not apply to the processing of the personal data carried out prior to the withdrawal of consent.

 

7. Period for which personal data are stored

Lombard Odier stores personal data no longer than is necessary for the purposes for which the data have been collected and are processed.

In terms of the time period during which the personal data are stored, the Lombard Odier Entities apply a policy within the framework of the Applicable Legal Regulations governing their activities. Storing periods are for example defined in legal regulations concerning:

• anti-money laundering and terrorist financing
• contractual obligations
• fiscal obligations
• regulatory requirements

In certain cases, Lombard Odier may be entitled to apply a longer storage period, e.g. if it is obliged by measures taken by judicial or supervisory authorities to continue processing and storing personal data.

Lombard Odier is also authorized to store and process personal data during the period of ongoing civil, administrative, criminal or supervisory proceedings, in order to defend its interest.

8. Recipients of personal data

Personal data concerning a Data Subject are disclosed by Lombard Odier in compliance with the Applicable Legal Regulations. Lombard Odier may have to disclose personal data to the following persons / parties:

Lombard Odier staff members - Lombard Odier has taken appropriate technical and organizational measures to ensure that personal data are only disclosed to staff members (e.g. employees and auxiliaries) which are assigned to fulfill, on Lombard Odier’s behalf, the contractual, legal and supervisory obligations to which Lombard Odier is submitted in the context of disclosing personal data. The staff members, to which personal data are disclosed, are contractually submitted to the applicable legal confidentiality requirements and to banking and business secrecy.

Third party processors - Lombard Odier may disclose personal data to a third party that acts as data processor for Lombard Odier within delegation and outsourcing relationships (e.g. Lombard Odier Group Entities or other third parties such as client relationship service providers used by the Lombard Odier Group Entities pursuing wealth and asset management-activities, cloud service providers, IT systems providers, email delivery service providers or IT development providers). Lombard Odier contractually obliges this third party processor to take appropriate technical and organizational measures to ensure that personal data are only disclosed to staff members of the third party processor that are responsible for the execution and implementation of the contract concluded between Lombard Odier and the third party processor.

Other third parties - Lombard Odier discloses personal data to third parties other than data processors in order to fulfill its legal and regulatory obligations as well as its obligations arising from contracts that it maintains with its Contracting Parties. Third parties in this respect are for example:

• National and foreign judicial, administrative or supervisory authorities
• National and foreign brokers, stock exchanges
• National and foreign central banks, correspondent banks, depository banks
• National or foreign transaction registers, central trade repositories
• Issuers of the securities or products, collective investment vehicles and their agents
• Other counterparties
• Auditors, professional advisers, lawyers
• External evaluation bodies or third-party certifiers

9. Transmission of personal data abroad

Lombard Odier may transfer personal data to recipients being established or domiciled outside the jurisdictions in which the Lombard Odier entities with whom the Data Subject has established the contact or the relationship are located, based on the provisions set under the relevant Applicable Legal Regulations, in particular, but not exclusively in the following cases:

• Fulfilment of contractual obligations towards Contracting Parties, e.g., execution of payment orders or security transaction orders (SWIFT)
• Legal obligation to which Lombard Odier is subject or which otherwise applies in the context of its business activities, e.g., within the framework of CRS-reporting obligations (please note that Lombard Odier transmits the personal data to the competent national authorities; the final transfer abroad to the competent foreign authorities is done by the competent national authorities)
• Transfer of personal data to third party data processors (including intragroup data processors) within the framework of delegation and outsourcing relationships
• The Data Subject has given its consent to Lombard Odier, e.g., within the framework FATCA-reporting obligations

The locations where the recipients to which Lombard Odier may transfer personal data to are:

• All countries where Lombard Odier operates (please refer to point 1 above), in particular Switzerland and Luxembourg, where respectively, the Group headquarters and the professional of the financial sector “PFS” regulated Lombard Odier T&O Services (Europe) SA entity are established and to which certain corporate services are outsourced by the Group entities.
• Jurisdictions in which you have financial investments (e.g., in securities, currencies or financial instruments including derivatives or collective investment vehicles) and in which you have transactional activity (e.g., payments, securities transactions or other transactions), in relation to the financial and banking services provided by Lombard Odier.
• Jurisdictions where the competent national authorities oversee Lombard Odier’s activities.
• Switzerland and countries of the European Economic Area where third party processors operate.
• Other selected jurisdictions where third party processors operate for the provision of specific financial and banking services subject to particular terms (e.g., proxy voting services on US listed securities) or for the provision of certain corporate services.

Should Lombard Odier transfer personal data to a country or territory that does not offer an adequate level of protection of personal data in accordance with the relevant Applicable Legal Regulations, the transfer and processing of personal data is subject to suitable safeguards, in particular standard or ad hoc contractual clauses, binding corporate rules or other legal mechanisms, and whenever required, to supplementary  technical or organizational measures, to ensure such transfer is carried out in compliance with the applicable data protection rules.

Subject to the Applicable Legal Regulations, Lombard Odier may provide the Data Subject upon request with a copy of the relevant safeguards. The request should be addressed to the Group Data Protection Officer at Bank Lombard Odier & Co Ltd. in Geneva (please refer to the contact details in point 2).

10. Existence of automated decision-making

An automated decision within the meaning of the Applicable Legal Regulations, generally refers to a decision which is solely based on an automated processing, without any human intervention, which produces legal effects concerning the Data Subject or which similarly significantly affects the Data Subject. Such an automated decision-making may, subject to Applicable Legal Regulations, be allowed, if it is necessary for entering into a contract with the Data Subject or for the performance of a contract which is concluded with a Data Subject.

Data Subjects which are concerned in this respect will be informed individually by Lombard Odier.

11. Existence of profiling

Subject to Applicable Legal Regulations, profiling generally refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a Data Subject, in particular to analyse or predict aspects and create personality profiles concerning that Data Subject’s economic situation, personal preferences, interests, reliability, behavior, moods, location or movements.

Lombard Odier uses profiling also for analyzing certain aspects to provide Data Subjects with customized advice and offers or information on our services and products (e.g. in respect to the use of online features made available by or related to Lombard Odier). We may also utilize systems to enable us identifying risks related to contracting parties or to activities on an account.

In addition, Lombard Odier uses cookies that remember a Data Subject’s preferences and make the website easier for the Data Subject to use (please also refer to the Lombard Odier Cookie policy).

12. Obligation of Data Subject to provide personal data to Lombard Odier

In order to enter into a contractual relationship with Lombard Odier and to maintain a contractual relationship with Lombard Odier, the provision of certain personal data is a legal and/or contractual requirement. According to the Applicable Legal Regulations in terms of anti-money laundering and terrorist financing, Lombard Odier is in particular obliged to identify its contracting party and the beneficial owner or controlling person of the assets that are deposited with or managed by Lombard Odier. Lombard Odier is also legally obliged to keep personal data up to date, so that the relevant Data Subject is obliged to communicate to Lombard Odier any change that occurs in respect to the relevant personal data.

13. Consequences of failure to provide personal data to Lombard Odier

Where the Contracting Party is not willing to provide the required personal data to Lombard Odier before entering into a contractual relationship, Lombard Odier will not be in a position to conclude a contract.

Should the Contracting Party not communicate the necessary personal data to Lombard Odier during the existence of a contractual relationship with Lombard Odier, Lombard Odier may have to terminate such a contractual relationship.

14. Rights of the Data Subject

Each Data Subject whose personal data is processed by Lombard Odier may be entitled to exercise, always within the limits of the relevant Applicable Legal Regulations, the below mentioned rights in respect to the processing of its personal data.

Any request should be addressed to the Lombard Odier entity with which the Data Subject maintains a contractual relationship or with which it was in contact prior to entering into a contractual relationship. In case of doubts the request may also be addressed to the Lombard Odier Group Data Protection Officer at Bank Lombard Odier & Co Ltd. in Geneva (please refer to the contact details in point 2).

• Right to request information on the processing of the personal data by Lombard Odier
• Right to request access to and receive a copy of the personal data
• Right to request rectification
• Right to request erasure
• Right to request a restriction of processing
• Right to request objection to processing
• Right to request data portability
  (in respect to personal data that the Data Subject has provided to Lombard Odier as the data controller, where the processing of personal data is based on a contract (see point 6.a) or on the Data Subject’s consent (see point 6.d))
• Right to not be subject to a decision based solely on an automated processing, including profiling
  (see points 10 and 11; at the Data Subject’s request, an employee of Lombard Odier should intervene in order to hear the Data Subject’s point of view on the decision)
• Right to lodge a complaint with a supervisory authority
  (if the Data Subject considers that the processing of its personal data infringes the law applicable to him/her)

15. Right of Data Subject to object to personal data processing for direct marketing purposes

Where Lombard Odier processes personal data of Data Subjects for direct marketing purposes, the Data Subject has, subject to the Applicable Legal Regulations, the right to object at any time to the processing of its personal data for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

The relevant objection should be addressed to the attention of the Lombard Odier Group Data Protection Officer:

Bank Lombard Odier & Co Ltd
Group Data Protection Officer
11, Rue de la Corraterie
1204 Geneva
Switzerland
E-Mail: group-dataprotection@lombardodier.com

16. Periodic changes of this Important Information

Lombard Odier may change the content of this Important Information from time to time and at its sole discretion, in particular if the legal basis for processing personal data is amended or if the processing of personal of data by Lombard Odier is subject to modifications.

Last update: September 2024

Política de Privacidade do Grupo Lombard Odier