Legal Information

GDPR Notice

This information is valid for existing and future customers of the Vonlanten Group. Vonlanten is committed to complying with bank-client confidentiality and data protection laws and regulations and therefore, to guarantee the protection and privacy of your Personal Data.

The following details declare how we process your Personal Data and your rights under data protection laws and regulations. Which data is handled and how it is used is mainly determined by the services requested or agreed upon in each situation. However, we process data about persons ("Personal Data"), such as information about our suppliers' employees and contractors. Please also provide this information to any co-obligors under a loan and existing and future authorised agents and beneficial owners. Beneficiaries in the case of death, business attorneys-in-fact, and guarantors are examples of these.

The following entity handles data processing:

Vonlanten Group
Stockerstrasse 38
CH-8002 Zurich
Switzerland

Telephone +41 (0)44 442 22 10

Email: legal@vonlanten.com


1. WHO IS RESPONSIBLE FOR THE DATA PROCESSING, AND WHO CAN I CONTACT IN THIS REGARD?

2. WHAT KIND OF DATA DO WE PROCESS, AND FROM WHAT SOURCE?

In our business relationship, we process Personal Data that we obtain from you as an Affected Person. We process Personal Data that we legitimately (for example, to execute orders, implement contracts, or based on your consent) receive from other companies within the Vonlanten Group or other parties if it is essential for the performance of our services (such as private commercial databases). We also handle Personal Data that we legitimately collect and are authorized to process from publicly available sources (such as debtor directories, land registries, trade registrations, organization registers, the press, and the Internet).

Moreover, in our dealings with current and prospective Affected Persons, we process Personal Data such as name, address, and other contact details (telephone, e-mail address), title, birth date, gender, nationality, marital status, partner type data (employed / self-employed), identification data (such as ID, tax ID), certification data (such as specimen signature), contract-related information (for example, sales data in payment transactions), order data, including online banking (for example, payment orders), and information about your financial situation (for example, creditworthiness statistics, scoring/rating data, asset origin), CVs, criminal records, or any other publicly available or accessible information through third-party providers. We also handle advertising and sales data (including advertising ratings), documentation data (such as consultation protocols), and other data equivalent to the abovementioned categories.


3. DO YOU COLLECT SPECIAL CATEGORIES OF DATA (ARTICLE 3 (C) FADP; ART. 9 GDPR) AT VONLANTEN?

Suppose we process any specific categories of data on Affected Persons. In that case, we will only do so if it is essential for the establishment, exercise, or defence of a legal claim, if it is in the public interest, or if you have given Vonlanten your explicit agreement to process that data (where legally permissible). As a result, we may handle biometric data that is categorised as sensitive Personal Data (Article 4 (14) and Art. 9 (1) GDPR). To get a biometric identity (for example, Touch ID) or other biometric identification to use for access to specific applications, your express agreement will be necessary for a separate procedure.


4. ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA, AND FOR WHAT PURPOSE?

We comply with the rules of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) while processing the Personal Data:

4.1. FOR CONTRACTUAL DUTIES (ARTICLE 13 (2) (A) FADP;
ARTICLE 6 (1) (B) GDPR)

Data is processed to offer banking and financial services to our clients as part of our contractual obligations or to carry out pre-contractual procedures in response to a request. The primary objective of data processing is to comply with the specific product (such as a bank account, credit, building society savings, securities, deposits, and client referral) and might include needs assessments, guidance, management, and assistance, as well as transaction processing. Additional information about data processing purposes may be found in the contract papers and terms and conditions.

4.2. FOR COMPLIANCE WITH A LEGAL REQUIREMENT (ARTICLE 13 (1) FADP; ARTICLE 6 (1) (C) GDPR) OR IN THE PUBLIC INTEREST (ARTICLE 6 (1) (E) GDPR).

We are also bound by various legal obligations (both globally and locally), including statutory requirements (such as the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Mortgage Bond Act, financial supervisory ordinances and circulars, and tax laws) and bank regulatory requirements (such as the Swiss Banking Act, Collective Investment Schemes Act, Anti-Money Laundering Act, Anti-Money Laundering Act, Mortgage Bond Act, financial supervisory ordinances and circulars, and tax laws (for example, Swiss National Bank and FINMA). Other processing objectives include creditworthiness evaluation, identification and age verification, anti-fraud and anti-money laundering measures, tax law control and reporting responsibilities, and risk assessment and management within the bank and the Group.

4.3. FOR THE PURPOSES OF SAFEGUARDING LEGITIMATE INTERESTS (ART. 13 (1) FADP; ART. 6 (1) (F) GDPR)

Where required, we handle your data outside the scope of our contractual duties to protect our or a third party's legitimate interests, which do not jeopardize your interests or basic rights and freedoms. We also acquire Personal Data from publicly available sources for customer acquisition objectives, in addition to the examples below:

  • Consulting and sharing data with information offices (such as the debt registry) to examine creditworthiness and credit risks in the credit company, as well as the necessity for a basic non-sizable balance and basic accounts;

  • Reviewing and improving methods for assessing requirements in order to have direct client interactions;

  • Marketing or market and opinion research, unless you object to your data being used in this way;

  • Defending and asserting legal rights in legal disputes;

  • IT security and operational assurance;

  • Crime detection and prevention;

  • Video surveillance to safeguard property owners' rights to keep trespassers out, collect evidence in robberies or fraud, or show availability and deposits, such as at ATMs and business entrances;

  • Security measures for buildings and sites (such as access restrictions);

  • Measures to protect the rights of property owners;

  • Measures for managing a firm and developing new services and products;

  • Risk management in groups;

The legal foundation for all data processing described in paragraphs 4.1–4.3 is the requirement of fulfilling a legal duty. As a result, obtaining your prior consent to handle this data is not required in certain situations.

4.4. AS A RESULT OF YOUR PERMISSION (ART. 13 (1) FADP; ART. 6 (1) (A) GDPR)

The lawfulness of such processing is based on your permission insofar as you have given to the processing of Personal Data for particular objectives (such as data transfer within the Group, analysis of trade operations for marketing purposes, etc.). Any given permission can be withdrawn at any moment. This also applies to the withdrawal of consent declarations given to us before the GDPR's implementation, that is, prior to May 25, 2018.

Please keep in mind that the revocation is only effective in the future. Any processing done to the revocation is unaffected.


5. WHO RECEIVES YOUR DATA?

he divisions within Vonlanten that have access to your information are those that need it to fulfil our contractual, legal, and regulatory responsibilities. We can also allow service providers and vicarious agents access to data for the purposes stated if they preserve banking secrecy and follow our written instructions in accordance with data protection laws and regulations. These businesses provide banking, IT, logistics, printing, telecommunications, collecting, advising and consulting, and sales and marketing services.

When it comes to sending data to receivers outside of Vonlanten, it's important to remember that, as a bank, we have a legal obligation to keep any client-related facts and evaluations to ourselves (banking confidentiality pursuant to our general terms and conditions; Art. 47 Swiss Federal Banking Act). We may reveal information about you only if we are legally compelled to do so, if you have provided your consent, if we are allowed to release bank information, and/or if processors commissioned by us ensure compliance with banking secrecy and the FADP / GDPR requirements).

Personal Data receivers who fall under these guidelines might include, for example:

  • Insofar as a legislative or legal duty exists, public agencies and organisations (such as the Swiss National Bank, financial supervisory regulations, financial authorities, and criminal prosecution authorities)

  • Other Vonlanten enterprises for risk management owing to legislative or governmental responsibilities;

  • Other credit and financial service institutions, comparable institutions, and processors to whom we may transfer your Personal Data to carry out any business relationship with you (specifically, processing of bank references, support/maintenance of EDP / IT applications, archiving, document processing, call centre services, compliance services, controlling, anti-money laundering data screening, purchasing/procurement, space management, real estate appraisals, loan processing services, collateral management, collection, payment card processing (debit cards/credit cards), customer management, marketing, media technology, reporting, research, risk controlling, expense accounting, telephony, video identification, website management, investment services, share register, fund management, purchasing/procurement.)

Other data recipients might include any units for which you have granted your approval to data transfer or for which you have agreed or consented to exempt us from banking confidentiality.


6. IS YOUR INFORMATION SHARED WITH ANY OTHER COUNTRIES OR FOREIGN ORGANISATIONS?

Data will only be transferred to countries outside of Switzerland, the EU, or the EEA (so-called third countries) if it is necessary to carry out your orders (such as payment and securities orders), if it is required by law (such as tax reporting obligations), if you have given us your consent, or if it is part of commissioned data processing. If third-country service providers are employed, they must adhere to the data protection level in Switzerland and Europe, as well as written instructions based on the EU standard contractual terms.

We take our responsibility to ensure that any transfers outside the EU or EEA are made only to organisations that can show equivalency in terms of security and other applicable data processing criteria very seriously.


7. HOW LONG WILL MY INFORMATION BE KEPT?

We handle and retain your Personal Data for as long as it's required to fulfil our contractual and legal responsibilities. In this regard, it is important to remember that our business partnership is a long-term commitment. We have procedures in place to assess the various types of data we store at various stages to ensure that we do not keep them for an unreasonable amount of time. If the data are no longer needed to fulfil our contractual and statutory duties, they are routinely erased unless their continued processing – for a limited time – is required for other legal objectives, such as:

  • The Swiss Code of Obligations (OR) in conjunction with the Accounting Ordinance, the Federal Act on Direct Taxation, the Federal Act on Value Added Taxation, the Federal Act on Harmonisation of Direct Taxes of Cantons and Municipalities, the Federal Act on Stamp Duties, the Federal Act on Withholding Tax, the Swiss Code of Obligations (OR) in conjunction with the Accounting Ordinance, the Swiss Code of Obligations (OR) in conjunction with the Accounting Ordinance, the Swiss Code of Obligations The storage and documentation durations mentioned therein may vary.

  • When litigation is reasonably expected, which requires us to maintain records for an indefinite period of time, we must preserve evidence and/or all kinds of relevant information.


8. DATA PROTECTION RIGHTS

8.1. IN GENERAL

Every data subject has the right to access (Art. 8 FADP; Art. 15 GDPR), rectification (Art. 5 FADP; Art. 16 GDPR), erasure (Art. 5 FADP; Art. 17 GDPR), restriction of processing (Art. 12, 13, 15 FADP; Art. 18 GDPR), object (Art. 4 FADP; Art. 21 GDPR), and, if applicable, data portability (Art. 4 FADP; Art. 21 GDPR) (Art. 20 GDPR). You also have the right to file a complaint with an appropriate data privacy regulatory authority, if relevant (Art. 77 GDPR). The rights are determined by the legal basis chosen for retaining the data.

At any moment, you have the right to cancel your consent to the processing of your Personal Data. This also applies to the withdrawal of consent declarations made previous to the EU General Data Protection Regulation's entrance into effect on May 25, 2018, i.e., before May 25, 2018. Please note that the revocation is only effective in the future. Any processing done previous to the revocation is unaffected.

8.2. AD HOC RIGHT OF OBJECTION (ART. 21 GDPR)

You have the right to object at any time to the processing of Personal Data about you that is based on the processing in the public interest (Art. 6 (1) (e) GDPR) or for the purposes of safeguarding legitimate interests (Art. 6 (1) (f) GDPR), including any profiling based on those provisions within the meaning of Art. 4 (4) GDPR, on grounds relating to your particular situation.

If you object, we will no longer process your Personal Data unless we can show that there are compelling, legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the enforcement, exercise, or defense of legal claims. Please be aware that we will not be able to supply services or continue a business relationship in such circumstances.

8.3. OBJECTION TO DATA PROCESSING FOR MARKETING REASONS IS A LEGAL RIGHT.

We may use your Personal Data for direct marketing purposes in some instances. You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling if it is connected to direct marketing. If you object to your Personal Data being used for direct marketing reasons, we shall no longer use it for that purpose.


9. IS THERE ANY RESPONSIBILITY ON MY PART TO DISCLOSE INFORMATION?

You must supply Personal Data that is essential for the commencement and execution of a business relationship, as well as the fulfilment of the related contractual duties, or that we are legally obligated to collect as part of our business relationship. Without this data, we would often be unable to engage in a contract or execute an order, or we would be unable to complete an existing contract and would be forced to terminate it.

Money laundering laws, in particular, require us to verify your identification before engaging in a commercial connection, for example, by using your identity card, and to keep track of your name, birthplace, date of birth, nationality, and home address. You must supply us with the appropriate information and documentation, as well as notify us of any changes that may occur over the course of our business relationship in order for us to comply with this statutory requirement. We will not be able to get into or continue your requested business connection if you do not supply us with the appropriate information and documentation.


10. HOW MUCH AUTOMATED DECISION-MAKING (INCLUDING PROFILING) TAKES PLACE?

To create and implement the commercial relationship, we generally do not make choices based exclusively on automated processing as specified in Art.22 GDPR. If we utilise these processes in certain instances, we will notify you separately unless the law requires otherwise. Under some situations, you will have the right to object to these processes.


11. IS PROFILING USED WITHIN VONLANTEN?

In some situations, we use automated processing to evaluate some personal elements of your data (profiling). For example:

  • Anti-money laundering, anti-fraud, and anti-terrorism funding measures, as well as measures linked to offences that endanger assets, are all mandated by law. In this context, data assessments are also carried out (for example, in payment transactions). These safeguards are also for your safety.

  • We employ assessment tools to offer you customised product information and suggestions. These allow for demand-driven marketing and advertising, as well as market and opinion research.


12. HOW DOES VONLANTEN PROTECT PERSONAL DATA?

To preserve and guarantee the confidentiality of Personal Data, all staff who have access to it must follow the internal rules, policies, and processes that govern its processing. They must also comply with all technological and organisational security measures in place to safeguard Personal Data.

We've also put in place sufficient technological and organisational safeguards to protect Personal Data from unauthorised, unintentional, or illegal destruction, loss, modification, misuse, disclosure, or access, as well as any other types of unlawful processing. These security measures were established with special attention to sensitive data, taking into consideration the state of the Art of technology, the cost of implementation, the dangers posed by the processing, and the nature of the Personal Data.


13. CONTACT

Please also let us know if we don't fulfil your expectations when it comes to the processing of Personal Data or if you have a complaint about our data protection policies; this allows us to investigate the situation and make necessary adjustments. In any of these instances, please submit a written request to the entity or one of the DPOs listed in section 1 together with a clearly readable copy of a valid official ID document (for example, a passport or ID card). We will confirm receipt as soon as possible, investigate your problem, and respond as soon as possible. If, due to the complexity and quantity of requests, a comprehensive answer will take more than one month.


14. OTHER LEGISLATION ASPECTS

We must record telephone calls with regard to activities concluded in the execution of our services in some of our legal entities to comply with other regulations, such as the European Parliament's Directive 2014/65/EU (MiFID II). Please check our comprehensive information at www.vonlanten.com for further information on the treatment of your Personal Data in this regard.


15. CHANGES TO THE PRIVACY POLICY

This information on data protection was last updated on December 19, 2022. It may alter. Any future modifications or additions to the above-described processing of Personal Data that impact you will be informed to you via the relevant channel (for example, it will be posted on our website).