Data Privacy Notice

The EU GDPR aims to harmonize data protection law across EU Member States and introduces higher data protection standards as well as transparency of personal data collection and processing for our clients. UBS takes your privacy seriously. This privacy notice contains general information on what personal data UBS collects, what it does with that information, and what rights you have. Section 11 sets out information that is specific to the country of the UBS entity with which you have a contractual relationship. If you have any questions or comments, please contact dpo-fr@ubs.com.

‘Personal data’ is any information that relates to an identified or identifiable natural person (rather than to a legal entity, such as a company).

As part of our commitment to protect your personal data in a transparent manner, we want to inform you:

• why and how UBS collects, uses and stores your personal data;
• the lawful basis on which your personal data is processed; and
• what your rights and our obligations are in relation to such processing.

UBS (“UBS”, “we”, “our”, or “us”) will, depending on the product or service we provide to you (if any), collect and process personal data about you including:

• personal details such as your name, identification number, date of birth, KYC documents (including a copy of your national identity card or passport), phone number physical and electronic address, and family details such as the name of your spouse, partner, or children;
• financial information, including payment and transaction records and information relating to your assets (including fixed properties), financial statements, liabilities, taxes, revenues, earnings and investments (including your investment objectives);
• tax domicile and other tax-related documents and information;
• where applicable, professional information about you, such as your job title and work experience;
• your knowledge of and experience in investment matters;
• details of our interactions with you and the products and services you use;
• any records of phone calls between you and UBS;
• where applicable, details of your nomination of a mandate;
• identifiers we assign to you, such as your client or account number, including for accounting purposes;
• when you access our Website, data transmitted by your browser and automatically recorded by our server, including date and time of the access, name of the accessed file as well as the transmitted data volume and the performance of the access, your web browser, browser language and requesting domain, and IP address (additional data will only be recorded via our Website if their disclosure is made voluntarily, e.g. in the course of a registration or request). When you visit a UBS website, that website will contain additional information about how we use your information while you are visiting that website

In some cases, we collect this information from public registers (which, depending on the product or service you receive and the country of the UBS entity with which you have a contractual relationship, may include beneficial ownership and other registers), public administration or other third-party sources, such as wealth screening services, credit reference agencies, fraud prevention agencies, intermediaries that facilitate data portability, and other UBS Group entities. If applicable, more information relevant to the country of the UBS entity with which you have a contractual relationship is set out in section 11.

If relevant to the products and services we provide to you, we will also collect information about your additional card holders or account holders, business partners (including other shareholders or beneficial owners), dependants or family members, representatives, and agents. Additionally, where you are an institutional or corporate client or investor, we will also collect information about your directors, employees or shareholders. Before providing UBS with this information, you should provide a copy of this notice to those individuals.

3.1 Legal basis for processing

Depending on the purpose of the processing activity (see section 3.2), the processing of your personal data will be one of the following:

(i) necessary for the legitimate interests of UBS, without unduly affecting your interests or fundamental rights and freedoms (see below);

(ii) necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your data for some of the purposes in sections 3.2(a), (b) (c) and (j) below (as well as certain of the data disclosures described in section 4);

(iii) required to meet our legal or regulatory responsibilities, including when we conduct the checks referred to in section 3.2(a) below and make the disclosures to authorities, regulators and government bodies referred to in sections 3.2(g) and 4 below;

(iv) in some cases, necessary for the performance of a task carried out in the public interest;

(v) when we use special categories of personal data, necessary for establishing, exercising or defending legal claims or where the processing relates to personal data manifestly in the public domain; and

(vi) in limited circumstances, processed with your consent which we obtain from you from time to time (for instance where required by laws other than the EU GDPR), or processed with your explicit consent in the case of special categories of personal data such as your medical information.

Examples of the ‘legitimate interests’ referred to above are:

• pursuing certain of the purposes in sections 3.2(a) to 3.2(k) below;
• exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property;
• when we make the disclosures referred to in section 4 below, providing products and services and assuring a consistently high service standard across the UBS Group, and keeping our customers, employees and other stakeholders satisfied. More information about what this entails can be found in section 11; and
• meeting our accountability and regulatory requirements around the world, 

in each case provided such interests are not overridden by your privacy interests.

To the extent UBS has obtained your consent to process ordinary personal data in the past in any product-specific terms and conditions for the purposes of data protection law only, UBS will no longer rely on such consent, but instead will rely on lawful grounds of compliance with a legal obligation, contractual necessity or legitimate interests (as specified in this notice), and UBS' ability to rely on that consent is hereby waived or extinguished. For the avoidance of doubt, any consent given for any other reason, for instance (and if applicable) e-Privacy (including direct marketing) or banking secrecy, remains unaffected by this paragraph.

Where the personal data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this personal data there is a possibility we may be unable to on-board you as a client or provide products or services to you (in which case we will inform you accordingly).

3.2 Purposes of processing

We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process personal data for the following purposes:

a) client on-boarding processes, including to verify your identity and assess your application (including the need for guarantees or other securitization tools) if you apply for credit, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud);

b) providing products and services to you and ensuring their proper execution, for instance by ensuring that we can identify you and make payments to and from your accounts in accordance with your instructions and the product terms;

c) managing our relationship with you, including communicating with you in relation to the products and services you obtain from us and from our business partners, handling customer service-related queries and complaints, facilitating debt recovery activities, making decisions regarding credit or your identity, tracing your whereabouts, and closing your account (in accordance with applicable law) if it remains dormant and we are unable to contact you after a period of time;

d) helping us to learn more about you as a customer, the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your personal data, for instance by looking at the types of products and services that you use from us, how you like to be contacted and so on;

e) taking steps to improve our products and services and our use of technology, including testing and upgrading of systems and processes, and conducting market research to understand how to improve of our existing products and services or learn about other products and services we can provide;

f) contacting you for direct marketing purposes about products and services we think will be of interest to you, including those offered by us, UBS Group entities, and our other business partners, and facilitating competitions and promotions;

g) meeting our on-going regulatory and compliance obligations (e.g. laws of the financial sector, anti-money-laundering and tax laws), including in relation to recording and monitoring communications, disclosures to tax authorities, financial service regulators and other regulatory and governmental bodies, and investigating or preventing crime;

h) ensuring the safety of our customers, employees and other stakeholders;

i) undertaking transactional and statistical analysis, and related research;

j) underwriting;

k) for the UBS Group’s prudent operational management (including credit and risk management, insurance, audit, systems and products training and similar administrative purposes); and

l) any other purposes we notify to you from time to time.

4.1 With the UBS Group

We usually share personal data with other UBS Group companies in order to ensure a consistently high service standard across our group, and to provide services and products to you. More information about the UBS Group companies who receive your personal data can be found in section 11.

4.2 Third Parties

When providing products and services to you, we will share personal data with persons acting on your behalf or otherwise involved in the transaction (depending on the type of product or service you receive from us), including, where relevant the following types of companies. Examples of these companies that are relevant to your country are set out in section 11 below:

• a party acquiring interest in, or assuming risk in or in connection with, the transaction (such as an insurer);
• companies in which you have an interest in securities where such securities are held by the bank for you;
• payment recipients, beneficiaries, account nominees, intermediaries, and correspondent and agent banks;
• clearing houses, and clearing or settlement systems; and specialised payment companies or institutions such as SWIFT;
• (if you hold a credit card with us) credit card associations, and other card payment and platform providers;
• market counterparties;
• upstream withholding agents;
• swap or trade repositories;
• stock exchanges;
• other financial institutions, credit reference agencies or credit bureaus (for the purposes of obtaining or providing credit references);
• any third-party fund manager who provides asset management services to you; and
• any introducing broker to whom we provide introductions or referrals.

4.3 Service providers

In some instances, we also share personal data with our suppliers, including UBS Group companies and other business partners who provide services to us, such as IT and hosting providers, marketing providers, communication services and printing providers, debt collection, tracing, debt recovery, fraud prevention, and credit reference agencies, and others. When we do so we take steps to ensure they meet our data security standards, so that your personal data remains secure. Examples of these companies that are relevant to your country are set out in section 11 below.

4.4 Public or regulatory authorities

If required from time to time, we disclose personal data to public authorities, regulators or governmental bodies, including when required by law or regulation, under a code of practice or conduct, or when these authorities or bodies require us to do so.

4.5 Others

• If our business is sold to another organisation or if it is re-organised, personal data will be shared so that you can continue to receive products and services. We will usually also share personal data with prospective purchasers when we consider selling or transferring part or all of a business. We take steps to ensure such potential purchasers keep the data secure.
• If you exercise your right to data portability, we will usually disclose your personal data to an intermediary that facilitates data portability in accordance with applicable law and regulations.
• We will disclose personal data where required to exercise or protect legal rights, including ours and those of our employees or other stakeholders, or in response to requests from individuals or their representatives who seek to protect their legal rights or such rights of others.

If you are not satisfied with any aspect of the processing of your personal data by UBS, we would like to discuss it with you to understand how we can rectify the issue. If you would like to speak to us about our use of your personal data, you can do this:

• by filling out the data subject request form (en, fr), signing it and sending it back to your location complaint handling unit (see p.4 of the form for the contact details) or by contacting your client advisor
• by contacting SH-HR-EUGDPR-SNOW@ubs.com if you are a former UBS employee or candidate
  
• by contacting the data protection office contact by emailing dpo-fr@ubs.com or via mail UBS (France) S.A. LDPC France, 69, boulevard Haussmann, F-75008 Paris
  

If you are not satisfied with UBS’s response, you have the right to make a complaint to the data protection authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.

The following provisions apply to you if you have a contractual relationship with one of the following UBS French entities: UBS (France) S.A., UBS Securities France SA, UBS La Maison de Gestion, UBS Holding (France) SA, UBS Immobilier (France) S.A, UBS Real Estate GmbH French Branch and UBS Europe SE France Branch.

Any reference to “UBS France” shall be read as a reference to the entity you entered into a contractual relationship with. This section only includes additional information to the information provided in the remaining sections of this privacy notice. In case of discrepancies between the provisions of this section 11 and the information contained in other sections of this privacy notice, the provisions of this section 11 shall prevail.

11.1 France’s national data protection authority

In France, the relevant data protection authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).

You can contact the CNIL at the following address:

Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy TSA 80715
75334 PARIS CEDEX 07
phone +33 (0) 1 53 73 22 22, fax : +33(0)1 53 73 22 00.

11.2 UBS France contact details

You can contact the relevant UBS French entity at the following address:

UBS (France) S.A.
69, boulevard Haussmann
75008 Paris

UBS Securities France SA
69, boulevard Haussmann
75008 Paris

UBS La Maison de Gestion
4, place saint Thomas d'Aquin
75007 Paris

UBS Holding (France) SA
69, boulevard Haussmann
75008 Paris

UBS Immobilier (France) S.A.
69, boulevard Haussmann
75008 Paris

UBS Real Estate GmbH French Branch
Theatinerstrasse 16
80333 München
Germany

UBS Europe SE France Branch
69, boulevard Haussmann
75008 Paris

11.3 UBS France’s LDPC (local data protection coordinator)

The local coordinator of the UBS Group’s DPO is Philippe Contadin.

You can contact UBS France’s LDPC by emailing dpo-fr@ubs.com.

11.4 Examples of third-party data recipients

Information related to clients and prospects of UBS France is subject to banking secrecy in France.

UBS France is therefore duty bound to protect the confidentiality of information subject to banking secrecy (including personal data), which can include restrictions and/or limitations (in addition to those under data privacy law and regulation) to data transfers including data transfers to UBS entities.

Under certain circumstances compliant with bank secrecy and data privacy requirements, UBS France can transfer your personal data to the following categories of recipients:

• Other UBS entities
  • Branches of UBS AG and UBS Business Solutions AG (in particular the London, Hong Kong, Zurich and Singapore Branches) (risk management, technological support services and relationship management);
  • UBS Switzerland AG (reporting, risk management and technological support services); and
  • UBS Kraków Sp. z.o.o.and UBS Business Solutions Poland Sp. z o.o. (risk management and administrative services).

Public or regulatory authorities:

Below are examples of third party public or regulatory authorities UBS France can be required by application of laws and regulations in force, to transfer your personal data to:

• Ministère de l'Economie et des Finances;
• Banque de France;
• Autorité de contrôle prudentiel et de résolution (ACPR);
• Autorité des Marchés Financiers (AMF);
• Caisse des Dépôts et Consignations (CDC);
• Judicial authorities;
• Any third party public entity entitled to exercise its right of access and communication provided by tax law and regulation,

Service providers and third parties

Below are examples of service providers and third parties UBS France can transfer your personal data to:

• a party acquiring interest in, or assuming risk in or in connection with, the transaction (such as an insurer);
• companies in which you have an interest in securities where such securities are held by the bank for you;
• payment recipients, beneficiaries, intermediaries, and correspondent and agent banks;
• clearing houses, and clearing or settlement systems;
• specialised payment companies or institutions such as SWIFT;
• market counterparties;
• swap or trade repositories;
• stock exchanges;
• any third-party fund manager who provides asset management services to you;

11.5 Examples of data retention periods

As far as necessary, we will keep your data for the duration of our banking relationship subject to the legal and regulatory limitation periods. In addition, we might process your data after the termination of our banking relationship for operational and/purposes in accordance with the applicable laws as well as pursuant to various retention and documentation obligations.

11.6 Additional data subject rights provided by French national data protection law

In addition to the rights listed in section 7 above, you have the right under French law to set guidelines for the retention, erasure and communication of your personal data after your death. General guidelines relate to the entirety of your personal data and can be registered with a digital trusted third party certified by the CNIL. Specific guidelines relate to the specific processing described in section 3.2 and are registered directly with us.