Data protection has a particularly high priority for VIAC. By means of this data protection declaration, VIAC informs about the type, scope and purpose of the personal data collected, used and processed by VIAC and informs about the rights of the person concerned. The extent to which VIAC processes personal data depends primarily on the products purchased by the data subject and the agreed service.
1. Where does VIAC obtain personal data?
In connection with business relationships with customers or potential customers (“Customers”) and natural persons or legal entities associated with the Customer, VIAC processes the data that VIAC receives from the data subject (e.g. customers, employees, applicants). VIAC also obtains data from service providers (e.g. credit information, World-Check), public registers (e.g. Commercial Register, Swiss Official Gazette of Commerce) or authorities (e.g. criminal records). In particular, the following shall be deemed to be related natural persons or legal entities: any authorized representative, authorized signatory, beneficial owner, control holder, payee of a specific payment transaction or any other natural person or legal entity that has a relationship with the Customer that is relevant to the business relationship between the Customer and VIAC.
2. What personal data does VIAC collect and process?
The categories of Personal Data that VIAC processes include Personal Information (e.g. name information, birth information, marital status, address, interests, family information, contact information (telephone or email address), financial information / transactional data (e.g. products completed, debt collection, trade information, income, obligations, assets, credit rating, knowledge and experience), tax information (e.g. tax residency, US status), professional information (e.g. type of employment, professional status, education, activities, occupation, prospects / career goals / further training), data when using the homepage (e.g. IP address, cookies) and other information (powers of attorney, CRM relationships, regulatory relationships, log files).
It is possible that data other than the aforementioned will be processed when a certain offered service or product is concluded. This may include, for example: Order data, payment orders, sales, direct debit data, documentation data, knowledge and experience with the investment of securities, investment behavior, investment strategy, balance sheets and other business data, payrolls, tax documents, guarantees assumed.
3. Purposes of processing
VIAC collects, stores and processes only those Personal Data that are necessary to achieve a specific purpose. Personal Data is processed in particular for the following purposes:
- In connection with the customer business, i.e. in order to be able to provide the products and services offered by VIAC, e.g. in the customer intake process, for the administration of the business relationship, for the expansion of the business relationship.
- In connection with Risk, Legal & Compliance, i.e. in order to be able to comply with legal and regulatory obligations, e.g. based on the Banking Code of Conduct Agreement (CDB), the Anti-Money Laundering Act (AMLA), tax laws, to prevent and detect criminal offenses, to respond to actual and potential proceedings, requests or investigations by law enforcement authorities, disclosure of data to tax authorities, financial supervisory authorities and other governmental or regulatory bodies.
- In connection with marketing; i.e., to improve products and services offered or to launch new products and services, e.g., by means of direct marketing, newsletter distribution, subscription management, market research, website operation, social media presence;
- In connection with human resources; i.e. in order to be able to ensure the administrative and informational task of personnel management, e.g. through personnel and salary administration, etc.
- In connection with finance, logistics and operations, i.e. in order to be able to ensure the ordinary business operations, e.g. in finance and accounting, video surveillance and access control, fleet management, IT monitoring and for e-mail services.
4. Compliance with data protection principles
VIAC processes Personal Data in particular in compliance with the Federal Data Protection Act (FADP) and the Ordinance to the Federal Data Protection Act (FADP). When processing Personal Data, VIAC shall ensure that the Personal Data is processed lawfully and in accordance with the principles of good faith and proportionality. The data will only be processed in the way that was specified when the data was obtained, that is recognizable to the person concerned or that is provided for by a law. VIAC does not process personal data covertly or secretly, unless a law so provides. Personal data will be obtained by VIAC only for a specific purpose that is apparent to the data subject. VIAC shall take appropriate measures to ensure that the personal data processed is correct. If Personal Data is found to be inaccurate or incomplete, VIAC will correct, delete or destroy the Personal Data, unless prohibited by law or regulatory provisions.
Where necessary, VIAC will process Personal Data on the basis of the following grounds:
4.1 Overriding public or private interest
VIAC processes Personal Data for the purpose of initiating or entering into a contract, for the performance of obligations under a contract (e.g. advice, account management, asset management or the execution of transactions), for the analysis of customer behavior (including profiling), for measures to improve products and services or for direct marketing.
VIAC further has legitimate private interests to process Personal Data:
- in order to secure or enforce VIAC’s claims against the Customer and in the realization of collateral provided by the Customer or third parties (if the third party collateral has been provided for claims against the Customer),
- in the collection of VIAC’s claims against the Customer,
- in credit checks and inquiries by VIAC with credit information agencies and authorities,
- in the event of legal disputes of VIAC with the Customer,
- in the case of inquiries for entitled persons in the event of no contact or no communication.
4.2 Legal basis
VIAC is obliged to process personal data on the basis of various legal foundations. These include, in particular, obligations under supervisory law (e.g. FINMAG, BankG, FIDLEG, FINMA-RS); legal obligations to prevent money laundering or to combat fraud (e.g. CDB, GWG) as well as tax laws (e.g. FATCA Law, AIA Law) and archiving obligations.
If consent is required for the purpose of processing personal data, VIAC will obtain such consent from the data subject. The consent given may be revoked at any time. Such revocation shall only take effect from the time it is received by VIAC and shall not affect the lawfulness of the processing of Personal Data up to the time of revocation. There may be reasons (e.g. based on a law) that make it necessary to process the personal data despite the revocation.
5. Storage period of personal data
VIAC processes and retains Personal Data for as long as is necessary to fulfill the purpose for which the Personal Data was collected or to fulfill contractual, legal or regulatory obligations. As a rule, this is 10 years after termination of the business relationship.
If personal data cannot be deleted, technical and organizational measures are taken to ensure that
- technical and organizational procedures are implemented to ensure the integrity of the data, in particular to guarantee the authenticity and integrity of the data or documents (e.g. digital signature or time stamp). In addition, it is ensured that the data cannot be subsequently altered without it being possible to detect this;
- the contents of the data can be traced at any time;
- accesses and logins are logged and documented by means of “log files”.
6. Data protection rights
There is the right to information, to correction, to data output, to data transfer, to deletion as well as to contradiction of the collected personal data, provided that no contractual or legal obligation is opposed. Furthermore, the data subject may request that a certain data processing be prohibited or that a certain disclosure of personal data to third parties be prohibited.
7. Recipients of personal data
Personal data will only be processed by those persons within VIAC who need it to fulfill contractual or legal obligations. If necessary, service providers (e.g. outsourcing partners) and third parties will also have access to the data. In this context, banking secrecy and other legal provisions are observed.
Service providers and third parties as recipients of personal data may be, for example:
- other Group companies / Group companies
- order processors and other service providers (e.g. suppliers)
- public authorities (e.g. government agencies), insofar as this is required by law or by the authorities
- other internal departments, e.g. Finance, Human Resources, Compliance
8. Data transfer abroad
If data are disclosed abroad, VIAC must notify the state or international body and, if applicable, the guarantees pursuant to Article 16 paragraph 2 FADP or the application of an exception pursuant to Article 17 FADP.
In principle, data will not be transferred abroad. If personal data is transferred abroad, this will take place in compliance with the legally prescribed provisions and where this is necessary for the fulfillment of the contract (e.g. tax reporting obligations). If service providers are used abroad, we oblige them to comply with bank client confidentiality and the Data Protection Act.
9. What is profiling and what is an automated individual decision?
VIAC automatically processes personal data in certain cases to evaluate personal aspects (profiling). This may occur, for example, in the following cases:
- As part of the legal obligation to combat money laundering and terrorist financing, by means of monitoring and evaluation of payment transactions.
- In order to inform the customer of services and products tailored to him/her by means of advertising, we may use instruments for evaluation as part of direct marketing measures.
- For the purpose of determining the creditworthiness of the customer by means of probability calculations.
VIAC reserves the right to process personal data in an automated manner in the future in order to create customer profiles, to predict developments and to identify characteristic and personal features in connection with the person concerned (profiling). VIAC may use the customer profiles created, for example, to make offers and information available to the customer. If the data subject is a customer of VIAC, he/she hereby consents to data processing in this context.
10. Protection of personal data
The protection of personal data has top priority at VIAC. The personal data may also be subject to the obligation of confidentiality pursuant to Art. 86 BVG and/or to bank client confidentiality. Personal data is treated as strictly confidential and protected from access by unauthorized third parties. Persons who are not subject to a confidentiality obligation do not have access to the personal data collected. VIAC also ensures that the recipients of the personal data comply with the applicable data protection provisions.
11. Contact details of the person responsible
The person responsible for the processing of personal data is:
Inner Margarethenstrasse 2, 4051 Basel, Switzerland
0800 80 40 40
Data related to the Internet presence
1. General information
The following information explains how VIAC processes data on the occasion of its Internet presence.
VIAC’s website can be used without registration and thus without transmission of personal data. Personal data will be processed by VIAC only to the extent necessary to provide the services and products offered.
An automatic collection of personal data – with the exception of the IP address – for the purchase of the offered services does not take place. If personal data is collected, it must be provided by the person concerned. This is the case, for example, when using the contact form.
In order to make the visit to the website attractive and to enable the use of certain functions, so-called cookies are used on the website. These are small text files that are stored on the user’s terminal device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the end device and enable the browser to recognize the user on the next visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie.
If cookies stored on the device are to be restricted or blocked, this can be done via the browser settings. Information on this can be found in the help function of the browser. If cookies are disabled, at most not all functions of the Bank’s website will be available.
3. Use of Google Analytics
VIAC’s website uses Google Analytics, a web analytics service provided by Google, Inc (Google). Google Analytics uses so-called cookies, text files that are stored on the user’s computer and enable an analysis of the use of the website. The information generated by the cookie about the use of the website (including the IP address) will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on the website, however, Google will truncate the IP address beforehand within the member states of the European Union (EU) or in other contracting states to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
By using VIAC’s website, the user agrees to the processing of the collected data by Google in the manner and for the purpose described above.
4. Use and application of YouTube
VIAC has integrated components of YouTube on its website. YouTube is an Internet video portal that allows users, free of charge, to upload and publish video clips on the portal, as well as to view, rate and comment on them. YouTube allows the publication of all types of videos, which is why complete music videos as well as trailers, movies and TV shows or videos made by users themselves can be accessed via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
By each call of one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser is automatically caused by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive knowledge of which specific sub-page of the website is visited.
If a user is logged into YouTube at the same time, YouTube recognizes which specific sub-page of VIAC’s website the user is visiting when a sub-page containing a YouTube video is called up. YouTube and Google collect this information and assign it to the YouTube account of the user. If such transmission of this information to YouTube and Google is not desired, this transmission can be prevented by the User logging out of his YouTube account before calling up VIAC’s website.
5. Deployment and use of Facebook Pixel
VIAC has integrated a Facebook Pixel on its website. The Facebook Pixel enables merchants who place ads on Facebook to analyze and evaluate user behavior after clicking on a Facebook ad and after subsequent redirection to the target page.
Through continuous analysis, it is possible on the one hand to obtain precise statistics on the success of an ad and on the other hand to categorize groups of interested parties according to the usage actions performed on the target page. Through a constant exchange of data between the target page and Facebook, the advertiser is ultimately enabled to target the groups of interested parties on Facebook with tailored advertising.
Further information can be found in the data guidelines published by Facebook, which are available at www.facebook.com/policy.php/.
6. Deployment and use of Sentry
VIAC has integrated an SDK from Sentry in its application. Sentry is an error monitoring software for the VIAC application. It can be used to detect, track and evaluate errors (bugs) and crashes in the VIAC source code. Using Sentry, event data is captured from the VIAC application and sent to Sentry so that Sentry can provide error and performance reports. Information about the hardware (browser and its version, device (e.g. iPhone) and its software version, and personal identifiers (IP and user IDs) are logged. In addition to error tracking, performance tracking is used to analyze the load times of specific subpages of the VIAC application and to identify potential improvements to the user experience.
Sentry does not cause the application to contain advertising. For more information, please refer to Sentry’s published policies, available at https://sentry.io/privacy/.
7. Use and application of Datatrans
Information on data protection at Datatrans can be found in the data protection provisions published by Datatrans, which can be accessed at https://www.datatrans.ch/de/datenschutzbestimmungen/.
8. Deployment and use of intercom
For the purpose of customer administration and above all to ensure the fastest possible support for the best possible user experience, we use the service Intercom of the company Intercom Inc. (55 2nd Street, 4th Floor, San Francisco, CA 94105, USA) to send messages via live chat.
Intercom uses the user’s data only for the technical processing of the requests and does not pass them on to third parties. Pseudonymous use is possible for the use of Intercom. In the course of processing service requests, it may be necessary to collect further data provided by you. The use of Intercom is optional and serves to improve and accelerate our customer and user service.
If users do not consent to data collection via and data storage in Intercom’s external system, we provide them with alternative means of contact for submitting service requests by email, phone or mail.
9. Reservation of right to change