Privacy Policy

With this Privacy Policy we intend to provide an overview of the processing of personal data by Qualified Intermediary Solutions (Swiss) S.a.g.l. (“QIS”) and the rights granted to our customers and web users by the current data protection legislation. The data that are processed and the methods of their use depend on the services requested or contractually stipulated by the customer with QIS.

For individual or additional offers and services, supplementary or additional terms and conditions and other legal documents such as the General Terms and Conditions of Business (“GTC”) apply.

This Privacy Policy is based on our business activities and is subject to Swiss data protection laws, such as the Federal Act on Data Protection (“FADP”) and any other applicable foreign data protection laws, in particular those of the European Union (“EU”), namely the General Data Protection Regulation (“GDPR”).

  1. Responsible for Processing Personal Data

QIS is responsible for data processing. For any questions, complaints or to exercise your rights regarding data protection, please write to the following address:

Qualified Intermediary Solutions (Swiss) S.a.g.l.

Corso Elvezia 10

CH – 6900 Lugano

Switzerland

e-mail: privacy@qisolutions.us

  1. Data Processed

Personal data is any information that refers to an identified or identifiable natural person.

Personal data worthy of special protection include data relating to religious, ideological, political or trade union opinions or activities; data on health; the intimate sphere, including information on sexual life and orientation; data on racial or ethnic origin; genetic data; biometric data that uniquely identify a natural person; data relating to administrative or criminal proceedings or sanctions; data on social assistance measures.

QIS processes personal data that it receives in the context of its engagements with its clients, therefore, while the type of personal data may vary depending on the agreed service, in general it may concern:

  • Personal data such as name and surname, address and e-mail address, date and place of birth, nationality;
  • Identification data such as identification document data (i.e. identity card, passport) and national identification codes;
  • Financial situation data or banking data such as the account number or other identifying sequence of the account, the account balance, the amount of interest, dividends and other income generated by the assets held in the account and the proceeds from the sale of the assets held in the account.
  1. Sources of Data Processed

We collect and process personal data when you communicate with us or our staff by post, email, contact form, social media or telephone. In addition to the data you provide to us directly, where necessary for the performance of the agreed services, QIS also processes personal data that it lawfully receives from third parties. We may also process personal data from freely accessible public registers such as land registers, commercial registers, press registers and the Internet to the extent that such processing is permitted by law and functional in the context of providing our services. If you register to receive our newsletter, we process the contact data you provide to us (i.e. email address).

  1. Purpose of Processing Data

We process your information, including your personal data, for the following purposes:

  1. provision of the services contractually agreed with the customer and the implementation of measures in the pre-contractual phase. In particular, the data may be processed to:
  • prepare Forms 1042-S and 1099 and transmit them electronically in accordance with the annual reporting obligations established by the Qualified Intermediary (“QI”) agreement to the US tax authority (“IRS”);
  • assist in preparing the certification of QI internal controls;
  • prepare Forms 8966 and transmit them electronically;
  • provide assistance in completing self-certifications and/or W-8 forms; and
  • provide assistance in preparing XML files for data transmission for the purposes of automatic exchange of information.
  1. fulfillment of a legal obligation;
  2. performance of a task of public interest or exercise of public authority with which we are invested;
  3. Pursuit of the legitimate interest of QIS.

If and to the extent that the GDPR is applicable, the data is processed in accordance with at least one of the following legal bases:

  • Art. 6 para. 1, a) GDPR for the processing of personal data with the consent of the data subject;
  • Art. 6 para. 1, b) GDPR for the processing of personal data necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject;
  • Art. 6 para. 1, c) GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under the applicable law of the Member States in the European Economic Area (“EEA”);
  • Art. 6 para. 1, d) GDPR for the processing of personal data necessary for the protection of the vital interests of the data subject or of another natural person;
  • Art. 6 para. 1, e) GDPR for the processing of personal data necessary for the performance of a task of public interest; and
  • Art. 6 para. 1, f) GDPR for the processing of personal data necessary for the protection of our legitimate interests or those of third parties, unless the fundamental freedoms, rights and interests of the data subject prevail. Legitimate interests are in particular our interest in being able to provide our services permanently, intuitively, securely and reliably and to publicize them if necessary, information and protection against misuse and unauthorized use, the enforcement of our legal claims and compliance with Swiss law.

5. Data Processing (national and/or foreign)

QIS personnel who have access to personal data are required to comply with internal rules and procedures relating to the processing of personal data in order to protect and ensure its security.

QIS may appoint third parties to process personal data or process it together with third parties or with the help of third parties or transfer it to third parties. In particular, QIS uses Google SUITE and Google Drive for business for email and file management in the cloud. Therefore, the third-party service providers we use are:

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA;
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland; and
  • Dropbox Inc., 1800 Owens Street, Suite 200, San Francisco, California, 94158 USA.

Adequate data protection is also guaranteed by these third parties, and regardless of their location, they are required to comply with a list of technical and organizational security measures compliant with applicable data protection legislation..

Further information can be found at the links:

https://policies.google.com/privacy/frameworks?hl=en

https://www.dropbox.com/privacy

Where required, personal data may be disclosed to public, regulatory, judicial or government authorities, where we are required to disclose information under applicable law or regulations or to safeguard our legitimate interests..

  1. Data Retention

We retain your information, including personal data, for the period of time necessary for the corresponding purpose(s) or in accordance with the provisions of the law, regulations and professional obligations to which we are subject, in any case adopting adequate technical and organizational measures, aimed at guaranteeing their security, integrity and confidentiality. Data whose processing is no longer necessary for QIS to fulfill its contractual obligations will be made anonymous or deleted. The subjects whose data we process have, in principle, the right to request the deletion of their data.

  1. Rights of Interested Parties

We guarantee interested parties all the rights provided by the LPD. In particular, interested parties have the following rights:

  • Information: Data subjects can request information about whether we process their personal data and, if so, which personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information about the purposes of the processing, the duration of storage, whether the data is disclosed or exported to other countries and the origin of the personal data.
  • Correction and Restriction: Data subjects can have inaccurate personal data corrected, incomplete personal data completed and the processing of their data restricted.
  • Deletion and Objection: Data subjects can have their personal data erased after they have withdrawn their consent to the processing or when the purpose for which the data was originally collected no longer applies and there are no retention requirements.

We may suspend, limit or refuse the exercise of data subject rights to the extent permitted by law. We may draw the attention of data subjects to any requirements that must be met in order to exercise their rights under the FADP. For example, we may refuse to provide information, in whole or in part, with reference to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations..

Where applicable and, without prejudice to the right to appeal to any other administrative or judicial body, if the interested party believes that the processing of his/her personal data by QIS is in violation of applicable regulations, he/she may lodge a complaint with the Federal Data Protection and Information Commissioner. (https://www.edoeb.admin.ch/edoeb/en/home.html).

Data subjects have the right, if and to the extent that the GDPR applies, to lodge a complaint with a competent European data protection supervisory authority..

  1. Security Measures

We have implemented physical, IT, organizational and logistical measures adequate to guarantee compliance with the current legislation on privacy with particular reference to the confidentiality, integrity and availability of data. For the entire duration of the processing, QIS undertakes to implement any other security measures necessary to prevent or in any case reduce to a minimum the risk of destruction, loss, dissemination or alteration of personal data or accidental or uncontrolled consultation, export, reading, copying of the same by third parties, as well as prevention of all other illicit forms of processing.

QIS undertakes, where it suspects or finds a security incident (“data breach”), to transmit the communication to the interested party within 24 hours from the moment in which the violation is detected, as well as to adopt the appropriate security measures aimed at mitigating the effects and minimizing any damage resulting from the aforementioned breach.

  1. Updating the Privacy Policy

We reserve the right to adapt and integrate this document at any time whenever we deem it appropriate. We will provide information about any updates and additions in an appropriate form, in particular by publishing the current version of the Privacy Policy on the QIS website (www.qisolutions.us).