Data privacy

Notification to clients and prospective clients

1. Introduction
EFG Bank European Financial Group SA (hereafter “the Bank”) is committed to protect your Personal Data by complying with bank-client confidentiality as well as data protection laws and regulations.

This Privacy Notice shall provide current and potential clients of the Bank with an overview of how we process your Personal Data.

In this Privacy Notice “we” refers (as applicable) to the Bank and/or any affiliated undertaking or entity of the EFG International group of companies, including but limited to EFG Bank AG and EFG Asset Management (Switzerland) SA, which must also comply with the data protection legislation (collectively herein referred to as “EFG” or “EFG companies” and each as an “EFG company”).

This Privacy Notice applies to all clients and prospective clients of the Bank (“you”), who are subject to the provisions of any applicable data protection legislation. This Privacy Notice covers Personal Data that is held electronically and also applies to paper-based filling systems.

Explanation of some terms used in this Privacy Notice

Personal Data means information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

2. Information and Data Security

It is our policy to protect your right to privacy. We will take all reasonable steps to ensure that adequate technical and operational security measures, confidentiality obligations and compliance procedures are in place to prevent inappropriate access to, disclosure, alteration or deletion of, Personal Data.

In addition, we limit access to your Personal Data to those employees, agents and contractors who have a business need to know. Our agents and contractors will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

3. Types of Personal Data collected

In the course of providing services to you, we may process Personal Data and Special Category Personal Data. This typically includes the following information relating to you:

(a) Information received from you, including:

  • Personal contact details such as name, title, address, telephone numbers and personal email addresses
  • Date of birth and place of birth
  • Gender
  • Marital status, dependents (name and age) and relations
  • Copies of identification documents, such as passports and driving licenses
  • National insurance number, social security number or other national/ tax identifier
  • Nationality, tax residence and country of residence
  • Employment details, income and source of wealth
  • Details of investments, assets owned and liabilities
  • Knowledge of and experience in investment matters
  • Personal details of any agent or attorney

(b) Information received from third parties, including:

  • Credit references
  • Publicly available information on business, personal associates and assets owned
  • Other information from third-party sources, such as wealth screening services, fraud prevention agencies, intermediaries

(c) Information specific to our services, including:

  • Account numbers
  • Balances
  • Investment holdings
  • Transaction data
  • Records of phone calls
  • Reports and statements
  • Codewords

(d) Special Category Personal Data

In some cases (where permitted by law), special categories of personal data, such as your political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.

(e) Other

If relevant to the services we provide to you, information about your additional card holders or account holders, business partners (including other shareholders or beneficial owners), dependents or family members, representatives, and agents. Before providing us with this information, you should provide a copy of this notice to those individuals.

4. How we collect your Personal Data

We collect your Personal Data:

  • When you seek, or are provided with, information on our services;
  • When you apply for our services; and/ or
  • Throughout your relationship with us.

5. Sources of Personal Data

We collect your Personal Data:

  • Directly from you, e.g. in application forms and through information provided during the onboarding process, including background and reference checks;
  • When it is provided to us by a third party, e.g. credit reference agencies, providers of enhanced due diligence reports and financial intermediaries; and
  • When information is created as a result of generally providing services to you.

6. How we use Personal Data

We are a data controller which means that we are responsible for deciding how we hold and use Personal Data about you. We may use your Personal Data before, during and after our relationship ends with you.

(a) Legal basis for using your Personal Data

We will only use your Personal Data when the law allows us to. Most commonly and depending on the situation in which we will use your Personal Data (see paragraph (b) below), we will use your Personal Data in the following circumstances:

  • Where we need to perform the contract we have entered into with you or in order to take steps at your request prior to entering into any such contract;
  • Where we need to comply with a legal obligation; and
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your Personal Data in the following less likely situations:

  • Where we need to protect your interests (or someone else’s interests);
  • Where it is needed in the public interest; and
  • Where you have given your consent.

(b) Situations in which we will use your Personal Data

The situations in which we will process your Personal Data are listed below.

  • To confirm and verify your identity and credit status in relation to your application or account and, where applicable, to conduct an appropriateness assessment.
  • To open, administer and operate your account and manage our relationship with you and to provide products or services to you (including carrying out or facilitating any transactions).
  • To monitor and analyze the contract for your accounts and relationship with us, to ensure compliance with our internal policies and/ or procedures and to be able to monitor risks and report them.
  • To carry out business, operational and administrative activities, including record keeping and audits.
  • To assess any credit limit or other credit decision (as well as the interest rate, fees and other changers to be applied to your account).
  • To carry out statistical and other analysis (including behavioral analysis).
  • To comply with any applicable laws and regulations and /or any voluntary code or industry best practice we reasonably decide to adopt.
  • To comply with the request or requirement of any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority.
  • To carry out the detection, investigation and prevention of fraud, tax evasion, money laundering, bribery, corruption, terrorist financing and other crime or malpractice and oversee and report on such detection, investigation and prevention activities.
  • For use in connection with any legal proceedings or regulatory action (including prospective legal proceedings/ regulatory action) and for obtaining legal advice or for establishing, exercising or defending legal rights.
  • To give you information and marketing materials (by post, telephone, email or other medium using the provided contact details) about events, products and services offered by us which may be of interest to you.

(c) If you fail to provide Personal Data

If you fail to provide certain information when requested, we may not be able to enter into a contract with you/ perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations (such as to complete our “know your client” checks). Therefore, please note that EFG may still process any available Personal Data.

7. Recipients of your Personal Data

We (and those parties to whom Personal Data is disclosed) may disclose Personal Data in the situations described above:

  • To any other EFG companies, which are EFG companies at the time of disclosure;
  • To third parties who provide services to us or that act as our agents (or prospective third party service providers or prospective agents). Such service providers and/ or agents may also disclose such information to their service providers or agents. We, or the relevant EFG company or EFG companies, will take all reasonable steps to ensure that the service provider or agent is subject to appropriate data processing requirements and that they impose such requirements on any of their service providers or agents;
  • To third parties in connection with a reorganization (including investment), amalgamation, merger or transfer or sale of all or part of our business, including to any insurers and professional advisors, and any third parties to whom we assign, transfer or charge our interest in any financial product or service provided to you;
  • To any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority;
  • To public authorities, regulators or governmental bodies, when required by law or regulation.
  • To other financial institutions or organizations, payment recipients, clearing houses, clearing and settlement systems, stock exchanges, credit card associations etc, as the case might be;
  • To any guarantor, where your account is backed by a guarantee;
  • To our agents, auditors, service providers, and professional advisors (and those agents, auditors, service providers and professional advisors of other EFG companies) to enable them to process the information in the situations described above as a data processor on behalf of us and/ or as a data controller and to enable them to perform their obligations;
  • To insurers and information providers; or
  • Otherwise if you consent to such disclosure.

8. Overseas transfers

The recipients referred to in section 7 above can be located outside of Switzerland and the European Economic Area.  In those cases, except where the relevant country has been determined to provide an adequate level of protection, we require such recipients to comply with appropriate measures designed to protect personal data. 

9. Retention of Personal Data

We will retain Personal Data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements. To determine the appropriate retention period for Personal Data, we consider the applicable legal requirements, as well as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.
Further information on the retention periods of Personal Data can be requested from your Client Relationship Officer and/ or the Data Protection Officer/ the Privacy Officer of the Bank.

10. Your rights and duties

(a) You duty to inform us of changes

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

(b) Your rights in connection with Personal Data

Under certain circumstances, and subject to applicable law, you have the right to:

  • Request access to your Persona Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes by writing to your Client Relationship Officer or using any opt-out facility specified by us in the relevant marketing communication.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data to another party (also known as “data portability”).
  • Where we process your personal data on the basis of your consent, withdraw that consent at any time.  Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • In certain circumstances, request not to be subject to automated decision-making, including profiling.

If you want to exercise your rights, as per above, please contact your Client Relationship Officer and/ or contact the Data Protection Officer/ the Privacy Officer of Bank by sending a letter.

The exercise of some of these rights may result in the Bank or any other EFG company no longer being able to provide you with a product or service.

Finally, you have the right to lodge a complaint with a supervisory authority.

(c) No fee usually required

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

(d) What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

(e) Queries relating to the processing of your Personal Data

If you have a query regarding the processing of your Personal Data please contact your Client Relationship Officer and/ or the Data Protection Officer/ the Privacy Officer of the Bank.

11. Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will notify you either in writing or by updating this Privacy Notice on this website. We may also notify you in other ways from time to time about the processing of your Personal Data.