When it comes to the issue of data protection too, Zürcher Kantonalbank (“the Bank”) is committed to an open, transparent and customer-friendly approach. By “personal data” the Bank means information which relates to a particular or identifiable person. The Bank interprets "processing” as referring to any handling of personal data, irrespective of the means and methods used, in particular the collection, storage, use, adaptation, publication, archiving or destruction of personal data.
The provisions set forth in Art. 15 to 17 of the General Terms and Conditions (AGB), January 2018 issue, contain general references to data protection, in particular in connection with the performance of contracts.
The Bank undertakes to protect your privacy in line with the applicable laws, in particular through the rules on banking secrecy and the law governing data protection. The Bank takes numerous precautions to ensure this, such as the implementation of technical and organisational security measures (e.g. the use of firewalls, personal passwords as well as encryption and authentication technologies, access restrictions, awareness-raising and training of employees, appointing a data protection adviser).
Depending on which products and services the Bank provides for you, it can process the following categories of personal data. The Bank’s policy is to process as little personal data as necessary.
The Bank processes customer data. These include, in particular, the following:
The Bank processes data relating to potential customers and visitors (i.e. visitors to branches or websites in particular). These include, in particular, the following:
The Bank processes supplier data. These include, in particular, the following:
In order to fulfil the purposes according to point 2.4, the Bank can collect personal data with the following origin:
The period for which personal data is stored is determined according to statutory record-keeping obligations and the purpose for which the data in question are processed.
As a rule, the Bank stores personal data for the duration of the business relationship or term of the contract and subsequently for a further five, ten or more years (depending on the applicable legal basis). This corresponds to the interval of time within which legal claims can be brought against the Bank. Current or anticipated legal or supervisory authority proceedings can lead to data being stored beyond this period.
The Bank can process the personal data described under point 2.1 in connection with the provision of its own services as well as for its own purposes or those required by law. These include, in particular, the following:
Depending on which products and services the Bank may provide for you or the purpose for which the personal data are processed, the data processing is carried out on the following basis:
1 Consents which are obtained for other reasons, for example due to the provisions concerning banking secrecy according to the Federal Law on Banks and Savings Banks (BankG), are not affected by this section.
If personal data which the Bank processes are necessary in order to fulfil statutory or regulatory obligations or for the conclusion or performance of a contract or the commencement of a business relationship with you, it may be the case that the Bank cannot accept you as a customer or cannot provide you with products or services if the Bank is unable to process this personal data. In this case we will inform you accordingly.
The Bank also reserves the right in future to analyse and evaluate customer data (including data of affected third parties, see point 2.1) in automated form in order to recognise key personal characteristics of the customer or in order to predict developments and create customer profiles. These serve in particular the purpose of business reviews and in order to provide individual advice on, and provide, offers and information which the Bank and companies within its group may make available to the customer.
Customer profiles may in the future also lead to automated individual decisions, for example in order to accept and execute orders submitted by the customer in eBanking by automated means.
The Bank will ensure that a suitable contact person is available if the customer wishes to express an opinion concerning an automated individual decision and such a possibility of expressing an opinion is required by law.
Within the Bank, only those departments receive access to your personal data which require this for the conclusion or performance of a contract or the commencement of a business relationship, in order to fulfil statutory or regulatory obligations or perform duties in the public interest.
The Bank only discloses customer data to third parties in the following cases – depending on the nature of the products and services used:
Contract processors are third parties who process personal data on behalf of and for the purposes of the Bank, for example IT, marketing, sales or communication service providers, collection agencies, fraud prevention agencies, credit agencies or consulting firms. If personal data is communicated to such a contract processor, they may only process the received personal data in the same way as the Bank itself. The Bank selects its contract processors carefully and places them under a contractual undertaking to guarantee confidentiality and banking secrecy in Switzerland as well as the security of the personal data.
Depending on the nature of the product or service being used, personal data may under certain circumstances also need to be disclosed to third parties (incl. contract processors) based in countries in which no adequate level of data protection prevails (see also Art. 16 AGB with reference to the applicability of Swiss banking secrecy). For example, the United States of America does not provide for an adequate level of data protection. When communicating personal data to such a country, the Bank demands that the recipient take appropriate measures to protect personal data (for example by means of the agreement of so-called EU standard clauses, other precautions or on the basis of justifying grounds; a copy of the EU standard clauses can be obtained from us free of charge).
You have the right to information, rectification, erasure, restriction, objection, as well as – where applicable – the right to data portability. In addition you have the right to lodge a complaint with a competent data protection supervisory authority (see point 5).
The Bank accepts information requests in writing together with a clearly legible copy of a valid official identity document (for example passport, identity card, driving licence) at the following address: Zürcher Kantonalbank, Datenschutzberater, Legal & Compliance, Postfach, 8010 Zürich.
The right to erasure and the right to object are not unlimited rights. Depending on the individual case, overriding interests may necessitate further processing. The Bank will examine each individual case and notify you of the result. If personal data is processed for the purpose of direct marketing, your right to object also extends to direct marketing, including profiling for marketing purposes. You can lodge an objection to direct marketing at any time by sending the Bank a notification to this effect (see point 5).
You can at any time withdraw your consent to the Bank processing your personal data. Please note that such a withdrawal of consent only has effect for the future. Processing which took place prior to withdrawal of consent is not affected.
If the Bank fails to meet your expectations with respect to the processing of personal data, if you wish to complain about the Bank’s data protection practices or if you wish to exercise your rights, please notify the Bank of this (see point 5). Among other things, this gives the Bank the opportunity to address your concerns and if need be make improvements. In order to assist the Bank in responding to your enquiry, we request that you provide a correspondingly detailed notification. The Bank will look into your concerns and will reply within an appropriate period.
The Bank is obliged to process the personal data accurately and keep it up to date. Please notify the Bank of any changes in your personal data using the usual communication channel.
The Bank is responsible for the processing of personal data:
Head Office Zurich
You can address general questions, suggestions and comments to your client advisor.
You can address your questions in connection with data protection to the following specialist department: Zürcher Kantonalbank, Datenschutzberater, Legal & Compliance, Postfach, 8010 Zürich or send us a message by e-mail to: firstname.lastname@example.org.
If you are not satisfied with the Bank’s response, you have the right to lodge a complaint with the data protection authority in the jurisdiction within which you live or work or in the place in which, in your view, a problem arose in relation to the personal data.
Last updated: May 2018