Skip to content

Data Privacy Statement

JSS Real Estate Management SA ("JSSREM") has issued this Data Privacy Statement in light of the Swiss Federal Act on Data Protection ("DPA") and its upcoming revision as well as the EU General Data Protection Regulation ("GDPR"), which is the new privacy regulation of the European Union ("EU")JSSREM. Although GDPR is a regulation of the EU it is relevant for JSSREM for a number of reasons. Swiss data protection legislation is historically closely tied to EU regulations and its future amendment will be substantially influenced by GDPR. Furthermore although GDPR is an EU-regulation, under certain circumstances it may apply to companies outside the EU such as JSSREM (extraterritorial effect).
In this Data Privacy Statement JSSREM would like to outline how it collects, processes and protects personal data about the following persons: (i) prospective clients, (ii) existing clients ("Clients") and (iii) individuals or entities whose information is provided by a client to JSSREM or comes otherwise to JSSREM’s knowledge in connection with services provided by JSSREM to a Client ("Connected Individuals"). A Connected Individual may include, but is not limited to, (i) any director, officer, authorized signatory or employee of a company, (ii) any beneficial owner of Client’s assets, (iii) a controlling person, (iv) a payee of a designated payment,(vi) representative(s) or agent(s) of a Client, (v) a co-obligor under a loan (e. g. guarantor of a credit) or (vi) any other individual or entity having a relationship with a Client that is relevant to this Client’s business relationship with JSSREM. Furthermore this Data Privacy Statement shall also inform Clients, Connected Individuals and prospective clients of their rights in relation to personal data collected and processed by JSSREM. Please note: Which specific personal data are processed and how they are used depends largely on the products and services requested or agreed in each case.
Wherever JSSREM uses "you" or "your" in this Data Privacy Statement, this is meant as a reference to a prospective client, a Client and any Connected Individual as defined herein.
If JSSREM provides separate or further information about how it collects and uses Clients’ or Connected Individuals’ personal data for a particular purpose, those terms will also apply. Furthermore this Data Privacy Statement continues to apply even if Client’s engagements with the JSSREM end.
Please familiarize yourself with this Data Privacy Statement and also forward ti to any Connected Individuals before JSSREM is provided with personal data of such Connected Individual.

1. Who is responsible for data processing and who can you contact in this regard?

The controller for data processing purposes is and JSSREM’s Data Protection Officer (according to GDPR) can be reached at:
JSS Real Estate Management SA
Data Protection Officer
4, Rue de la Corraterie
CH-1204 Geneva
E-Mail Address:

2. What sources and data does the JSSREM use?

The personal data the JSSREM collects or has about Clients, Connected Individuals and prospective clients an Employee come from different sources. This includes personal data provided to the business relationship or a prospective business relationship wih JSSREM or any of JSSREM’s products and services that the Client or a Connected Individual or prospective client has applied for or held previously.
Some of the personal data will come directly from the Client, the Connected Individual or the prospective client. Some might be obtained from other third parties (advisors, consultants, distributors, business introducers etc.). Personal data might also come from related entities or JSSREM might obtain such personal data lawfully by accessing publicly available sources or combining different sets of information.
Personal data collected may include, in particular:
a) Information that a Client, a Connected Person or a prospective client provide to the JSSREM such as:
  • Contact details (e.g. name, address and other contact details such as date and place of birth and nationality);
  • Information about a Client, a Connected Person or a prospective client given to JSSREM by filling in forms or by communicating with JSSREM, whether face-to-face, by phone, e-mail, on-line or otherwise;
  • Information concerning a Client’s, Connected Person’s or prospective client’s identity (e.g. passport information which does also contain a photograph) or which is relevant for authentication purposes (e.g. sample signature);
b) Information that JSSREM collects or generates about the Client, a Connected Person or a prospective client, such as:
  • Client relationship data (e.g. products held and services rendered), securities and payment transaction data and other financial information;
  • Information regarding a Client’s, a Connected Person’s or a prospective client’s financial situation;
  • Information JSSREM collects or generates to comply with its obligations under the anti-money laundering regulatory framework (e.g. information on origin of assets, beneficial ownership);
  • Information JSSREM collects or generates for risk management purposes such as client due diligence data (including periodic review results), client profiles, data to assess suitability/appropriateness, client qualification data (e.g. status as qualified investor), screening alerts (transaction screening, name screening), tax data or complaint information;
  • Geographic information;
  • Information included in relevant client files and client documentation and other comparable information;
  • Marketing and sales information (e.g. newsletters, documents received, invitations to and participations at events and special activities, personal preferences and interests, opt-in and opt-out declarations);
  • Information used in 'cookies' and similar technologies on websites, mobile applications and in emails to recognize a data subject, remember a data subject’s preferences and show a data subject content JSSREM thinks he/she/it is interested in.
c) Information about the Client, a Connected Person or a prospective client that the JSSREM collects from other sources, for example:
  • Information available in registers (e.g. commercial registers and registers of associations, registers available on the Internet);
  • Information from publicly available sources and combined information from external sources (e.g. corporate and media broadcasts, information pertaining to social interactions between individuals, organizations, prospects and other stakeholders acquired from companies that collect combined information).
JSSREM may also collect and process additional personal data about which JSSREM will inform you from time to time.

3. What does JSSREM process personal data for (purpose of the processing) and on what legal basis?

JSSREM processes personal data of Clients, Connected Individuals and prospective clients for various purposes in accordance with the provisions of the European GDPR and the Swiss DPA and only uses such personal data where JSSREM has a lawful basis for using it. The lawful basis and purposes include processing:
a) For the fulfillment of contractual obligations (article 6 para. 1 b) of the GDPR)
The processing of personal data is carried out in order to perform the relationships pursuant to contracts with the JSSREM’s Clients and their Connected Indivudals or to take steps prior to entering into a contract (e.g. with prospective clients).
The purposes of data processing are primarily dependent on the specific products and services and can include needs assessments, advisory, asset management and other financial or support services, as well as the carrying out of transactions. Additional details about the purposes of data processing may also be included in the applicable contractual or product documentation.
b) In the context of balancing interests and the purposes of safeguarding legitimate interests respectively (article 6 para. 1 f) of the GDPR)
Where required, JSSREM processes personal data beyond the actual fulfilment of the contract for the purposes of safeguarding the legitimate interests pursued by JSSREM or a third party. For Example:
  • Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions;
  • Keep track of JSSREM’s conversations with Clients, Connected Individuals and prospective clients (by phone, in person, by e-mail or by any other kind of communication);
  • Asserting legal claims and mounting a defense in the event of legal disputes;
  • Correspond with legal advisers and third party intermediaries;
  • Manage JSSREM’s internal operational requirements for credit and risk management, system or product development and planning, insurance, audit and administrative purposes;
  • Consulting and exchanging data with information offices;
  • Ensuring JSSREM's IT security and IT operations;
  • Prevention and solving of crimes;
  • Video surveillance to safeguard JSSREM’s premises against trespassers, for collecting evidence in the event of hold-ups or fraud, or to document disposals and deposits, e.g. at ATMs;
  • Measures for building, site and systems security (e.g. access controls);
  • Measures for ensuring the right of owner of premises to keep out trespassers;
  • Risk control in JSSREM;
  • Marketing or market and opinion research, to the extent that Clients, Connected Individuals and prospective clients have not objected to having their personal data used;
  • Gather insights from information through data analytics and for statistical purposes;
  • Complying with applicable Swiss and other legal statutory and regulatory requirements.
c) On the basis of your consent (article 6 para. 1 a) of the GDPR)
Insofar as you have granted JSSREM consent to process your personal data for specific purposes, this processing is lawful on the basis of your consent. A consent given may be revoked at any time. Please be advised that a withdrawal of consent does not affect the lawfulness of the processing of data prior to revocation of such consent. Note however that JSSREM may still be entitled to process your personal data if it has another legitimate reason for doing so.
d) Due to legal obligations (article 6 para. 1 c) of the GDPR) or in the public interest (article 6 para. 1 e) of the GDPR)
Furthermore, JSSREM is subject to various legal obligations, i.e. statutory requirements (e.g. Collective Investment Schemes Act, Anti-Money Laundering Act, ordinances and circulars of regulatory authorities and tax laws) as well as JSSREM regulatory requirements. Purposes of processing include for example money laundering prevention measures, measuring and managing risks within JSSREM and the J. Safra Sarasin Group (JSSREM included for consolidated supervision purposes).
JSSREM may also collect and process additional personal data for other purposes about which the JSSREM will inform you from time to time.

4. Who receives personal data?

Within JSSREM those units are given access to personal data of of Clients, Connected Individuals and prospective clients which require them in order to perform JSSREM’s contractual and statutory obligations or as further described in this Data Privacy Statement. Service providers and auxiliary persons appointed by JSSREM may also receive data for these purposes if they observe the applicable laws, rules and regulations, including those of the JSSREM. These could mainly be companies in the categories of IT services, HR services, logistics, printing services, telecommunications, debt collection, advice and consulting, as well as sales and marketing.
With regard to transferring data to other recipients outside JSSREM, to begin with, it is to be noted that, as a management company, JSSREM is generally obliged to maintain secrecy about any customer-related facts and evaluations which JSSREM may acquire or have knowledge of (business secrecy). JSSREM may pass on information about you only if legal provisions demand it, if you have given your consent, and/or if JSSREM is otherwise authorized to provide information. Under these requirements, recipients of personal data can be, for example:
  • Public authorities and institutions (e.g. the Swiss Financial Market Authority (FINMA), other financial authorities, tax authorities, criminal prosecution authorities, courts) insofar as a statutory or official obligation exists;
  • Other credit and financial services institutions, comparable institutions, counterparties and data processors to which the JSSREM has a business relationship and to which it transfers a data subject’s personal data in order to perform the business relationship with such data subject (depending on the contract, e.g. market counterparties, correspondent and agent banks, custodian banks, clearing houses, clearing or settlement systems, brokers, stock exchanges, information offices, service providers, companies that a data subject holds securities in, credit/debit card processing supplier(s));
  • Other companies for the purpose of outsourcing data processing activities, mainly in the categories of IT services, HR services, logistics, printing services, telecommunication and consulting, as well as salesa nd marketing;
  • Service providers like the pension fund, pension fund service providers, social security administration bodies as well as insurance companies;
  • Auditors, legal advisors or dispute resolution bodies.
Additional recipients of personal data may be those for which you have given your consent to transfer your personal data or with respect to which you have exempted JSSREM from privacy obligations by agreement or consent.

5. Is data transferred to a third country or to an international organisation?

In certain circumstances personal data may be transferred to, and stored at, a destination outside Switzerland, including locations which may not have the same level of protection for personal data as Switzerland. JSSREM will always do this in a way that is in consideration of the applicable data protection rules. JSSREM may need to transfer your information in this way for example:
  • To perform its contract with you;
  • Where enforceable under applicable laws to protect the public interest;  
  • For JSSREM’s legitimate business interests (e.g. for example in the context of an outsourcing project).
Transfer of personal data to recipients in countries outside Switzerland, the EEA and the EU (so-called third countries) will take place if
  • It is necessary for the execution of contracts;
  • It is required by law (e.g. reporting obligations to authorities);
  • It is in the context of commissioned data processing;  
  • In the context of balancing interests and for the purposes of safeguarding legitimate interests respectively;  or
  • You have given your consent to JSSREM.
Where your personal data is to be disclosed to third parties domiciled in countries which do not have an appropriate level of data protection, JSSREM ensures that where necessary it takes appropriate measures (e.g. contractual arrangements or other precautions or justifications) so that personal data continues to receive appropriate protection.
You can obtain more details of the protection given to your information when it is transferred outside Switzerland by contacting JSSREM in accordance with the information provided in section 1 above.

6. How long will personal data be stored?

JSSREM will process and store personal data of Clients, Connected Individuals or prospective clients for as long as it is necessary in order to fulfil JSSREM’s contractual and statutory obligations. It should be noted here that the business relationship with JSSREM is a continuing and long term obligation, intended to last for several years.
If the personal data are no longer required in order to fulfil contractual or statutory obligations, they are regularly deleted, unless their further processing – generally for a limited time – is required for the following purposes:
  • Compliance with records retention periods under applicable law: this includes for example the Swiss Code of Obligations (CO) and its related relevant ordinances, the Federal Act on Direct Taxation (DTA) and the Federal Act on Occupational Old Age, Survivors' and Invalidity Pension Fund (BVG) and its related relevant ordinances.
  • Preservation of evidence in accordance with statutes of limitations.
  • Compliance with special retention constellations, such as «legal holds», i.e. processes put into effect by JSSREM in order to preserve all forms of relevant information when litigation is reasonably anticipated or ongoing. In such cases JSSREM might be required to keep the information for an undefined period of time.

7. What data protection rights do you have?

Under the applicable data protection laws you may have the following rights: the right of access (as defined in article 8 DPA and, if applicable, article 15 GDPR), the right to rectification (as defined in article 5 DPA and, if applicable, article 16 GDPR), the right to erasure (as defined in article 5 DPA and, if applicable, article 17 GDPR), the right to restriction of processing (as defined in articles 12, 13, 15 DPA and, if applicable, article 18 GDPR), the right to object to the data processing (as defined in article 4 DPA and, if applicable, article 21 GDPR) and, if applicable, the right to data portability (as defined in article 20 GDPR). The right of access and the right to erasure are subject to certain restrictions (under articles 9, 10 and 13 DPA and, if applicable, article 23 GDPR). Furthermore, if applicable on a person, there is also a right to lodge a complaint with an appropriate data privacy supervisory authority (article 77 GDPR).
Where JSSREM processes personal data based on your granted consent, you may revoke your consent specifically granted to the processing of personal data at any time. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby. Please note however that JSSREM may still be entitled to process your personal data if it has another legitimate reason for doing so.

8. How is personal data kept secure?

JSSREM implements internal technical and organisational measures to keep personal data of Clients, Connected Individuals and prospective clients safe and secure which may include encryption, anonymization, access limitations and physical security measures. JSSREM requires its Employees and any third parties who carry out any work on JSSREM’s behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of personal data.

9. Is there an obligation to provide data?

In the context of a business relationship with JSSREM Clients, Connected Individuals and prospective clients safe must provide all personal data which are necessary for the establishment and maintenance of such business relationship and the performance of the associated contractual obligations or which JSSREM is legally obliged to collect. As a rule, JSSREM would not be able to enter into or perform any contract or – consequently – accept and execute any request without collecting and processing personal data.
Data subjects are responsible to make sure the information provided to JSSREM is accurate and up to date.
In particular, provisions in the applicable law and regulation require that JSSREM verifies a data subject’s identity before entering into the business relationship by means of a document of evidentiary value (e.g. identity card) and that JSSREM collects and records a data subject’s name, place of birth, date of birth, nationality, residential address and other data for that purpose. In order for JSSREM to be able to comply with this statutory obligation, a data subject must provide JSSREM with the necessary information and documents in accordance with the Anti-Money Laundering Act and notify JSSREM without undue delay of any changes that may arise during the course of the business relationship. If a data subject does not provide the Bank with the necessary information and documents, the Bank will not be allowed to enter into or continue the requested business relationship.
If you give JSSREM any information about another person connected to your relationship (such as a Connected Individual), you must inform such person about what personal data you have given to JSSREM, and make sure they are informed of the content of this Data Privacy Statement.

10. Is "profiling" or "automated decision-making" used?

In some cases, JSSREM processes personal data of Clients, Connected Individuals or prospective clients automatically with the aim of evaluating certain personal aspects (profiling). For instance, JSSREM uses profiling in the following cases:
  • Due to legal and regulatory requirements, JSSREM is obliged to take anti-money laundering, anti-terrorist-financing, antifraud and anti-financial crime measures. Data evaluations (including on payment transactions) are also carried out in this context. At the same time, these measures also serve to protect you.
  • In order to provide you with targeted information and advice on products, the Bank may use evaluation tools. These enable demand-oriented communication and advertising, including market and opinion research.
JSSREM reserves its right to further analyse and evaluate personal data in an automated manner in the future, so as to identify significant personal characteristics of yourself or to predict developments and to create client profiles. These may in particular be used for business-related checks, individual management, advisory or financial services and the provision of offers and information that JSSREM may make available to you.
When providing you with services, JSSREM may make decisions about you by automated means. JSSREM will ensure that a suitable contact person is available if you wish to express a view on any automated individual decision where such opportunity to express a view is required by law. In such event, please refer your request to the address contained in section 1 above.

11. Changes to the Employee Data Privacy Statement

You may request a copy of this Data Privacy Statement from JSSREM using the contact details set out in section 1 above. JSSREM may modify or update this Data Privacy Statement from time to time by providing a revised version to its Clients or making such a revised version available on JSSREM’s website at
Issue Date: June 1st, 2019

Information on your right to object under article 21 of the EU General Data Protection Regulation (GDPR)

1.Ad hoc right to object
In case GDPR is applicable to you, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on article 6 para. 1 e) GDPR (processing in the public interest) and article 6 para. 1 f) GDPR (processing for the purposes of safeguarding legitimate interests); this includes any profiling based on those provisions within the meaning of article 4 para. 4 GDPR.
If you lodge such an objection, JSSREM will no longer process your personal data, unless JSSREM can demonstrate mandatory legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the establishment, exercise or defense of legal claims. Please note, that in such cases JSSREM may not be able to maintain an employment relationship with you either.   
2. Right to object to the processing of data for direct marketing purposes
If GDPR is applicable to you, you have the right to object at any time to processing of personal data concerning yourself for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, JSSREM will no longer process your personal data for such purposes.
There are no formal requirements for lodging an objection. It should ideally be in writing and addressed to:
JSS Real Estate Management SA
Data Protection Officer
4, Rue de la Corraterie
CH-1204 Geneva
E-Mail Address: