Data protection
Privacy Notice for customers (existing or potential) of and visitors to the UBP website
1. Introduction
Welcome to the Privacy Notice of Union Bancaire Privée, UBP S.A. (“UBP” or “we” or “us”) for customers (existing or potential) of and visitors to the UBP website.
UBP (and/or any affiliates and branches of UBP Group) respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you about how we look after your personal data when you enter into an agreement with us, use our services or products and visit our website (regardless of where you visit it from) and tells you about your privacy rights and how the law protects you.
UBP is a “data controller”. This means that, except when we are obliged to process data for legal reasons, we are responsible for deciding how we hold and use your personal information. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.
Data protection principles
We will comply with data protection laws. These require that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about (and/or as required by the applicable laws)
- Kept securely
2. General information and Data Protection Officer Purpose of this Privacy Notice
This Privacy Notice aims to provide you with information on how UBP collects and processes your personal data, for example when you use UBP’s products and services, including any data you may provide us with through our website when you sign up to newsletters and/or when you visit any page of our website.
It is important that you read this Privacy Notice, together with any other privacy notice(s) we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of the personal information we collect about you, what we do with your information, and who your information may be shared with.
Data Protection Officer
We have appointed a Data Protection Officer who is responsible for overseeing questions relating to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the Data Protection Officer using the details set out below.
Contact details:
Mr Constantin Bratsiotis
Group Data Protection Officer
gdpo@ubp.ch
Union Bancaire Privée, UBP SA
Rue du Rhône 96-98 | P.O. Box 1320 | CH-1211 Geneva 1
T. + 41 58 819 37 66
In case you are based within the EU, you may prefer to contact our EU Data Protection Representative using the details set out below.
Contact details:
Union Bancaire Privée (Europe) SA,
EU Data Protection Representative
287-289 route d'Arlon,
L-1150 Luxembourg
DataPrivacy_Lux@ubp.com
You have the right to make a complaint to your local data privacy authority at any time. We would, however, appreciate the chance to deal with your concerns before you approach the local data privacy authority so would ask that you please contact us in the first instance.
3. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity data includes information such as first name, maiden name, last name, identification number or similar identifier, marital status, title, date of birth and gender, photocopies of passports.
- Contact data includes information such as home/residence/domicile address, e-mail address and telephone/fax numbers.
- Financial data includes information such as bank account and payment card details, as well as your financial position, status and history, wealth, source(s) of wealth, revenues, professional activity (past and present), solvency reports, knowledge and experience. Transaction data includes information such as details about payments to and from you, explanations as to the reasons for such transactions (including related documents), source of funds and other details of products and services you have purchased from us/invested in.
- Profile data includes information such as your username, e-mail address and (potentially) password, your interests, preferences, and feedback.
- Usage data includes information about how you use our products and services, our website and our e-Banking. The data collected include information such as type of device, browser software, pages visited on our website, IP address, country of connection, date and time of the connection, messages exchanged, voice calls and video calls.
- Marketing and communications data includes your preferences for receiving marketing from us and related third parties and your communication preferences.
We do not collect any special categories of sensitive personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, and information about criminal convictions and offences) unless required for lawful grounds and/or for the improvement of services based on agreements between you and us.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to carry out the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a service you have with us or refuse/sell an investment in a product but we will notify you if this is the case at the time.
4. How your personal data is collected
Members of UBP Group may collect, use and share personal data, including information about you, your transactions, your use of our products and services and your relationship with UBP Group.
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us personal data by filling in forms or by corresponding with us by post, telephone, e-mail, through our website, handing us your business card or by some other means. For example, this may include personal data you provide when you:
- apply for our products or services;
- open an account with us;
- request marketing material to be sent to you.
- Automated technologies or interactions. As you interact with our website or e-Banking, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies (please see our cookie policy, which is available on our website, for further information).
- From publicly accessible sources; background checks. We may have to seek further information about you from publicly accessible sources such as the Internet, the media, data-collection companies, debt or commercial registers, or from third parties we may appoint. In certain cases we may carry out a background check on you using third-party service providers.
5. How we use your personal data
We will only use your personal data when the law allows us to, or when you do. Most commonly, we will use your personal data in the following circumstances:
- When we need to carry out the contract we are about to enter into or have entered into with you.
- When it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- When we need to comply with a legal or regulatory obligation.
Generally we do not rely on your consent as a legal basis for processing your personal data. When we require consent we will get it from you separately to this notice. You have the right to withdraw consent to marketing at any time by writing to your relationship manager or using the communication tools we provide, for example when you visit our website.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways we plan (or have) to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
What we use your personal data for |
Our legal basis for processing your data |
To register you as a new customer and verify your identity, source of wealth etc. Carry out customer due diligence. |
To carry out a contract with you. To fulfil our legal obligations (for example our duty to combat money laundering, to fight terrorism and terrorism financing, and our duty to conduct Know Your Customer procedures). |
To perform credit checks and obtain or provide credit references. |
To fulfil our legal obligations and protect our legitimate interests. |
To deliver suitable products and services to you including: (a) To provide advice or guidance about our products and services; (b) To manage and provide investment products and services; (c) To handle any of your transactions. |
To carry out a contract with you. Necessary for our legitimate interests. To fulfil our legal obligations (for example our duty to check the suitability of a product). |
To process services, including: (a) To manage investments, payments, fees, charges and interest due on customer accounts; (b) To collect and recover money owed to us; (c) To manage calculations and payments of retrocessions, rebates and the like (as the case may be). |
To carry out a contract with you. Necessary for our legitimate interests including, for example, to recover debts due to us. To fulfil our legal obligations (for example to define your investment profile, answer requests from authorities, issuers and funds who may request details about you). |
To manage our relationship with you, which may include: (a) Notifying you about changes to our terms of business or privacy policy; (b) Ensuring you provide us with all the appropriate documentation for us to provide services to you. |
Necessary for our legitimate interests. |
To manage how we work with other companies that provide services to us, our products and our customers. |
Necessary for our legitimate interests. |
To perform financial crime/sanctions risk management activity. To manage risks for us and our customers. To meet compliance obligations that apply to us. For regulatory reporting/respond to enquiries received from relevant authorities. |
To fulfil our legal obligations. Necessary for our legitimate interests. |
Enforce or defend the rights of UBP or its staff. |
Necessary for our legitimate interests. |
For internal operational requirements of members of UBP group (including, for example, product development, insurance, tax, audit and credit and risk management). To improve our systems and services. To perform technical administration tasks on your accounts. |
Necessary for our legitimate interests. |
To manage our relationship with you (including developing the relationship and carrying out any marketing activities). To make suggestions and recommendations to you, for example, about products or services that may be of interest to you. |
Necessary for our legitimate interests including to develop our products/services and grow our business. To carry out a contract with you. |
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly those relating to marketing and advertising.
If you receive marketing directly from us, you can ask us to stop sending you marketing messages at any time by contacting your relationship manager or by using the communications tools we provide, for example when you visit our website.
When you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase or other transactions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Information about a change of purposes may happen through an amendment of the present Notice, so we encourage you to consult it regularly.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Data sharing
We may have to share your data with third parties, including third-party service providers and other entities in or outside the UBP Group.
We require third parties to respect the security of your data and to treat it in accordance with the applicable law.
We may also transfer your personal information outside Switzerland and/or the EU/EEA. In such jurisdictions, we implement appropriate contractual safeguards to protect confidentiality and personal data.
Why might you share my personal information?
When we use your personal information for the purposes set out in the table in paragraph 4 above, we may transfer and disclose it to, for example:
- Any member of UBP Group and any third party who provides services to a member of UBP Group or their agents;
- Any authorities (such as stock exchanges) where we are required to do so by law or regulations;
- Payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks, custodians, clearing houses, and clearing or settlement systems;
- Other financial institutions, brokers, fraud prevention agencies, trade associations, credit reference agencies and debt recovery agents;
- Any broker we provide instructions or referrals to or from whom we receive them;
- Any duly selected third party or member of UBP Group involved in the maintenance and operation of IT systems (including “cloud” computing services), the development, operation and maintenance of databases, software and applications, the establishment and implementation of processes and guidelines to ensure and/or improve the availability, usability, integrity and security of data;
- Any duly selected third party involved in the completion of certain administrative or logistical tasks, or the provision of other specific services such as the preparation of tax statements;
- Any duly selected third party involved in the preparation, printing and/or mailing to the clients of bank documents (such as the Bank’s correspondence with its clients, including transaction advices, statements of account, summaries of assets and tax statements),
- Any duly selected third party involved in specific activities, particularly those related to information and communication technologies (e.g. chat, videoconferencing, co-browsing and cloud computing services).
- Any further duly selected third party:
- in connection with any reorganisation, sale or acquisition of any UBP Group member’s business;
- we use to provide services to you; and
- for marketing purposes where you have consented to marketing.
The contractual agreements as well as the General Conditions/General Terms of Business that bind us further describe our respective duties and obligations in this regard, and will set out the limitations to the aforementioned sharing of information set out under any other applicable laws and regulations, in particular in relation to banking secrecy.
The above recipients may further process, transfer and disclose personal data for the purposes set out in paragraph 4 above and they may be in countries where data protection laws do not provide the same level of protection as in Switzerland and/or the EU.
For example, regulations implementing international agreements on tax compliance (such as Automatic Exchange of Information Agreements) may require us to report certain information about you (and/or about connected persons) to the tax authority in the country in which your account in maintained, which may transfer that information to any tax authority in countries where you or a connected person may be resident for tax purposes (please see our General Conditions/General Terms of Business for further details).
Which third-party service providers may process my personal information?
Third parties include third-party service providers including contractors and other entities within UBP Group, including third parties providing services in relation to certain products. The following are examples of categories of third-party service providers who may process personal information about you for the following purposes:
Category of third party receiving data |
Purpose of transfer |
Other banks and payment service providers. |
To enable interbank payments to be made on behalf of clients. |
Professional advisors and consultants, including: (a) Independent financial advisors; (b) Property consultants; (c) Other agents and advisors. |
To help us run your accounts and services, and provide valuations. To explore new ways of doing business. |
Law firms/entities providing legal advice. |
In order that we may receive professional legal advice in respect of the services we deliver to you. |
Regulators and other authorities. |
To comply with any legal obligations the Bank has, or follow any orders or instructions given by the relevant authorities (e.g. regulations implementing international agreements on tax compliance). |
Storage and documentation companies. |
To allow for files to be held securely off-site (which may include cloud-based platforms). |
Payment recipients, beneficiaries, account nominees, intermediaries, custodians correspondent and agent banks, clearing houses and clearing or settlement systems. |
To enable us to follow your instructions, provide services to you and handle any of your transactions. |
Other financial institutions, fraud prevention agencies, trade associations, credit reference agencies and debt recovery agents. |
To assess your ability to meet financial commitments. If you are unable to repay an amount owed to us following a demand for repayment. |
Funds, companies, issuers of securities. |
Certain issuers of securities may request to receive personal data relating to the beneficial owner of the funds invested. |
Third parties or members of UBP group involved in the maintenance and operation of IT systems, the development, operation and maintenance of databases, software and applications, the establishment and implementation of processes and guidelines to ensure and/or improve the availability, usability, integrity and security of data. |
To maintain/improve our IT systems and consequently our services (personal data such as names and addresses will be rendered anonymous if transferred to third parties). Account numbers may be made available in certain circumstances. |
Third parties involved in the completion of certain administrative or logistical tasks, or the provision of other specific services such as the preparation of tax statements |
To render certain complex services you have requested (personal data such as names and addresses will be rendered anonymous). |
For UBP Switzerland: third parties involved in the preparation, printing and/or mailing to the clients of bank documents (such as the Bank’s correspondence with the clients, including transaction advices, statements of account, summaries of assets and tax statements). |
To improve our services to you (you may always opt for our e-Banking services if you want to avoid the sharing of your data in this respect). |
Third parties involved in specific activities, particularly those relating to information and communication technologies (e.g. chat, videoconferencing, co-browsing and cloud computing services). |
To render technological services you have requested (your personal details may be accessible to such third parties during the chat/videoconference etc. and for a limited time thereafter). |
The aforementioned is a general description of the various cases where we may share data, but the data that we can share in your case strongly depends on any duty of confidentiality that we may have (such as bank or professional secrecy): consequently, please refer to the contractual agreements that we may have together, as well as to the applicable General Conditions/General Terms of Business, in order to have a more precise description of how data can be shared in your case.
How secure is my information with third-party service providers and other entities in UBP Group?
All our third-party service providers and other entities of UBP Group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
When might you share my personal information with other entities in UBP Group?
We may share your personal information with other entities in UBP Group as part of our centralised data storage system, to allow us to deliver certain services to you, for security reasons or for reporting activities.
7. International data transfers
When we share your personal data within UBP Group, this may involve transferring your data outside the European Economic Area (EEA) to countries where UBP Group (UBP and its affiliates and/or branches) is present, such as Switzerland, the Middle East and Asia.
Furthermore, some of our external third parties (or their sub-contractors in turn) are based outside the European Economic Area and/or outside Switzerland, for example in countries such as the United States, Singapore, Dubai, India and China, so their processing of your personal data will involve the transfer of data outside the EEA and/or outside Switzerland, or a third party accessing your data from such countries. These countries may not offer the same level of data protection as EEA countries or Switzerland
Whenever we transfer your personal data outside the EEA and/or outside Switzerland, or allow access from such countries, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or by Switzerland.
- If this is not the case, we will use specific contracts approved by the European Commission (and/or by Switzerland) which give personal data the same protection it has in the EEA (and/or in Switzerland).
8. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Personal data may be processed as part of the security monitoring we undertake, such as automated scans t o identify harmful emails, which involves detecting, investigating and resolving security threats. As much as possible, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Similarly, our third-party contractors, when relevant, will only process your personal information on our instructions and when they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach when we are legally required to do so.
9. Other ways we may use your information
To ensure we carry out your instructions accurately, to help us improve our service and in the interests of security, we may monitor and/or record your communications with us, such as telephone calls.
In the interests of security and preventing crime, we may use closed-circuit television in and around our premises for the monitoring and collection of visual images. All recordings remain our sole property.
Members of UBP Group may carry out Financial Crime Risk Management Activities. Exceptionally, this may result in members of UBP Group delaying or refusing either to process a payment or your instructions, or to provide all or part of any service to you.
No member of UBP Group shall be responsible to you or any third party for any loss incurred as a result of any member of UBP Group carrying out Financial Crime Risk Management Activities.
10. Profiling
We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), for example:
- we process data automatically (and this is required by law) when our systems scan transfers of funds in order to combat money laundering and the financing of terrorism, as well as to monitor any transaction to detect whether it circumvents rules related to international sanctions and embargoes, etc.;
- this may also be the case when we assess your needs for products and services.
11. Data retention
How long will you use my information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Personal data may be held for longer periods where extended retention periods are required by law, by a court decision (or a decision of any other relevant authority) or by UBP’s internal rules and in order to establish, exercise of defend our legal rights.
Details of retention periods for different aspects of your personal information are available upon request.
12. Your legal rights
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no legitimate reason for us to continue processing it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing it on these grounds. You also have the right to object when we process your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your information.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your information.
- Request the transfer of your personal information to another party.
If you wish to exercise any of the rights set out above, please contact us.
Your duty to inform us of changes
It is also important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us or even after, as we may need to contact you after our relationship has come to an end.
13. Right to withdraw consent
In the limited circumstances where you may have provided your consent for the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.
If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
14. Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time and a new privacy notice will be uploaded onto UBP’s website (www.ubp.com) when we make any updates. We may also notify you in other ways from time to time about the processing of your personal information.
15. Third-party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements/notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.