Data Protection Notice
Investec Bank (Switzerland) AG
This Data Protection Notice is publicised through Investec Bank (Switzerland) AG (registered with company number CHE-101.093.387) which is licensed by the Swiss Financial Market Supervisory Authority (FINMA). This information is issued in light of the enactment of the European General Data Protection Regulation (GDPR) and the upcoming revision of the Swiss Federal Act on Data Protection (FADP). At Investec Bank (Switzerland) AG we process personal data in accordance with the provisions of the GDPR and the FADP.
Personal data is information which directly or indirectly identifies you. All personal data provided by you and/or your financial adviser will be treated in accordance with (a) the Swiss Federal Act on Data Protection or the banking secrecy provision of the Swiss Federal Act on Banks and Savings Banks, (b) from 25 May 2018, the General Data Protection Regulation, and/or (c) other laws that are similar, equivalent to or that are intended to implement, amend, or replace, the laws that are identified in (a) and (b) above.
It may be necessary for you to give us personal data so that we can provide you with the requested products and services, fulfil any contractual relationship with you, inform you of our services, comply with applicable laws, regulations and/or codes of practice and for the other purposes as set out in this notice where in our legitimate interests.
Collecting your personal data
We may collect your personal data in a number of ways, including from:
- you, for example, when you:
- apply for and use our products and services;
- call us, we will monitor and/or record your telephone calls
- enter into any agreement with us;
- contact and interact with us;
- ask us to contact you;
- attend events, participate in surveys, prize draws or competitions
- someone else for example, if a person applies for a joint account with you they may share your personal data with us or if you are a stakeholder in or manager of a business, and the business applies for products or services or enters into an agreement or interacts with us, we may obtain personal data about you to carry out checks against the business
- third parties such as credit reference agencies, fraud prevention agencies, financial advisors, introducers, research and data analysis partners
- public sources - for example, commerce registers
- you, for example, when you:
What personal data we collect
Types of information we may collect includes:
Type of information Examples of information
- date of birth
- contact details
- tax details
- employment details
- regulatory history (where applicable)
- income and outgoings
- assets and liabilities;
- bank details
- account information and history
- account activity
- credit history and information (where applicable)
- shareholdings (where applicable)
Information we have from our dealings with you or from anyone acting on your behalf
- recordings of telephone calls with us
- records of our interactions/correspondence with you
- details of your transactions
Sensitive personal data (we will only collect this with your explicit consent or where the processing is specifically authorised by a regulatory body or required by law)
Including but not limited to the following:
- biometric data, such as voice or fingerprint information;
- religious beliefs
- sexual orientation;
- political affiliation;
- race and ethnicity
If you give us information about somebody else
You must make sure that if you give us personal data about someone else, you should have a lawful basis for doing so, for example, you have their consent to share personal data with us. Where applicable, you should ensure they read this Data Protection Notice and understand how we will use and disclose their information, in the ways described in this Data Protection Notice.
How we may use your personal data
We may use your personal data for reasons including but not limited to the following:
- to verify your identity;
- to verify the accuracy of the data you have provided to us;
- to provide products and/or services requested by you;
- to manage your accounts;
- to manage any contractual relationship with you;
- to make credit decisions (where applicable);
- to trace and recover debts;
- to detect and prevent fraud and money laundering;
- to administer surveys, prize draws or competitions;
- to manage events;
- to conduct analysis and market research, for example, to identify trends in the use of our products and services so that we can:
- improve the products and services we provide to you;
- improve our business;
- keep you up to date with relevant products and services
- to comply with applicable laws, regulations and/or codes of practice;
- to support research and analytics that assist us in marketing our products and services.
How will we use your personal data to make automated decisions
Detecting and preventing fraud
We use real time fraud detection systems to help us to identify whether your account may be being used fraudulently. These systems make automated decisions for us and take account of information such as fraud patterns. Your personal data may be used to make these decisions. For example, fraudulent activity may be suspected where there is unusual activity on your account. If we suspect a risk of fraud, we may stop any activity on the account, or refuse access to the account. You have the right to object to an automated decision, and ask for someone to review the decision.
How we may disclose your personal data
We may disclose certain personal data as follows:
- to other affiliates in the Investec Group. Investec Group consists of Investec Bank plc (a company registered in the UK) and Investec Limited (a company registered in South Africa) and any of their direct or indirect subsidiaries and/or holding companies;
- to our professional advisors, receivers and administrators (where applicable), and service providers (including for example, information technology systems providers) who may help us provide products or services;
- to courts, governmental and non-governmental agencies,regulators and ombudsmen;
- law enforcement agencies;
- relevant tax authorities;
- to any relevant third party in the course of an acquisition, sale, transfer, reorganisation or merger of parts of our business or our assets;
- as required or permitted by law or regulation, where we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of the Investec Group, our clients, or others;
- where you have been introduced to us by an introducer (e.g. an independent financial adviser), unless you have told us not to, we will inform the introducer of the outcome of the enquiry including whether we have agreed to provide you with the relevant product or service;
- to credit reference agencies (as applicable)
- to fraud prevention agencies (as applicable)
- You may also ask us for details of the credit reference agencies and fraud prevention agencies we have used for your searches. If there are any errors in the information we hold about you, please tell us so we can correct the information we hold about you.
Transfer of Personal Data Outside the European Economic Area (“EEA”)
We may transfer your personal data to recipients who may carry out services on our behalf (including affiliates in the Investec Group) located in countries outside of Switzerland as well as of the EEA, including South Africa. If we transfer your personal data to such a country, we will take all necessary steps to ensure your data is protected to an equivalent standard as within the EEA and Switzerland.
You have the right to:
- request access to your data and information and about how it is being used;
- request rectification or erasure of your personal data;
- request restriction of processing or to object to processing of your personal data; and
- request data portability (i.e. to request the transfer of personal data from one data controller to another)
If you wish to exercise any of these rights or withdraw consent to use your personal data you should contact the Data Protection Officer as described below in order for us to rectify the issue. If you are not satisfied with our response you have the right to lodge a complaint about the processing of your personal data with the data protection supervisory authority in your local jurisdiction.
We may contact you periodically to provide information regarding events, products, services and content that may be of interest to you and to invite you to participate in market research. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. Where this information is provided electronically we may track your response, for example which emails you open.
If you wish to stop receiving marketing or market research communications from Investec Bank (Switzerland) AG you can click on the unsubscribe link in the marketing communication or contact the Data Protection Officer as described below.
Security and Data Retention
We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held. Subject at all times to applicable laws, we will retain your personal data for a period of at least 10 years (as foreseen by Swiss law) from the end of the relationship to enable us to fulfil our record keeping obligations.
Please contact the Data Protection Officer using the details below for further information regarding
data retention periods.
Changes to this Data Protection Notice
We may revise or supplement our Data Protection Notice from time to time to reflect for example, any changes in our business, law, markets, or the introduction of any new technology. We will publish the updated Data Protection Notice on this website.
Enquiries, Requests or Concerns
All enquiries, requests or concerns regarding this Data Protection Notice or relating to the processing of personal data, should be sent to the Data Protection Officer using the following contact details:
Data Protection Officer
Investec Bank (Switzerland) AG