Home Contact Deutsch

Data protection

Data Protection

DZ PRIVATBANK S.A. is pleased that you have visited our website and are interested in our company. We take the protection of your personal data seriously so that you are safe when visiting our website. DZ PRIVATBANK S.A. collects, processes, and uses personal information in accordance with the applicable statutory stipulations and particularly with the stipulations of the EU General Data Protection Regulation and in accordance with this data protection notice.

If you disclose personal data with us, we will treat it with due diligence and in accordance with the various data protection regulations.

Data will not be used for any other purposes, nor will it be disclosed to third parties. DZ PRIVATBANK (Schweiz) AG, Münsterhof 12, CH–8022 Zurich is no third parties within this meaning. Due to technical reasons, please note that we are currently unable to offer you the secure (encrypted) transmission of your message. For your own safety, please post any messages of a confidential nature to us. Any data that you enter in order to use your virtual portfolio will only be used for your virtual portfolio and will not be disclosed to third parties. You can amend or delete your virtual portfolio via the Internet at any time.

Collecting and processing personal data*

You can generally visit the DZ PRIVATBANK S.A. pages without the need for us to collect personal data from you. We only know the name of your Internet service provider, the websites from which you visit us and the pages you visit with us. This information is collected and saved by us for statistical purposes in anonymous form for marketing and optimisation purposes. User profiles are issued on the basis of this data under a pseudonym. The data is not used to personally identify visitors to this website and are not combined with data regarding the pseudonym bearer.

Personal data will only be collected and processed for this purpose if, for example, you enter this e.g. in oder to request information or set up a virtual portfolio. This information is partially transmitted in encrypted format in order to prevent misuse by third parties.

In some areas of the website, DZ PRIVATBANK S.A. makes use of cookies in order to be able to personalise our services to you. Cookies are identifiers that a Web server sends to your computer in order to identify it for the duration of your visit. It is generally possible to display cookies in your browser (e.g. in Mozilla: “Tools” → “Settings” → “Data protection” → “Show cookies”). You can also set your browser so that you are informed about the storing of cookies.

The web analytics tool "Matomo" is used on the DZ PRIVATBANK S.A. websites. The analysis of user behaviour is important because in this way demand for content can be analysed anonymously and the offering can thus be optimised. Where applicable for these websites you use, we collect real-time data, for example:

  • Date
  • Number of actions conducted on the website
  • Time spent on the website
  • Country of origin
  • Browser version
  • Operating system
  • Number of new and returning visitors
  • Referring source
  • Target conversion rate
  • IP address (these are not evaluated)

The analytics tool works by placing a cookie that is saved after the end of your visit as a so-called "First Party Cookie" with an aliased ID as a small text file on your end device under the name _pk_id.12345 (individualised number). The cookie has an unlimited lifetime and enables a non-personal analysis of behaviour on the website. For example, we can determine the website from which our visitors called up our website, and which pages were viewed on the DZ PRIVATBANK S.A. internet site and for how long. We can also evaluate how many and which files were downloaded by visitors. Using the determined data we try to adjust and optimise the service on the website in accordance with user behaviour. It is not possible for us to establish a personal reference through these cookies. The cookies are used for the purpose of creating user statistics which cannot be matched directly with individual persons (“pseudonymous user profile”). You have the right to object to this use of your data. You can exercise your right of objection as follows.

Right of objection:

You can suppress the analysis of user behaviour in your browser by preventing this domain (dz-privatbank.com) from setting cookies. This is done, for example, by configuring an exception in your browser (e.g. in Firefox). If you are uncertain as to how this is done, please refer to the browser’s help function.
Naturally, you can also delete the above-mentioned cookies in your browser to delete tracking information, either periodically or on an ad-hoc basis.
Another option available to you is to suppress any form of future user analysis on this website by setting a so-called block cookie or opt-out cookie.

Use and forwarding of personal data and legitimate purpose
Data processing outside of Luxembourg for transactions

Any personal data that is necessary for money transactions is processed by the bank and other specialist companies in this area, such as SWIFT (Society for Worldwide Interbank Financial Telecommunication). This processing is done by local data centres in other European countries and in the United States of America (US) in accordance with the various laws in force there. As a result, US authorities may obtain access to data held in local data centres for the purpose of combating terrorism. Each customer that asks the bank to carry out a transfer or another transaction gives their tacit consent that all data necessary for the proper execution of the transaction is to be processed outside of Luxembourg.

Which sources and data do we use?

We process personal data that we receive from you within the context of our business contact or our business relationship. We also – to the extent necessary for performance of our services – process personal data that we permissibly receive from other companies of the Volksbanken Raiffeisenbanken cooperative financial network or from other third parties (e.g. for completing orders, fulfilling contracts, or on the basis of consent granted by you). In addition, we process personal data that we have legally obtained from publicly accessible sources (e.g. lists of debtors, title registers, commercial and association registers, the press, the media) and may legally process.

Relevant personal data includes personal details (name, address and other contact information, date and place of birth and nationality) verifying data (e.g. identification data) and authentication data (e.g. signature sample). This may also include order data (e.g. payment order, securities order), data from the fulfilment of our contractual obligations (e.g. monetary transaction volume, available credit, product data [e.g. deposit, credit, and depot transactions]), information on your financial situation (e.g. creditworthiness, scoring/rating data, origin of assets), promotional and sales data (including promotional scores), documentation data (e.g. advisory logs), register data, data on your use of our offered telemedia (e.g. time when our websites, apps or newsletters are retrieved, our pages that are clicked and/or entries) as well as data comparable to said categories.

Why do we process your data (purpose of processing) and what is the legal foundation?

We process personal data in accordance with the stipulations of the EU´s General Data Protection Regulation (GDPR) and respectively applicable national law.

Fulfilling contractual obligations (Article 6, paragraph 1b of GDPR)

Personal data (Article 4 No. 2 GDPR) is processed for performance and mediation of bank transactions, financial services, and insurance and real estate transactions, particularly for the performance of our contracts or pre-contractual measures with you and the execution of your orders, as well as all activities associated with the operation and administration of a credit and financial services institution.

The purposes of data processing are predominantly aligned with the specific product (e.g. account, credit, transferable securities, deposit, mediation, online banking, fund services) and may include, among other things, analyses of needs, consultation, asset management and supervision, as well as the execution of transactions.

Additional details about the purpose of data processing can be obtained in the relevant contractual documents and terms of business.

Within the framework of balancing of interests (Article 6 Paragraph 1f GDPR)

If necessary, we process your data, beyond actually fulfilling the contract, in order to observe our legitimate interests or those of third parties, for example in the following cases:

  • Consulting and exchanging data with information offices for the purpose of determining creditworthiness and/or default risks and the requirement for the seizure-protection account or basis account;
  • Examining and optimising processes for analysing requirements and direct communication with customers;
  • Undertaking promotional measures or market and opinion research, unless you have objected to the use of your data;
  • Asserting legal claims and defence during legal disputes;
  • Guaranteeing IT security and the bank’s IT operations;
  • Preventing and investigating criminal acts;
  • Video monitoring to collect evidence of criminal acts or to document withdrawals and deposits at deposit/withdrawal locations. They therefore serve to protect customers and employees and to assert domestic authority.
  • Building and investment security measures (e.g. access controls);
  • Measures for securing domiciliary rights;
  • Business management measures and development of services and products.

Based on your consent (Article 6 Paragraph 1a GDPR)

To the extent that you have granted us your consent to process personal data for specific purposes (e.g. forwarding of data within association/group, evaluation of monetary transactions for marketing purposes), this processing will be considered legal based on your consent. Once granted, consent can be retracted at any time. This applies also to the retraction of declarations of consent that were provided to us before applicability of the GDPR, i.e. before 25 May 2018.

Please note that retraction will have effect only for the future. Information that was processed before the retraction will not be affected.

Based on legal requirements Article 6 Paragraph 1c of GDPR)or in the public's interest Article 6 Paragraph 1e of GDPR)

Additionally, as a bank we are subject to a variety of legal obligations, i.e. statutory requirements as well as bank supervision requirements (e.g. those of the European Central Bank, European Bank Supervision, Commission de Surveillance du Secteur Financier, der Banque Centrale du Luxembourg, the German Bundesbank, and the German Federal Financial Supervisory Authority). The purposes of processing include, among other things, creditworthiness verification, identity and age verification, prevention of fraud and money laundering, fulfilment of tax control and notification obligations, as well as evaluation and management of risks.

Who receives my data?

Within the bank, the data will be received by persons and departments who need it for fulfilment of our contractual and statutory obligations. Entities contracted by us to perform processing (Article 28 of GDPR) may also receive information for the stated purposes. These are companies in the categories of credit and financial services, IT services, logistics, printing services, telecommunications, collections, advisory and consulting, and sales and marketing.

With respect to forwarding of data to recipients outside of the bank, it shall be noted that we are bound, in accordance with pertinent statutory stipulations and/or by the General Terms and Conditions agreed between you and us, to confidentiality of all customer-related facts and valuations of which we receive knowledge (bank secrecy). We may forward information about you only if statutory stipulations provide for this, if you have consented to this, or if we are authorized to grant a bank inquiry. Under these conditions, recipients of personal data may be, for example:

Public entities and institutions (e.g. German Bundesbank, German Federal Financial Supervisory Authority, Commission de Surveillance du Secteur Financier, Banque Centrale du Luxembourg, European Supervisory Authority, European Central Bank) in the presence of a statutory or official obligation.

Other credit and financial services institutions or comparable organizations to whom we transmit personal data for the purpose of managing the business relationship with you (depending on contract: e.g. companies of the Volksbanken Raiffeisenbanken cooperative financial network, correspondence banks, depository banks, exchanges, information offices).

Additional recipients of information may be the entities for whom you grant consent to transfer information and/or for which you have released us from bank secrecy in accordance with an agreement or consent.

How long will my data be saved?

To the extent necessary, we process and save your personal data for the duration of our business relationship, which may also include, for example, initiation and conclusion of a contract. In this context, it shall be noted that our business relationships can have durations of many years.

In addition, we are subject to statutory and regulatory retention and documentation obligations. The periods of retention and/or documentation specified there can be up to ten years after creation or five years after termination of the business relationship.

The length of time that information is saved also depends on legal limitations which may, in individual cases, be up to 30 years.

What data protection rights do I have?

Every affected person has right:

  • of access in accordance with Article 15 of the GDPR,
  • to rectification in accordance with Article 16 of the GDPR,
  • to erasure in accordance with Article 17 of the GDPR,
  • to restriction of processing in accordance with Article 18 of the GDPR
  • to data portability from Article 20 of the GDPR
  • to lodge a complaint with a data protection supervisory authority in accordance with Article 77 of the GDPR

Is there an obligation to provide information?

Within the framework of our business relationship you must provide only the personal data that is necessary for the foundation, execution, and termination of a business relationship or the information we are legally obligated to collect. Without this information, we must normally refuse the conclusion of a contract or the execution of an order or we may no longer execute an existing contract or will be required to terminate an existing contract.

In particular, we are obligated, in accordance with money laundering regulations, to identify you using e.g. your personal identification and must collect, at a minimum, your name, place of birth, date of birth, nationality, and physical address. In order for us to be able to comply with this legal obligation, you must, in accordance with the applicable regulations for the prevention of money laundering and terrorism financing, provide us with the required information and documents and notify us of any changes throughout the course of the business relationship. If you do not provide us with the necessary information and documents, we will not be able to enter into the business relationship that you request.

To what extent are decisions automated in individual cases?

In accordance with Article 22 of the GDPR, we never use fully automated decision-making for forming and executing the business relationship. If, in individual cases, we use this method we will inform you of this separately to the extent legally required.

To what extent are my data used for profiling purposes(scoring)?

We sometimes process your information automatically with the objective of evaluating certain personal aspects (profiling). We use profiling in the following cases, for example:

  • Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and crimes that threaten assets. Information is evaluated for this purpose (in monetary transactions, among others). These measures also serve to protect you.
  • We use evaluation instruments in order to inform you and advise you about specific products. This enables needs-based communication and promotion, including market and opinion research.

Data security

DZ PRIVATBANK S.A. utilizes technical and organisational security measures in order to protect data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continually improved in accordance with technological developments.

Information about your right of objection in accordance with Article 21 of the GDPR

You have the right, for reasons arising from your particular situation, to object to the processing of personal data affecting you that occurs based on Article 6, paragraph 1e of the GDPR (data processing in the public interest) and Article 6, paragraph 1f of the GDPR (data processing based on a balancing of interests); this applies also to profiling supported by this stipulation pursuant to Article 4 No. 4 of the GDPR, which we use for evaluating creditworthiness and for promotional purposes.

If you submit an objection, your personal data will no longer be processed unless we can document urgent protection-relevant reasons for processing that override your interests, rights and freedoms or if processing serves the assertion, exercising, or defence of legal claims.

We do, in individual cases, process your personal data in order to perform direct promotions. You have the right to submit, at any time, an objection to the processing of your associated personal data for the purpose of such promotion; this applies also to profiling if it is in connection with such direct promotion.

If you object to your information being processed for the purpose of direct promotions, your personal data will no longer be used for these purposes.

Your objection can be made informally and should be directed, whenever possible, to:

DZ PRIVATBANK S.A.
4, rue Thomas Edison
L-1445 Strassen, Luxembourg

Postal address
DZ PRIVATBANK S.A.
Boîte postale 661
L-2016 Luxembourg

Tel. +352 44 903 1
Fax +352 44 903 2001
e-mail: info@dz-privatbank.com

Information requirements concerning the General Data Protection Regulation (GDPR)

Data protection issues

Who is responsible for data processing and whom can I contact?

The responsible entity is:

DZ PRIVATBANK S.A.
4, rue Thomas Edison
L-1445 Strassen, Luxembourg
Tel. +352 44 903 1
Fax +352 44 903 2001
e-mail: info@dz-privatbank.com

You may contact our operational data-protection officer at:

Frank Meyer
Data Protection Offficer
DZ PRIVATBANK S.A.
4, rue Thomas Edison
L-1445 Luxembourg
Tel. +352 44 903 2435
Fax. +352 44 903 2001
e-mail: datenschutz@dz-privatbank.com

Last Update: 05/2018

*Collecting and processing personal data

The products and services contained within these web pages are not available for residents of certain jurisdictions. Please consult the sales restrictions relating to the products and services in question for further information.