2.8.1 Recipients
Within the Bank, only those departments receive access to your personal data which require this for the conclusion or performance of a contract or the commencement of a business relationship, in order to fulfil statutory or regulatory obligations or perform duties in the public interest.
The Bank only discloses customer data to third parties in the following cases – depending on the nature of the products and services used:
- In order to execute orders, i.e. in relation to the use of products or services, for example to payees, beneficiaries, authorised account users, intermediaries as well as correspondence banks, brokers, clearing houses, other parties involved in a transaction, service providers (e.g. Swisscom), exchanges or marketplaces, reporting of certain stock exchange transactions to international transaction registers.
- With the consent of the customer, to affiliated companies for the purpose of providing comprehensive customer services and for the purpose of outsourcing.
- On the basis of statutory obligations, legal justifications or official orders, for example, to courts, law enforcement agencies or supervisory authorities, e.g. in the area of the law governing financial markets or tax matters or, where necessary, in order to protect the Bank’s legitimate interests in Switzerland and abroad. The latter applies in particular in the event of legal steps or public statements against the Bank being initiated or threatened by the customer, in order to secure the Bank’s claims against the customer or third parties, in connection with the collection of the Bank’s claims against the customer and in order to restore contact with the customer after contact with the competent Swiss authorities has been broken off.
Contract processors are third parties who process personal data on behalf of and for the Bank, e.g. IT, marketing, market research, sales or communication service providers, logistics companies, printing service providers, financial service providers, real estate service providers, rating agencies, collection agencies, anti-fraud agencies, information and cybersecurity service providers, credit reference agencies or consulting firms. If personal data is communicated to such a contract processor, they may only process the received personal data in the same way as the Bank itself. The Bank selects its contract processors carefully and places them under a contractual undertaking to guarantee confidentiality and banking secrecy in Switzerland as well as the security of the personal data.
2.8.2 Location of disclosure
The location of the data disclosure depends on the type of product or service used. Due to our business model as a full-service bank, the following variations are possible:
- The Bank trades and holds in custody securities and financial instruments and/or executes fiduciary investments and foreign exchange transactions on behalf of the customer. In this context, foreign law and contractual provisions may require the Bank to disclose for whom it is acting. This may result in the Bank having to name specific persons or disclose information and documents to authorities and business undertakings in Switzerland or abroad. It should be noted that trading (depending on the exchange or trading facility), downstream processing stages and safekeeping may take place in third countries. The disclosure obligations vary from country to country. Furthermore, new duties of disclosure may arise at any time, or existing ones may be amended. Further information on the place of disclosure of personal data in connection with securities and financial instruments and/or fiduciary investments and foreign currency transactions has already been provided to you in connection with the specific services and products (cf. our General Terms and Conditions of Business, the terms on our products and services and our legal notices and information relating to our trading and investment business, in particular disclosure of customer data in connection with financial market and foreign exchange transactions, Shareholder Rights Directive II, country specifications for cross-border payments, Markets in Financial Instruments Regulation (MiFIR) and SBVg guidelines (February 2016 and June 2009).
- In connection with the administration of contracts with its suppliers, the Bank may also process contact details, such as the name, e-mail address or telephone number of its contact persons (employees of suppliers). These contact details will be processed using an IT system with a server hosted in Germany.
2.8.3 Guarantees
If, in exceptional cases, personal data is disclosed in countries where there is no adequate level of data protection (see also Art. 16 of the General Terms and Conditions of Business and information regarding the applicability of Swiss banking secrecy and data protection laws; these shall apply mutatis mutandis to visitor and employee data of suppliers), the Bank shall obligate the recipient to comply with an appropriate level of data protection by concluding recognised standard contractual clauses, or the Bank will avail of a statutory exception provision (e.g. conclusion or performance of a contract, safeguarding of overriding public interests, enforcement of legal claims, or your consent).
A copy of the EU standard contractual clauses (SCC) can be obtained from us free of charge.