Follow us on Instagram

Follow us on LinkedIn

Privacy and Data Protection Policy

1. Introduction


Banca del Sempione SA issued this "Privacy and Data Protection Notice" in the light of the Swiss Federal Data Protection Act ("LPD") and, as far as necessary for relations with EU customers, ofthe General Data Protection Regulation of the EU ("GDPR").

In this regard, Banca del Sempione SA ("the Bank") has adapted its policies regarding the processing and use of personal data, the confidentiality of which was already previously largely protected by the obligation to maintain banking secrecy (see this point to our General Conditions).

The purpose of this information is to inform you about the way in which your information is managed and collected within the contractual framework agreed with the Bank, on the reasons for the collection, the possible sharing and the time for which they will be kept.

We therefore ask you to read this Data Protection Notice which provides detailed information on the protection of your personal data and to bring it to the attention of any person whose information you provide us with.
Detailed information on which data will be processed and which method will be used depends on the services requested or agreed.



2. Interested parties


In this Notice, the Bank explains how it collects, processes and protects personal data relating to the following subjects:

  1. Bank customers;
  2. prospective customers;
  3. persons who have or are in the process of requesting an account with the Bank ("Customers")
  4. individuals whose information is provided by a Customer to the Bank or to which the Bank becomes aware of the services provided by the Bank to a customer ("Linked Persons").
  5. The information of the aforementioned subjects is protected by the statutes of the banking secrecy which prohibit disclosure to third parties, unless otherwise authorized by the subjects themselves.


3. Data protection officer and contacts


The responsible department is the Data Protection Officer of the Bank, which can be contacted at the following address:
Banca del Sempione SA
Data Protection Officer
Via Pietro Peri, 5
6900 Lugano



4. Types of personal data that the Bank collects


We may collect various types of personal data about you, including:

  • identification information (e.g., full name, ID card and passport and relative number present on the identification document, nationality, place and date of birth, gender, photograph, IP address);
  • contact information (e.g., address and email address, phone number);
  • family situation (e.g., marital status, number of children);
  • tax statute (e.g., tax ID or other identification code for tax purposes);
  • education and employment information (e.g., level of education, remuneration);
  • banking, financial and transactional data (e.g., bank account details, transfer of assets, source of wealth);
  • data which relates to your use of our services;
  • data from your interactions with us through our branches (visit reports), our Internet websites, emails, phone conversations;
  • background checks to evaluate solvency / over-indebtedness and
  • cookie information (e.g. cookies and similar technologies on websites and in emails – for more information, please refer to our Cookies Policy).
  • any recordings of telephone conversations between you and the Bank and video recordings during your visits to the Bank;
  • data transmitted by the browser, in case it accesses a website of the Bank. The recorded information will include the date and time of access to the website, the files accessed, the volume of data transmitted, the performance, the type of web browser used, the language, the requesting domain and the IP address. These data are used for reasons of computer security and to improve the ease of use of the site. We also use "cookies", information stored on your device when you visit our website. Cookies are necessary for the website to work and are often deleted automatically after the visit. We also use services such as Google Analytics (cookies stored for a maximum of 30 days) that collect information on our website.

We never ask for particularly sensitive personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences, unless it is required by law.



5. Source of personal data


Personal data listed above are provided directly by the interested party or may be obtained from other sources, such as:

  • publications / databases made available by authorities;
  • our corporate customers or service providers;
  • publicly available sources such as, but not limited to credit rating agencies, commercial registries, asset screening services and fraud prevention agencies or data intermediaries acting in compliance with data protection laws and regulations;
  • websites / social media pages containing information made public by the person (for example, their website or social media).



6. Purposes for which we process personal data


6.1 To comply with our contractual obligations
We use your personal data for the fulfillment of our contractual obligations or to make decisions on your request before entering into a contract, in the following ways:

  • provide information related to our products and services;
  • assist you and answer your questions;
  • assess whether we are able to offer you a product or service and under what conditions;

6.2 To respect our legal obligations
We use your personal information to meet various legal and regulatory obligations, including:

  • banking and financial regulations;
  • prevention of money laundering and terrorist financing;
  • compliance with legislation on sanctions and embargoes;
  • fight against tax fraud and the fulfillment of tax inspection and notification obligations;
  • monitor transactions to identify those that deviate from the normal routine;
  • define the credit risk score and the repayment capacity;
  • record, when necessary, telephone calls, chats, e-mails, etc.;
  • respond to an official request from a public authority duly authorized by law.

6.3 For legitimate interest
We use your personal data where it is necessary for our legitimate interests, including, but not limited to, the improvement of our products and services, quality assurance and administrative purposes, for your interests and only when your fundamental rights do not prevail over these interests.

7. Entities with which share data


Every bank office that needs your personal data to comply with our contractual and legal obligations will have access to such data.


Service providers outside the Bank may receive data for these purposes if they comply with data protection regulations. These are banking services companies, IT services, logistics.


Regarding the transfer of data to recipients outside our Bank, it should first be noted that, as a credit institution, we are required to maintain confidentiality for all matters and assessments relating to the customers we come to know (Banking Secrecy under our general conditions). We may transmit information that concerns you only if the legal provisions require it or if you have given your consent (e.g. to process a financial transaction you ordered) and / or if the Bank is authorized to provide information. Based on these requirements, the recipients of personal data may be, by way of example, but not limited to:

  • bodies governed by public law and financial institutions (e.g. Swiss National Bank, FINMA, financial authorities, criminal prosecution authorities) based on an obligation imposed by law or authority;
  • credit institutions and other financial or similar institutions to which we transfer your personal data for business purposes (depending on the contract, e.g. correspondent banks, custodian banks, stockbrokers, fund management companies, stock exchanges values, information centers).


8. Transfers of personal data outside of Switzerland or European economic area


Under certain circumstances, for example if a transfer of data is required to carry out our contract with you, such as when making an international payment, the Bank may transfer your data to another country where the competent authority has recognized that it is able to provide an adequate level of data protection.


For transfers to a country where the level of protection of personal data has not been recognized as "adequate" by the competent authority, we will rely on an exemption applicable to the specific situation or we will be implemented standard contractual clauses that respect the legal limits in order to ensure protection of personal data of the interested party.


9. Period of time in which we keep data of interested parties


We will retain your information for the time necessary to fulfill the purpose for which they were collected or to fulfill legal and regulatory record keeping requirements under federal legal requirements and specific Swiss banking regulations.


If you request the deletion of your data, we will evaluate the request and, if the data are no longer necessary to fulfill any contractual, regulatory or legal obligations, such data will be deleted.


10. Rights of interested parties


Depending on the data protection laws applicable to the specific situation, the interested parties have the following rights:

  • access: it is possible to obtain information regarding the processing of personal data and a copy of such data;
  • correction: if you believe that your personal data are inaccurate or incomplete, you can request that such data be modified accordingly;
  • limitation of the processing of personal data;
  • cancellation: it is possible to request the cancellation of personal data, to the extent permitted by law (see point 9);
  • propose a complaint (enforcement).

You can exercise your rights at any time by sending a request to the addresses specified in point 3.


11. Data security


The Bank adopts technical and organizational measures to protect the personal data of interested parties that include cryptography, anonymization, access restrictions, multi-level logical defense and physical security measures. The Bank requires its employees and any third parties engaged in any activity on behalf of the Bank to comply with the appropriate standards of compliance including obligations to protect information and apply appropriate measures for the use and transfer of personal data.

12. Is there an obligation to provide data?


In the context of a business relationship with the Bank, a Client or a Connected Individual, must provide all personal data which is necessary for the establishment and maintenance of such business relationship and the performance of the associated contractual obligations or which the Bank is legally obliged to collect. As a rule, the Bank would not be able to enter into or perform any contract or – consequently - accept and execute any order without collecting and processing personal data.


In particular, provisions of anti-money laundering law require that the Bank verifies a data subject’s identity before entering into the business relationship by means of a document of evidentiary value (e.g. identity card) and that the Bank collects and records a data subject’s name, place of birth, date of birth, nationality, residential address and other data for that purpose. Other types of data collected serve, for example, to ensure that the customer receives an adequate financial service (such as investment advice or portoflio asset management) in accordance with the Federal Financial Services Act. In order for the Bank to be able to comply with this legal obligation, the data subject must notify the Bank, without undue delay, of any changes that may arise during the course of the business relationship.


We reiterate that the Bank will never transmit such data to third parties except with the customer’s consent, or for the best fulfillment of its mandate, or for legal obligation, or to defend its legitimate interests: in other words, the Bank will never “sell” the collected data

13. Is "profiling" or "automated decision-making" used?


The Bank does not perform any automated profiling activity nor any automated decision-making process.



14. Changes to privacy and data protection policy

We invite you to review the latest version of this notice online and we will inform you of any substantial changes through our website or through our usual communication channels.




Date of update: 11.02.2022