1. Introduction

This Privacy Policy gives you an overview of the processing of your personal data by CBH Compagnie Bancaire Helvétique (“we”; “CBH”; “the Bank”) and your rights under data protection law.

The specific data that is processed and the way it is used depends on the Client’s requests and the services provided.

2. Data sources and types

The Bank processes the data received from its Clients and generated in the scope of the business relationship with them.  This involves personal data, i.e., data that allows you to be directly identified as a Client (for example, name, address, contact details, date and place of birth, etc.) or data that permits identification when used in conjunction with other information (for example, bank account number). In addition to data received directly from Clients, we process – insofar as this is necessary to provide our services – personal data that we obtain in an authorized manner from publicly accessible sources (e.g. land registers, commerce registry, press, Internet) or which is provided to us by other companies of the CBH Group or by third parties (for example, a credit agency or other cooperation partners).

The following personal data may be processed by the Bank:

• Personal data (name, address, email, date of birth)
• Identification data (data from documents of identification)
• Data resulting from the performance of obligations (e.g. signature)
• Information about your financial situation (for example, data on scores and ratings, data on solvency)
• Data relating to orders and orders placed (for example, payment orders)
• Advertising and sales data
• Data recording (for example, consultation protocol)
• Other data comparable to the above categories

With regard to the data processed when using digital services (“digital channels”), we refer to additional information on data protection in relation to the service or application concerned on a case-by-case basis.

3. Purpose of data collection and legal basis

The Bank collects personal data for the purposes and on the legal basis hereafter, in accordance with the applicable data protection regulations:

a) For the performance of contractual obligations

Data processing is done for the purpose of providing banking transactions and financial services in the scope of the execution of our contracts with our Clients or for the execution of pre-contractual measures, which are performed on request. The purposes of the data processing are mainly based on the specific product (e.g., account, loan, securities, deposits, brokerage) and may include, among others, an analysis of the needs, advice, management and support of assets, and the execution of transactions. You will find more information on the purposes of data processing in the contractual documents and the applicable Terms and Conditions.

b) As part of the balancing of interests

If necessary, the Bank will process your data beyond the limits of performance of the contract in order to protect its legitimate interests or the legitimate interests of third parties, for example:

• Prevention and/or investigation of criminal acts
• Risk management (for example, the calculation of eligible capital requirements for banks) within the Bank and the CBH Group
• Consultation and exchange of data with authorized agents (for example, debt collection registers) for the determination of solvency and the risk of credit default or, if necessary, in the case of protection accounts against seizures or basic accounts
• The support of legal claims and defence of interests in the event of a dispute
• Advertising, market research or surveys, unless you have expressly refused
• Protection of IT security and the Bank’s IT operations
• Video surveillance for the protection of access rights, the collection of evidence in cases of bank theft or the prevention of fraud
• Testing and optimization of processes for needs analysis or contact with the Client
• The collection of personal data from sources available in the public domain for the purposes of market research and business development
• Measures to ensure the security of buildings and systems (e.g., entry controls)
• Measures for the purposes of business management and the development of new services and/or products.

c) Based on your consent

If you have given us your consent for the processing of personal data for specific purposes, the lawfulness of this processing is based on your consent. Any consent granted can be revoked at any time. The withdrawal of consent does not have retroactive effect on the use of your data.

d) Based on legal requirements or in the public interest

The activities of the Bank are subject to various regulations and requirements (for example, the Swiss Banking Act, the Collective Investment Schemes Act, the Anti Money Laundering Act, the Mortgage Bond Act, tax law, the directives of the Swiss Bankers Association), as well as other directives and regulatory requirements specific to banks (for example, the Swiss National Bank and FINMA – Swiss Financial Market Supervisory Authority –). The data processing is used, among other things, to verify solvency, as well as identity and age, to prevent fraud and money laundering, for compliance with monitoring and reporting obligations in tax matters, as well as risk assessment and management within the CBH Group.

4. Access to your personal data

Within the Bank, access to your data is granted to organizations that need it to fulfil our contractual and legal obligations. Service providers and agents employed by the Bank (other legal entities of the CBH Group or third parties) may also receive data for these purposes. The use of service providers (notably subcontractors) is in accordance with the provisions of the Swiss Banking Act and of the Data Protection Act. For example, external service providers are, in turn, required to respect banking secrecy and the requirements of data protection law. These are companies that provide services, notably in the following categories: IT, payment transactions, securities’ settlement, credit risk management, asset recovery, telecommunications, logistics, printing and sending of bank documents, advisory and consulting services, as well as marketing and sales.

The Bank only transmits information concerning you or makes it available to third parties if there is a legal basis, if you have given your consent, or if the Bank is authorized to provide banking information. Under these conditions, the recipients of personal data may be, for example:

• Public bodies and institutions (for example, prosecution authorities, supervisory authorities, debt and bankruptcy agencies, inheritance authorities);
• Other credit and financial services institutions or comparable institutions to which the Bank transfers personal data in order to conduct the business relationship with you (for example, correspondent banks, custodian banks, brokers, stock exchanges);
• Other companies in the CBH Group for risk management purposes due to legal or official obligations or on the basis of your consent.

5. Transfer of data

The Bank transfers your data to countries other than Switzerland (so-called third countries) (i) if it is necessary to execute your orders (for example payment orders and securities orders), (ii) if it is required by law (e.g., tax reporting obligations) or (iii) if you have given us your consent.

For data transferred abroad, Swiss law is not applicable. These transfers are, however, secured by corresponding guarantees to ensure an appropriate level of data protection.

6. Period of retention

We only keep your personal data for as long as necessary to fulfil the purpose for which it was collected, taking into account our legitimate interest in keeping it, for example to respond to requests of information or to resolve problems, or to comply with our legal and regulatory obligations.

If the data is no longer necessary for the performance of contractual or legal obligations, it will be deleted at regular intervals, unless it is necessary for temporary further processing, for example:

• For the fulfilment of archiving obligations provided for by contract law and tax law (for example under the Code of Obligations, the Federal Act on Value Added Tax, the Federal Act on Direct Federal Taxation, the Federal Act on Harmonisation of Direct Taxes of Cantons and Municipalities, the Federal Stamp Duty Act and the Federal Withholding Tax Act);
• For compliance with specific regulations which oblige the Bank to keep data for an indefinite period, for example if a case of litigation is anticipated.

7. Your data protection rights

All data subjects have the following rights:

• Right of access;
• Right of rectification;
• Right of erasure (“right to be forgotten”);
• Right to limit processing;
• Right of objection;
• Right of portability of data.

You also have a right of recourse with a data protection supervisory authority. You can revoke your consent for the processing of personal data at any time by contacting us. Please note that such revocation is only effective for the future. The processing that took place before the revocation is not affected.

8. Data necessary for establishing a business relationship

In the scope of our business relationship, you must provide the Bank with the personal data necessary for the establishment and execution of a business relationship and for compliance with the associated contractual obligations or which we are legally required to collect. Without this data, we will generally not be able to establish the contract with you or provide the services or products that you have requested.

In particular, the Anti Money Laundering Act requires us to identify you with your document of identification before establishing the business relationship and to collect and record details such as your name, place and date of birth, nationality, address and other identifying data. In order for us to comply with this legal obligation, you must provide the necessary information and documents in accordance with the Anti Money Laundering Act and immediately notify us of any changes occurring during the business relationship.

9. Automated decision making and profiling

In principle, we do not use a fully automated decision-making process to establish and conduct business relationships. If we were to use such a process, we would notify you separately if required by law.

Furthermore, in principle, we do not automatically process personal data for the purpose of assessing certain aspects of personality (profiling). However, we sometimes resort to profiling, for example in the following cases:

• Due to legal and regulatory requirements, CBH is obliged to take measures to combat money laundering, terrorism financing, fraud and financial crime. Data evaluations (including on payment transactions) are also carried out in this context. At the same time, these measures also serve to protect you.

CBH reserves the right to further analyze and evaluate personal data in an automated manner in the future, in order to identify significant personal characteristics about you or to predict developments and to create Client profiles. In particular, these may be used for controls related to commercial activity, individual management, advisory or financial services and the supply of offers and information that CBH can make available to you.

10. Biometric data

Biometric data is personal data of a particularly sensitive nature. As a result, if necessary, the Bank will obtain separate and explicit consent before using any biometric identification element to access certain applications or uses.

11. Contact details of the Data Protection officer – DPO

CBH Compagnie Bancaire Helvétique SA
Data Protection Officer
Boulevard Emile-Jaques-Dalcroze 7
1204 Genève
dpo@cbhbank.com

12. Policy change and contact details

This policy is regularly reviewed and may be updated at any time without notice. If you have any questions regarding the processing of your data, please contact either your Relationship Manager or the Bank’s data protection officer, who will be happy to help you.

Last review: March 2022