Privacy Policy
1. General conditions of use
Please read these conditions carefully. They inform you how we collect and process personal data, and what your rights are in this context. The term «personal data» refers to all information that relates to an identified or identifiable individual. Processing refers to all handling of personal data, regardless of the means and procedures used, in particular the acquisition, storage, retention, use, modification, publication, archiving, deletion or destruction of personal data.
Which data are processed in detail and to what extent is largely determined by the services you use and the corresponding terms of use, if applicable. These are available on the corresponding websites and/or apps. If these provisions and the respective terms of use do not provide for any specific arrangements regarding the individual services, the General Terms and Conditions shall apply in all other respects.
2. Data handling/data security
The regulations on data protection are strictly observed by Schwyzer Kantonalbank (hereinafter referred to as SZKB). All systems and programs applied and used by the Bank are state-of-the-art in terms of security and are protected by adequate technical and organisational measures against loss, destruction, access, modification or dissemination of data by unauthorised persons. Appropriate encryption procedures are used. Security measures are continuously realigned with current technical developments, and are regularly subjected to internal and external controls. In addition, training is provided and action taken on a regular basis to ensure awareness among employees. The aforementioned measures for handling data also apply to our contractual partners.
3. Categories of personal data
SZKB processes the personal data received from the customer within the scope of the business relationship. It also processes – to the extent necessary for the provision of its services – personal data that are legitimately available from publicly accessible sources (e.g. debtor records, land registers, commercial registers, press, Internet, etc.) or that are legitimately provided to the Bank by other third parties (e.g. a credit information agency or cooperation partners).
SZKB processes customer data such as, above all, master and inventory data (e.g. name, address, date of birth, contract number and duration, documents to establish customer identity and information on the account, custody account and concluded transactions, or on third parties such as life partners, authorised representatives and advisors who are jointly affected by data processing). Tax residency information, transaction and order data, marketing data, technical data, etc., may also be relevant.
Finally, SZKB processes prospective customer or visitor data (e.g. visitors to a branch or to the website). This primarily includes master and inventory data such as name, address, date of birth, telephone number, technical data such as internal and external identifiers, IP addresses, records of access or modifications, and marketing data such as needs, wishes or preferences.
SZKB records telephone calls where required by law or for training and quality assurance purposes. Video recordings are made for security reasons and for the purpose of investigating possible criminal acts.
4. Origin of personal data
SZKB collects personal data from the following sources:
- Personal data provided directly to SZKB, e.g. in the context of opening a business relationship, a consultation, for products and services or on the SZKB website.
- Personal data that are generated as a result of the use of products and services and are transmitted to SZKB via technical infrastructure or via specific processes, e.g. websites, e-banking or mobile banking, apps, in payment transactions or securities trading, or in cooperation with other financial or IT service providers, or marketplaces and stock exchanges.
- Personal data from third-party sources, e.g. land registers, commercial registers, authorities and any sanctions lists.
5. Legal basis and purpose of data processing
SZKB processes your data lawfully and in good faith. The data are processed for the provision of our own services, and for our own purposes or those provided for by law. This is understood to mean the following in particular:
- Entering into, concluding or performing a contract or business relationship with you or for SZKB’s performance under such contract or business relationship.
- Where applicable, to fulfil the legal or regulatory obligations of SZKB or to perform tasks in the public interest.
- Where applicable, to safeguard SZKB’s legitimate interests (e.g. statistics, planning or product development, business decisions, monitoring and control of risks, preservation of evidence, marketing, market research, preparation and provision of customised services).
- Safeguarding the interests and securing the claims of SZKB in the event of claims against SZKB or its customers, as well as safeguarding the security of customers and employees.
- Based on your consent, if applicable.
- Any other purposes, of which we will notify you in due course.
6. Possible recipients of personal data and disclosure abroad
Within SZKB, your personal data can be accessed by those who need to do so in order to enter into, conclude or execute a contract or a business relationship.
Without your consent, no data about you will be passed on to third parties (e.g. order processors) which do not serve the purpose of the fulfilment of the contract. In the context of a final and enforceable judgement, order or legal obligation, however, personal data must be released to authorities in Switzerland and abroad in connection with civil, administrative and criminal proceedings.
The term “order processors” refers to third parties who process personal data on behalf of and for the purposes of SZKB (e.g. IT, marketing, sales or communication service providers). If personal data are disclosed to the order processor, the latter may only process the data in the same way as SZKB would be permitted to do so itself. SZKB carefully selects its order processors and contractually obliges them to ensure confidentiality, banking secrecy and the security of personal data.
A transfer of customer data abroad may take place in principle in the following cases, provided that
- it is required in order to execute your orders (e.g. payment and securities orders),
- it is required by law (e.g. reporting obligations under tax law),
- it is necessary due to the involvement of service providers (processing of commissioned data), or
- the consent of the customer has been obtained.
7. Duration of the retention of personal data
Personal data are stored in accordance with statutory retention obligations or for the purpose of the relevant data processing. The personal data will be stored for the duration of the business relationship or the duration of the contract and subsequently for 10 years in principle (depending on the applicable legal basis). Ongoing or anticipated legal or regulatory proceedings may result in the retention of data beyond this time period.
8. Obligation to provide personal data
SZKB relies on you to provide certain personal data in order to enter into a business relationship with you and subsequently fulfil its contractual obligations. Without these data, the services you have requested cannot be provided. In particular, money laundering regulations require us to identify you by means of an identification document and process details such as name, date of birth, nationality, address and identity card data.
9. Automated individual decision-making in specific cases and profiling
In some cases, personal data are processed automatically in order to evaluate certain personal aspects (profiling). This may, for example, involve data processing with regard to legal and regulatory requirements for combating money laundering, terrorist financing and asset-endangering crimes, or the provision of advice or the offer of products and information that are tailored to your individual situation and that SZKB believes may be of interest to you. There is currently no fully automated decision-making process in place. However, SZKB reserves the right to analyse and evaluate customer data automatically in the future in order to identify key personal characteristics of the customer, or to predict developments and create customer profiles. To the extent required by law, we will inform you accordingly.
10. Your rights
Based on the Data Protection Act, any data subject may request information as to whether data concerning them are being stored and – in the event of unlawful processing – request for these data to be deleted or corrected. A written request can be submitted to SZKB for the correction or deletion of the personal data collected, processed or used by the Bank. In addition, a restriction of data processing can be requested, or consent previously given can be revoked. However, revocation of consent previously given is only valid for the future. The above does not apply, however, if the personal data must continue to be processed and stored for the fulfilment of the contract, compliance with legal provisions and to protect our own interests. In addition, SZKB may refuse or only partially submit to the request for information within the scope of statutory provisions.
Furthermore, you have the right to appeal to the competent data protection authority.
11. Contact details for exercising your rights
Questions related to data protection, in particular data processing, should be sent to the following address:
Schwyzer Kantonalbank
Data Protection Advisor
P.O. Box
6431 Schwyz
or to datenschutz@szkb.ch
12. Change to the Privacy Policy
SZKB reserves the right to amend the Privacy Policy if necessary. You will be informed of this in a suitable manner, e.g. by means of a notice on the website.
Privacy Policy status as of 6 October 2022