Data Privacy Statement
BBVA SA (the “Bank”) cares about your privacy and is committed to give your personal data a high level of protection. This notice aims to inform you about the data the Bank collects, as well as the reasons for processing it and the rights you have.
Please read the following information carefully. Should you have any questions or comments, do not hesitate to contact firstname.lastname@example.org or BBVA SA, Data Protection Office, Selnaustrasse 32, 8001 Zurich, the entity responsible for the processing of your data.
- Who is responsible for the data processing and how can you contact them?
The following entity is responsible for the data processing:
Data Protection Office
- What kind of personal Data does the Bank collect?
For the purpose of this notice, “personal data” means any information in relation to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly. Depending on the product or service we provide to you, the Bank collects and processes your personal data, including the following:
- KYC (“Know Your Client”) information such as your name, date of birth and address, a copy of your passport or other identification document, telephone number and email, nomination of a mandate, as well as family details (name of your partner or children, for example)
- Where permitted by law, we collect and process special categories of personal data such as biometric information (e.g. Touch-ID), political affiliations, health information, racial or ethnic origin or religious or philosophical beliefs. Information related to criminal convictions or offences is collected and processed, if allowed by law.
- Your tax domicile and related documents and information
- Professional information about you as well as knowledge and experience in investment matters including your investment objectives.
- Payment and transaction records, financial statements, earnings, investments, liabilities and revenues, as well as other financial information.
- Numeric identifiers assigned to you such as client or account number.
- Records of telephone calls or exchange of emails between you and the Bank and the products and services you use.
- In case you access our website, our server will record the data transmitted by your browser automatically. The information recorded will include the date and time you accessed the website, the files you accessed, the data volume transmitted, the performance, what kind of web browser you are using as well as the language, the requesting domain and the IP address. You can find additional information directly on our website.
The source of our data are usually our clients but we do, in some cases, collect information from publicly available sources such as national authorities, commercial registers or other third-party sources such as credit rating agencies, wealth screening services or other entities of the BBVA Group.
Please keep in mind that we collect and process data not only of account holders but also of any person involved in the business relationship such as authorized representatives, persons holding a power of attorney and beneficial owners. You should inform them accordingly and provide a copy of this Data Privacy Statement to those individuals.
What is the purpose of processing your data?
The main reason for the collection and processing of your personal data is the fulfillment of our contractual obligations towards you.. he Bank needs to process your data in order to provide you with advisory or discretionary services, carry out transactions or meet our legal and regulatory responsibilities including making disclosures to authorities, regulators and other governmental offices. You can find other details about the purposes of data processing in the relevant contract documents and terms and conditions.
The data is usually collected during the client on-boarding process in order to verify your identity, for example, and conduct other compliance checks, in order to meet our legal obligations according to anti-money-laundering regulations, tax legislation, as well as to prevent frauds. The Bank needs to collect the personal data in order to meet these legal and regulatory obligations. If we cannot collect personal data, we may be unable to provide products or services to you.
Where legitimate purposes allow it, we process your data beyond the actual fulfilment of the contract. Examples of legitimate interest are:
- Guarantee the Bank’s IT security and operation (IT).
- Defence in legal disputes and assertion of legal claims as well as prevention and clarification of crimes.
- Development of services and products.
- Reviewing and optimizing procedures.
- In relation to the credit business, consulting and exchanging information with offices such as debt registers to investigate credit worthiness and credit risk.
- Risk Controls at the Bank.
- Video surveillance of our premises to provide security.
As long as you have granted us consent, the Bank can process your data for a certain purpose, such as analysing your trading activities for marketing purposes.
Some of your data might be processed automatically, in order to assess certain personal aspects (profiling). Profiling is used due to legal and regulatory requirements to combat money laundering, terrorism financing and other offenses that pose danger to assets . We also can process data automatically to notify and advise you regarding products or services.
- Who has access to your data?
We do not share your personal data with third parties if we do not have your consent or unless we are required to do so by law..
In order to fulfil our contractual obligations towards you, we share some of your personal data with third parties such as correspondent banks, brokers, exchanges, clearing houses, trade repositories and other credit or financial institutions. We are also required, in some cases, to share information with public or regulatory authorities such as FINMA (Switzerland’s independent financial-markets regulator) or law enforcement agencies, for example.
The Bank can give access to entities that provide services to the Bank to your personal information, such as IT partners, hosting providers, fraud prevention or credit reference agencies, among others. In these cases, the Bank takes the necessary steps to ensure the service providers meet our data security standards in order to keep your data secure.
In some cases, the recipients of personal data can be located outside Switzerland. If the relevant country has not been determined by the Federal Data Protection and Information Commissioner to provide an adequate level of protection, the Bank requires the data recipients to apply appropriate measures to protect personal data by signing a binding legal agreement to comply with the data protection level in Switzerland and Europe. Transfers outside the European Economic Area or Switzerland are only made where the transfer is made to entities that can demonstrate equivalent standards of security and other relevant data processing requirements.
- How long do we store your data?
We will store your data as long as necessary to fulfil the purpose for which it was collected or to comply with legal and regulatory obligations. In general, the Bank will retain personal data for the period of your relationship or contract with the Bank plus 10 years, in order to respond to or make legal claims following the termination of the relationship or contract, for example. The Swiss Financial Supervisory Authority has also laid down numerous requirements, such as recording external and internal telephone calls of all employees engaged in securities trading, as well as all electronic correspondence.
In case you request your data to be deleted, we will assess the request and delete the data, in case the data is no longer required to fulfil any contractual, regulatory or legal obligation.
- What are your rights?
The applicable rules give you, as data subject, the following rights related to your personal data:
- Right of access:: You have the right to know if the Bank processes your personal data and, where that is the case, you have the right to know the purpose of the processing, the categories of the data concerned and the recipients of the personal data, among others.
- Right to rectification: :: You have the right to request the rectification of inaccurate personal data about you.
- Right to erasure (“Right to be forgotten”) and right to restriction of processing: You have the right to ask BBVA (Suiza) SA to stop processing your data or to delete it. Please keep in mind that these rights are not absolute, as there may be overriding interests that require us to keep processing your personal data in order to fulfil legal or regulatory obligations. The Bank will, in any case, assess your request and respond without undue delay.
Right to data portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have your personal data transmitted to another controller without hindrance.
- Right to data portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have your personal data transmitted to another controller without hindrance.
- Right to object: You have the right to object to the processing of your personal data, unless the Bank demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedom or exercise or defence of legal claims. Where your personal data is processed for direct marketing purposes, you have the right to object at any time.
- Changes to your personal data
In order to keep your personal data up to date, we kindly ask you to inform us of any changes as soon as possible.
- Exercising your rights
You have the right to withdraw the consent granted to us for the processing of your personal data at any time. The withdrawal only applies going forward and does not have retrospective effect. In order to do so or to obtain additional information, you can contact the Bank under email@example.com or BBVA (Suiza) SA, Data Protection Office, Selnaustrasse 32, 8001 Zurich.
This data protection information was last updated on May 18 2018. Any future amendment or addition will be communicated to you through an appropriate channel (e.g. publication on our website).