Privacy
Privacy Policy
Updated: [Insert last edit date]
1. Controller and Contact Details
Controller is Arab Bank (Switzerland) Ltd., Place de Longemalle 10-12, 1204 Genève, Switzerland. You can contact us through our website for data privacy questions.
2. Obligation to Provide Data and Your Sharing of Third-Party Data
You are in general under no obligation to provide us with any Data. However, if you do not provide the required information regarding certain use cases set out in Section 3, we may not be able to process your corresponding request, get in contact with you, send you our Newsletter or provide the Services to you.
If you share with us Data regarding any other individual (e.g. regarding your employer/employees, relatives, family members, colleagues, ultimate beneficial owners, etc.), we assume that this Data is correct. By sharing such Data with us, you confirm that you are authorized to do so and that you have informed the affected individuals about this Privacy Notice and our processing of their Data.
3. Processed Data and Purpose
3.1 Website Use
The Data processing related to your use of our website is limited to Data that is required to operate, provide and secure the website and the services provided thereon (“Website Use Data”) and for web analysis purposes (“Website Analysis Data”).
Categories of Data: When accessing our website (and, through our website, the Services), Data about your device might be collected automatically. This Data is collected via Google Analytics and includes information on website related events, such as clicks, session duration and pages visited. We also collect other information such as city, latitude, longitude, minor browser version, user-agent browser string, device brand, model and name, minor operating system version, minor platform version and screen resolution. Further information on the use of Data by Google and configuration options can be found here:
https://www.google.com/intl/en/policies/privacy/partners.
Purpose: The processing regarding website use is carried out to operate and secure our website and our Services, in particular for security reasons to ensure the stability and integrity of our systems. In addition, we may perform basic web analysis to optimise the website regarding usability and to gain insights about the use of our website and Services. The collected data will not be merged with other personal data or disclosed to third parties.
3.2 Cookies
Website Use Data and Website Analysis Data may also be collected via the use of cookies. Cookies are small files that are managed by your browser and are directly stored on your device whenever you visit our website. You can disable the use of cookies in the preferences of your browser, but this might result in not all functions of our website or Services being available to you or functioning properly anymore.
Categories of Data: Website Use Data and Website Analysis Data.
Purpose: We may use cookies on our website to ensure a user-friendly experience (e.g. session cookies).
3.3 Communication
We may be in contact with you by use of different channels, e.g. if you fill in contact or similar forms on our website, send us e-mails or by using other electronic (or hardcopy) communication means, whereby Data may be exchanged (“Communication Data”).
Categories of Data: If you fill in our contact forms, send us an e-mail or another form of electronic message (or a hardcopy message, e.g. a letter), we may collect such information as your name, e-mail address (or other form of communication identifier, e.g. messenger nickname), phone number, subject matter, message content, related metadata and any other information you choose to disclose in your communication to us.
Purpose: We use Communication Data to process your inquiry and any possible further questions you might have in relation to the performance of our Services and any other related questions and matters based on the content of your communication with us. We may keep this data to document our communication with you, for training purposes, for quality assurance, for follow-up inquiries and for regulatory purposes.
3.4 Services
When using our Services, you may be required to register, e.g. by opening an account or creating a login, and we may collect further Service related Data, including Contract Data (as defined in Section 3.5), in relation to the Services (altogether “Service Data”, including Registration Data and Usage Data as defined hereinafter).
Categories of Data: When registering for our Services, you may be required to open an account or create a login, for which we may require such information as for example first name, last name, username, password, e-mail, etc. This may also include further information we require from you in order to be able to provide you with the Services, e.g., depending on the Service, such further information as address, phone number, date of birth, nationality, identity document details, profession, role and function, financial details (such as income information, assets owned and tax status), customer history, etc., including information from third parties and public sources (e.g. from fraud prevention or government agencies, internet sites and government registries) (“Registration Data”). Furthermore, when using our Services, we may process information relating to transactions (dates, currencies, branches, payer and payee details) and record calls, e-mails, text messages, social media messages and other communications between you and us. We may also analyze your use of our Services in order to get to know you better and tailor our Services to you, by collecting data about your behavior and preferences, including supplementing such data with third-party information, including from public sources (altogether “Usage Data”).
Purpose: In general, Service Data will be used to provide our Services to you and to comply with the applicable legal requirements and our internal regulations, including for anti-money laundering and fraud prevention purposes and tax authority reporting (e.g.: FATCA). We may also process Service Data to document our Service delivery, for training purposes or for quality assurance as well as for market research to improve our Services and operations and for product development.
3.5 Contracts
If we enter into a contract with you, or into negotiations regarding such contract, we may collect Data in relation to the conclusion and performance of such a contract (“Contract Data”). In general, we collect this Data from you or other contractual partners and from third parties involved in the performance of the contract, but may also use Data from third-party or public sources (for example fraud prevention agencies and government registries).
Categories of Data: Contract Data may include Registration Data, Service Data in general and such further information as e.g. relating to the Services to be provided, to your preferences or to your feedback, etc.
Purpose: We use Contract Data for the preparation, conclusion, performance and administration of our contractual relationships and any questions or inquiries that might arise in that relation. Such processing may be required to comply with legal requirements and internal regulations, including Know Your Customer processes. We may keep this Data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.
3.6 Job Applications
We may process Data you provide to us in connection with an application for a job vacancy (“Application Data”).
Categories of Data: Application Data may in particular include your contact information, information about your working permit situation, your education and professional experience and any other information you choose to provide to us in connection with your application.
Purpose: We process Application Data for the assessment of your application and potential negotiation, preparation, conclusion and performance of an employment contract with you. In case no employment contract is concluded, but you provide us with your consent to retain your application for further job vacancies, we may do so based on your consent.
3.7 Profiling
We may use your Data to automatically evaluate personal aspects relating to you (so-called “Profiling”), but will not use it for automated decision making.
Categories of Data: Depending on the specific circumstances, the Data categories listed in Section 3 may be used for Profiling.
Purpose: Profiling may be performed in order to provide better personalised advices, offers, services and job offers. For clients, we use technology tools (market solution databases) to identify the level of risk associated with a data subject or a specific activity. Profiling will only be used to gain a better understanding of certain aspects and will not lead to automated individual decision making.
3.8 Marketing Data
We process your Data for marketing purposes and relationship management, in particular to send you our Newsletter (“Marketing Data”).
Categories of Data: Marketing Data may in particular include your contact information (e.g. first name, last name, e-mail, etc.) and such further data categories as your preferences (e.g. your areas of interest).
Purpose: We process Marketing Data for marketing purposes and relationship management, in particular to manage your subscriptions and send you our Newsletter. We do so to keep you informed about news and our Services.
You can object at any time, refuse or withdraw your consent (if applicable) to be contacted for marketing purposes and in particular unsubscribe from our Newsletter.
Please note that we rely on services provided by Ghost Foundation Ltd in order to manage subscriptions and send you our Newsletter. The privacy notice of Ghost Foundation Ltd can be found at https://ghost.org/privacy/.
4 Disclosure and Transfer of Data
We may disclose your Data to recipients as set out in Section 4.1, which may include cross-border data transfers as further described in Section 4.2.
4.1 Categories of Recipients
We may make your Data available to the following recipients (in compliance with the applicable legal requirements):
- Joint account holders of your account, your guarantor and any person with power of attorney over your affairs (where applicable).
- Arab Bank (Switzerland) Ltd. group’s entities (“Group”). We might share Data within the Group to provide Services to you;
third parties such as credit card providers, payment recipients, beneficiaries, intermediaries, third party fund managers, etc.
External service providers whose participation is necessary for the provision of the services (e.g. IT services providers, payments service providers, business introducers, external asset managers, brokers, credit card issuers, etc.).
Contractual partners (to the extent the disclosure results from such contracts, e.g. if you use our Services under a contract that we have with your employer). - Competent authorities (e.g. Swiss Financial Market Supervisory Authority, FINMA), including tax authorities (e.g. FATCA, CRS, etc.) and courts (in Switzerland and abroad, if we are legally obliged or entitled to such disclosure or if it appears necessary to protect our interests).
- Legal and professional advisors, including accountants and auditors, to fulfil statutory or legal duties or if we are entitled to such disclosure or if it appears necessary to protect our interests.
- Fraud prevention agencies in order to check the identity of the client or other individuals or to investigate or prevent money laundering, fraud or other illegal activity.
- Transaction partners and advisors (e.g. in relation to mergers, acquisitions or other business transactions involving us or our Group).
- Other companies that need to receive the Data for the performance of the contract between you and us.
- Newsletter management service providers, in particular the Ghost Foundation Ltd (www.ghost.org).
4.2 Cross-Border Transfer of Data
We may transfer your Data to countries within the EEA or to the UK and to the following countries outside of Switzerland or the EEA/UK, provided that (a) such countries provide for an adequate level of data protection according to the assessment of the competent authority, (b) we ensure an adequate level of data protection based on appropriate safeguards, such as the EU Standard Contractual Clauses (“EU-SCC”) adapted to Swiss law to the extent required (“CH-SCC”), or (c) you have given your consent regarding such cross-border transfer or another exemption applies: Lebanon, Egypt, Jordan, Qatar, UAE and possibly other countries if necessary for the respective purpose (e.g. to execute payments). Cross-border transfer of data applies mainly to prospects and clients introduced in Lebanon, Egypt, Jordan Qatar and UAE.
5. Storage Periods and Erasure
We process and retain Data for as long as our processing purposes, the legal retention periods and our legitimate interests regarding documentation require it or for reasons of limited technical feasibility. Except in case of contrary legal or contractual obligations, we will erase or anonymize your Data once the storage or processing period has expired. Regarding specific use/Data categories, we will in general retain your Data as follows:
- Website Analysis Data: Website Analysis Data will be stored for as long as required to perform the analysis and will thereafter be deleted or anonymised.
- Cookies: Cookies will be stored on your device for the time period required to achieve the related purpose and will thereafter be deleted by your browser.
- Communication Data: Communication Data will be deleted after responding to / completing your inquiry if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for documentation, quality assurance
or similar business purposes or for the assessment or exercise of, or defence against, legal claims. - Service Data: We generally keep Service Data as long as you are accessing/receiving (or have the right to access/receive) our Services, and such Data will be deleted after termination of your contract and/or deletion of your account if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defence against, legal claims.
- Contract Data: We generally keep Contract Data for the duration of the statute of limitations duration regarding contractual claims, as calculated from the end of the contractual relationship if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) for a longer period and (b) we do not have an overriding legitimate interest to retain such Data for documentation, quality assurance or similar business purposes or for the assessment or exercise of, or defence against, legal claims.
- Application Data: We generally keep Application Data for the duration of the application process and 3 months thereafter, unless you ask or allow us to retain your application for a longer time. We may retain Application Data for longer for the assessment or exercise of, or defence against, legal claims.
- Marketing data: We generally keep Marketing Data for as long as related marketing measures are ongoing or envisaged, if and to the extent (a) we are not legally obliged to retain such Data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for documentation or other legitimate purposes or for the assessment or exercise of or for the defence against legal claims.
6. Your Rights as Affected Data Subject
You have the right to request information about your Data we process and further rights regarding such data processing. In particular, you have – or may have, depending on the circumstances – the right to:
- Information, i.e. to ask us whether we are processing Data about you, and if so, to provide you with further information related thereto.
- Correction, i.e. to ask us to correct or complement your Data if it is incorrect or incomplete.
- Deletion, i.e. to delete your Data (to the extent we are not under a legal obligation or have an overriding legitimate interest to retain such Data).
- Object, i.e. right to object to the processing of your Data by explaining your particular reasons and specific circumstances on which your objection is based. Regarding cookies through which certain Data may be collected, you can block the setting of such cookies at any time by changing the settings in your browser accordingly. Please note that a deactivation of cookies may result in a limited user experience and you may not be able to use every function of our website or Services or to access the Services in an appropriate manner altogether. In order to unsubscribe from our Newsletter, please use the “Unsubscribe” link in the footer of our Newsletter.
- Restrict processing, i.e. to ask us to temporarily restrict our processing of your Data.
- Data portability, i.e. to ask us to provide you in electronic form (to the extent technically feasible) the Data you have provided to us.
- Withdraw your consent, i.e. to withdraw your consent if and to the extent you have previously given your consent to any specific purpose of processing of your Data. This will not affect the lawfulness of any processing carried out before you have withdrawn your consent (or any processing not requiring your consent) and it may mean that we will no longer be able to provide our Services to you.
In case you wish to exercise any of these rights, please contact us as specified in Section 1. Before responding to your request, we will ask for proof of identity. This helps us to ensure that your Data is not disclosed to any unauthorized person.
7. Data Security
We have put appropriate technical and organizational security policies and procedures in place to protect your Data from loss, misuse, alteration or destruction. We limit access to personal data in general following the need to know principle.
8. Complaints / Regulatory Authority
If you believe that our processing of your Data contradicts data protection law, you have the possibility to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Berne, Switzerland (https://www.edoeb.admin.ch)
9. Changes to this Privacy Notice
This Privacy Notice does not form part of any contract with you and we may amend it at any time. The version published on our website is the version that currently applies.
Related pages
Learn how Arab Bank Switzerland complies with the Financial Services Act (FinSA) designed to strengthen investor protection and enhance transparency in the Swiss financial services sector.
Learn how Arab Bank Switzerland complies with the Financial Services Act (FinSA) designed to strengthen investor protection and enhance transparency in the Swiss financial services sector.
The Automatic Exchange of Information (AEoI) is an international tax standard governing how tax authorities of participating countries exchange information related to taxpayers’ foreign banks and safekeeping accounts with one another.
Understand how the Deposit Insurance Scheme, covering deposits of private and corporate clients held at Arab Bank (Switzerland) Ltd, works and the level of losses covered and the specific treatment for multiple accounts.