Global Personal Data Privacy Notice

This Notice is made by Diginex SA and/or Diginex Group (as defined below) in accordance with the upcoming revision of the Swiss Data Protection Act and the European General Data Protection Regulation (“GDPR”). We recognize and value the trust that individuals place in us when providing us with personal data and we are committed to safeguarding the privacy and security of personal data we may collect.

The Notice is intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed. It is important that you read this Notice together with any other notice that we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal information.

References in this Notice to "we", "our", or "us", are to Diginex SA and/or Diginex Group Companies (which includes Diginex SA and any entity directly or indirectly controlled by, or controlling Diginex SA) ("Diginex") depending on the purpose for which your Personal Data is provided and collected and/or our services, products and features you elect to access or use. This Notice is to be distinguished from our Website Privacy and Cookie Policy available on Diginex Group’s website.

By providing your personal data to us (whatever the channel used), or signing up for any products or services offered by us, you agree and consent to Diginex SA and Diginex Group to the processing set out in this Personal data privacy Notice.

1. Definition in this Notice

“GDPR” refers to the European regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data. The regulation applies to all individuals/data subjects living in EU-member countries, Iceland, Liechtenstein and Norway.

“Data Subject” means any person whose personal data is being collected, held or processed by Diginex.

“Processing” means any action or set of actions that are performed on personal data or sets of data, whether automated or not.

“Data Controller” refers to the natural or legal person, public authority or another body which establishes the purpose and method of data processing, alone or together with other actors.

“Data processor” refers to a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller.

“Personal data” means any information related to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly.

“You”, “Your” refers to individuals whose personal data Diginex processes in connection with client services, supplier services, transaction counterparts.

2. Why is the data collected?

From time to time, Diginex will have to collect personal data in connection with the establishment or continuation of business relationship or provision of products and services or compliance with any laws, guidelines or requests issued by regulators or other authorities.

Failure to supply such data may result in being unable to establish or continue our business relationship with you or provide products and services to you.

3. What data is being collected?

Personal data includes any information about an individual from which that person can be identified. We may collect and process different types of personal data in the course of operating our business and providing our services, these include:

  • Identity data: including first name, last name, middle names, maiden name, marital status, title, date of birth, passport number, photograph identification;

  • Contact data: including your residential address, delivery address, email address, telephone numbers;

  • Financial data: including your bank account and payment card details, revenue information, financial and investment background;

  • Services data: including details about payments to and from you and other details of services you have purchased from us or we have purchased from you, digital wallet, transaction information;

  • Profile data: including your usernames and passwords, purchases or orders made by you, your interest, feedback and survey responses;

  • Usage data: including website usage and other technical data such as details of your visit to our websites, or information collected through cookies and other tracking technologies (please refer to our Website privacy and Cookie notice);

  • Professional information: including your job title, email address, phone number and addresses;

  • Professional history: including your previous positions and professional experience.

In specific circumstances, we will collect information about your criminal convictions and offences, such as where we are required to do so for legal or regulatory purposes (e.g “Know your customer”) or where you have provided us with such information as it is necessary for a specific service we are providing.

4. How is the data collected?

We collect personal information about you from your interactions with us, from certain third parties and other sources:

  • Direct interactions: You give us your personal data in your direct interactions with us. Such personal data includes Identity Data, Contact Data, Financial Data, Services Data, Profile Data, Usage Data, Professional Information, and/or Professional History which you give us from time to time (i) by filling in Diginex internal forms provided; (ii) through other electronic platforms which we offer or which we have agreed with you to use, (iii) by corresponding with us by email or post, (iv) by speaking to us in person or over the telephone, or (v) whilst visiting our offices;

  • If you provide us with any personal data relating to a third party (for example, information of your spouse, children, parents, or a Connected Person), by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with his/her personal data for the respective purposes; "Connected Person" may include but is not limited to any beneficial owner, authorised signatory, director, shareholder, officer of a company, partner or member of a partnership, settlor, trustee, beneficial owner, protector or granter of trust, mandate holder, power of attorney holder, surety, third party security provider, provider of funds, founder and/or employee, payee of designated payment, representatives, agents or nominees;

  • Website, cookies and marketing: You give us your personal data, which includes Profile Data, Usage Data, and/or Professional Information, when you use our website or review the publications or marketing, we send you. Please refer to the Website privacy and cookie notice for our website;

  • Third–party sources: We receive Identity Data, Contact Data, Financial Data, Professional Information from third-parties when: 

    • We conduct our “know your customer” and other background checks;

    • you provide your personal data to a third party for the purpose of sharing it with us;

    • we interact with governmental or regulatory bodies or other authorities in relation to you or on your behalf;

  • Publicly available sources: We collect identity Data, Contact Data, Financial Data, Professional Information, Professional History from publicly available sources including:

    • Public registers of individuals;

    • Public registers of companies, charities, law firms, chartered accountant, stock or commodities exchange participants, mutual and other entities;

    • Public registers of sanctioned persons and entities;

    • Other public sources

5. How will the data be used?

We use personal information for a number of legitimate interests, including to provide and improve services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. We use your personal data in the following circumstances:

  1. considering applications for products and services including confirming and verifying your identity;

  2. the daily operation of products, services and/or other facilities provided to you;

  3. any purpose related to the administration of the products and services offered by us;

  4. creating and maintaining our risk related models;

  5. designing services or related products for customers;

  6. marketing services, products and other subjects as described below;

  7. collecting of amounts outstanding from you;

  8. meeting obligations, requirements or arrangements, whether compulsory or voluntary, of Diginex to comply with, or in connection with:​

    1. any law, regulation, judgment, court order, voluntary code, sanctions regime, within or outside Switzerland or the European Economic Area or any other location from where the Personal Data was collected, existing currently and in the future; any guidelines, guidance or requests given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations within or outside Switzerland or the European Economic Area or any other location from where the Personal Data was collected existing currently and in the future and any international guidance, internal policies or procedures;

    2. any present or future contractual or other commitment with local or foreign legal, regulatory, judicial, administrative, public or law enforcement body, or governmental, tax, revenue, monetary, securities or futures exchange, court, central bank or other authorities, or self-regulatory or industry bodies or associations or any of their agents with jurisdiction over all or any part of Diginex that is assumed by, imposed on or applicable to Diginex; or

    3. any agreement or treaty between Authorities;

  9. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within Diginex and/or any other use of data and information in accordance with any programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;

  10. conducting any action to meet obligations of Diginex to comply with Laws or international guidance or regulatory requests relating to or in connection with the detection, investigation and prevention of money laundering, terrorist financing, bribery, corruption, tax evasion, fraud, evasion of economic or trade sanctions and/or any acts or attempts to circumvent or violate any Laws relating to these matters;

  11. meeting any obligations of Diginex to comply with any demand or request from the Authorities;

  12. enabling an actual or proposed assignee of Diginex or participant or sub-participant of the Bank’s rights in respect of the customer to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and

  13. purposes relating thereto.

Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights, and freedoms.

6. Use of data in direct marketing

If we intend to use your Personal Data (including your name and contact details) collected from you for direct marketing purpose, we will first obtain your consent (or an indication of no objection) before doing so.

In this context, marketing purpose as to be understood as follow:

  • the name, contact details, products and other service portfolio information, transaction pattern and behaviour, financial background and demographic data of a customer held by us from time to time may be used by us in direct marketing;

  • the following classes of services, products and subjects may be marketed:

    • Diginex’s solutions, financial, investment and related services and products;

    • Educational seminars and forums or other services and products offered by Diginex; and

    • Diginex’s new product and service launch and other promotional offers.

  • the above services, products and subjects may be provided by Diginex and/or any third-party services providers;

If we intend to provide your Personal Data (including your name and contact details) collected from you to third parties for their use in direct marketing, we will first obtain your consent (or an indication of no objection) before doing so.

If you agree to receive marketing communications but do not wish to receive them in the future, you may opt out of receiving them at any time, by notifying us (contact in Section 11) at any time and free of charge.

We may issue service-related announcements to you when necessary (e.g. when we suspend a service due to system maintenance).  You may not be able to opt out of these announcements which are service-related and not promotional in nature.

7. Will your data be shared?

Diginex is a global firm and as such any personal data that we collect, or you provide to us may be shared with and processed by any Diginex entity among our global network.

Data held by Diginex related to an individual will be kept confidential but Diginex may provide such information to the following parties (whether within or outside Switzerland or the European Union) for the Section 4 above-mentioned purposes:

  1. any of our staff, directors, officers;

  2. any agents, contractors, sub-contractors, service providers or associates of Diginex (including their employees, directors, officers, agents, contractors, service providers, and professional advisers);

  3. any third-party service provider who provides administrative, telecommunications, computer, payment or clearing or other services to Diginex in connection with the operation of its business (including their employees, directors and officers);

  4. any Authorities;

  5. any person under a duty of confidentiality to Diginex which has undertaken to keep such information confidential;

  6. any persons acting on behalf of an individual whose data are provided, payment recipients, beneficiaries, nominees, intermediary, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, swap or trade repositories exchanges;

  7. any person to whom Diginex is under an obligation or required or expected to make disclosure for the purposes set out in, or in connection with Section 6 (VIII), (IX), (X) and/or (XI);

  8. enabling:

    1. any actual or proposed assignee of Diginex;

    2. any actual or proposed participant(s) or sub-participant(s) or transferee(s) of the Diginex’s rights or obligations with respect to you and/or your business relationship with us;

    3. any person(s) in whose favour Diginex’s obligation with respect to you and/or your business relationship with us or are to be novated.

  9. to evaluate, execute and/or complete the transaction(s) intended to be the subject of any assignment, participation, subparticipation, transfer, novation or other similar arrangement.

As a global firm we cannot limit our processing of an individual’s personal data to the country in which that individual is based. In the course of providing our services, we will likely need to transfer personal data to locations outside the jurisdiction in which you provide it. The personal data is shared among Diginex in accordance with our Global Data Privacy Policy. All Diginex entities follow the same rules when processing your personal data.

In case of international transfer to third party, personal data may be subject to a lower level of protection and/or cease to be provided by any relevant client confidentiality or data protection laws.

8. How long do we keep your personal data?

We will retain your personal data as long as is necessary to fulfil the purpose for which this data was collected and any other permitted linked purpose.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. How we protect your personal data?

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including the storage of your personal data on secure servers with place appropriate security arrangements in place to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal of your personal data.

We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data are trained and informed of their rights and responsibilities in when processing personal data.

10. What rights do you have as data subject?

Under certain circumstances and in accordance with applicable laws, you may have the right to require us to:

  1. advice whether Diginex holds data about you, and access to such data;

  2. provide further details on the use we make of your information;

  3. update any inaccuracies in the personal data we hold;

  4. delete any personal data that we no longer have a legitimate interest to use;

  5. where processing is based on consent, withdraw your consent so that we stop that particular processing;

  6. object to any processing based in the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;

  7. restrict how we use your information whilst a complaint is being investigated.

You may exercise any of your rights at any time using the contact details set out below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

The Data Protection Officer
c/o Diginex SA

c/o LacMont AG, Landis + Gyr-Strasse 1, 6300 Zug

While it is our policy to respect the rights of individuals, please be aware that your exercise of there rights is subject to certain exemptions to safeguard (i) public interest, such as prevention and detection of crime, (ii) our interests, such as the maintenance of legal privilege. Some of these rights may be limited (e.g the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to defend our legal rights or meet our regulatory obligations.

10. How can you raise a complaint?

If you are not satisfied with our use of your personal data or our response to any exercise of the rights above-mentioned in Section 10, you have the right to complain to the relevant Supervisory Authority (data protection regulator).

Last updated: December 2020