EFG entities are committed to protecting your Personal Data by complying with confidentiality and data protection laws and regulations (including the Regulation (EU) 2016/679 (GDPR), when it is applicable).
In this Privacy Notice ‘we’ refers (as applicable) to each and all entities of EFG Group, as defined below. A list of the EFG Group entities and their contact details can be found here: https://www.efgbank.com/Contacts.html.
The EU Representative of the non-EEA EFG Group entities is EFG Bank (Luxembourg) S.A. (https://lu.efgbank.com/).
This Privacy Notice applies to our clients and prospective clients (“you”). This Privacy Notice covers Personal Data that is held electronically and also applies to paper-based filing systems.
(a) Explanation of terms used in this Privacy Notice
Personal Data means information about an individual (or a legal personal where the applicable data protection law covers such entities) from which that person can be identified. It does not include data from which personal information has been removed (anonymous data).
Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
EFG Group means the group of companies composed of EFG International AG and its worldwide affiliates.
2. Types of Personal Data collected
In the course of examining a prospective banking relationship with you and/ or providing services to you, we may process Personal Data and Special Category Personal Data. This typically includes the following information relating to you:
(a) Information received from you, including:
- Personal contact details such as name, title, addresses, telephone numbers and personal email addresses;
- Date of birth and place of birth;
- Marital status, dependents (name and age) and relations;
- Copies of identification documents, such as national identity cards or passports;
- National insurance number, social security number or other national/ tax identifier;
- Information relating to criminal convictions or offences;
- Nationality, tax residence and country of residence;
- Employment details, income and source of wealth;
- Details of investments, assets owned and liabilities;
- Knowledge of and experience in investment matters; and
- Where applicable, personal details of any agent or attorney
(b) Information received from third parties, including:
- The above categories;
- Credit references;
- Publicly available information on business, personal associates and assets owned; and
- Other information from third-party sources, such as wealth screening services, fraud prevention agencies, intermediaries.
(c) Information specific to our services, including:
- Account numbers;
- Investment holdings;
- Transaction data;
- Records of phone calls or video captures;
- Information automatically recorded when you access our websites, including date and time of the access and IP address;
- Reports and statements; and
(d) Special Category Personal Data
In some cases (where and subject to the requirements formulated in applicable law), special categories of personal data, such as your political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs.
In relation to the evaluation of your application and/ or the services we provide to you, you may provide us with information about other persons (your additional card holders or account holders, business partners – including other shareholders or beneficial owners, dependents or family members, representatives, agents etc). Before providing us with such information, you should provide a copy of this notice to those persons and acquire, to the extent necessary, their prior consent for the relevant transfer of their data to us and the processing of their data by us.
3. Sources of Personal Data
We collect your Personal Data:
- Directly from you, e.g. in application forms and through information provided during the onboarding process, including background and reference checks;
- When it is provided to us by a third party, e.g. public registers, credit reference agencies, fraud prevention agencies, providers of enhanced due diligence reports and financial intermediaries, other EFG Group entities; and
- When information is created as a result of generally providing services to you.
4. How we use Personal Data
(a) Legal basis for using your Personal Data
We will only use your Personal Data when the law allows us to. Most commonly and depending on the situation in which we will use your Personal Data (see paragraph (b) below), we will use your Personal Data in the following circumstances:
- Where we need to perform the contract we have entered into with you or in order to take steps at your request prior to entering into any such contract;
- Where we need to comply with a legal obligation; and
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g. assuring high level standards across EFG Group, ensuring compliance with our policies and procedures);
- Where it is needed in the public interest;
- Where necessary for the establishment, exercise and defense of legal claims;
- Where we need to protect your interests (or someone else’s interests); and
- In limited circumstances, where you have given your consent.
(b) Situations in which we may use your Personal Data
The situations in which we may process your Personal Data are listed below.
- To confirm and verify your identity and credit status in relation to your application or account and, where applicable, to conduct an appropriateness assessment;
- To open, administer and operate your account and manage our relationship with you and to provide products or services to you (including carrying out or facilitating any transactions) as well as to improve the quality of our services;
- To monitor and analyze the contract for your accounts and relationship with us, to ensure compliance with our internal policies and/ or procedures and to be able to monitor risks and report them;
- To carry out business, operational and administrative activities, including record keeping and audits;
- To assess any credit limit or other credit decision (as well as the interest rate, fees and other changers to be applied to your account);
- To carry out statistical and other analysis, including profiling based on the EFG products or services that you use or in which you might be interested, how you like to be contacted, etc;
- To conduct a survey;
- To comply with any applicable laws and regulations and/or any voluntary code or industry best practice we reasonably decide to adopt;
- To comply with the request or requirement of any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority;
- To carry out the detection, investigation and prevention of fraud, tax evasion, money laundering, bribery, corruption, terrorist financing and other crime or malpractice and oversee and report on such detection, investigation and prevention activities;
- For use in connection with any legal proceedings or regulatory action (including prospective legal proceedings/ regulatory action) and for obtaining legal advice or for establishing, exercising or defending legal rights; and
- To give you information and marketing materials (by post, telephone, email or other medium using the provided contact details) about events, products and services offered by us which may be of interest to you.
(c) If you fail to provide Personal Data
If you fail to provide certain information when requested, we may not be able to enter into a contract with you/ perform the contract we have entered into with you. Please note that we may still process any available Personal Data.
5. Recipients of your Personal Data
We (and those parties to whom Personal Data is disclosed) may disclose Personal Data in the situations described below:
- To any other companies which are at the time of disclosure in the EFG Group; in particular, several EFG Group entities may act as controllers of your data, i.e. determine the purposes and means of the processing of your data and may share them amongst each other. The resulting transfers may be based on one or more of the legal bases listed in section 4 (a) above, including the performance of the contract executed with you or taking steps at your request prior to entering into any such contract and/ or our legitimate interests and/ or the public interest. Processing may occur in one or more of the situations listed in section 4 (b) above, including the confirmation of your status in relation to your application or account and/ or the improvement of the quality of our services and/ or the monitoring of the compliance with internal policies and procedures, as well as the applicable legislation.
- To third parties/ processors of your Personal Data(including other EFG Group entities) who provide services to us or that act as our agents (or prospective third party service providers or prospective agents);
- To third parties in connection with a reorganization (including investment), amalgamation, merger or transfer or sale of all or part of our business, including to any insurers and professional advisors, and any third parties to whom we assign, transfer or charge our interest in any financial product or service provided to you;
- To any court of any relevant jurisdiction or any relevant tribunal, mediator, arbitrator, ombudsman, taxation authority or regulatory or governmental authority;
- To public authorities, regulators or governmental bodies, when required by law or regulation.
- To other financial institutions or organizations, payment recipients, clearing houses, clearing and settlement systems, stock exchanges, credit card associations etc, as the case might be;
- To any guarantor, where your account is backed by a guarantee;
- To our auditors and professional advisors (and those agents, auditors, service providers and professional advisors of other companies in the EFG Group);
- To insurers and information providers; or
- Otherwise if you consent to such disclosure.
6. Overseas transfers
The recipients referred to in section 5 above may be located outside of Switzerland and the European Economic Area. In those cases, In those cases, except where the relevant country has been determined by the European Commission to provide an adequate level of protection (currently Andorra, Argentina, Canada, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Uruguay, Japan and U.S.A., under the Privacy Shield framework), we require such recipients to comply with appropriate measures designed to protect personal data. A copy of these measures can be obtained by contacting your Client Relationship Officer and/ or the Data Protection Officer/ the Privacy Officer of the EFG entity that supports you.
A list of the countries in which EFG Group operates (inside and outside the European Economic Area) can be found here: https://www.efgbank.com/.
7. Retention of Personal Data
We will retain Personal Data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements. To determine the appropriate retention period for Personal Data, we consider the applicable legal requirements, as well as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.
Further information on the retention periods of Personal Data can be requested from your Client Relationship Officer and/ or the Data Protection Officer/ the Privacy Officer of the EFG entity that supports you.
8. Your rights and duties
(a) You duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
(b) Your rights in connection with Personal Data
Under certain circumstances, and subject to applicable law, you have the right to:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes by writing to your Client Relationship Officer or using any opt-out facility specified by us in the relevant marketing communication.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Where your data is processed by automated means and:
- where we process your personal data on the basis of your consent, or
- where such processing is necessary for entering into or performing our obligations under a contract with you, request the transfer of your Personal Data to you or to another party (also known as “data portability”).
- Where we process your personal data on the basis of your consent, withdraw that consent at any time. Please also note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- In certain circumstances (see article 22 GDPR where applicable), request not to be subject to automated decision-making, including profiling.
Certain of these rights are not absolute under the applicable legislation (as sometimes there may be overriding interests that require the processing to continue, for example); nonetheless we will consider your request and respond to you. Moreover, the exercise of some of these rights may result in non-examining/ rejecting your application or no longer being able to provide a product or service to you.
If you want to exercise your rights, as per above, please contact your Client Relationship Officer and/ or contact the Data Protection Officer/ the Privacy Officer of the EFG entity that supports you.
Finally, you have the right to lodge a complaint with the supervisory authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your data has arisen.
(c) No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee depending on the nature of the request and applicable regulation.
(d) What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
(e) Queries relating to the processing of your Personal Data
If you have a query regarding the processing of your Personal Data please contact your Client Relationship Officer and/ or the Data Protection Officer/ the Privacy Officer of the EFG entity that supports you.
9. Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will notify you either in writing or by updating this Privacy Notice on our website at: www.efgbank.com/dataprivacy. We may also notify you in other ways from time to time about the processing of your Personal Data.