Privacy Policy of the Swiss Structured Products Association SSPA

Ver­sion of Octo­ber 2018

In this Pri­vacy Policy we, the Swiss Struc­tured Products Asso­ci­ation (here­in­after called SSPA, we or us), explain how we col­lect and oth­er­wise pro­cess per­son­al data. This is not an exhaust­ive descrip­tion; oth­er pri­vacy policies may gov­ern spe­cif­ic cir­cum­stances.

Per­son­al data is defined as all inform­a­tion relat­ing to a spe­cif­ic or spe­cifiable per­son. If you make per­son­al data of oth­er per­sons (e.g. data of employ­ees) avail­able to us, please ensure that these per­sons are famil­i­ar with the present Pri­vacy Policy and dis­close their per­son­al data to us only if you are entitled to do this and if this per­son­al data is cor­rect.

This Pri­vacy Policy is based on the EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR). Although the GDPR is a reg­u­la­tion of the European Uni­on, it is also of rel­ev­ance to us. The Swiss Data Pro­tec­tion Act (Datens­chutzge­setz – “DSG”) is strongly influ­enced by EU law, and data pro­cessors out­side the EU or EEA are required to com­ply with the GDPR under cer­tain cir­cum­stances.

1. Data controller

The Swiss Struc­tured Products Asso­ci­ation SSPA is respons­ible for the data pro­cessing that we describe here. You can con­tact us at the fol­low­ing address if you have any con­cerns about data pri­vacy: Rämis­trasse 4, 8001 Zürich, Switzer­land info@sspa.ch.

2. Collection and processing of personal data

We primar­ily pro­cess per­son­al data that we col­lect with­in the con­text of our Asso­ci­ation activ­it­ies, in par­tic­u­lar the favour­able influ­en­cing of oper­at­ing con­di­tions for struc­tured products on the Swiss fin­an­cial centre, from our mem­bers and oth­er involved per­sons or that we col­lect from users dur­ing the oper­a­tion of our web­site and oth­er applic­a­tions.

Where per­mit­ted, we also col­lect some data from pub­licly access­ible sources (e.g. the com­mer­cial register, press, inter­net) or receive such data from oth­er Asso­ci­ation mem­bers, pub­lic author­it­ies and oth­er third parties. In addi­tion to the data that you provide to us dir­ectly, the cat­egor­ies of per­son­al data that we receive about you from third parties include inform­a­tion from pub­lic registers, inform­a­tion relat­ing to your pro­fes­sion­al func­tions and activ­it­ies, your addresses and, where applic­able, interests and oth­er socio-demo­graph­ic data (for mar­ket­ing pur­poses), data relat­ing to the use of the web­site (e.g. IP address, MAC address of the smart­phone or com­puter, details of your device and set­tings, cook­ies, date and time of your vis­it, pages and con­tent accessed, func­tions used, refer­ring web­site, loc­a­tion inform­a­tion).

3. Purpose of the data processing

We pro­cess per­son­al data primar­ily in con­junc­tion with our Asso­ci­ation activ­it­ies, in par­tic­u­lar for the admin­is­tra­tion of the mem­ber­ship list and for com­mu­nic­at­ing with our mem­bers and oth­er inter­ested parties. If your employ­er is a mem­ber of our Asso­ci­ation and he des­ig­nates you as a con­tact per­son, your data may also be affected. Our data pro­cessing includes, inter alia, (i) the send­ing of our News­let­ter and oth­er inform­a­tion (e.g. con­cern­ing cur­rent events); (ii) the organ­isa­tion of events, in par­tic­u­lar for our mem­bers (iii) the oper­a­tion and fur­ther devel­op­ment of our web­site; (iv) the con­clu­sion and pro­cessing of con­tracts with our ser­vice pro­viders and sup­pli­ers.

4. Legal basis

If you have giv­en us your con­sent to pro­cess your per­son­al data for spe­cif­ic pur­poses (in par­tic­u­lar when regis­ter­ing to receive news­let­ters), we shall pro­cess your per­son­al data with­in the scope of and based on this con­sent, unless we have anoth­er leg­al basis that is required. Con­sent that has been gran­ted can be revoked at any time, although this has no effect on data pro­cessing that has already taken place.

Inso­far as we require a leg­al basis for the pro­cessing of per­son­al data in accord­ance with the applic­able data pro­tec­tion legis­la­tion, this usu­ally con­cerns the con­clu­sion or exe­cu­tion of con­tracts or, where per­mit­ted and where we con­sider this appro­pri­ate, the fol­low­ing legit­im­ate interests of us (or, where applic­able, of third parties):

  • offer­ing and devel­op­ing our offers, ser­vices and web­sites, apps and oth­er plat­forms on which we are present;
  • com­mu­nic­at­ing with third parties and pro­cessing their enquir­ies (e.g. job applic­a­tions, media enquir­ies);
  • advert­ising and mar­ket­ing (includ­ing the organ­isa­tion of events), unless you have objec­ted to the use of your data;
  • asser­tion of leg­al claims and defence in con­nec­tion with leg­al dis­putes and admin­is­trat­ive pro­ceed­ings;
  • guar­an­tees of our oper­a­tions, espe­cially IT, our web­sites, apps and oth­er plat­forms;
  • for the effect­ive and effi­cient man­age­ment of the Asso­ci­ation and for the pro­mo­tion of the pur­pose of the Asso­ci­ation as well as pos­sible trans­ac­tions under com­pany law and the asso­ci­ated trans­fer of per­son­al data and com­pli­ance with leg­al and reg­u­lat­ory oblig­a­tions.

5. Cookies | tracking and other technologies associated with the use of our website

We also typ­ic­ally use “cook­ies” and equi­val­ent tech­no­lo­gies on our web­site that enable the iden­ti­fic­a­tion of your browser or your device. A cook­ie is a small file that is sent to your com­puter or auto­mat­ic­ally stored on your com­puter or mobile device by the browser you use when you vis­it our web­site. This means that when you vis­it this web­site again, we are able to recog­nise you even if we do not know who you are. In addi­tion to cook­ies that are only used dur­ing a ses­sion and are deleted after your vis­it to the web­site (“ses­sion cook­ies”), cook­ies can also be used to store user set­tings and oth­er inform­a­tion for a spe­cif­ic peri­od of time (e.g. two years) (“per­man­ent cook­ies”). We use per­man­ent cook­ies, enabling you to save user set­tings (e.g. lan­guage, auto­lo­gin). You can set your browser to reject cook­ies, save them only for one ses­sion or oth­er­wise delete them pre­ma­turely. Most browsers are pre­set in such a way that they accept cook­ies. If you block cook­ies, it is pos­sible that cer­tain func­tion­al­it­ies (such as lan­guage selec­tion) will no longer work.

By using our web­sites and con­sent­ing to receive news­let­ters, you agree to the use of these meth­ods. If you do not want this to hap­pen, you must set your browser or e‑mail pro­gramme accord­ingly.

We use Google Ana­lyt­ics or sim­il­ar ser­vices on our web­sites. This is a ser­vice provided by third parties who may be loc­ated in any coun­try of the world (in the case of Google Ana­lyt­ics it is Google LLC in the US, www.google.com), which we deploy to meas­ure and eval­u­ate the use of the web­site. Per­man­ent cook­ies, set by the ser­vice pro­vider, are also used for this pur­pose. The ser­vice pro­vider does not receive any per­son­al data from us (and does not store any IP addresses), but may track your use of the web­site, com­bine this inform­a­tion with data from oth­er web­sites you have vis­ited and which are also tracked by ser­vice pro­viders, and use these find­ings for its own pur­poses (med­ic­a­tion (e.g. to con­trol advert­ising). If you are registered with the ser­vice pro­vider, the ser­vice pro­vider also recog­nises you. The ser­vice provider’s pro­cessing of your per­son­al data is then the respons­ib­il­ity of the ser­vice pro­vider and is car­ried out in accord­ance with its data pro­tec­tion pro­vi­sions. The ser­vice pro­vider merely informs us how our respect­ive web­site is used (without any inform­a­tion about you per­son­ally).

6. Data forwarding and data transfer abroad

With­in the con­text of the pur­pose of our Asso­ci­ation and the pur­poses pur­su­ant to Fig. 3, we also dis­close to third parties, to the extent per­mit­ted and deemed appro­pri­ate, either because they pro­cess this data for us or because they wish to use this data for their own pur­poses. This con­cerns the fol­low­ing pos­i­tions in par­tic­u­lar:

  • our ser­vice pro­viders (such as e.g. banks), includ­ing pro­cessors (such as e.g. IT pro­viders);
  • traders, sup­pli­ers, sub­con­tract­ors and oth­er part­ners;
  • com­pet­it­ors, industry organ­isa­tions, asso­ci­ations, organ­isa­tions and oth­er bod­ies;
  • oth­er parties in pos­sible or actu­al leg­al pro­ceed­ings as well as any pos­sible inter­ested parties or buy­ers with­in the con­text of pos­sible trans­ac­tions under com­pany law;
  • co-organ­izers (e.g. Swiss Struc­tured Products Asso­ci­ation (SSPA), SIX and Ver­ein Struk­tur­ierte Produkte Messe (VSPM)) and oth­er part­ners involved in organ­iz­ing the Inter­na­tion­al Struc­tured Products For­um (ISPF) event;

all col­lect­ively recip­i­ents.

Some of these recip­i­ents are loc­ated in Switzer­land, although they may be loc­ated any­where around the globe. In par­tic­u­lar, you must expect your data to be trans­ferred to oth­er coun­tries in Europe and the USA where the ser­vice pro­viders we use are loc­ated (such as host­ing pro­vider in Lon­don). If we trans­fer data to a coun­try without adequate stat­utory data pro­tec­tion, we shall ensure an adequate level of pro­tec­tion as required by law by using appro­pri­ate con­tracts (spe­cific­ally on the basis of the so-called stand­ard con­trac­tu­al clauses of the European Com­mis­sion) or shall rely upon the leg­al excep­tions of con­sent, the exe­cu­tion of the con­tract, the estab­lish­ment, exer­cise or enforce­ment of leg­al claims, over­rid­ing pub­lic interests, the pub­lished per­son­al data or because it is neces­sary to pro­tect the integ­rity of the data sub­jects. You can obtain a copy of the con­trac­tu­al guar­an­tees men­tioned above at any time from the con­tact per­son men­tioned in Fig. 1. We how­ever reserve the right to redact tran­scripts for reas­ons of data pro­tec­tion or con­fid­en­ti­al­ity, or to deliv­er only excerpts there­of.

7. Duration of the storage of personal data

We pro­cess and store your per­son­al data as long as it is neces­sary for the ful­fil­ment of our con­trac­tu­al and leg­al oblig­a­tions or oth­er­wise for the pur­poses pur­sued with the pro­cessing, i.e. for example for the dur­a­tion of your Asso­ci­ation mem­ber­ship or as long as your employ­ers are mem­bers and you are stored as our con­tact per­son as well as bey­ond the dur­a­tion of the mem­ber­ship in accord­ance with the leg­al stor­age and doc­u­ment­a­tion oblig­a­tions. With­in this con­text, it may be that your per­son­al data is stored for the peri­od in which claims may be asser­ted against our Asso­ci­ation, and inso­far as we are oth­er­wise leg­ally obliged to do so or this is required by legit­im­ate busi­ness interests (e.g. for evid­en­tial or doc­u­ment­a­tion pur­poses). As soon as your per­son­al data is no longer needed for the above pur­poses, it is in prin­ciple deleted or anonymised as far as pos­sible. As a basic prin­ciple, the short­er reten­tion peri­ods of twelve months or less shall apply for oper­a­tion­al data (med­ic­a­tion (e.g. sys­tem pro­to­cols, logs).

8. Data security

We take appro­pri­ate tech­nic­al and organ­isa­tion­al secur­ity pre­cau­tions to pro­tect your per­son­al data against unau­thor­ised access and mis­use, such as e.g. IT and net­work secur­ity solu­tions, access con­trols and access restric­tions.

9. Obligation to provide personal data

With­in the con­text of your mem­ber­ship, you must provide the per­son­al data required for admis­sion to the Asso­ci­ation and the ful­fil­ment of oblig­a­tions under asso­ci­ation law (how­ever, you gen­er­ally do not have a leg­al oblig­a­tion to provide us with data). Without this data we will gen­er­ally not be able to admit you (or the body or per­son you rep­res­ent) to our Asso­ci­ation. The web­site can also not be used if cer­tain inform­a­tion required to safe­guard data traffic (such as IP address) is not dis­closed.

10. Rights of the data subject

With­in the con­text of the data pro­tec­tion law applic­able to you and to the extent provided for therein (such as in the case of the GDPR), you have the right of access, cor­rec­tion, eras­ure, the right to lim­it data pro­cessing and oth­er­wise to object to our data pro­cessing and to sur­render cer­tain per­son­al data for the pur­pose of trans­fer­ring this to anoth­er body (so-called data port­ab­il­ity). Please note, how­ever, that we reserve the right to assert the restric­tions provided for by law, for example if we are obliged to store or pro­cess cer­tain data, if we have an over­rid­ing interest in doing so (inso­far as we are entitled to refer to this) or if we need this data in order to assert claims. If this means you incur costs, we shall inform you in advance. We informed you in Fig. 3 that you are entitled to with­draw your con­sent.
The exer­cise of such rights usu­ally requires that you clearly prove your iden­tity (e.g. by pro­du­cing a copy of your iden­tity card where your iden­tity is oth­er­wise not clear or can­not be veri­fied). To assert your rights, you may con­tact us under the address spe­cified in Fig. 1.
Data sub­jects can also assert their rights in court and have the right to file a com­plaint with the com­pet­ent data pro­tec­tion author­ity. In Switzer­land, the com­pet­ent data pro­tec­tion author­ity is the Fed­er­al Data Pro­tec­tion and Inform­a­tion Com­mis­sion­er (http://www.edoeb.admin.ch).

11. Amendments to this Privacy Policy

We may amend this Pri­vacy Policy at any time without advance notice. The ver­sion cur­rently pub­lished on our web­site shall apply.