Name and address of the responsible entity
UBS Switzerland AG
Principles for the processing of personal data
As a licensed bank in a highly regulated industry, UBS Switzerland AG ("UBS") is subject to statutory obligations in relation to confidentiality and discretion (data protection and banking secrecy). These obligations may have to be balanced against domestic and foreign regulatory requirements with regard to internal controls, risk management and statutory reporting obligations. The following principles are intended to highlight this. The term "personal data" includes all information that refers to a particular person either directly (e.g. through the name or a unique number) or indirectly (e.g. through a combination of various pieces of information, potentially from different sources).
Affected persons (natural persons and legal entities)
Insofar as the processing of personal data is necessary for the purposes mentioned below, it mainly affects the following groups of persons:
- employees/job applicants
- suppliers/service providers
- persons who have a different relationship with UBS (e.g. shareholders listed in the share register, parties involved in cases when defending or enforcing legal claims, etc.)
Purposes of data processing
Personal data is processed primarily for the purpose of conducting business relating to banking, finance, consulting, services and trading. Data may also be processed in connection with supporting functions, such as the administration of personnel, suppliers and service providers.
Statutory regulations, for example with regard to anti-money laundering and funding of terrorism, may also make it necessary to process personal data. Moreover, UBS must conduct active risk management within the Group. This requires that market, credit, default, processing, liquidity and image risks, as well as operational and legal risks, must be documented, limited and monitored.
Due to requirements laid down by the Swiss Financial Market Supervisory Authority ("FINMA"), UBS is also obliged to record external and internal telephone calls of all employees engaged in securities trading. It must furthermore store all electronic correspondence (e-mails, communication via Bloomberg or Reuters, etc.) and evidence of the calls made on business telephones by these employees for a period of two years. The bank must also make this information available to FINMA on demand. This applies also to employees identified by a risk-based assessment as being highly exposed to information that has relevance to market supervision.
UBS in Switzerland also stores all incoming and outgoing business and private communication data (in particular e-mails with attachments, chats, instant messaging) in a separate, protected electronic archive located in Switzerland for a period of 10 years.
UBS is authorized to collect personal data from clients and prospective clients, which it may supplement with data from third-party sources, to compile profiles for the following purposes, in particular:
- to be able to provide clients and prospects, where appropriate, with tailored offers, individual advice and information on products and services; and
- to use this data within UBS Group in Switzerland for market research and marketing purposes and for risk management.
Processing of sensitive personal data
UBS also reserves the right to process sensitive personal data for the abovementioned purposes, to the extent that such processing is required.
Origin of the data
For the abovementioned purposes, the data is collected directly from the relevant persons, from internal units (e.g. the Legal and Compliance department) or external agencies (e.g. sanctions lists directed at individuals or organizations as issued by the UN and the EU; the Central Credit Information Office ("Zentralstelle für Kreditinformation"); list brokers).
Categories of designated data recipients
UBS reserves the right to disclose personal data to the following recipients for the abovementioned purposes insofar as it is legally permissible or necessary to do so, and to the extent that disclosure is required:
- authorities (e.g. FINMA);
- internal units (e.g. the marketing department);
- Group entities and external contractors for data processing (outsourcing);
- financial market players (e.g. third-party and central securities depositories, brokers, stock exchanges and registers); and
- third parties (e.g. the Swiss Bankers Association).
Data transfer to recipients outside Switzerland
Data is transferred to recipients outside Switzerland only within the scope of contract fulfillment and in exceptional cases expressly specified by law (e.g. reporting on certain stock market transactions to international transaction registers).
To ensure the same level of data protection within the Group worldwide, UBS has issued a directive according to which, all Group companies and business divisions must meet the same data protection requirements as if the data were being processed in Switzerland. If external third parties are involved, UBS ensures compliance with data protection requirements by concluding officially recognized agreements.
If, under Article 8 of the Federal Act on Data Protection ("FADP"), you wish to request information as to whether UBS processes your personal data, please send a written request to the following address:
UBS Switzerland AG
Data Protection Officer
Last update: 1 January 2016