On the duties of disclosure upon the collection and processing of personal data in accordance with the Swiss Data Protection Act and the EU General Data Protection Regulation (GDPR).

The following information is intended to provide you with an overview of how your data is processed by Habib Bank AG Zurich (‘Habib Bank’) and your rights according to data privacy laws. Although the GDPR is an EU regulation, it is relevant for Habib Bank. The details of what data will be processed and which method will be used depend significantly on the services applied for or agreed upon. We therefore ask you to familiarize yourself with this Data Privacy Notice.

Unfortunately online fraud is growing and criminal elements continue targeting consumers. One of the most common attacks is known as “phishing” where a fraudulent email appears to be sent from HBZ. This scam email includes a link to a web page that looks like the Bank's site and requests personal information. This is not a legitimate HBZ email and the link does not go to a genuine HBZ web page. Under no circumstances should you provide your personal information by replying to the fraudulent email, click on any links and login.

1) Who is responsible for data processing and how can I contact them?

The legal entity responsible is:

Habib Bank AG Zurich
Weinbergstrasse 59
CH-8006 Zurich

Our Privacy Officer can be reached at:

Phone: +41 44 269 4528

2) What data is used by Habib Bank?

Habib Bank processes data that it receives from its clients and that it generates as part of the business relationship with its clients. In order to facilitate, enable and / or maintain our business relationship, Habib Bank collects and otherwise processes personal data relating to clients and any other person(s) involved in the business relationship, as the case may be, such as authorized representative(s), person(s) holding a power of attorney and beneficial owners, if different from the client (collectively, an ‘Authorized Person’).

Personal data is the personal information of a client or an Authorized Person, identification data and authentication data. Furthermore, this can also be order data, data from the fulfillment of our contractual obligations, information about a client’s or Authorized Person’s financial situation, marketing data, sales data and / or documentation data.

In addition to data that Habib Bank receives directly from its clients, it also obtains and processes data on its clients that is available in the public domain or from other entities within the Habib Bank Group of companies (the ‘Habib Bank Group’).

In summary, personal data processed by Habib Bank may include the following:

3) For what purpose and on what legal basis does Habib Bank use your data?

3.1) For the fulfillment of contractual obligations

The processing of your data allows Habib Bank to provide you with the contractually agreed services or to carry out pre-contractual measures that occur as part of a request from an interested party. The purposes of data processing are primarily in compliance with specific banking products (e.g. accounts, loans, securities, deposits, brokerage services). Your data will be used, among other purposes, for the analysis of any potential needs, the provision of advice, wealth management, and to support the execution of transactions.

Further details can be found in your contract documents or in the General Terms & Conditions.

3.2) For the safeguarding of Habib Bank’s and third party interests

Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party. For example:

3.3) On the basis of your consent

As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of trading activities for marketing purposes), this processing is legal on the basis of your consent. Consent can be withdrawn at any time.

This also applies to withdrawing your consent that was given to us before the GDPR came into force (May 25, 2018). Withdrawal of consent does not effect the legality of data processed prior to withdrawal.

3.4) On the basis of statutory requirements or in the public interest

We are subject to various legal obligations, meaning statutory requirements (e.g. Swiss Banking Act, Collective Investment Scheme Act, FINMA regulations and newsletters, tax laws, etc.) and Habib Bank has to fulfill requirements outlined by banking specific regulation (e.g. the Swiss National Bank and FINMA). The processing of data is used, among others, for the verification of creditworthiness as well as identity and age, the prevention of fraud and money laundering, the fulfillment of tax-related monitoring and reporting obligations as well as the assessment and management of risks of Habib Bank and the Habib Bank Group.

4) Who can access your data?

4.1 Habib Bank Group

We may share your data with other entities in the Habib Bank Group where required to fulfill our contractual and legal obligations. We may transfer your personal data to other members of the Habib Bank Group for risk control purposes in connection with statutory / regulatory obligations. We may also share information with other members of the Habib Bank Group in connection with services that we believe may be of interest to you.

4.2 External recipients of data

We will transfer personal data about you in the course of conducting our usual business or if legal, regulatory or market practice requirements demand it to the following external recipients, or if you have given consent (e.g. to process a financial transaction you have ordered us to fulfill) for the following purposes:

4.3 Service providers and agents

We will transfer your personal data to service providers and agents appointed by us for the purposes given, subject to maintaining banking confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting and sales and marketing.

Habib Bank will implement appropriate organizational and technical safeguards to protect the personal data for which it acts as data controller at all times.

5) Does Habib Bank transfer data across borders?

Data transfer to legal entities in countries outside of Switzerland takes place so long as:

We will also share your personal information with other entities in the Habib Bank Group as part of our regular activities as part of our regular reporting activities on Habib Banks performance, in the context of a business reorganization or Group restructuring exercise, for system maintenance support, and for data hosting purposes.

These data transfers are secured through corresponding guarantees of the recipients to ensure an appropriate level of data protection.

6) How long will your data be stored?

We will process and store your information as long as it is necessary in order to fulfill our contractual, regulatory and statutory obligations. It should be noted here that our business relationship is a long-term obligation, which is set up on the basis of periods of years.

We will assess and respond to requests to delete data. We will delete data provided that the data is no longer required in order to fulfill contractual, regulatory or statutory obligations, or the fulfillment of any obligations to preserve records according to commercial and tax law.

We will normally retain your records for a minimum of ten years to comply with regulatory and contractual requirements unless there is a particular reason to hold records for longer, including legal hold requirements, which require us to keep records for an undefined period of time. 1

7) What are your rights under the GDPR?

The GDPR grants you the following rights:

You also have the right of appeal (as far as this affects you) to your respective Data Protection Supervisory Authority.

8) What data are you asked to supply?

In the context of your relationship with Habib Bank, you must provide all personal data that;

Without this data, Habib Bank will most likely be unable to enter into a contractual relationship with you.

Under the regulations on combatting money laundering and the financing of terrorism, Habib Bank is obligated to verify your identity on the basis of your identification documents and, in this context, to collect and store your address, nationality, name, date and place of birth, and identification data prior to the commencement of a business relationship. In order for Habib Bank to comply with these regulations, you are required to supply it with the necessary information. If this information changes during the course of the business relationship, you are obliged to notify Habib Bank without delay. If you do not provide Habib Bank with the necessary information, it will not be able to commence or continue a business relationship with you.

9) Is the decision-making automated?

No. Habib Bank does not use automated decision-making.

10) Will cookies be collected?

Yes. Habib Bank does collect cookies.

10.1) What are cookies?

Cookies are information packages sent by a web server (in this case this website) to your internet browser, saved on your computer and checked by the server on each subsequent visit to the site. To gain full benefit from this website, we recommend that you configure your browsers to accept cookies.

10.2) Why do we use them?

Cookies are used to facilitate navigation within the website and correct use. They also serve a statistical purpose, making it possible to establish which areas of the site have been visited, and to improve and update user procedures.

10.3) Type of cookies used

For further information about the types of cookies used please refer to our “Cookies Notice” on our website.

10.4) How should I manage my settings with respect to cookies?

To optimise your use of our website, we recommend that you accept the cookies. Most internet browsers are initially set to accept cookies. You can at any time set your browser to accept all cookies, just some cookies or no cookies. In the latter case, you would disable use of part of the sites. Additionally, you can set your preferences in the browser so that you will be notified whenever a cookie is saved on your device. Please note that if you disable the cookies, you may not have optimum use of the site.

11) Will your data be automatically processed?

We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). For example we may use profiling in the following ways:

12) Will biometric data be used?

No. Habib Bank does not collect biometric data.

13) Where can you find the current privacy notices?

This Data Privacy Notice can be adapted at any time in accordance with corresponding regulations. You can find the applicable version at .

14) How can you contact Habib Bank

Should you have any questions about the treatment of your data, please contact your Relationship Manager or Habib Bank’s Privacy Officer, who will be happy to assist you.