Data Protection Statement

1. General information

Information on the validity of Swiss bank customer secrecy can be found in your contracts, the Terms and Conditions and any annexes to contracts and are not part of this data protection statement.

Basler Kantonalbank (BKB), Aeschenvorstadt 41, 4051 Basel (hereinafter also referred to as "we", "us"; the "bank", the "data controller") processes personal data relating to you or other persons (so-called "third parties").

We use the term "data" here synonymously with "personal data".

By "personal data" we mean data relating to an identified or identifiable person. "Processing" means any handling of personal data, e.g. its procurement, storage, use, adaptation, disclosure and erasure.

In this data protection statement, we describe what we do with your data if you use www.bkb.ch, our other websites or our apps (hereinafter collectively referred to as the "website"), purchase our services or products, are otherwise connected to us under a contract, communicate with us or otherwise deal with us. In addition, we can inform you separately about the processing of your data, e.g. in declarations of consent.

The Swiss Data Protection Act ("DPA") applies to the Bank's activities.

2. What data do we process?

We process different personal data in connection with our services, products and online offerings. The main categories are the following:

  • Master data: We refer to information such as your name, address and other contact details, gender, date and place of birth, nationality, official documents (e.g. excerpts from the commercial register, permits), identification data (e.g. ID card data, copies of ID cards) and authentication data (e.g. sample signatures, photos and videos), powers of attorney, signature authorisations and any tax-relevant information (e.g. tax domicile) as your master data.
  • Contract data: This is data that arises in connection with the conclusion of a contract or the execution of the contract, e.g. information about contracts and the services to be provided or that have been provided, your customer history and documentation data, as well as the information required or used for the execution of the contract. This includes, for example, order and risk management data, payment orders, information about beneficiaries, data from the fulfilment of our contractual obligations, information about your financial situation (e.g. information about your assets, creditworthiness data, scoring/rating data, origin of assets), your risk and investment profile and information about fraud.
  • Technical data: When you use our website or other electronic offerings, we collect technical data. The technical data itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts (e.g. E-Banking), forms, registrations or the processing of contracts, it can be linked to other data categories (and thus possibly to you personally). The technical data includes, for example, the IP address and information about the operating system of your device, the date, region and time of use, as well as the type of browser with which you access our electronic offerings and also logs that are created in our systems.
  • Registration data: Certain services (e.g. login areas of our website, E-Banking, Mobile Banking, newsletter distribution, free Wi-Fi access) and offerings (e.g. contests) can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In particular, the following data is processed: user name, password, name, e-mail address. In addition, data on the use of the offering or service may be collected.
  • Communications data: If you communicate with us (e.g. via a contact form, e-mail, telephone, chat or letter), we collect the data exchanged between you and us, including your contact details (e.g. name, telephone number, address) and the peripheral data (e.g. date, duration, parties) of the communication. When we record telephone conversations or video conferences, we point this out to you specifically.
  • Particularly sensitive data: In certain cases, we may process data that is particularly worthy of protection. This can be biometric data (e.g. a voice print for identification), but also data about the existence of a guardianship, administrative and criminal prosecutions or sanctions, etc.
  • Marketing, behavioural and preference data: This includes, for example, your wishes and preferences, advertising and sales data, information about participation in our events and information about certain actions (e.g. about reactions to electronic communications).
  • Other data: We also collect further data from you (e.g. in connection with official or legal proceedings). We may make or receive photos, videos and sound recordings, in which you may be recognisable (e.g., at occasions, via security cameras, etc.). We may also collect data about who enters certain buildings or has corresponding access rights (including in the case of access controls, based on registration data or visitor lists, etc.), who participates in events or marketing campaigns (e.g. competitions) or who uses our infrastructure and systems at what time.

3. Where does the data come from?

The data comes in particular from the following sources:

  • From yourself: You provide us with many of the types of data mentioned in point 2 yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.) or they are disclosed to us by third parties on your behalf and in your interest (e.g. intermediaries, agents, etc.).
  • By using products and services: When using our services and products (e.g. E-Banking, our website, payment transactions), a range of data is collected (e.g. technical data, payment data). These can be recorded by the technical infrastructure, processed by our service providers (e.g. IT service providers) or transmitted to the bank in the case of work-sharing processes (e.g. by other financial institutions, stock exchanges, trading venues).
  • From third party sources: We also collect data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet) or receive data from other companies within the Group BKB, from authorities and from other third parties (such as credit reference agencies, address dealers, associations, contractual partners, Internet analysis services, cooperation partners, etc.).
  • From private individuals: We receive data about you from third parties who use our services and offerings that are related to you (e.g. inheritance and financial advice, registration for an event). We assume that these persons have informed you in advance about the disclosure of data to the bank.

4. For which purposes do we process your data?

The processing of personal data takes place from the first contact, during maintenance of our contractual relationship until the end of the contractual relationship. In particular, personal data is processed for the following purposes:

  • Identification of customers, processing of pre-contractual inquiries, provision of banking transactions and financial services (needs analysis, advice and support, asset management and support, financial planning, provision of pensions, management of products, e.g. account, credit, securities, deposits, brokerage and the execution of transactions) and for the mediation of offerings from third parties.
  • Processing of personal data for the monitoring, evaluation and management of risks, as well as in the context of corporate management and business management within BKB and the Group BKB, consultation of and data exchange with information centres (e.g. debt collection registers) to determine creditworthiness or default risks in the credit business and to prevent and investigate criminal offences.
  • Processing of personal data on the basis of legal, regulatory and other requirements for, among other things, creditworthiness checks, identity checks ("Know Your Customer"), fraud prevention and combating fraud, money laundering and terrorist financing, fulfilling tax and other audit, reporting and information obligations.
  • Marketing, relationship management, consulting and information about our offering, in the context of the implementation of events, sponsorship, contests and sweepstakes, market and opinion research, as well as surveys, testing and the optimisation of procedures for needs analysis for the purpose of direct customer approach or customer acquisition.
  • Processing of personal data in the context of product development or for statistics, for the assessment, improvement and further and new development of services and products, technologies and systems.
  • Measures to ensure security (e.g. video surveillance for the preservation of householders' rights, to collect evidence in the event of robberies and other offences or to prove dispositions and deposits, e.g. at ATMs, measures for building and system security (e.g. access controls), guaranteeing the bank's IT security and IT operations.
  • We process your data for communication purposes, in particular to answer inquiries and to contact you if you have any questions. Voice recordings are made within legal or regulatory requirements or contractual agreements. We retain this data to document our communications with you, for training purposes, for quality assurance, for evidence purposes and for inquiries.
  • The assertion of legal claims and defence in legal disputes.

5. On what basis do we process your data?

  • On the basis of contracts: We process your data in the context of the acceptance (pre-contractual), conclusion or execution of a contract or a business relationship, as well as for the fulfilment of the obligations arising from such a contract or such a business relationship.
  • Based on balance of interests: Within the scope of our legitimate interests, we may process your data (e.g. marketing, market and opinion research, risk management or securing the bank's claims).
  • On the basis of your consent: We may obtain your consent for the processing of personal data. If data processing is based on your consent, you can revoke your consent to us.
  • On the basis of legal or regulatory requirements or in the public interest: We may process your personal data within the scope of the applicable legal, regulatory and professional regulations.

6. Are individual automated decisions made?

In certain situations, we may make decisions concerning you that are based exclusively on automated processing and are associated with a legal consequence or significantly affect you (automated individual decisions). We will take the measures required by applicable law.

7. Is there any profiling involved?

Profiling is the automated processing of personal data in order to analyse personal aspects and make forecasts. The data may also come from third parties (e.g. service providers that offer payment cards). For example, we may use profiling in the following cases:

  • Pursuant to legal and regulatory requirements, we are required to combat money laundering, terrorist financing and crimes that endanger assets. Data evaluations (including payment transactions) are also performed. These measures also serve to protect you.
  • In order to provide you with targeted information and advice on services, we use analytics. For example, transaction data for cards and payment flows can be processed automatically. These enable needs-oriented communication and advertising, including market and opinion research.
  • As part of the assessment of your creditworthiness, we use scoring. The probability that customers will meet their payment obligations in accordance with the contract is calculated. The calculation may include, for example, income circumstances, expenses, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, contractual repayment of previous loans and information from credit reference agencies. Scoring is based on mathematically and statistically recognised and proven methods. The score values calculated support us in decision-making within the framework of closure of product sales and are included in the ongoing risk management.

8. Who do we disclose your data to?

In connection with our offerings, our market appearance, services and products, legal obligations or otherwise to safeguard legitimate interests and the other purposes listed in point 4, we also transfer your personal data to third parties, in particular to the following categories of recipients, depending on the type of products and services purchased:

  • Legal entities of the Group Basler Kantonalbank
  • Other credit and financial services institutions or similar institutions: For the execution of a contract, the execution of a business relationship with you and the provision of our services, personal data will be disclosed to other third parties necessary for the fulfilment of the order. These include, for example, correspondent banks, custodian banks, brokers, stock exchanges or marketplaces, issuers, intermediaries and international trade repositories.
  • Contractual partners, customers and other third parties: This includes, among other things, payees, beneficiaries and authorised representatives to whom personal data may be disclosed in the context of the use of services and products. This also includes contractual partners with whom we cooperate, for example in joint offerings, intermediary arrangements or those who advertise for us.
  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under our joint responsibility or who receive data about you from us under their own responsibility (e.g. banking service providers, IT service providers, telecommunications service providers, shipping and logistics companies, advertising service providers, login service providers, security companies, insurance companies, consulting companies, debt collection companies, credit agencies or address verifiers).
  • Authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us under their own responsibility. These may be, for example, law enforcement authorities, supervisory authorities, including but not limited to the Swiss Financial Market Supervisory Authority FINMA, debt enforcement and bankruptcy offices, inheritance authorities or child and adult protection authorities.

9. Does your personal data also go abroad?

Depending on which products, services or offerings are used, personal data may also be transferred to third parties (including order processors) outside Switzerland (EEA/worldwide). This may also be the case in connection with our operational needs (e.g. operation of the website, outsourcing) or for legal reasons.

If, exceptionally, data is transferred to a country without adequate data protection, we contractually require the recipient to comply with the applicable data protection (we usually use the standard data protection clauses approved, issued or recognised by the Federal Data Protection and Information Commissioner) insofar as they are not already subject to a legally recognised set of rules to ensure adequate data protection and we cannot rely on an exception provision. An exception may apply, in particular, to legal proceedings abroad, but also in cases of overriding public interests, statutory provisions (e.g. tax reporting obligations) or if contract processing requires such disclosure (e.g. payment and securities orders), if you have consented or if it concerns data made generally accessible by you, the processing of which you have not objected to.

Please also note that data exchanged over the Internet is often transmitted via third countries. Your data may, therefore, also be transferred abroad even if the sender and recipient are in the same country.

10. How long do we process your data for?

Your data will be destroyed or anonymised as soon as it is no longer necessary for the purpose for which it was collected. It should be noted that our business relationship is usually a continuing contractual obligation that is designed to run for a number of years.

11. How do we protect your data?

We take reasonable security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorised access.

12. What are your rights?

According to the Swiss Data Protection Act, you have the right to information, rectification and – if applicable – erasure, objection and data disclosure or portability with regard to the data concerning you. Please note that our business relationship is a continuing contractual obligation that is designed to run for a number of years. As a rule, we cannot erase customer data over the term of the contract and for a certain period of time for contractual and legal reasons. The exercise of your rights may be subject to conditions, exceptions or restrictions under applicable data protection law (e.g. to protect third parties or trade secrets).

If data processing is based on your consent, you can revoke your consent to us. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected by this.

In the case of automated individual decisions (point 6), you have the right to express your point of view and to request that the decision be reviewed by a natural person.

Contact: Bank Data Protection Office:
Basler Kantonalbank
Datenschutzstelle
Aeschenvorstadt 41
4051 Basel

13. Use of the website and online services

13.1. Do we use online tracking and online advertising technologies?

On our website and in our online offerings, we use various technologies that allow us and third parties we engage to determine how our online offerings are used.
The essence is that we can distinguish your access (via your system) from access by other users and may be able to recognise you over several visits, analyse the use, ensure the functionality of the website and perform evaluations and personalisations.

We may use cookies. These are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contractors transmits to your system (browser, mobile phone) when connecting to our website and that your system receives and stores until the programmed expiry date. With each further access, your system transmits these codes to our server or the server of the third party. In this way, your system will be recognised even if your identity is unknown.

Other technologies may also be used to analyse the use of our online offerings. This allows you (or your system) to be recognised (i.e. distinguished from other users) with a greater or lesser probability. In particular, we use:

  • Server log files: Whenever you access our website or other online services, we may log information sent by your system (e.g. the date, time, IP address, operating system, browser or language);
  • Fingerprinting: Fingerprinting combines your IP address, the browser you use, screen resolution, language selected and other information that your system communicates to each server, resulting in a more or less unique fingerprint;
  • Counting pixel: Counting pixels are visible or invisible images integrated into a website or e-mail, which are automatically retrieved when the information is called up. The same information sent by your system can be logged in the same way as in the server log files.

We use appropriate technologies on our website and allow certain third parties to do the same. These third parties may process performance and usage data for their own purposes. It is possible that personal data (e.g. your IP address) may also be collected by third parties and processed outside Switzerland (worldwide).

Please note that we have no influence on the technical design of third-party technologies. If the third parties collect personal data for their own purposes, they are responsible for data processing.

Depending on the purpose and provider of these technologies, we will obtain your consent before using them. You can access your current settings here (). If you agree to the use of such technologies, you explicitly consent to such processing, which also includes the disclosure and processing of personal data (e.g. your IP address) outside Switzerland (worldwide).

You can also set your browser to block or deceive certain cookies or alternative technologies, or to delete existing cookies. You can also extend your browser with software that blocks tracking by certain third parties. Further information can be found on the help pages of your browser (usually under the keyword "data protection").

13.2. Do we use third-party services for our online offerings and website?

We also use various services and offerings from third parties for our online presence. These can be embedded in the website (e.g. plug-ins) or can represent independent offerings. These third parties may process performance and usage data for their own purposes. It is possible that personal data (e.g. your IP address) may also be collected by third parties and processed outside Switzerland (worldwide).

Please note that we have no influence on the technical design of third-party technologies. If the third parties collect personal data for their own purposes, they are responsible for data processing.

Depending on the purpose and provider of these technologies, we will obtain your consent before using them. You can access your current settings here [Link]. If you agree to the use of such services, you explicitly consent to such processing, which also includes the disclosure and processing of personal data (e.g. your IP address) outside Switzerland (worldwide).

13.3. What types of online tracking, online advertising technologies and third-party services do we use?

The following cookies (including technologies with comparable functions such as fingerprinting) and third-party services are distinguished:

Required cookies and services: These cookies and services are necessary for the functioning of the website as such or for certain functions and therefore cannot be disabled. For example, they ensure that you can switch between pages without losing the information entered in a form (session cookies). Other cookies and services are necessary, for example, so that the server can store decisions or entries made by you beyond a session (i.e. a visit to the website) (e.g. your selected language or consent given, etc.).

Functional cookies and services: These cookies and services enable the provision of advanced functionalities, such as playing videos and podcasts or displaying maps (Google Maps). By disabling these cookies and services, various types of content (e.g. videos, podcasts, market data, chats, maps) may not be displayed or may not function correctly. Before we use such cookies and services, we ask for your consent. You can revoke this at any time via the privacy settings here [Link].

Performance cookies and services: These cookies and services allow us to analyse the use of the website and our online offerings in order to optimise them and better tailor them to the needs of users. Before we use such cookies and services, we ask for your consent. You can revoke this at any time via the privacy settings here [Link].

Marketing cookies and services: These cookies and services allow us to find out which content a visitor is interested in on our website and online offerings. On this basis, we or our advertising partners can show this visitor content and advertising tailored to their interests on our website or on third-party websites. Before we use such cookies and services, we ask for your consent. You can revoke this at any time via the privacy settings here [Link]. If you agree to the use of these cookies, you will be shown personalised content or corresponding advertising.

Social media: We use social media platforms to run digital advertising campaigns. If you agree to the use of the marketing cookies and services, you explicitly consent to such processing, which also includes the disclosure and processing of personal data (e.g. your IP address) outside Switzerland (worldwide).

13.4. Use of social networks or similar platforms

We use various platforms operated by third parties, such as social networks and other online platforms, to inform you about our products, offerings and activities and to communicate with interested persons. In this context, we receive data from you and the platforms (e.g. when you communicate with us via these platforms, comment on our content or visit our presence).

We process data that we collect via social networks or similar platforms for the purposes described in point 4, in particular for communication, marketing and market research purposes.

14. Can this data protection statement be changed?

This data protection statement can be amended at any time. The version published on this website is the current version.

In the event of any discrepancy between the different language versions, the German version shall prevail.