Date: 01. September 2023
To run our business, the Bank collects, uses, stores and processes information about natural and legal persons including information about our prospective and current clients ("you") to give you access to our financial products and services.
As Data Controller, the Bank has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-
based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone.
Our Privacy Notice uses the same terminology and definitions used by the Swiss Federal Act on Data Protection and the European General Data Protection Regulation.
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "Personal Data"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier: IP Address or to sensitive personal data such as religion, ideological, political, health, physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
Data subject is a natural person whose personal data is processed.
Processing means any handling of Personal Data, irrespective of the means and procedures used, in particular the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of the data.
Disclosure means transmitting personal data or making such data accessible.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Data Controller
Controller is a natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
f) Data Processor
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
Recipient means a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether or not a third party.
h) Third Party
Third party means a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor.
Data Subject is asked to provide consent for the processing of his/her data. Consent is only valid if given voluntarily for one or more specific instances of processing based on appropriate information. Consent must be explicitly given for processing sensitive Personal Data.
You voluntarily provide consent to us when you sign up for a newsletter or other marketing materials, when you are interested in our products and / or services and you request information about them or ask us to be contacted via email, telephone, or regular post.
2. NAME AND ADDRESS OF THE DATA CONTROLLER
Data Controller within the meaning of data protection applicable local law is:
3. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER
For questions regarding processing of Personal Data, please contact us at: email@example.com.
4. COOKIES and similar technologies
We also use "web beacons" to help deliver cookies and gather usage and performance data. Our website may include web beacons, cookies, or similar technologies from us and partners as well as third parties, such as service providers acting on our behalf.
Third party cookies may include: Social Media cookies designed to show you ads and content based on your social media profiles and activities on our website; Analytics cookies to better understand how you and others use our website so that we can make it better, and so the third parties can improve their own products and services; Advertising cookies to show you ads that are relevant to you; and Required cookies used to perform essential website functions. Where required, we obtain your consent prior to placing or using optional cookies that are not (i) strictly necessary to provide the website; or (ii) for the purpose of facilitating a communication.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
We use the following data collection systems:
5. COLLECTION, USE AND PURPOSE OF PROCESSING OF PERSONAL DATA AND INFORMATION
We always process your Personal Data for a specific purpose and only process the Personal Data which is relevant to achieve that purpose. We process Personal Data, within applicable legal limitations. We may collect Personal Data about you from third party data aggregators (e.g. Google), public sources, and third-party social networking sites. Such information may include Personal Data as part of your profile on a third party social network and that you allow that third party to share with us, pursuant to their rules.
We may collect and use your personal data for several purposes, including:
- To communicate with you, to respond to your queries about our products and services,
- To allow you to subscribe to our newsletter and to get access our products and services, marketing purposes,
- To sign a contract, to open an account and to provide our services,
- To send relevant information to you about our products and services, and related matters.
- To comply with laws and regulations, especially with Banking provisions.
- To prevent, combat and investigate financial crime.
We may only disclose your Personal Data to the following categories of recipients:
- IT providers, such as hosting providers or solutions-based providers for our platforms and tools;
- Commercial partners, when we provide jointly services with another financial institution for example;
- Authorities, if requested by law
We require such third parties to comply with all applicable data protection laws and regulations, and moreover we have a data protection agreement signed in place.
Technically, our website collects a series of general data and information each time a data subject or automated system calls up the website. These general data and information are stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the Bank does not draw any conclusions about the data subject. This information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. Therefore, the Bank analyzes anonymously the data and information collected.
6. LEGAL BASES for PROCESSING personal data
The Bank processes Personal Data based on the applicable legal framework: Swiss Federal Act for Data Protection and European General Data Protection Regulation. Where required and depending on the purpose of the processing activity, the processing of your Personal Data will be one of the following grounds as legal bases:
In some cases, where we have obtained your consent, as required under applicable laws and regulations. With your explicit consent in the case of special categories of Personal Data, (such as your biometric data) [Art. 6(6), (7) FADP, Art. 6 I lit. a GDPR].
6.2. Legal obligations
Necessary for the performance of a contract with you for the services or products you request, or for carrying obligations under such a contract, and if the Bank is subject to a legal obligation by which a processing of Personal Data becomes necessary, (such as for the fulfillment of tax obligations) [(Art. 19(1) and Art. 31(1) FADP and Art. 6 I lit. b, c GDPR].
6.3. Interest of the data subject
Necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services, [(Art. 19(1) and Art. 31(1) FADP and Art. 6 I lit. b GDPR].
6.4. Public Interest
Overriding public interests may justify an otherwise unlawful personality rights infringement, particularly if invoked by public authorities. [(Art. 19(1) and Art. 31(1) FADP and Art. 6 I lit. d GDPR].
6.5. Legitimate interest of the data controller
Required to meet legal or regulatory responsibilities of the Bank, without affecting your interests or fundamental rights and freedoms, [(Art. 19(1), (2) and Art. 31(1), (2) FADP and Art. 6 I lit. f and recital 47 sentence 2 GDPR].
6.6. Legal bases in other instances
Necessary for the performance of employer's obligations to the employee under the employment contract; for compliance with statutory obligations, or for the purposes of legitimate interests of the employer or third parties that have a sufficient connection to the workplace (e.g. the enforcement of legal claims, measures ensuring safety at work, or marketing of professional services performed by the employee).
7. CONTACT VIA OUR WEBSITE
For questions regarding personal data processing please contact us at: firstname.lastname@example.org
You can also contact us by using the contact form. In both cases, your personal data transmitted on a voluntarily basis will be stored for data processing purposes or getting in touch with you.
8. data subject RIGHTS
8.1. Your rights
You have a right to access and obtain information regarding your Personal Data that we process. If you believe that any information, we hold about you is incorrect or incomplete, or not accurate, you may also request the rectification of your Personal Data.
You also have the right to:
- object to the processing of your personal data
- request the erasure of your personal data
- request restriction on the processing of your personal data, and/or
- withdraw your consent given to the Bank to process personal data (without this withdrawal affecting the lawfulness of any other processing),
When personal data is processed for direct marketing purposes, your right to object extends to direct marketing, including profiling to the extent it is related to such marketing. You may object to direct marketing by clicking the "unsubscribe" link in any of our e-mails to your or by emailing us to email@example.com
Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to request your personal data be transferred to you (known as the 'data portability right). You also have the right to ask the Bank for information regarding some or all the personal data we collect and process about you.
The Bank will honor such requests, withdrawal or objection as required under applicable data protection laws and regulations, but these are not absolute: they do not always apply, and exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we are unable to comply with your request due to compelling legitimate grounds for the process which override your interests, rights, and freedoms, or for the establishment, exercise of defense of right in legal proceedings, we will explain these grounds to you.
In certain circumstances the Bank may process your personal data through automated decision-making. Where this takes place, you will be informed of such automated decision-making that uses your personal data and be given information on criteria and procedures applied. You can request an explanation about automated decision making carried out and that a natural person reviews the related decision where such a decision is exclusively based on such processing.
You are also entitled to obtain information when your Personal Data has been transferred to a third country or to an international organization and on the appropriate safeguards in connection with the transfer.
8.2 Exercising your rights
To exercise the rights described above, please contact us at: firstname.lastname@example.org or Kaleido Private Bank Ltd, Bellerive 17, 8008 Zürich, Switzerland. To avoid any delay in dealing with your request, please enclose with your signed letter a copy of your passport or an identification card. If you have any question or comment regarding how the Bank processes your Personal Data, we are happy to hear from you. If you would like to speak to us about our use of your Personal Data, you can contact the Data Protection Office by emailing: email@example.com
9. CHANGES TO YOUR PERSONAL DATA
We are committed to keep your Personal Data accurate and up to date. Therefore, if your Personal Data changes, please inform us of the change as soon as possible.
The Bank has integrated the Google Analytics component (with anonymization function) on its website. Google Analytics is a web analysis service that collects, compiles, and evaluates data about the behavior of visitors to our website, which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for the optimization of the website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained to evaluate the activity in our website, to compile online reports, and to provide additional services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the Data Subject. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, the internet browser of the data subject is automatically activated to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, to track the origin of visitors and clicks and subsequently enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, his/her personal data, including the IP address is transmitted to Google in the United States of America where it is also stored. Google may pass on the personal data collected via the technical procedure to third parties.
You can prevent the setting of cookies in our website, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
11. DURATION FOR WHICH THE PERSONAL DATA ARE STORED
The criterion for the duration of the storage of your Personal Data is stated in the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that no other legal requirements rule otherwise.
12. COMPETENT DATA PROTECTION AUTHORITY IN SWITZERLAND
You also have the right to file a claim in court or to submit a complaint with the competent data protection authority, the Federal Data Protection and Information Commissioner (FDPIC). (http://www.edoeb.admin.ch).
13. NEWSLETTER SUBSCRIPTION AND CANCELLATION
The newsletter is for information purposes only and should not be construed as a solicitation or invitation to make an offer, enter into a contract, buy or sell securities or financial instruments or provide financial services.
Revocation and cancellation: You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. At the end of each newsletter, you will find the link to unsubscribe. Your contact data will remain in the system for further high-quality processing. If you wish to have your Personal Data permanently deleted, please contact us directly at: firstname.lastname@example.org.