As part of its business, Banca Zarattini & Co SA (hereinafter simply the “Bank”, “we”, or “us”) processes data relating to natural persons and legal persons (“personal data”). Such personal data includes information about clients (current and past), potential clients, business partners and their employees, and any other persons who interact with the Bank (hereinafter referred to as “you”).
The Bank scrupulously complies with the Swiss Federal Data Protection Act (FDPA) and indirectly with the General Data Protection Regulation of the European Union (GDPR). Although the GDPR is an EU regulation, it is certainly relevant for the Bank as well, considering that Swiss data protection legislation is historically closely linked to EU regulations.
1. Purpose of this policy
The following policy is intended to provide an overview of how your personal data is processed and of your rights under data protection legislation. Specifically, what information is processed and how it is used depends substantially on the services requested and/or agreed upon and how you interact with us. This communication does not constitute a waiver of banking secrecy; as a client of Banca Zarattini (in this regard, please refer to the provisions of the General Conditions), your information is protected by banking secrecy laws that prohibit the disclosure of information to third parties, unless otherwise authorized by you.
2. What personal data we collect?
We collect and use personal data in accordance with: our business relationships, the services we provide, and the laws and regulations we have to comply with.
The Bank processes the personal data it obtains from clients as part of the business relationship. It collects and processes personal data that it obtains from freely accessible public sources (e.g., debt registers, trade and association registers, the press, the internet) or that is legitimately transferred by other companies or third parties (e.g., credit information agencies), including where necessary to provide its services.
More specifically, we may then collect various types of personal data, including:
• personally identifiable information (e.g. name, identify card and passport number, nationality, place and date of birth, photograph);
• contact details (e.g. postal address and e-mail address, telephone number);
• family situation (e.g. marital status, number of children);
• tax status (e.g. tax code, tax status);
• education and employment information (e.g. education level, occupation, employer’s name, salary);
• bank, financial and transactional details and information on your financial situation (e.g., bank account details, financial statements, credit card number, money transfers, assets, declared investor profile, credit history and data on credit worthiness and credit score/rating, debts and expenses, origin of assets, and your knowledge of financial products, as well as your level of investment expertise and experience);
• Information relating to client risk assessments such as client due diligence data (including results of periodic checks), client risk profiles, data to assess suitability/adequacy, client qualification data (e.g., qualified investor status), screening notices (transaction screening, name screening), tax data, or information relating to claims;
• the data from telephone records with the Bank’s operators (e.g., telephone number, data relevant to identifying the call, such as date, time, and duration);
• the data from video recordings from the surveillance system during visits to our offices;
• deatils of our interactions with you and of the products and services you use, including electronic interactions through various channels such as e-mail and mobile applications.
We do not ask for, collect, or store personal data relating to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation, or data relating to criminal convictions and offences unless required by law.
3. Specific cases of personal data collection, including indirect collection
This Privacy Policy also applies to persons who have no contractual relationship with the Bank, but whose information is processed by the Bank for other reasons:
• People who write to us or otherwise contact us;
• Visitors to our websites;
• Recipients of information and marketing communications;
• Contact persons of our suppliers;
• Buyers and other business partners;
• Visitors to our offices.
or if your contact details are provided by one of our clients, for example:
• Family members;
• Mortgage co-signers / guarantors;
• Legal representatives (power of attorney);
• Beneficiaries of payment transactions carried out by our clients;
• Beneficiaries of insurance policies and trusts;
• Homeowners;
• Beneficial owners;
• Debtors of clients (e.g., in the event of bankruptcy);
• Shareholders of companies;
• Representatives of legal persons (which may be clients or sellers).
Please note that the biometric data used in the identification procedures for the web and mobile applications used by the Bank are stored exclusively on your device and therefore are managed independently by the respective service provider and/or operating system operator. The Bank cannot access your biometric data. We therefore recommend that you read the privacy policy of the relevant service provider or operator.
4. Why and for what puspose we use your personal data
To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including:
• banking and financial regulations in accordance with which we must:
– implement security measures to prevent abuse and fraud;
– detect transactions that deviate from normal patterns;
– define your credit risk score and repayment capacity;
– monitor and report risks that institutions may incur;
– respond to any official request from a duly authorized public or judicial authority;
– collect data to adjust investment proposals (e.g., knowledge and experience, desired risk level, and sustainability preferences for financial products);
– record phone calls, chats, email, etc;
• prevention of money-laundering and financing of terrorism;
• compliance with legislation relating to sanctions and embargoes;
• combatting against tax fraud and fulfilment of tax audit and notification obligations.
To be able to draw up a contract, following a request from you, or to fulfil a contract with you
We use your personal data to enter into and perform our contracts, including to:
• provide you with information about our products and services;
• assist you and answer your questions;
• Assess whether we can offer you a product or service and under what conditions.
To pursue our legitimate interests
We use your personal data to implement and develop our products and services, to improve our risk management processes, and to defend our legal rights, including:
• verifying transactions;
• fraud prevention;
• Juridicial or extrajudicial litigation or defense before foreign or national authorities;
• IT management, including infrastructure management, business continuity, and IT security;
• system and building security measures (e.g., access control and video surveillance);
• development of individual statistical models based on transaction analysis, for example to help determine your credit risk score;
• customizing the services we offer you or the entity you represent;
• improving the quality of our banking services.
To respect your choices following your consent to specific processing purposes
In some cases, we require your consent to process your data, for example:
• if the processing leads to automated decision-making, which results in legal effects or significantly affects you. At that point, we will inform you separately about the matter in question, as well as the significance and expected consequences of such processing;
• if we carry out further processing for purposes other than those indicated in this policy, we will inform you and ask for your consent, where necessary.
For information and direct marketing
Subject to your consent, we use your personal data to send information and advertising messages relating to products and services that we believe may be of interest to you, including:
• forwarding information following subscription to newsletters;
• participation in the social media channels used by the Bank;
• events organized by the Bank or sponsorships;
You can revoke any previously given consent to the processing of data for marketing purposes by sending a written request to this effect, including by e-mail to the address indicated in this policy.
5. Sharing of personal data
In order to fulfill the above purposes, but always in compliance with applicable legislation regarding information sharing, we disclose your personal data to:
• service providers who carry out services on our behalf or subcontractors engaged by us if they enter into appropriate confidentiality agreements.
• independent agents, intermediaries, depositaries, or brokers, credit rating agencies, and debt collection tracing agents.
• banking and specialist partners with whom we have a regular relationship
• financial, tax, regulatory, or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law.
• some regulated professionals such as lawyers, notaries, consultants, or auditors.
• IT services (including hosting and cloud services), logistics services;
• fraud prevention agencies (“FPAs”) in order to verify the identity of the client or of persons or to investigate or prevent money laundering, fraud, or other illegal activities.
6. Transfers of personal data outside Switzerland or the European Economic Area (EEA)
We will transfer your data to another country only when strictly necessary to fulfill the purposes described above. In the case of international transfers to a country for which the Competent Authority has agreed to provide an adequate level of data protection, your personal data may be transferred without additional consent.
For transfers to a country where the level of protection of personal data has not been recognized as “adequate” by the Competent Authority, we will rely on a waiver applicable to the specific situation (for example, if the transfer is necessary to conclude our contract with you, such as when making an international payment or for securities trading) or we may implement standard contractual clauses approved by the Competent Authority to ensure the protection of your personal data.
7. How long we retain your personal data for
We will retain your personal data for whichever period is longest out of: (i) the period required by applicable law; or (ii) the period necessary for us to fulfill our operational obligations, such as: proper account maintenance, client relationship management, and responding to legal complaints or regulatory requirements.
In general, Banca Zarattini & Co. will keep personal data for the entire duration of your relationship or contract with Banca Zarattini & Co., plus the following 10 years. Ongoing or anticipated legal or regulatory proceedings may lead to retention beyond this period.
In accordance with the provisions of the Swiss Federal Financial Market Supervisory Authority (“FINMA”), Banca Zarattini & Co. is also required to record the external and internal telephone calls of all employees engaged in trading transferable securities for a minimum period of 2 years. The Bank retains this type of data for 10 years.
Banca Zarattini & Co. also stores all data on incoming and outgoing business communications and all electronic correspondence (e-mails, chats, client communications, etc.) in an electronic archive for a period of 10 years.
Data on visitors to the Bank’s offices is retained for a period of 1 year.
At the end of these periods, the data will be deleted or anonymized.
8. What are your rights and can you exercise them
Depending on the data protection laws that apply to your situation, you have the following rights:
• access: you can obtain information relating to the processing of your personal data, and a copy of such personal data;
• correction: if you believe that your personal data is inaccurate or incomplete, you may request that your personal data be amended accordingly;
• deletion: you may request the deletion of your personal data, to the extent permitted by law;
• restriction: you can request that the processing of your personal data be restricted;
• objection: you can object to the processing of your personal data, for reasons related to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes, including profiling related to such marketing;
• withdrawal: where you have consented to the processing of your personal data, you have the right to withdraw your consent at any time;
• portability: where legally applicable, you have the right to have the personal data you have provided to us returned and, with technically feasible, transferred to a third party;
• Complaint: in accordance with current legislation, in addition to the rights above, you also have the right to lodge a complaint with the competent supervisory authority.
Please note that your rights in certain circumstances are not applicable or may be subject to exceptions; in the event that the right to restriction of processing, objection to processing, or withdrawal of consent to processing is exercised, the Bank may not be able to provide you with the requested services or to carry on the business relationship with you. If the Bank is unable to comply with your request, it will provide you with an adequate explanation.
If you need more information, or if you wish to exercise the rights listed above, please send a letter or e-mail to the address indicated in this policy.
9. Security Notice
We have adequate technical and organizational measures in place to prevent unauthorized or illegal access to the personal data you have provided to us. As complete data security cannot be guaranteed for communications by e-mail or similar means of communication, we recommend sending any particularly confidential information via a secure method agreed with the Bank.
10. How can we keep up with changes to this data protection notice
The Bank reserves the right to modify, update, add, or remove parts of this policy at its discretion and at any time. Before communicating or providing personal data to us, it is your responsibility to check the updated terms included in the policy. This privacy policy was updated in August, 2023.
11. How to contact us
If you have any questions regarding the use of personal data under this Privacy Policy or the exercise of your rights, you can contact the Data Controller and the Data Protection Advisor at the following address:
In writing:
Banca Zarattini & Co. SA
Via Serafino Balestra 17
6900 Lugano
Switzerland
Tel. +41 91 260 85 85
by e-mail:
dataprotection@zarattinibank.ch
Following your request, we may ask you to provide proof of your identity or documents in support of your request.