Privacy Policy of Schwyzer Kantonalbank

1. General conditions of use

The basis for this Privacy Policy is the Swiss data protection legislation. In the following, we inform you which personal data we collect and process, how and for what purpose, and what rights you have in this context.

This Privacy Policy applies to data processing by Schwyzer Kantonalbank (hereinafter referred to as “SZKB”) for current and former customers, interested parties and visitors to our branches or website.

Which data is processed in detail, to what extent and for what purposes depends, in particular, on the services you have requested or used and any contractual bases. Any contractual bases are available on the corresponding websites and/or in the corresponding apps. If these provisions or any contractual bases for the individual services do not provide for any specific regulation, the General Terms and Conditions (GTC) shall apply in all other respects.

2. Purpose of processing your data

The data are processed by SZKB for the provision of our own services, and for our own purposes or those provided for by law. This is understood to mean the following in particular:

Examining or establishing a possible business relationship, concluding or performing a contract or business relationship. The purpose of processing your data depends on the service or product requested or used (e.g. performing transactions, needs analyses, advice or asset management).
Fulfilling the legal or regulatory obligations of SZKB or to perform tasks in the public interest. This includes, among other things, compliance with the requirements of the Banking Act (BA), the Financial Market Infrastructure Act (FMIA), the Anti-Money Laundering Act (AMLA), the Collective Investment Schemes Act (CISA), tax laws (including automatic exchange of information with foreign countries) as well as the ordinances and circulars of the Swiss Financial Market Supervisory Authority FINMA, the guidelines of the Swiss Bankers Association and the requirements of the Swiss National Bank.
To safeguard the legitimate interests of SZKB or of third parties (e.g. statistics, planning or product development, business decisions, monitoring and control of risks, preservation of evidence, marketing, market research or preparation and provision of customised services).
Safeguarding the interests and securing the claims of SZKB in the event of claims against SZKB or bank customers, as well as safeguarding the security of customers and employees.
Any other purposes, of which SZKB will notify you in due course.

3. Data handling/Data security

All systems and programs applied and used by SZKB are state-of-the-art in terms of security and are protected by suitable technical and organisational measures against loss, destruction, access, modification or dissemination of data by unauthorised persons. Appropriate encryption procedures are used. Security measures are continuously realigned with current technical developments, and are regularly subjected to internal and external controls. Furthermore, training is provided and action taken on a regular basis to ensure awareness among employees. The aforementioned measures for handling data also apply to our contractual partners.

The regulations on data protection are strictly observed by SZKB. However, we would like to point out that if a communication channel without end-to-end encryption (such as text message, conventional e-mail, push messages) is used, as well as when using the website or digital service offers, transmission may take place without end-to-end encryption or even unencrypted and the data can be intercepted or viewed by third parties under certain circumstances. Furthermore, the use of text messages, e-mails, push messages and the like or the website as well as digital service offers may result in cross-border data transmission, even if the sender and recipient are located in Switzerland. The customer acknowledges that in these cases third parties may infer a possible banking relationship.

SZKB expressly refers to the risk of malware (harmful software) and the possibility of targeted hacker attacks. We recommend the use of up-to-date browser versions and installing continuously updated anti-malware software. Furthermore, e-mails of unknown origin should be not be opened and attachments that are not expected should be destroyed as a general rule.

4. Categories of personal data

The term “personal data” refers to all information that relates to an identified or identifiable private individual. Data processing refers to all handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, publication, archiving, deletion or destruction of personal data.

SZKB will only process your personal data to the extent necessary and depending on the SZKB products or services you use. The most important personal data or categories of personal data are listed below:

Master and portfolio data (e.g. name, address, date of birth, tax domicile, nationality, contract number and term, identification numbers such as the account number, documents to establish customer identity, information on the account, custody account, on concluded transactions or on third parties such as life partners, authorised representatives and advisors who are also affected by data processing).
Where relevant and legally permissible, data processing may also include personal data requiring special protection (e.g. health data, biometric data or data on administrative or criminal penalties).
Information on the financial situation (e.g. credit rating data) or situation of the company.
Information on education and professional situation.
Technical data (e.g. IP addresses or other data, e.g. when accessing our website).
E-banking and mobile banking usage data.
Transaction and order data.
In some circumstances, recordings of telephone conversations (where required for training, quality assurance or evidentiary purposes, or to comply with legal or regulatory requirements).
Video recordings for security reasons.
Details of interactions (e.g. written or e-mail correspondence).
Marketing information (e.g. details of needs, wishes, preferences, attendance at events, response to marketing communications).
Data that are legitimately available from publicly accessible sources (e.g. debtor records, land registers, commercial registers, press, internet, etc.) or that are legitimately provided to SZKB by other third parties (e.g. a credit information agency or cooperation partners).

Finally, SZKB processes prospective customer or visitor data (e.g. visitors to a branch or to the website). This primarily includes master and inventory data such as name, address, date of birth, telephone number, technical data such as internal and external identifiers, IP addresses, records of access or modifications, and marketing data such as needs, wishes or preferences.

5. Origin of personal data

SZKB processes personal data from the following sources:

Personal data provided directly to SZKB, e.g. in the context of opening a business relationship, a consultation, for products and services or on the SZKB website.
Personal data that are generated as a result of the use of products and services and are transmitted to SZKB via technical infrastructure or via specific processes, e.g. websites, e-banking or mobile banking, apps, in payment transactions or securities trading, or in cooperation with other financial or IT service providers, or marketplaces and stock exchanges.
Personal data from third-party sources, insofar as this is necessary for the provision of our services or for research and is legitimately transmitted, such as land registers, commercial registers, authorities, credit information agencies or any sanctions lists.

6. Possible recipients of personal data and disclosure abroad

Within SZKB, your personal data can be accessed by those who need to do so in order to enter into, conclude or execute a contract or a business relationship.

As a general rule, no data about you will be passed on to third parties (e.g. order processors) which do not serve the purpose of the fulfilment of the contract. In the context of a final and enforceable judgement, order or legal obligation, however, personal data must be released to authorities in Switzerland and abroad in connection with civil, administrative and criminal proceedings.

The term order processors refers to third parties who process personal data on behalf of and for the purposes of SZKB (e.g. IT, marketing, sales or communication service providers). If personal data are disclosed to the order processor, the latter may only process the data in the same way as SZKB would be permitted to do so itself. SZKB carefully selects its order processors and contractually obliges them to ensure confidentiality, banking secrecy and the security of personal data.

A transfer of customer data abroad may take place in principle in the following cases, provided that:

it is required in order to execute your orders (e.g. payment and securities orders),
this is required by law (e.g. reporting obligations under tax law or administrative and legal assistance vis-à-vis foreign authorities),
it is necessary due to the involvement of service providers (processing of commissioned data),
there are overriding interests of SZKB, or
where necessary, the consent of the customer has been obtained.

The disclosure of your personal data is based on a sufficient legal basis and, if the legislation of the country concerned does not ensure adequate protection, on the basis of sufficient guarantees under data protection law (e.g. recognised standard contractual clauses or other guarantees).

Customer data are processed or transmitted in Switzerland and in EEA member states. Should the data be transferred to a country other than those mentioned above, appropriate data protection will be ensured and SZKB will inform you of this in the specific case, if necessary.

7. Duration of the retention of personal data

Your personal data will be stored for as long as is necessary to fulfil contractual, legal or regulatory obligations or to comply with internal requirements. The personal data will be stored for the duration of the business relationship or the duration of the contract and subsequently for 10 years in principle (depending on the applicable legal basis). Ongoing or anticipated legal or regulatory proceedings or other overriding interests may result in the retention of data beyond this time period. If there is no longer a reason for keeping them, they will be deleted or anonymised as far as technically possible.

8. Obligation to provide personal data

SZKB relies on you to provide certain personal data in order to enter into a business relationship with you and subsequently fulfil its contractual obligations. Without these data, the services you have requested cannot be provided as a rule. In particular, money laundering regulations require us to identify you by means of an identification document and process details such as name, date of birth, nationality, address and identity card data before entering into a business relationship. Should any changes occur to this data during the business relationship, SZKB must be informed immediately.

9. Automated individual decision-making in specific cases and profiling and use of artificial intelligence

In some cases, personal data are processed automatically in order to evaluate certain personal aspects relating to a private individual (profiling). This may, for example, involve data processing with regard to legal and regulatory requirements for combating money laundering, terrorist financing and asset-endangering crimes, with regard to credit decisions or the provision of advice or the offer of products and information that are tailored to your individual situation and that SZKB believes may be of interest to you. There is currently no fully automated decision-making process in place. However, SZKB reserves the right to analyse and evaluate customer data fully automatically in the future in order to identify key personal aspects of the customer, or to predict developments and create customer profiles. Where required by law, SZKB will inform you accordingly and ensure that - where provided by law - you can state your position and a private individual reviews the automated individual decision.

Furthermore, artificial intelligence (AI) may be used with regard to the fulfilment of legal or regulatory obligations, in particular to meet compliance requirements.

10. Your rights

Based on Swiss data protection legislation, any data subject may request information from SZKB as to whether, and if so, what data about them are processed and stored. As a data subject, you may request that incorrect personal data be corrected, incomplete data be completed or the processing of your data be restricted. You may also have your personal data erased or object to processing with effect for the future. Finally, you may request that your personal data be handed over or transferred to another person responsible.

SZKB may defer, restrict or refuse the exercise of such rights to the extent permitted by law. We can inform you as a data subject of any requirements you may need to fulfil in order to exercise your rights. We must identify a data subject who wishes to exercise their rights with reasonable measures. As a data subject, you are obligated to cooperate.

As a data subject, you have the right to appeal to the competent data protection authority.

11. Responsibility and contact details for exercising your rights

Responsible for data processing:

Schwyzer Kantonalbank
PO Box
6431 Schwyz

You can send your questions in connection with data protection, in particular data processing, in writing to the following address, enclosing proof of identification:

Schwyzer Kantonalbank
Data Protection Advisor
PO Box
6431 Schwyz

or by e-mail to datenschutz@szkb.ch

12. Change to the Privacy Policy

SZKB reserves the right to amend the Privacy Policy if necessary. The current version published on our website applies.

This Privacy Policy was last revised in August 2023.