Privacy Policy

It is important to Private Client Bank AG (hereinafter referred to as «Private Client Bank» or «Bank» to ensure that personal data is handled in compliance with the law. Private Client Bank collects and processes personal data in order to fulfil legal and regulatory requirements and in accordance with data protection legislation.

This Privacy Policy provides information on how Private Client Bank processes personal data. Personal data means any information relating to an identified or identifiable natural person. Processing means any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, retention, use, disclosure, archiving, erasure or destruction of data.

Personal data is only processed to the extent that this is done with the consent of the data subject or is necessary and permissible for the performance of the services offered, to safeguard legitimate interests or to fulfil legal or regulatory obligations.

 
Purpose of data processing/legal basis

Private Client Bank processes personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP):

a. For fulfilment of contractual obligations

Data is processed in order to provide banking and financial services in accordance with our legal agreements with our clients or to carry out pre-contractual measures that occur as part of a request from an interested party. The purposes of data processing comply with the specific service and can include needs assessments, advice, discretionary and asset management, as well as carrying out transactions.

b. Due to statutory provisions

Furthermore, as a bank, Private Client Bank is subject to various legal obligations, meaning statutory requirements (e.g. the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Mortgage Bond Act, FINMA ordinances and circulars, tax laws) and bank regulatory requirements (e.g. Swiss National Bank, FINMA). Purposes of processing include assessment of creditworthiness, identity and age checks, fraud and money laundering prevention, fulfilling control and reporting obligations under fiscal laws, and measuring and managing risks within Private Client Bank.

c. In the context of balancing interests

Where required, the Bank processes your data beyond the actual fulfilment of the contract for the purposes of the legitimate interests pursued by them or a third party. Examples are:

  • Requests for information from and exchange of data with information agencies (e.g. debt enforcement register) in order to establish creditworthiness or default risks within the lending business and the need for an account providing protection against attachment or a basic account
  • Reviewing and optimising procedures for needs assessment for the purpose of direct client discussions.
  • Risk control in Private Client Bank
 
Business relationship

In the context of the business relationship with Private Client Bank, you must provide all personal data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that the Bank is legally obliged to collect. Without this data, the Bank is, in principle, not in a position to close or execute a contract with you.

In particular, anti-money laundering regulations require Private Client Bank to identify you based on your identification documents before establishing a business relationship and to collect and put on record name, place and date of birth, nationality, address and identification details for this purpose. In order for Private Client Bank to be able to comply with these statutory obligations, you must provide the Bank with the necessary information and documents in accordance with the Anti-Money Laundering Act, and to immediately report any changes over the course of the business relationship. If you do not provide the Bank with the necessary information and documents, the Bank cannot enter into or continue the business relationship you desire.

 
Origin of data

The personal data processed by Private Client Bank originates from the following sources:

  • Data that the Bank receives in the course of a business relationship with you or that is communicated and/or transmitted to the Bank in advance by the data subjects themselves
  • Data disclosed to the Bank by third parties for the performance of orders, for the fulfilment of contracts or with your consent
  • Data from domestic and foreign official bodies, authorities and courts in the context of their activities
  • Data that the Bank receives from publicly accessible sources (e.g. internet, media, commercial registers, land registers) or legitimately via specialised service providers
  • Data transmitted to the Bank through the technical infrastructure (e.g. when accessing our website)
 
Categories of personal data

Depending on which services are utilised, the following categories of personal data are processed:

  • Identification and contact data (e.g. name, nationality, date of birth, address, telephone number, e-mail)
  • Data on family and financial circumstances, including data on third parties (e.g. family members, authorised representatives, advisors)
  • Information on professional activities and training
  • Information on tax residence and, if necessary, other relevant tax data
  • Health data, if necessary (e.g. information on capacity to act, need for protection)
  • Transaction data (e.g. beneficiaries, beneficiary bank)
  • Order and risk management data (e.g. information on the asset situation, information for the risk and investment profile, knowledge and experience with investment products, sustainability preferences)
  • Image and audio data (e.g. video or telephone recordings)
  • Data for the administration of services used (e.g. dispatch of information)
  • Technical data (e.g. internal/external identifiers, IP address, logins)
 
Automated individual decisions and profiling

Profiling describes any type of automated processing of personal data that aims to evaluate certain personal aspects relating to a natural person (e.g. in relation to their personal preferences, economic situation, health and behaviour). Private Client Bank does not use any procedures or methods aimed at fully automated profiling or automated individual decision-making. However, Private Client Bank uses methods that can analyse personal data (e.g. to fulfil legal obligations, such as transaction analysis within the meaning of the Anti-Money Laundering Act, risk classification or client segmentation).

 
Transfer/disclosure of personal data

Within the Bank, only the units that require your data to fulfil our contractual and legal obligations will have access to it. Service providers appointed by the Bank can also receive access to data for the purposes given, if they maintain banking confidentiality. These are companies in the categories of banking services and IT services.

With regard to transferring data to recipients outside the Bank, to begin with it is to be noted that, as a bank, Private Client Bank is obliged to be discrete regarding all client-related matters and assessments of which it acquires knowledge (banking confidentiality pursuant to the general terms and conditions). The Bank may pass on information about you only if legal provisions demand it, if you have given your consent (e.g. to process a financial transaction you have ordered), or if Private Client Bank has been authorised to issue a bank inquiry. Under these requirements, recipients of personal data can be, for example:

  • Public entities and institutions (e.g. Swiss National Bank, financial authorities, criminal prosecution authorities) upon providing a legal or official obligation
  • Other credit and financial service institutions or comparable institutions to which the Bank transfers your personal data in order to carry out a business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, brokers, stock exchanges, information offices)

Other recipients of data can be any units for which you have given Private Client Bank your consent to transfer data or for which you have released the Bank from banking confidentiality by means of a declaration or consent.

 
Transfer of personal data to a third country

Data transfers to legal entities in states outside Switzerland (known as third countries) take place so long as:

  • it is necessary for the purpose of carrying out your orders (e.g. payment and securities orders)
  • it is required by law (e.g. reporting obligations under fiscal law), or
  • you have granted Private Client Bank your consent
 
Storage location of personal data

Private Client Bank is a Swiss company and all your personal data is processed exclusively in Switzerland and stored on servers in Switzerland.

 
Security measures/data security

Private Client Bank takes a variety of technical and organisational measures to prevent personal data from being accidentally or unlawfully lost, deleted, destroyed or altered or from being disclosed or made accessible to unauthorised persons. The security measures are continuously optimised in line with technological developments.

 
Duration

The Bank will process and store your personal data for as long as it is necessary in order to fulfil the contractual, regulatory and statutory obligations. It should be noted here, that the business relationship is a long-term obligation, which is set up based on a long-term period.

If the data is no longer required for the fulfilment of contractual or statutory obligations, it is regularly deleted, unless its – temporary – further processing is required for the fulfilment of obligations under commercial and tax law: These include in particular the Swiss Code of Obligations, the Federal Act on Value Added Tax, the Federal Act on Direct Taxation, the Federal Act on Harmonisation of Direct Taxes of Cantons and Municipalities, the Federal Act on Stamp Duties and the Federal Act on Withholding Tax.

As a bank, Private Client Bank is subject to special retention requirements («legal holds») in relation to the storage and retention of data. The retention period as a rule amounts to at least ten years. However, in special cases the Bank may be obliged to retain information indefinitely, for example in relation to dormant assets.

 
Data privacy rights

Data subjects may request information from the Bank as to whether personal data relating to them is being processed. They also have the right to rectification, erasure, restriction of data processing, data portability, cancellation and objection to the processing of data. These rights may be restricted due to legal and regulatory provisions and overriding interests, as well as if this is incompatible with an existing or impending contractual relationship or is not technically possible.

Data privacy concerns or complaints can be reported to the responsible data supervisory authority.

The Bank accepts requests for information in writing.

You can withdraw consent granted to Private Client Bank for the processing of personal data at any time.

 
Amendments

Private Client Bank reserves the right to amend this Privacy Policy at any time. The Privacy Policy does not establish any contractual or other formal legal relationship.

 
Data protection matters

If you have any questions regarding individual data processing procedures or would like to exercise your rights, please contact the Data Privacy Officer:

Private Client Bank AG, Attn. Data Privacy Officer, P.O. Box, 8034 Zurich, Switzerland,
telephone no.: +41 44 253 73 04, e-mail: data-protection@privateclientbank.ch