00800 24 800 800 DE EN FR IT
Logout
Privacy policy General privacy policy of Baloise Bank Ltd
1. Basic rule and scope

This privacy policy provides you with an overview of the processing of your personal details and your rights under the Federal Act of 19 June 1992 on Data Protection in connection with basic contracts of Baloise Bank Ltd (hereinafter also referred to as “Baloise” or “we”; see clause 2). We process your personal details (hereinafter referred to as “data”) or the data of other persons insofar as this is necessary for the conclusion, performance or termination of, or support related to, a basic contract.

Personal details are data that relate to an identified or identifiable natural person. Sensitive personal data are personal details that are specially protected by law due to their sensitivity (see clause 3.10). Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or deletion. We comply with the Federal Data Protection Act (FADP), the Data Protection Ordinance (DPO) and any other possible data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR]).

In the following, we will show what data we collect, what we use it for and what your rights are in this regard. Independent privacy policies as well as further provisions (e.g. General Terms and Conditions, Terms of Use, declarations of consent or Product Information) apply to certain forms of data processing – for example for online applications (also referred to as “apps”) offered by the Bank, such as the Baloise Bank TWINT app, Baloise mobile banking and e-banking, for loan and mortgage agreements, for financial and pension planning, etc. These are available on the corresponding web pages or in the corresponding apps.

We not only process data of our customers, but also data of third parties, in particular of the following persons:

  • Former and current prospective customers and visitors
  • Former and current customers
  • Authorised representatives, grantors of power of attorney
  • Beneficial owners
  • Partners, children or legal representatives
  • Persons asserting claims and other parties involved (e.g. notary’s offices)
  • Contact persons of companies and partners (e.g. intermediaries) as well as official bodies and authorities

When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this privacy policy. If we refer you to a new version of these documents, please also hand over this new version in each case.

Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.

2. Bodies responsible and contact details

The following company is responsible under data protection law for the data processing described here:

  • Baloise Bank Ltd
    Amtshausplatz 4
    4502 Solothurn, Switzerland

To raise your data protection concerns and exercise your rights under clause 11, you can contact our data protection unit as follows:

  • Baloise Bank Ltd
    Data protection unit
    Amtshausplatz 4
    4502 Solothurn, Switzerland
    Email address: datenschutz-bank@baloise.ch
3. Categories of personal details processed

3.1       General information

Depending on the products selected and services provided by Baloise, we may process the categories of data described below, although the list provided in this document is not exhaustive.

In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we will modify the data accordingly. The previous data will be stored if necessary in the context of the statutory retention periods and will then be erased.

3.2         Master data

Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, residence permit status, data from identification documents, family details, occupation, education and training, employer), other identification data (e.g. AHV number, customer number, tax identification number), information from databases (e.g. World-Check) or information about your relationship with us (e.g. partner / customer status, customer history). Account information is also collected, including bank account details (e.g. account numbers) or credit card data.

Information on the persons affected by the data processing is also part of the master data (e.g. information on housing situation, information on relationships with third parties affected by the data processing, contact details of additional cardholders, partner’s income, etc.).

We receive master data from you or from third parties, for example Baloise Group companies, custodian banks and credit agencies, as well as public registers (e.g. the Land Register). We also receive data in connection with address changes, as we are involved in an address update network which sends us and the other companies involved in the network updated address data (e.g. the new address after a move).

3.3       Contract and product data

Contract and product data is data that is generated in connection with the conclusion of a contract or the processing or termination of a contract. Contract data includes data from applications, contracts and information from pre-contractual relationships, for example information from consultation sessions, information about the products and services you use, information about card limits and card use, information about additional cardholders or account holders, authorised representatives and agents, credit data, as well as information about your account, securities account or contracts concluded.

Contract data also includes financial data, that is, information on assets and their origins as well as budget details (e.g. own funds, savings, pension assets, liabilities and expenditure), information on earned income, pension income and income from investments, your creditworthiness (e.g. scoring, rating and creditworthiness data in the context of lending) and your payment history (i.e. information regarding payment demands and debt collection), as well as data regarding your securities and other financial instruments, your knowledge and your experience in investment matters, as well as investment products, risk and investment profile, investment objectives, ESG sustainability criteria or information as required in foreign jurisdictions.

Depending on the product, we also collect sensitive personal data, for example information on retirement savings accounts and planned retirement age, insofar as we need this information to process the contract.

We generally collect contract data directly from you and from third parties involved in the processing of the contract (e.g. it may be collected via other Baloise Group companies which then forward the information to us), as well as from publicly accessible registers (e.g. Land Register).

3.4         Transaction data

Transaction data includes payment transaction data, payment order data, data on the payer, data on the payment recipient or on the beneficiary and on the reason for payment; ATM deposit and withdrawal data, credit card numbers, as well as expiry date and card verification data; data on acceptance points (e.g. merchant name or company name); payment and transaction data, including cash withdrawal data (e.g. transaction amount, date and time of transactions, currency, etc.); transaction type data or data on incorrect PIN entries; data on investigations at acceptance points in connection with a complaint or possible card misuse; information on use of the card for online payments, for example about the IP address of the device used or information related to additional authentication; information about your use of electronic communications (e.g. opening an email or clicking on a link).

3.5       Data relating to compliance with legal obligations

This includes data required for compliance with legal obligations incumbent on us and the related clarification and reporting in the context of combating fraud, money laundering and terrorism. We obtain such data from publicly available sources and registers (e.g. sanctions lists) or from public authorities (e.g. information on US citizens / double citizens, economic background, beneficial owners, on the origins and beneficial ownership of assets, on controllers, politically exposed persons or for matching with sanctions lists).

3.6       Communication data

When you contact us via the contact form, our Customer Service or by email, telephone, e-banking messenger or chat, by letter or via other means of communication (e.g. customer portal), we collect the data exchanged between you and us (text messages as well as audio and/or video data), including your contact details and the marginal data of the communication. 

We will specifically point out to you if we record communication (e.g. phone calls, video, chats), for example for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.

If you wish to communicate via Microsoft Teams, separate Terms of Use apply. We enlist the help of the Microsoft Group for the technical provision of Microsoft Teams. This may also involve your data being transferred to countries outside of Switzerland, in particular to France, the Netherlands and the US. Microsoft undertakes to ensure appropriate data protection by means of standard contractual clauses and supplementary contractual, technical and organisational measures. Microsoft can also use the data to optimise or improve its own services (e.g. for the technical optimisation of the conference system) and to fight cybercrime and attacks. Microsoft’s Privacy Policy can be found at privacy.microsoft.com/en/privacystatement.

In addition, when communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents, replies to security questions) in order to prevent us providing information to unauthorised third parties.

3.7       Behavioural and preference data

In order to provide you with the best possible service and advice on our products and services, we would like to find out your preferences and determine your requirements. To do this, we collect and use data about your interactions with us and about the preferences you tell us or that we identify.             

Behavioural data are details of certain actions, such as the use of electronic means of communication (e.g. whether and when you opened an email), your use of our web pages (for more information, see www.baloise.ch/en/about-us/information/privacy-policy.html) or customer portals, the way in which you obtain products and services, your interaction with our social media profiles and your participation in prize draws, competitions and events. Preference data tells us about your requirements and which products or services might be of interest to you. We obtain this information from the analysis of existing data, e.g. behavioural data, so that we can tailor our consultation and our offers more precisely to you.

3.8       Technical data

Technical data includes data collected when you access our web pages, apps and social media channels, i.e. data transmitted to us by your browser or end device (smartphone) and automatically collected by our server. This includes IP addresses, MAC addresses of electronic devices, information about these devices (e.g. brand, type, screen, memory) and their settings (e.g. language, keyboard), cookies, functions used, date, time and duration of access, name of the files accessed and content visited, web browser, domain requested, orders placed or attempted, referring web pages and location information, client ID and version of the app installed.

3.9       Other data

We may also collect data from you in other situations. In connection with official or judicial proceedings, for example, data accumulates (e.g. files or evidence) that may also relate to you.

We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events, by security cameras, etc.). You will either be asked for your consent or informed accordingly in advance (e.g. when opening a digital account). For security purposes, we may also collect data on who enters certain buildings at what point in time, or who has corresponding access rights (e.g. in the case of access controls or based on registration data or visitor lists, etc.), or who participates in events or campaigns (e.g. competitions) or uses our infrastructure and systems and at what point in time.

Details on video surveillance can be found in the separate privacy policy on video surveillance at www.baloise.ch/en/about-us/information/privacy-policy.html.

We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities) and in some cases also from the Baloise Group companies.

3.10     Sensitive personal data

In some cases, we may collect sensitive personal data. Sensitive personal data, as defined by law, includes data on religious, ideological, political or trade union-related views or activities; data on health, private life or ethnicity; genetic data; biometric data for the unambiguous identification of a natural person; data on administrative and criminal proceedings or sanctions; and data on social security measures.

Information concerning your health may be processed for financial and tax planning, administrative and criminal convictions may be processed to clarify matters related to the Anti-Money Laundering Act, information about your religious beliefs may be processed in tax-related matters, or information about social security measures may be processed to enforce contractual obligations.

Details on financial and pension planning can be found in the separate privacy policy at www.baloise.ch/en/about-us/information/privacy-policy.html.

4. Origin of personal details processed

In some cases, we collect data directly from you, for example when you provide it to us (e.g. opening or terminating a business relationship, conclusion of a contract, consultation sessions or use of digital services).

This is data that is disclosed to us by third parties (e.g. the debt collection register, the Swiss Consumer Credit Information Office (IKO), from the Swiss Central Credit Information Bureau (ZEK), from credit bureaus, credit agencies, third-party banks, fraud prevention agencies [e.g. World-Check], pension funds or pension foundations) for the purpose of executing orders or reviewing and processing contracts or with your consent, as well as data from our contractual partners, intermediaries, companies in the Baloise Group, or from domestic and foreign authorities, offices or courts.

This data becomes known to us as a result of your use of products or services or is transmitted via the technical infrastructure, for example when you visit our web pages, access our apps or through processes requiring the division of labour (e.g. in payment transactions, securities trading or cooperation with other financial or IT service providers, marketplaces or exchanges).

We also receive data in connection with address changes, as we are involved in an address update network which sends us and the other companies involved in the network updated address data (e.g. the new address after a move).

5. Purposes of data processing

Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or for which we are legally obliged or entitled to process it. For further details on the basis of our processing, please refer to clause 6.

5.1       Review, conclusion, management and termination of the business relationship

Prior to the conclusion of a contract, we process your data in order to offer you the desired consultation and suitable products as well as to contact you in this regard.

Data is processed to provide banking and financial services. The purposes of data processing depend primarily on the specific product (e.g. account, loan, securities, deposits, payments or brokerage) and may include, but are not limited to, needs analysis, consultation, asset management and support, securities account analysis as well as transaction execution. Further details on the data processing purposes may also be set out in the relevant contract and product information that we will provide to you before a contract is concluded in each case.

In the course of initiating business, personal details – in particular master data, contract data and communication data – of potential customers and other contracting parties are collected or they result from a communication. We also process data in connection with the conclusion of contracts in order to comply with legal requirements.

If the contractual relationship is established, we process your data to implement the contractual relationship, in particular to provide and claim contractual services, to manage the customer relationship, to prepare loan interest and capital certificates, as well as to communicate with you. This also includes consultation and customer support, the enforcement of legal claims arising from contracts (debt collection, court proceedings, etc.) as well as accounting or termination of contracts. In this context, we process primarily master data, contract data and communication data.

In the case of collaboration with other companies, for example within the framework of corporate partnerships or in the context of our business relationship with intermediaries (see clause 9.3), we also process master and contract data in particular for the purpose of initiating and processing contracts.

5.2       Statutory and regulatory obligations

In order to comply with laws, regulatory clarification, disclosure, information, reporting and other obligations (e.g. Banking Act, Financial Services Act, Collective Investment Schemes Act, guidelines of the Swiss Bankers Association, Anti-Money Laundering Act, sanctions law, automatic exchange of information and other banking supervisory decrees and requirements), as well as court or official orders (e.g. issued by public prosecutor’s offices), we must subject your data to more detailed investigations (e.g. with regard to identity, beneficial owners of funds or shareholdings in companies) as well as an automated comparison with external watch lists. In certain cases, we may be required to report to authorities or disclose documents due to statutory requirements or court or official orders. Personal details about you may be processed in the course of internal or external investigations, for example by law enforcement or supervisory authorities or an appointed private body.

These legal obligations may arise from Swiss law, but also from foreign regulations to which we are subject. For these purposes, we process in particular your master data, contract data, claims data and communication data, but also behavioural data under certain circumstances (see clause 3.7).

5.3       Statistical evaluations and data analyses

Data that we require for statistical evaluations and data analyses are anonymised and aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of statistics (e.g. for the development of new, and adjustments to existing, products) or for topic-specific evaluations and data analyses, as well as for sales reporting. We also use data concerning all existing contracts – likewise without the possibility of drawing conclusions about you personally – to analyse the entire customer base and for the fulfilment of our contractual obligations, for example for general consultation regarding a contract adjustment or contract amendment or for the provision of comprehensive information, i.e. we perform anonymised evaluation which makes use in the individual contractual relationship possible.

5.4       Marketing and offers for further products and services

We may use your data to send you advertising for our products and services as well as for our group companies and business partners, for example in the form of newsletters or other regular contacts (by email or messenger, by post, by telephone or as part of other marketing campaigns e.g. competitions or events). In particular, we use your communication data for this purpose.

In order to make our offers more relevant to your requirements and interests, we personalise some of our communications to allow for an individual approach. The individual approach can be made in writing or by telephone. To do this, we link data concerning you that we process – in particular master data, contract data, behavioural data, transaction data and communication data – and determine preference data as a further basis for personalisation. We can also create interest profiles about you and divide you into advertising groups (without including sensitive personal data).

In order to provide you with comprehensive advice on insurance, assets, pension and financial matters (e.g. financing, fund and other financial investments) and to make you offers for further products and services or to advertise them to you, we may process your master and contract data as well as the information disclosed on the occasion of the consultation conducted with your customer adviser.

To manage our relationships with customers and third parties, we may also invite you to our customer events and inform you about our products and services before, during or after the event.

Data can be processed for the purposes of market segment analysis. The main purpose of market segmentation is to identify differences between customers and to use this information to draw conclusions for segment-specific marketing programmes (customer structure analysis). This information is used, in particular to:

  • organise prize draws and competitions in which you can participate;
  • measure your satisfaction with products and services, for example via customer surveys;
  • maintain and develop our brand.

You can inform us at any time if you do not wish your data to be processed for the above purposes or if you wish to revoke your consent in this regard (see contact address in clause 10). Likewise, you can unsubscribe from newsletters and prize draws at any time using the unsubscribe button in the message concerned.

5.5       Market research and product optimisation

We are committed to continuously developing our products and services to meet your needs. Therefore, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. To determine customer satisfaction, we can ask you about your experience with us. We also use your responses to contact you personally, to actively address your concerns and to improve our internal processes. We also collect, store and process your data for the evaluation, improvement and redevelopment of our products and services. In doing so, we analyse which products are used by which groups of people and which adjustments would be necessary in the future. The results of these analyses are – as far as possible – listed in pseudonymised or anonymised form (in accordance with privacy-by-design principles, we use anonymisation wherever possible in principle). For this purpose, we process the previously described master data, behavioural data, preference data and transaction data as well as communication data.

5.6       Other purposes

We may also process your data for other purposes, for instance, as part of our internal processes and administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims – such as by preserving evidence, legal clarifications and participation in judicial or official proceedings), security purposes (e.g. access controls, monitoring of buildings), statistical purposes and the evaluation and improvement of internal processes. As part of the development of the company, we may also sell or acquire businesses, parts of businesses or companies to other companies or enter into partnerships, which may also lead to the exchange and processing of data.

6. Principles of data processing

Where we ask for your consent for certain forms of processing, we will inform you separately, and as part of the consent process, about the relevant purposes of the processing. You can revoke your consent at any time with effect for the future by pressing the unsubscribe button and using the contact details provided in clause 2. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.

Unless we ask you for your consent to processing, we base the processing of your personal details on the fact that this is necessary for the fulfilment of our contractual obligations (e.g. to carry out pre-contractual measures for the provision of financial services), is a statutory or regulatory requirement (see clause 5.2), or is necessary in the context of weighing up interests (e.g. to ensure IT security and IT operations, or as part of business and risk management measures). Our legitimate interests also include the marketing of our products and services.

7. Data processing on behalf of the Portable Benefits Foundation and Invest Savings 3 Pension Foundation

If you have signed a pension agreement with the above-mentioned foundations, Baloise Bank Ltd will process your data on behalf of the two foundations.

Data processing, inspection of files, duty of confidentiality and disclosure of data are governed by Art. 85a et seqq. of the Federal Law on Occupational Retirement, Survivors’ and Disability Pension Plans (BVG). The provisions set out in the Data Protection Act (FADP) also apply. The disclosure of your data to third parties and the transmission of your data to third parties are governed by the data protection provisions set out in the BVG.

Details on this can be found in the separate privacy policy of the Portable Benefits Foundation and the Invest Savings 3 Pension Foundation at www.baloise.ch/en/about-us/information/privacy-policy.html.

8. Profiling, automated individual decisions and use of artificial intelligence

For the purposes mentioned in clause 5, we may also process, analyse and evaluate your data (including data concerning third parties that are also affected) automatically in order to assess certain personal characteristics or behaviour (so-called “profiling”). This automated data processing serves to combat money laundering and terrorist financing, to perform credit checks, to identify different interests and personal requirements for individual consultation and to provide offers and information, as well as being used for marketing purposes and other product and service offerings, and services that we or our group companies may provide to you.

In the event that we base our decisions when concluding or processing a contract exclusively on automated data processing (so-called “automated individual decisions”) or if the decision is based to a significant degree on artificial intelligence, we will inform you of this in an appropriate manner, give you an opportunity to express your view and separately inform you that you can have the relevant decision reviewed by us if necessary, unless the automated individual decision is directly related to the conclusion or processing of a contract between Baloise and you, your request is granted, or you have explicitly consented to the automated decision.

9. Auto and video identification

Opening a business relationship using auto or video identification from the comfort of your own home is an alternative to visiting one of our branches. You can identify yourself online and sign the account opening documents electronically. 

Video identification and electronic signature services are provided by our partners: 

  • Intrum AG, Eschenstrasse 12, 8603 Schwerzenbach, Switzerland (hereinafter referred to as “Intrum”), 
  • Swisscom Trust Services AG, Konradstrasse 12, 8005 Zurich, Switzerland (hereinafter referred to as “Swisscom”).

For regulatory and legal reasons, we are obliged to verify your identity when opening a business relationship and store certain personal details for this purpose. 
The basis for this is provided by the Federal Act on the Electronic Signature (ZertES) Electronic signature

The camera on your end device will be used to take photos of your identification document and your face, and sound will be recorded via the microphone. These will be used for evidence and verification purposes by employees of Baloise Bank or Intrum. Your mobile phone number will be verified by means of an SMS sent to your mobile phone with a validation code. Your contract documents will then be transmitted by Intrum to Swisscom and digitally signed online with a legally valid electronic signature (in accordance with the Federal Law on Electronic Signatures, ZertES). 

As soon as identification is complete, Intrum will transmit all data to us and delete it from its servers within 90 days at most. 
In the case of qualified electronic signatures, Swisscom is legally obliged (if necessary with the help of a registration authority) to retain various data on the identification process, the digital certificate and the signature process for 11 years from the last signature process.
 

10. Instant payment

Processing and transmission of your data: In the context of providing the possibility of instant payment, we process your transaction data in real time. This includes the following data:

  • information about your account (e.g. account number, account holder),
  • transaction data (e.g. amount, recipient account, payment purpose, currency),
  • date and time of the transaction.

This data is processed in order to forward your payments directly and securely to the recipient bank and to enable immediate crediting. The data is transmitted to partner banks or payment service providers that participate in the instant payment network. 

Purposes of data processing: Your data for instant payment is processed in order to fulfil the payment service contract concluded with you in accordance with the provisions of the Data Protection Act (FADP). The transfer to external payment service providers is necessary to ensure the fast processing of the payment and is an essential part of the instant payment service. 

Data transmission and security: Transaction data is transmitted via secure networks and is subject to the highest security standards to ensure the confidentiality and integrity of your data. In doing so, we ensure compliance with the legal requirements of the Swiss Data Protection Act and the Data Protection Ordinance (DPO). 

Storage period: your transaction data will be stored in accordance with the statutory retention obligations and then deleted, unless there are other legal requirements for longer storage.

Your rights regarding automated individual decisions: When you use instant payment, automated decisions may be made to check whether a payment is authorised or declined. These decisions are based on automated checks that take into account factors such as account coverage, fraud prevention and regulatory requirements. 

In accordance with Art. 21 FADP, you have the right not to be subject exclusively to an automated decision that has legal effects on you or significantly affects you. If you do not agree with a decision, you have the right to have it reviewed by one of our employees. If a payment is declined and you wish to have it reviewed by one of our employees, please contact us via the general contact channels. We will then subject the automated decision to a human review and inform you of the result.
 

11. Recipients of personal details

Certain products and services are provided in processes requiring the division of labour. In certain scenarios, operating segments and services are outsourced to Baloise Group companies or third parties (e.g. service providers, business partners). Risk management requires clarifications with third parties and the transmission of corresponding data. Your data may also be disclosed in the context of statutory requirements. The data recipients are bound by statutory and contractual requirements when processing your personal details. In connection with the purposes set out in clause 5 above, we may also disclose your personal details to third parties, in particular to the recipients categorised below:

11.1       Baloise Group companies (group companies)

For the conclusion or processing of the contract, sharing of data may also be necessary with other companies belonging to the Baloise Group. If your contract was concluded by employees of other group companies, the data will be disclosed in particular for the purpose of allocating commission.

In order to provide you with comprehensive advice on insurance, assets, occupational pensions and financial matters (e.g. financing, fund and other financial investments) and to provide you with offers for our own products and services, as well as products and services of other Baloise Group companies or to advertise them to you, we may also pass on your master and contract data as well as the information provided during the consultation conducted with your customer adviser within the Baloise Group (e.g. Baloise Insurance Ltd, Baloise Life Ltd, Pension Foundation of Baloise Insurance Ltd or Baloise Asset Management Ltd) for the purposes of contacting you and providing you with individual offers for such products and services.

We may make data available to the Baloise Group in anonymised and aggregated form for the purpose of preparing Group-wide statistical evaluations and data analyses (see clause 5.3).

For the purposes of comparing customer bases, customer master data may be compared for statistical purposes within the Baloise Group. The comparison analyses how many joint customers there are, how this proportion develops over time, and how the joint customers are distributed geographically.

To conduct joint campaigns and for market segment analyses, customer structure analyses, market research and for product optimisation purposes (see clauses 5.4 and 5.5), we may disclose data to Baloise Insurance Ltd in order to improve our product and service offering in the process, manage the use of and desired access to the applications, products and information, maintain the business relationship with customers and monitor the performance of the offerings.

In order to achieve the Group-wide purposes mentioned in this clause, your data may also be processed in the future by Baloise Insurance Ltd in an automated manner or using artificial intelligence with the aim of evaluating certain personal aspects (see clause 8).

All group companies have been obligated by us to treat your data confidentially.

You can inform us at any time if you do not wish your data to be shared for the above purposes or if you wish to revoke your consent in this regard (see contact address in clause 13).

You can request a list of the Baloise Group companies via the postal address or email address stated under clause 13 below.

11.2       Official bodies and authorities

We may also share your data with official bodies, courts and other government authorities and supervisory authorities (e.g. child and adult protection authorities) in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes, in particular, compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- or extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate.

Within the context of our legal and regulatory obligations and based on your consent, your data will be disclosed to the Swiss Consumer Credit Information Office (IKO) or to the Swiss Central Credit Information Bureau (ZEK). Both can transmit the data to their members.

Data is also disclosed if we obtain information from public bodies, for example when checking an address.

11.3       Service providers in Switzerland and abroad

Some of our services and business functions (e.g. in connection with the purchase of IT services) are provided on our behalf by legally independent companies in Switzerland and, in rare cases, abroad (see clause 10). They may process data about you if this is necessary for the performance of the contract. These service providers and vicarious agents work on our behalf in particular in the areas of information technology systems and software, customer service, marketing, advertising, newsletter, distribution, printing and real estate services, securities management, payment transactions, telecommunications, fraud prevention, information security, logistics, consultation, debt collection and credit risk management. They are involved in accordance with the provisions of banking and data protection law. Service providers are, for example, obliged to protect banking secrecy and to comply with our defined data processing purposes and the applicable data protection legislation. Baloise verifies that data security is guaranteed by the service providers throughout the entire processing period by performing regular checks and audits. To the extent provided for by contract or law, such service providers may, in turn, engage third parties under the same terms and conditions with the prior approval of, and subject to a prior review by, Baloise.

11.4       Other third parties

When checking your creditworthiness via credit agencies and when commissioning debt collection companies (e.g. to collect outstanding payments), we may share your data (concerning changes in payment behaviour occurring before and during the term of the contract) with the relevant companies. These companies store your personal details and may disclose it to other contracting parties as part of their activities, provided such contracting parties have presented a credible legitimate interest in individual cases for having the data transferred to them.

Your data may also be shared for the aforementioned purposes with other recipients (e.g. parties to judicial proceedings, purchasers of assets or divisions of Baloise, auditing firms, Land Registry Offices and other public registers, notaries, pension funds, independent property appraisers and banks). Other persons to whom your data may be disclosed include, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.

12. Transmission of personal details abroad

As part of the processing of your personal details, your data may also be transmitted abroad (e.g. in cases involving payment or securities orders), insofar as this is necessary to fulfil the business relationship, is provided for by law or you have given us your consent.

In the event that personal details are transferred abroad, we take contractual precautions, following a risk assessment, to contractually compensate for the weaker statutory protection in countries outside of Switzerland, as well as further measures (e.g. pseudonymisation) to reduce the risk of government access abroad authorised under the foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest, if the fulfilment of the business relationship requires such disclosure (e.g. in cases involving payment or securities orders), if it is required by law (e.g. in cases involving reporting obligations under tax law), if you have given your consent (e.g. by using the digital account opening service) or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

13. Your rights

You have the following rights in accordance with the applicable data protection law and if the conditions are met:

  • You can request information about whether we process your personal details and, if so, what these details are.
  • You can request us to correct incorrect data or complete incomplete data or correct or complete such data yourself to a limited extent via the customer portal at any time.
  • You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations.
  • You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out automatically, you have consented to the processing, or your data is processed for the conclusion or settlement of the contract.
  • In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.
  • Where the data protection law requirements are met, you have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing.
  • You have the right to express your point of view in the case of automated individual decisions (see clause 8) and to request that the decision be reviewed by a natural person.
  • You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss Federal Data Protection and Information Commissioner at edoeb.admin.ch.

Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). In order to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

If you wish to exercise your rights, you can contact us in writing or by email at the address below.

Baloise Bank Ltd
Data protection unit
Amtshausplatz 4
4502 Solothurn, Switzerland
Email address: datenschutz-bank@baloise.ch

 

14. Storage period

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal details for longer, for example if claims are asserted against us (during the statutory limitation period), if we are otherwise contractually, legally or officially obliged to do so, or if legitimate business interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.

15. Data security

15.1     Confidentiality

We treat your data as confidential and comply with the applicable privacy policy. We also follow recognised security standards, for example ISO 27001, and continuously adapt our security measures to maintain the confidentiality, integrity and availability of your personal details.

15.2     Internet risks

In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our web pages during transit by means of appropriate encryption mechanisms. In addition, we take appropriate technical and organisational security measures to reduce the risks on our web pages. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.

15.3     Email encryption

We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer). If you use our customer contact form, your data will be sent to us in encrypted form. We would like to point out that if you use email communication, we cannot guarantee the security of the data transfer.

15.4     Blocking of access

In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our web pages and customer portals. We do not accept any liability for any loss or consequential damage arising from the suspension or blocking of access.

16. Amendments to this privacy policy

This privacy policy is not part of the contract and can be amended by us at any time. In each case, the version published here applies.