Handling of Personal Data
Vontobel Holding AG and any of its affiliates (“Vontobel”, “us” or “we”) appreciates highly your visit to this website and your interest in our services and products. Your privacy is important to us and we want you to feel comfortable visiting our website. It is a major concern for Vontobel that your personal data is treated in a responsible manner and in compliance with legal requirements. To this end, we take a number of precautions, such as implementing robust technical and organizational security measures (e.g., password encryptions, firewalls, authentication technologies, access management, employee awareness-raising and training, appointment of a Data Protection Officer (DPO)).
2. Processing personal data
2.1 Categories of personal data
Vontobel processes different categories of personal data (such as data of clients, prospects, website users, supplier, vendors or other third parties), it limits its processing of these to a necessary minimum and in accordance with the applicable laws and regulations. This is understood as referring to the following:
- Master data (e.g., name, address, e-mail address, phone number, date of birth, account and contract number, other account information, concluded transactions or third parties e.g. family members, authorized representatives, advisors who might also be affected by the data processing and other data transmitted to us if a person voluntarily completes a registration form or comment field for a newsletter or uses certain services).
- Risk management, transaction and/or order data (e.g., data with respect to beneficiaries of a transfer, card payments, data on investment products, risk and investment profiles, fraud cases).
- Technical data (e.g., IP addresses, browser plug-in types and versions, cookies, internal and external identifiers, logging data, record of access and changes, content accessed by the website user, including time and date of access, business/account number).
- Marketing data (e.g., preferences, whishes, requested reference material).
2.2 Origin of personal data
In line with the purposes of paragraph 2.3, we may collect personal data - to the extent legally permitted - from the following sources, in particular:
- Personal data that is given to us by the data subject, namely for the account opening, during an advisory discussion, for making an enquiry, as part of a registration on our websites or when using certain products and services, signing up for a newsletter and/or event, participating in discussion boards or other social media functions on our websites or any information relating to a job application registration.
- Personal data that is necessary for the facilitation of products and services and that is transmitted to us via the technical infrastructure (e.g., via our website, login information, e-Banking, apps, payment and trading transactions, or collaborations with financial or IT service providers or market places and stocks).
- Personal data from third parties, such as authorities, sanction lists (e.g. UNO/EU), Worldcheck, rating agencies, credit report entities (e.g., Swiss Central Office for Credit Information (ZEK), Information Office for Consumer Credit (IK), Schufa Holding AG (SCHUFA)), analytics providers or search information providers as well as group companies of Vontobel.
- Personal data that is publicly assessable (e.g., public register information, public social media platforms).
2.3 Purpose and usage of data
We may process personal data as described above for the provision of our services and/or for our own legally prescribed purposes and to the extent legally permitted. This is understood as referring to the following, in particular:
- Processing, improving, managing and executing our products and services (e.g., accounts, payments, invoices, cards, financing, financial planning, investment, stock exchange, pensions, eFinance, succession planning) as well as to update the data of individuals with whom we maintain a business relationship.
- Product and service development, statistics, business decisions (e.g., developing ideas for new or assessing existing products, services, procedures, technologies and returns, establishing key figures for the use of services and utilization figures).
Managing, controlling and monitoring business related decisions and risks, processing business in good time (e.g., investment profiles, limits, market, credit, operational and fraud risks).
- System administration and reporting aggregated statistical information about browsing patterns and action which does not identify any individual.
- Compliance, legal and/or regulatory disclosure, notification and reporting obligations to authorities, courts, including but not limited to money laundering and terrorist financing (e.g., automatic exchange of information with foreign tax authorities, prosecution departments).
- Market research, marketing, comprehensive client service, advise and information regarding range of services and products etc. (e.g., events for clients, prospects and interested third parties, cultural events, sponsorship, assessment of client, market or product potential, information regarding changes, determination of client satisfaction, online and hardcopy advertisement).
- Protection of our interest and rights in case of claims against us or our employee and clients.
In this connection, we wish to expressly point out that we (further) evaluate any non-anonymous personal data submitted voluntarily by you and, in particular, can use this data to collect additional personal information about you from publicly accessible sources or publicly accessible collections of data. You herewith give your express consent to this process. If you do not then please do not use our website.
However, personal data that is not anonymous, such as postal and e-mail addresses provided when submitting enquiries or requesting information, will be used primarily for the purpose of corresponding with you or sending you relevant information, e.g. where any kind of newsletter and/or an event registration has been requested.
Additionally, non-anonymous personal data are only made available to those employees or third parties who need to have knowledge of this information in order to provide products and services, or if we are required by law or regulatory provisions to disclose this information. To the extent permitted by law, we may also forward non-anonymous personal data for the purposes described above to companies that provide services on our behalf. The data collected may be disclosed to service providers outside the EU/EEA, Switzerland or outside the country in which the user is domiciled (see paragraph 5). These service providers are required to treat as confidential the information and all data collected and to use it exclusively for the purposes for which it is provided and are contractually bound by the applicable data privacy laws and regulations.
No personal data is sold to other parties for marketing or any other purposes.
2.4 Specific cases for automated individual decisions, including profiling
Vontobel reserves the right to analyze and evaluate your data (including data relating to affected third parties, see paragraph 2.1) in an automated manner in future so as to identify significant personal characteristics for you or to predict future developments and to create relevant profiles. These are used in particular for business-related checks, individual advisory services and the provision of offers and information that we and our group companies may make available to you.
Your profiles may in future lead to automated individual decisions, e.g. the receipt and execution of your orders in e-Banking in an automated fashion. If you do not wish to have your data used in this way, you have the right to contact us so we do not further use such data for this purpose.
Vontobel ensures that a suitable contact person is available to you if you wish to express a view on any automated individual decision where such opportunity to express a view is required by law.
2.5 Potential recipients, guarantees and disclosure abroad
In the following cases we may give personal data to third parties or to other companies of Vontobel, to the extent legally permitted:
- On some webpages, we request your consent to disclose data to third parties and to utilize data for advertising purposes. By completing the corresponding form, you give your consent that the data collected by us may be used not only by us but also by other companies of Vontobel in order to maintain Vontobel-wide client relationships and to provide information about new products that might be of interest to you. In addition, you consent to your personal data being processed and utilized by us and other companies of Vontobel for advertising or market research purposes or to structure services according to client needs.
- With your consent, to companies of Vontobel for the purpose of comprehensive client service and outsourcing (see paragraph 4).
- For the execution of orders, such as the use of products and services (e.g., service providers, market places or stock exchanges, notification of specific stock market transactions to international transaction registers).
- In view of legal obligations, legal justifications or official orders (e.g. to courts or supervisory authorities in the area of financial markets or tax law or to protect our legitimate interests in the EU/EEA, Switzerland and abroad).
- In view of contractual relationships between a company of Vontobel and a third party(, whereas such third party processes personal data on behalf of Vontobel. If personal data is disclosed to such third parties they are only permitted to process the data received to the extent Vontobel itself does. We select these third parties carefully and contractually require them to guarantee confidentiality, data protection requirements and the security of personal data.
If personal data is transferred to other countries, we ensure that the applicable laws and regulations are complied with (paragraph 5). Depending on the kind of product or service that is used, personal data might also be disclosed to third parties domiciled in countries which in general may not have an appropriate or equivalent level of data protection. However, if data is transferred to such a country, we take appropriate measures so that personal data continues to receive appropriate and robust protection (e.g., by agreeing on standard contractual clauses for data transfers between EU and non-EU countries).
Certain countries may have more stringent data protection provisions which may not allow your non-anonymous personal data to be used in these countries to the extent described above. Such provisions may preclude, for example, the collection of additional personal data based on the provided information or the disclosure of your personal data to other parties or companies.
3. E-mail and E-Newsletter Communications
Vontobel may communicate with you via email or physical newsletters containing and offering news, promotional offerings, event information or services (“Newsletter Services”). If you are a registered user (i.e. if you create a user account with us) and opt in for receiving Newsletter Services. If you are not a registered user and would rather not receive marketing e-mails or newsletters from us, you may “opt out” by following the “opt out” instructions in each email footer.
The Newsletter Services may be offered in collaboration with service providers. The information you provide in this form may be processed and stored on cloud servers operated by the service providers and located in data centers within Switzerland, the EU/EEA and the United States. Service providers are contractually bound to maintain confidentiality (e.g. by agreeing on standard contractual clauses for data transfers between EU and non-EU countries) and must report any breaches of data protection requirements as soon as identified, so that personal data continues to receive appropriate protection.
4. Transfer of data via the Internet
Please be advised that data transferred across national borders over the Internet may not be subject to any control while in transit even if the sender and recipient are both located in the same country.
We cannot guarantee the security of data transferred over the Internet and accept no liability in respect thereof. Any notices emailed to us by you may not be secure. If you email any confidential information to us, you do so at your own risk. When contacting us, please send data via a secure mechanism, where appropriate, instead of over the Internet.
The sender and recipient can still be identified even when the information transmitted is encrypted. As a result, a third party could – inadvertently or otherwise – infer that there is a commercial relationship between you and Vontobel. Therefore, we recommend avoiding the transmission of any strictly confidential information via open networks.
Vontobel is in certain circumstances bound to fully or partially outsource business areas and services to companies of Vontobel or service providers outside Vontobel (e.g., payment transactions, subscription and redemption of fund units, printing and dispatch of bank documents, IT systems and other support functions). We might also use such providers for services that are new and have not yet been provided by us.
In such cases, we generally use service providers domiciled in the EU/EEA and Switzerland and, where possible, give preference to our own group companies, so that we can guarantee compliance with corresponding laws and regulations. Where client data at outsourcing companies needs to be disclosed, the corresponding service providers are also required to comply with the provisions on bank-client confidentiality and further applicable rules and regulations. If, in exceptional cases, services are outsourced to a provider abroad, Vontobel will disclose this in accordance with applicable rules and regulations.
6. Storage of data
We have implemented appropriate and robust data security measures to ensure that this information is only accessible to a restricted number of authorized individuals and that it is protected against unauthorized access, misuse, loss or damage.
In general, any data that we collect in any country or by any company of Vontobel is transferred and stored by us within Switzerland (namely at Bank Vontobel AG, Gotthardstrasse 43, CH-8022 Zurich) in a central file. Switzerland is recognized as a country that offers an appropriate level of data protection. However, an exception to this general rule applies to data collected in the context of the Newsletter Services (paragraph 3).
7. Retention Period
Even though the retention period for personal data depends on statutory retention provisions as well as on the applicable justification basis and the purpose of the data processing, Vontobel will only store your personal data for as long as necessary, taking into account our obligation to respond to requests or resolve problems, to provide improved and new services and to act in accordance with applicable laws and regulations.
In particular, this means that we are entitled to keep your personal data for a reasonable period of time after you last contacted us. If the personal data we collect is no longer needed in this way, we are obliged to delete it in a secure manner.
8. Data Subject Rights
You have a right to be informed whether personal data in relation to you is being processed by us. On request, we will disclose you the personal data in our databases, including available details about the origin of the data, the purpose and, where appropriate, the legal basis for the processing and the categories of the processed personal data, the parties involved in the data collection and the data recipients.
You may withdraw your consent to the process of your personal data and/or may wish to opt out of the use of your information for advertising or marketing purposes at any time with future effect. You can exercise further rights, such as the right of rectification and you are also entitled to have any inaccuracies in your personal data corrected, or to have your data blocked or deleted, dependent on the lawful basis under which we are holding particular data.
Please let us also know, if we do not meet your expectations with respect to the processing of personal data or you wish to complain about our data protection practices; this gives us the opportunity to examine your issue and make improvements, where necessary.
In any of these cases, please send us a clear request in writing, together with a clearly legible copy of a valid official identification document (e.g., passport, ID card) so we can be sure as to your identity, to the entity named in paragraph 15 or by using the request form. We will acknowledge receipt as soon as received, examine your issue and reply in good time. If a full response will extend beyond one month, taking into account the complexity and number of the requests, we will advise you of this.
9. Note about Children
Vontobel understands the importance of protecting children’s privacy, especially in an online environment. Therefore, our services are not directed to or intended for children under the age of 16 and we do not knowingly collect any personal information from such users, except when a child is applying for an apprenticeship, internship or a taster day. In this case we obtain a written declaration of consent for apprentices form the parents or the legal representatives.
10. Cookies and Web Analytics Services
We use web analysis tools to get information about how people use our sites and Internet offerings. These tools are usually provided by third parties. Typically, the information for this purpose is captured with cookies and sent to a third-party server. Depending on the provider, these servers are sometimes in other countries.
The transfer of information is done by using shortened IP addresses, which prevents the identification of individual end-user devices. Your IP address is not linked with other data from these third parties. Any onward transfer by third parties will only be based on legal regulations or as part of a data processing service agreement.
Our website and online Newsletter Services might use re-targeting technologies, which we use to make our Internet presence more interesting for you. This technology makes it possible to show advertising on other websites to users that have already shown an interest in our products.
12. Onsite targeting
On our website, data may be collected by using cookie technology for use in optimizing our advertising and our overall online offering. This data is not used to identify you personally, but is instead used solely for anonymously analyzing the use of our website. This technology allows us to show you advertising and/or highlight specific offers and services. Our goal here is to make our online presence as attractive for you as possible and to provide you with advertising that corresponds to your interests.
13. Social Media
We may use so-called social plug-ins on our website that allow you to share the content of our website with other Internet users via these social media platforms or that enable you to link to our website on these platforms. The following information on the type and scope of the data collected is based on the notifications and information provided by the individual providers.
Our website might include plug-ins from the social network of Facebook Inc, 1601 South California Avenue, Palo Alto, CA 94304, USA ("Facebook"). Among other things, we use the Facebook "LIKE" button (also known as the "Like Me" button). A Facebook page plug-in is also integrated into our site, which integrates parts of the content of our Facebook page into our website. When you visit a website of ours that contains such a plug-in, your browser establishes a direct connection to a server on Facebook. The contents of the plug-ins are transmitted directly to your browser and integrated into the website. Data is automatically transferred to Facebook and stored on its servers. These transmitted data include connection data (such as your IP address, date and time, the URL called up) as well as the browser and operating system used. Your visit to our websites can be tracked by Facebook, even if you do not actively use the plug-in functions.
If you are logged in with your Facebook account while visiting our website, Facebook can directly associate the visit of our websites with your user account. If you want to prevent this immediate assignment, you must log out of Facebook before visiting our website. Facebook decides at its own discretion for what purposes and to what extent the transmitted data will be processed and used on its servers. Information on the purpose and scope of data collection and the further processing and use of the transmitted data by Facebook is contained in Facebook's data protection guidelines. They also contain information about your rights and the possibilities of settings to protect your privacy. For further details, please consult Facebook’s specific data protection policy.
Our website might include plug-ins from Twitter, Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). We use Twitter buttons to access our Twitter account and Twitter share buttons to share the content of our website via your Twitter account. We also use a Twitter widget to integrate the timeline of our latest tweets into our website and make it visible. When you visit our website, your browser establishes a direct connection to a Twitter server and the contents of the plug-ins are transmitted directly to your browser and integrated into the website. Certain data is automatically transferred to Twitter in the USA and stored there. This data includes connection data (your IP address, date and time, the URL called up), the browser type and the operating system.
Our website might include plugins of the Instagram service. These are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram"). We use the integrated Instagram buttons to link to our Instagram profile. A widget is also integrated, which enables us to display certain photos and videos of our Instagram profile on our website. When you visit a website that contains such a plug-in, your browser connects directly to an Instagram server. The contents of the plug-ins are transmitted directly to your browser and integrated into the website. Data is automatically transferred to Instagram and stored on its servers. These transmitted data include connection data (such as your IP address, date and time, the URL called up) as well as the browser and operating system used. This allows Instagram to track your visit to our site even if you are not actively using the plug-in features.
If you are logged into your Instagram account, you can link the contents of our websites to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our websites with your user account. If you wish to disable this immediate assignment, you must log out of Instagram before visiting our website. For further details, please consult instagram’s specific data protection policy.
Our website might include plug-ins from the LinkedIn social network of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn"). For this purpose, we use the "in" button for sharing content and as a link to our LinkedIn profile. LinkedIn collects information that our corresponding pages have been loaded into your web browser using the LinkedIn plugins. LinkedIn also automatically receives the URL of the website from which you came or from the page to which you are redirected. LinkedIn also receives the IP address of your computer or proxy server from which you access the Internet, information about your computer's operating system and web browser, your mobile device (including the mobile device identifier available through your mobile device's operating system), your mobile device's operating system (if you access LinkedIn from a mobile device), and the name of your Internet service or mobile service provider. LinkedIn may also receive location data transmitted from GPS-enabled devices you have enabled if you have not prevented LinkedIn from receiving location data in real time in your mobile device settings. Please note that SlideShare.net, Pulse.me and the Pulse app are part of the LinkedIn services and not part of our websites.
Information on the purpose and scope of data collection and the further processing and use of the transmitted data by using the LinkedIn plug-ins is contained in LinkedIn's data protection declaration.
Despite careful content control, we assume no liability for the content of external links referring to third-party websites. The content of the linked third-party websites are the sole responsibility of their operators. We hereby expressly distance ourselves from all content of third-party websites linked to on our website, and do not adopt such content as our own.
Please let us know, if we do not meet your expectations with respect to the processing of personal data or you wish to complain about our data protection practices; this gives us the opportunity to examine your issue and make improvements, where necessary. In any of these cases, please send us a clear request in writing, to the entity or one of the Data Protection Officers named bellow:
Vontobel Holding AG
Phone: +41 58 283 59 00
Additionally you can contact our corporate Swiss, EU and/or Group Data Protection Officer (DPO):
Swiss DPO: firstname.lastname@example.org
EU DPO: email@example.com
Group DPO: firstname.lastname@example.org
16. Other legislation aspects
In order to comply with other legislations, e.g. Directive 2014/65/EU of the European Parliament (MiFID II), we have to record certain telephone conversations in some of our legal entities with reference to operations concluded in the performance of our services. For further information about the treatment of your personal data in regard to this, please consult the information at www.vontobel.com/mifid.