Frankfurter Bankgesellschaft (Schweiz) AG
Börsenstrasse 16
8022 Zürich
Switzerland
Tel. +41 44 265 44 44
Fax +41 44 265 44 11
privatebanking@frankfurter-bankgesellschaft.com

Data protection information

How we handle your personal data and what your rights are under the Swiss Federal Act on Data Protection (FADP), as well as Information in keeping with Articles 13, 14 and 21 of the EU General Data Protection Regulation (EU-GDPR)

Mai 2018

A1. Data protection in general

The following information provides you with an overview of the ways we process your personal data, as well as an explanation of your rights under data protection law. Which data are processed in detail and how they are used depends to a large extent on the services you have requested or agreed to.

1. Who is responsible for data processing and whom can I contact in case of questions?

The responsible office is
Frankfurter Bankgesellschaft (Schweiz) AG
Börsenstrasse 16
8001 Zürich
Switzerland

You van reach our data protection officer at:
Frankfurter Bankgesellschaft (Schweiz) AG
Data Protection Officer
Börsenstrasse 16
8001 Zürich
Switzerland
E-Mail address: Datenschutz.ch(at)Frankfurter-Bankgesellschaft.com

2. Which sources and data do we use?

We process personal and particularly sensitive (e.g. biometric) data that we receive from you in connection with our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we have legitimately received from other companies of the Sparkassen-Finanzgruppe or from other third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of a consent given by you). On the other hand, we also process personal data that we have legitimately obtained from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, the press and other media).

The relevant person-specific data obtained during the interested third-party process, at the opening of a contractual relationship, in the course of an authorisation (custody/current account power of attorney) or as an authorised party to a custody account/ contract may be:

Name, address and other contact data (telephone, e-mail address, date/place of birth, gender, nationality, language, marital status, legal capacity/ability to act, occupational group designation, economic and tax details (e.g. employed/self-employed, tax domicile), identification/legitimisation data (e.g. ID data/copy), authentication data (e.g. specimen signature), tax ID, FATCA status.

When products/services from the product categories listed below are purchased or availed of, further personal data may be collected, processed and stored in addition to the aforementioned data.

These essentially include:

2.1 Asset management, investment advice, advisory-free transacting

Current and/or previous occupation, detailed information on knowledge and/or experience with securities (MiFID status), Investment style/strategy (scope, frequency, risk appetite), financial situation (assets, liabilities, income, expenses), foreseeable changes in financial circumstances (e.g. reaching retirement age), tax information (e.g. for US withholding tax purposes), documentation data (e.g. consulting protocols), order data (e.g. payment orders, securities orders).

2.1 Additional correspondence and communication data

connection with the business relationship, especially by means personal, telephone or written client interactions either you or the Bank have initiated, further personal data, e.g. information regarding the channel used for contact, the date, Occasion and result, (electronic) copies of correspondence, as well as information associated with advertising measures.

3. For what purposes do we process your data and on what legal basis?

We process personal data in accordance with the provisions of the EU-GDPR and the FADP:

3.1 For the fulfilment of contractual obligations

The processing of personal data takes place in order to facilitate the brokerage of transactions and provision financial services in fulfilment of our contracts or to conduct pre-contractual measures with you and execute your orders, as well as to carry out all activities necessary for the operation and administration of a credit or financial services institution.

The purposes of the data processing mainly depend on the specific product (e.g. account, credit, securities, deposits, brokerage) and may include, among other things, needs analyses, advice, asset management and support, as well as for the execution of transactions.

3.2 In connection with the ascertainment of interests

If necessary, we process your data beyond the mere fulfilment of our contractual obligation to you in order to protect the legitimate interests of the Bank or third parties. Examples:

  • assertion of legal claims and defence in legal disputes;
  • ensuring the IT security and IT operations of the Bank;
  • prevention and investigation of criminal acts;
  • safeguarding the Bank again reputational damage;
  • measures for building and systems security (e.g. access controls);;
  • measures for business management and the further development of services and products;
  • risk control within the Group.

    3.3 On the basis of your consent

    If you have given us your consent to process your personal data for specific purposes (e.g. forwarding of data within the network/Group), such processing is deemed legal on the basis of your consent. A granted consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the EU-GDPR or FADP entered into force.

    Please note that any such revocation will only be valid for the future. Processing that took place before the revocation is not affected by this.

    3.4 By force of legal requirements or in the public interest

    In addition, as a bank we are subject to various legal obligations, i.e. legislative (e.g. Money Laundering Act, Swiss Code of Obligations, tax laws) and banking supervisory requirements (e.g. financial market supervision and banking law). The purposes of processing include identity verification, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations, as well as the assessment and management of risks within the Bank and the Group.

    4. Who receives my data?

    Within the bank, those departments that need your data to fulfil their contractual and legal obligations have access to it. Moreover, contractors used by us may also receive data for these purposes if they observe confidentiality and our data protection directives.

    The latter are mainly companies from the categories listed below.

    With regard to the transfer of data to recipients outside the Bank, it must first be noted that, in accordance with the General Terms and Conditions agreed between us, we are obliged to maintain confidentiality concerning all customer-related facts and assessments that we become aware of (banking secrecy). We may only disclose information about you if required by contractual or legal provisions or if you have given us your consent to do so.

    Under these conditions, recipients of personal data can be, for example:

    • public authorities and institutions (e.g. financial market supervisors, public prosecutor’s office) in the case of a legal or official obligation;
    • other credit and financial services institutions or comparable entities, as well as contractors to which we transfer personal data in carrying out our business relationship with you (depending on the contract: e.g. correspondent banks, custodian banks, securities exchanges, etc.).

      Further recipients of data may be those entities for which you have given us your consent to transfer data or for which you have freed us from banking secrecy in accordance with a specific agreement or consent.

      4.1 Purposes of the data Transfer

      Handling inquiries from authorities, the support/operation/maintenance of EDP/IT applications, archiving, document processing, controlling, data screening for anti-money laundering purposes, data destruction, purchasing/procurement, client administration, marketing, research, risk controlling, telephony, website management, securities services, share registers, fund administration, auditing services, payment transactions.

      5. For how long will my data be stored?

      Provided it is necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship is a continuing obligation that is intended to run for years.

      In addition, we are subject to various archiving and documentation obligations arising from the Swiss Code of Obligations (SCO), the Banking Act (BankA), the Federal Consumer Credit Act (FCCA), the Money Laundering Act (MLA) and others. The periods for storage and documentation specified therein are up to ten years.

      Finally, the storage period is also judged according to the statutes of limitation (one example, generally 10 years as per Art. 127 SCO).

      6. Will data be transmitted to a third country or an international organisation?

      A data transfer to third countries will only take place if this is necessary for the execution of your orders (e.g. payment and securities orders), if it is required by law (e.g. tax reporting obligations), if you have given us your consent or if it is required in Connection with order data processing.

      7. What data protection rights do I have?

      Each affected person has the right to receive information, the right to correct any errors, the right to delete certain information, the right to limit the related processing, and the right to determine the transferability of the data, provided this is reasonable or that there is no legal obligation to keep the data. In addition, there is a right of appeal to a data protection supervisory authority or the Bank’s data protection officer. You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the EU-GDPR or FADP entered into force. Please note that any such revocation will only be valid for the future. Processing that took place before the revocation is not affected by this.

      8. Is there an obligation for me to participate or assist in the collection of data?

      Should you make personal data of third parties available to the Bank in the course of the business relationship, you must inform the third party in advance of their rights under data protection law. In connection with our business relationship, you only Need to provide those personal data which are necessary for the establishment and conduct of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without these data we will usually have to refuse conclusion of the contract or execution of any relevant order, or we will no longer be able to uphold an existing contract and may have to terminate it.

      In particular, under the provisions of money laundering law and the agreement on the Swiss banks’ code of conduct on due Diligence (CDB), we are obliged to verify your identity before establishing the business relationship, for example on the basis of your official photo ID, and to make and retain a copy of that ID including your name, place and date of birth, nationality and your residential and mailing addresses. In order for us to comply with this legal obligation, you must provide us with the necessary Information and documents on the basis of the aforementioned principles and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we are not permitted to establish or continue the business relationship you desire.

      9. To what extent is computer-based decision making applied in individual cases?

      In principle, we do not rely on automated decision making when establishing and conducting the business relationship. Should we actually apply such a procedure in individual cases, we will inform you of this separately, insofar as this is required by law.

      10. To what extent is my data is used for profile compilation (scoring)?

      We process your data in certain respects automatically with the aim of evaluating specific personal characteristics (profiling). For example, we use profiling in the following instances:

      Legal and regulatory requirements oblige us to combat money laundering, terrorist financing and asset-endangering crimes. Data is also evaluated during payment transactions, for example. These measures simultaneously serve your own protection.

A2. Internet use in particular

11. How do we handle your Internet data?

We take the protection of your personal Internet data very seriously and treat that data confidentially and in accordance with the provisions of law.

Data processing only takes place when this is necessary for the performance of the services we offer.

Your personal data will not be passed on to third parties unless you have been informed of such intent beforehand and you have (electronically) consented to the transfer through a clear and deliberate act.

By registering for and visiting our website, you agree that we may collect, store and process the use-related data.

Bear in mind, though: data transmission via the Internet can always be subject to security vulnerabilities. Hence, complete protection against access by third parties is not realisable.

12. Which data could be generated during the use of our Internet pages and potentially be stored by us or third parties?

12.1 Cookies and session IDs

Cookies and session IDs are sometimes used on our web pages to provide you with specific information and to save your search settings. Through the use of these cookies, neither personal data are stored nor are they linked to your personal user data. Cookies are small text files that are sent from our web server to your PC, where they are usually stored on your hard drive. They do not become part of your system and cannot cause any damage.

Most browsers are set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you when a cookie has been sent.

12.2 Matomo (formerly, Piwik)

Our website uses Matomo, an open source web analysis tool (https://matomo.org), to collect and store data for marketing and optimisation purposes. These data can be used to create user profiles under a pseudonym, and cookies may be used in this process.

Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. The cookies enable the reidentification of the Internet browser. The data compiled with Matomo will not be used to personally identify the website visitor and will not be combined with personal data of the bearer of the pseudonym without the specially provided consent of the Person concerned. However, you have the option of preventing Matomo from storing cookies on your computer. To do this, you must modify the corresponding settings in your Internet browser. As a result, you may not be able to use the full scope of our website.

12.3 Web Fonts

The Bank’s website uses external fonts provided by Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg, Germany.

Each time you visit our website, files are loaded from a fonts.com server to display the texts in a specific font. Your IP address can be transferred to a «fonts.com» server and stored in the usual weblog. «fonts.com» is responsible for the further processing of this information. Further information and setting options can be found in the «fonts.com» data protection information, which you can access via the following URLs:

https://www.fonts.com/de

https://www.fonts.com/info/legal/privacy

A3. Your rights

Information on your right to object:

13. Right of objection in individual cases

For reasons attendant to your particular situation, you have the right to object at any time to the processing of data relating to your person which is conducted on the basis of Article 6 para. 1 lit f of the EU-GDPR (data processing on the basis of legitimate interests); this also applies to «profiling» under this provision within the context of Article 4 No. 4 EU-GDPR, which we utilise for creditworthiness assessment or for advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling reasons worthy of protection for such processing, which outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

14. Right of objection to the processing of data for advertising purposes

In certain cases, we process your personal data in order to make you an individualised offer. You have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling if it relates to this process.

If you object to the processing of your personal data for advertising purposes, we will no longer do so for such purposes.

Your objection can be lodged without any condition as to form and should be addressed to:

Frankfurter Bankgesellschaft (Schweiz) AG
Data Protection Officer
Börsenstrasse 16
8001 Zürich
Switzerland
E-Mail address: Datenschutz.ch(at)Frankfurter-Bankgesellschaft.com