Overview
Top results

    Data privacy statement

    Scope

    This data privacy statement is based on Swiss data protection legislation and provides information on how Zuger Kantonalbank (“ZugerKB”) handles personal data. It applies to all areas of the business relationship with clients (including authorised agents, beneficial owners and third parties), with policyholders of ZugerKB’s Vested Benefits Foundation, with persons interested in the services or products of the bank, with service providers, and with other contract partners and users of its offerings, e.g. its website. This information is supplemented by the General Terms and Conditions as well as product-specific or service-specific information containing general information on data protection, e.g. the conditions of use for the TWINT and Mobile Banking App.

    Responsible party for data processing

    Responsible for data processing is:

    Zuger Kantonalbank
    Bahnhofstrasse 1
    6300 Zug

    If you have any questions or other concerns regarding the processing of your data by ZugerKB, please contact the following office:

    Zuger Kantonalbank
    Data protection officer
    Bahnhofstrasse 1
    P.O. Box
    6301 Zug

    Processed personal data

    Depending on the products or services of ZugerKB that you use, ZugerKB will collect and process personal data relating to you. Below we provide you with an overview of the key categories of personal data processed:

    • Identifying data (e.g. name, date of birth, nationality, copy of your ID card or passport), contact data (e.g. address, telephone number, email address), family situation (e.g. marital status, matrimonial property regime), financial situation (e.g. total assets), profession and education/qualifications, information on the business relationship (e.g. signatures, powers of attorney, agreements), health data (e.g. information on your capacity to act), data relating to your relatives and circle of acquaintances (e.g. names of wife or children, names of acquaintances);
    • Identifiers that we assign to you (e.g. your client or account number); 
    • Details of our mutual business relationship and all the products and services used by you;
    • Tax domicile and other documentation and information relevant for tax purposes;
    • Financial and payment transaction information (e.g. payments, transaction data, asset situation, agreements, liabilities, taxes, income, capital gains and investments, investment objectives, information on debt collection procedures, collateral, financing objects, details of beneficiaries in the event of death for the provision of services of the ZugerKB Vested Benefits Foundation);
    • Knowledge and experience in investment matters, investor profile and strategy; 
    • Contract-related information (e.g. on the fulfilment and enforcement of contractual claims); 
    • Where applicable, recording of communication between you and ZugerKB (e.g. telephone, chat); 
    • Data regarding use of e-banking and mobile banking (e.g. log files);
    • Marketing information (e.g. Information on needs, wishes, preferences, participation at events, response to marketing communications);
    • In some cases, where necessary for contractual fulfilment purposes and where legally permissible, data requiring particular protection, for example information relating to administrative and criminal rulings and offences (e.g. in connection with investigations in the context of the Money Laundering Act), political or trade union-related views or affiliations, information about your health (e.g. for the provision of services by the Vested Benefits Foundation of ZugerKB), religious or ethical beliefs (e.g. in tax matters), information on social assistance measures (e.g. in connection with the fulfilment or enforcement of the bank’s contractual or regulatory obligations).

    ZugerKB processes the personal data of individuals who have shown an interest in its banking services and products, as well as the data of users of the bank’s website and branches. This encompasses the following categories of personal data:

    • Basic and contact information such as name, address, date of birth, telephone number and email address;
    • Technical data such as internal and external identifiers, IP addresses, recordings of accesses or changes;
    • Marketing information such as information relating to your needs, wishes and preferences, participation at events, and your response to marketing communications.

    Where relevant in connection with the products and services we supply you with, ZugerKB will also gather information on additional cardholders or account holders, business partners (including other shareholders or beneficial owners), dependent persons and family members, representatives and agents. If you are a corporate client, institutional client or institutional investor, we will additionally also obtain information about the members of your executive board and board of directors. Before you provide ZugerKB with this information, you should inform these individuals about the processing of their data by ZugerKB.

    Origins of personal data

    ZugerKB processes data which you yourself or your authorised agents, representatives or business partners (e.g. board members, business partners, or persons with whom you hold collective responsibility) provide us with in the context of the business relationship. We also compile data provided to us by third parties to execute orders and fulfil contractual obligations, or in respect of which you have provided your consent. This might include data from third-party banks, operators of settlement systems, pension funds, vested benefits foundations, insurance companies, land registry offices, debt collection and bankruptcy offices, card issuers, as well as the Central Office for Credit Information (“ZEK”) and the Consumer Credit Information Office (“IKO”). The data may also come from government departments and authorities (e.g. justice authorities, child and adult protection authorities, public prosecutor’s offices), insofar as such information is passed on to us in connection with their activities. ZugerKB also compiles data that we have obtained from publicly accessible sources either directly or through specialised providers, such as from the media, the internet, the commercial register, the land register, sanction and embargo lists and credit information institutions.

    Legal basis and purpose of data processing

    We process personal data primarily to fulfil our contractual obligations to you in connection with the services and products of ZugerKB or the Vested Benefits Foundation of ZugerKB, or to review a possible business relationship or terminate an existing one. The purpose of data processing is governed by the specific service or product in question, and may involve advice, asset management, the financing and implementation of transactions, and accounting.

    However, ZugerKB also processes personal data to protect its justified own interests, the interests and securing of claims of the Vested Benefits Foundation of ZugerKB, its policyholders/beneficiaries and employees, as well as the interests of third parties. In particular, we process personal data for the following purposes: to guarantee IT security, to assert our legal rights and defend ourselves in legal disputes, for client segmentation purposes, to further develop products and services, to devise service and product offers that are tailored to you (including profiling on the basis of personal data, e.g. analysis of which product and service types you use, your preferences, habits, etc.), to determine creditworthiness and default risks, to control and manage risks, for marketing purposes, and to improve the technology we use.

    Furthermore, ZugerKB processes personal data for various purposes in order to meet its statutory and regulatory obligations – for example, to combat money laundering and the financing of terrorism, to prevent and uncover criminal acts, to review the identity of individuals, to exchange information with foreign tax authorities, for credit review purposes, and for the treatment of dormant assets.

    Finally, subject to your consent we may process personal data for specific purposes (e.g. evaluations for marketing purposes). Any consent given may be revoked at any time.

    Recipients of personal data

    Within ZugerKB, the persons with access to your data are those who require this access in order to fulfil the bank’s contractual obligations and supply its products and services. Among others, this includes not just employees of ZugerKB itself but also those of relevant service providers (e.g. in the areas of banking services, IT, logistics, printing, debt collection, advice, sales or marketing) who have committed in writing to compliance with the requirements of data protection and bank client confidentiality.

    ZugerKB is obliged to respect bank client confidentiality on the basis of both contractual agreements and statutory provisions. Your personal data is therefore only forwarded to other parties on a legal basis, based on your consent, or – if necessary to execute your transactions – to recipients outside of ZugerKB. In such situations, your data may be communicated to the following recipient categories:

    • Public bodies and institutions both in Switzerland and abroad as a statutory obligation: e.g. the Swiss Financial Market Supervisory Authority (FINMA), Swiss National Bank, Money Laundering Reporting Office (MROS), the courts, public prosecutor’s offices, child and adult protection authorities (“KESB”), tax authorities, the banking ombudsman, accounting and audit companies;
    • Providers of credit and economic information (e.g. the Central Office for Credit Information (“ZEK”) and Consumer Credit Information Office (“IKO”). 
    • Other credit and financial services institutions, correspondent banks, stock exchanges, trading platforms, brokers, counterparties, custodians, issuers of payment cards, clearing houses for payment and securities transactions, vested benefits foundations, pension funds, share registers of third-party companies, payment recipients, beneficiaries, holders of power of attorney in respect of bank accounts, and other parties involved in transactions both in Switzerland and abroad, to the extent that this is required to fulfil the obligations in respect of the business relationship;
    • External service providers (e.g. IT providers, law firms, debt collection agencies, etc.) in Switzerland and the EU/EEA, and in rare cases also elsewhere.

    Data security

    ZugerKB undertakes to protect the private sphere of its users, to treat the personal data of users of its websites in accordance with the provisions of the Federal Act on Data Protection, and to preserve bank client confidentiality.

    When you use our website and our digital services, your personal data is transmitted across an open network that is accessible by anyone. In certain situations, your personal data may be transmitted across borders, even if you yourself are in Switzerland. The bank deploys technical measures to protect your personal data using state-of-the-art technology. Nonetheless, it cannot be ruled out that transmitted personal data may be accessed by unauthorised parties. For example, IP addresses and notifications via email, SMS, push communications and similar may allow conclusions to be drawn about the sender and the recipient of a message. Furthermore, you acknowledge that the information you transmit to ZGKB via an electronic medium, in particular via a contact form, input screen, email, SMS, etc., is typically transmitted in unencrypted form. Even in the event of encrypted transmission, the sender and recipient themselves will remain unencrypted. It may therefore be possible for a third party to draw conclusions about an existing or future banking relationship with ZGKB. Bank confidentiality is accordingly not preserved. Where such notifications are activated by you, you are accepting the possibility of the associated additional risk of a breach of your private data in respect of which you have no claim against the bank.

    ZGKB expressly emphasises the threat of malware and the possibility of targeted attacks by hackers. In order to combat malware, it is advisable to use up-to-date versions of browsers and to install and continuously update anti-malware software. Users should rigorously avoid opening e-mails of unknown origin or unexpected e-mail attachments.

    Transmission of data to countries abroad

    Personal data is transferred abroad above all when required for the execution of your orders (e.g. payment and securities orders), where prescribed by law (e.g. for the automatic exchange of information in tax matters, the provision of administrative and legal assistance to foreign authorities), or where you have given your consent for such transmission, or if the bank has justified interests in transmitting this data. Any transmission of personal data to countries abroad is undertaken on the basis of sufficient guarantees under data protection law (in particular recognised protective clauses in respect of standard data) in situations where the legislation of the country in question does not guarantee adequate protection.

    Profiling

    ZugerKB processes some personal data automatically in order to evaluate certain personal aspects (“profiling”). For example, profiling is used in the following contexts:

    • With data evaluations undertaken to combat money laundering, the financing of terrorism, and criminal acts which pose a threat to assets (including in connection with payment transactions).
    • For targeted communication and advertising, including market research, and to design offerings of products and services.
    • To assess creditworthiness and calculate affordability in connection with credit checks.

    Web services, web analysis tools and cookies

    When you visit the website www.zugerkb.ch, ZugerKB gathers technical data and other information relating to your website visit, among other things. It also uses cookies in connection with the preparation of its digital website offering. Please see in this respect the cookie policy of ZugerKB at zugerkb.ch/cookie-policy.

    Use of personal data in connection with online account opening

    You make personal data available to ZugerKB when you open an account online. This data will be used by ZugerKB to open and maintain a business relationship. ZugerKB may also make this data available to contracted third parties if required in connection with the opening and/or maintenance of a business relationship. The data will be stored in Switzerland. You also hereby agree that ZugerKB may communicate with you by unsecured e-mail in connection with the opening of a business relationship. Communication via unsecured e-mail involves various risks. In particular, confidentiality cannot be guaranteed. Furthermore, you acknowledge that a decision on opening the business relationship will be made automatically when you use the online account-opening process. If the business relationship is not opened, you can submit another application for the opening of an account at any branch of ZugerKB. 

    Duration of storage of your data

    ZugerKB will store your personal data for as long as this is required to fulfil its contractual, statutory or regulatory obligations. Data processing will be continued beyond this timeframe where this is required by statutory or regulatory retention periods (e.g. under the Swiss Code of Obligations, money laundering legislation, various items of Swiss legislation relating to taxation, or in the context of dormant assets) or where ZugerKB is using the data to assert, exercise or defend its own legal rights. Once the purpose of storage no longer applies, the personal data is deleted insofar as this is technically possible.

    Your data protection rights

    Where envisaged under applicable data protection legislation, every affected individual has certain rights regarding data that relates to their person, including the right to information, the right to notification, the right to deletion, the right to restrict data processing and the right to revoke any consent given. Furthermore, you have a right to complain to the relevant data protection authority.

    Last update on: December 2022