DATA PROTECTION IN ACCORDANCE WITH THE FEDERAL DATA PROTECTION LAW ("DPA") and the European General Data Protection Regulation ("GDPR")
In the course of our business, Saxo Bank (Switzerland) Ltd ("Saxo Bank/Saxo" or "we/our/us") collects and processes information about natural persons ("Personal Data"), including information about our current, former and potential clients ("you").
- why and how Saxo Bank collects, uses and stores ("processes") your personal data within the applicable legal framework, in particular the DPA and GDPR and their principles;
- The legal basis(s) for processing your personal data;
- Your rights in relation to such processing and how you can exercise them.
1. What is the scope of this privacy notice?
This Privacy Notice applies to the processing of your personal data by Saxo Bank. Saxo Bank always processes personal data for a specific purpose and within the applicable legal framework.
2. What types of personal data do we collect?
For potential clients with whom we have not yet established direct contact, we collect the following Personal Data where relevant and permitted by law:
- Identifying information (e.g., name, address) and contact information (e.g. phone, email address);
- Professional profile information (e.g., employer, company) and financial background information (e.g. income and assets).
For former and current clients or potential clients with whom we take steps to enter into a contractual business relationship, we collect the following personal information to the extent relevant and permitted by applicable law:
- Personal information such as your name, date of birth, compliance-relevant documents (including a copy of your identity card or passport in accordance with money laundering legislation and banking due diligence codes), telephone number, address and residence, electronic address;
- Financial information, including payment and transaction records and information about your assets and investments (including your investment objectives);
- Tax residency and other tax-related documents and information;
- Education and employment information such as your job title and work experience;
- Where applicable, your knowledge and experience in investment matters;
- Details about our interactions with you and the products and services you use, including information about electronic and physical communications through various channels such as emails, mobile applications;
- Where applicable, records of telephone calls between you and Saxo Bank, including but not limited to telephone logs such as telephone number, caller ID, recipient ID, time and date of calls and messages, duration of calls, routing information and types of calls;
- Identifiers we assign to you, such as your client or account number, including identifiers for accounting purposes;
- Data when you access our websites or website applications that is transmitted by your browser and automatically collected by our server, including the date and time of access, the name of the file accessed and the amount of data transmitted and the success of your access, your web browser, browser language and domain requested, and IP address. When you visit a Saxo Bank website, that website contains additional information about how we use your information while you are visiting that website;
- We may also use personal data for analytics and measurement (including machine learning) to process the above information.
In some cases, we may collect Personal Data from publicly available registers (which may include beneficial ownership and other registers, depending on the product or service you are using and the country in which you have a business relationship with Saxo), public administration sources or other third party sources, such as service providers investigating the assets of legal entities, open source screening, fraud prevention agencies and other Saxo Group companies. If you are a corporate or institutional client, we may also obtain information about your executive and board members. Before providing this information to Saxo Bank, you should provide them with a copy of this Privacy Notice.
3. For what purposes do we process personal data and on what legal basis?
3.1 Purpose of processing personal data
We always process your personal data for a specific purpose and only process data relevant to that purpose. In particular, we process personal data within the scope of the applicable legal provisions for the following purposes:
a) Client admission procedure:
- to verify your identity and evaluate your account application;
- to conduct checks for compliance with legal or regulatory requirements (e.g. compliance with anti-money laundering regulations and anti-fraud regulations).
b) Client relationship management:
To manage our relationship, including communicating with you about products and services purchased from us and our business partners, handling client service-related questions and complaints, facilitating debt collection, making decisions about your identity, determining your whereabouts, and terminating your account (in accordance with the relevant legal provisions) if there are no account transactions and we cannot contact you after a period of time (“dormant assets”).
c) Product delivery and execution:
- to provide products and services to you and for their proper performance, e.g. by ensuring that we can identify you and fund and withdraw funds from your accounts in accordance with your instructions and the Product Terms;
- to provide IT solutions to you and to ensure proper execution in accordance with your instructions and our contractual arrangements with you, e.g. by providing incident management and testing directly related to the provision of the service or by supporting your duties as controller in relation to storage of personal data, compliance with legal and regulatory requirements, audit activities and investigations;
- to evaluate which products, services and events may be of interest to you and how they may be offered to you;
- to ensure personal or anonymous offers on Saxo websites, mobile device applications, Saxo platforms, multimedia portals and social networks and other Saxo products and services that may be of interest to you;
- to contact you for marketing purposes about products and services which we think may be of interest to you and to carry out promotions.
d) Compliance and risk management and/or crime prevention, detection and investigation:
- to carry out legal and regulatory compliance checks, in particular as part of the client onboarding process and regular compliance checks, including compliance with anti-money laundering regulations, fraud prevention and the screening of sanctioned countries and to prevent financial crime. This includes KYC profiling based on the processing of your personal data;
- to meet our ongoing obligations under regulatory and compliance obligations (e.g. financial industry regulations and anti-money laundering and tax laws), including in relation to the recording and monitoring of communications, the application of a risk classification to ongoing business relationships, the disclosure of data to tax authorities, financial regulators and other regulatory and governmental bodies and to investigate or prevent criminal offences;
- to receive and process complaints, inquiries or reports from you or third parties;
- to respond to actual or potential proceedings, requests or investigations by competent authorities.
e) Support, improvement and maintenance of the SAXO information architecture:
- To take steps to improve our products and services and the technology we use, including reviewing and updating our systems and processes, and for market research purposes to learn how we improve our existing products and services or what other products and services we offer can;
- to analyze the results of our marketing activities in order to measure their effectiveness and the relevance of our campaigns.
f) Other purposes:
- for the prudent operational management of Saxo (including credit and risk management, insurance, auditing, systems and product training and similar administrative purposes);
- for transmission to prospective buyers, absorbing entities, merger partners or sellers and their advisors in connection with any actual or potential transfer or merger of all or any portion of Saxo's business or assets or any rights or interests related thereto or acquisition of any business or the merger with a company;
- to collect data to ensure security of buildings, employees, visitors and property and information located on or accessible from the premises in order to prevent and, if necessary, investigate unauthorized access to premises;
- to perform transactional and statistical analysis and similar analysis; and to exercise our obligations and/or rights to you or a third party.
3.2 Legal basis for processing personal data
Saxo processes your personal data within the framework of the applicable legal provisions. If necessary and depending on the purpose of the processing activity, this can be based on one of the following reasons:
- necessary to take steps at your request prior to entering into a contract or to fulfill our contractual obligations to you;
- for prudent operational management of Saxo Bank and to comply with our global regulatory obligations;
- to receive and deal with complaints, inquiries or reports from you or any third party made to Saxo Bank;
- necessary to safeguard Saxo Bank's legitimate interests without unduly affecting your interests or fundamental rights and freedoms and only to the extent that such personal data are strictly necessary for the intended purpose. A legitimate interest of Saxo Bank will be considered in particular in the following cases.
Data processing is required:
- to manage our relationship with you and to learn more about you as a client, the products and services you use and other products and services you may wish to use;
- for measures to improve our products and services and the technology we use;
- to deliver products and services and ensure a consistently high standard of service across Saxo Bank and to satisfy our clients, employees and other stakeholders;
- to evaluate what products, services and events might be of interest to our clients and how they might be offered;
- in certain cases and as requested by you, we have obtained your prior consent (where required by law);
- required in certain cases for data processing in the public interest;
- to prevent and detect crime, including fraud or criminal activity, misuse of our products or services and the security of our IT systems, architectures and networks;
- to respond to actual or potential proceedings, requests or investigations by competent authorities;
- exercising our legal and constitutional rights and responsibilities, particularly those relating to the freedom to conduct a business and the right to property.
It may be that the collection and processing of personal data is absolutely necessary for the provision of our services and products for you, otherwise we cannot provide them.
If we process data about you that is particularly worthy of protection, we do so because:
- the processing is necessary for the establishment, exercise or defense of legal claims;
- the processing relates to personal data which you have obviously made public; or
- You have expressly consented to the processing of this information (where permitted by law).
4. How do we protect personal data?
Saxo Bank and the Saxo Group have also implemented appropriate technical and organizational measures to protect your personal data against unauthorized, accidental or unlawful destruction, alteration or disclosure, or unauthorized, accidental or unlawful loss, misuse or access, or any other unlawful processing. All employees who access personal data must comply with internal regulations and procedures for processing personal data in order to protect them and ensure their confidentiality.
5. Who can access personal data and to whom is it passed on?
5.1 Within Saxo Bank
We typically share personal data with the Saxo Group parent company for the purposes set out above, to ensure a consistently high standard of service within the group and to provide products and services to you. Other Saxo Group companies may process your data on behalf of Saxo.
5.2 Outside Saxo Bank
5.2.1 Third Parties
We transfer personal data to other financial services and comparable companies in order to conduct business. In particular, when providing products and services to you, to persons acting on our behalf or otherwise involved, including where relevant, we transfer personal data to the following types of companies:
- a party involved in a transaction or assuming any risk under or in connection with the transaction;
- companies in which you hold an interest in securities, provided that these securities are held by the bank on your behalf;
- Payees, beneficiaries, authorized representatives, intermediaries and correspondent banks (including custodian banks);
- Clearing houses and clearing or settlement systems as well as specialized payment companies or institutions such as e.g. SWIFT;
- other banks, market counterparties, swap or trade repositories, exchanges;
- other financial institutions, credit or credit reference agencies;
- third parties acting as fund administrators and providing wealth management services to you;
- introducing brokers to whom we provide introductions or recommendations;
- lawyers, auditors, accountants and insurers who provide us with legal, auditing, accounting or insurance services;
and to contact you for marketing purposes about products and services which we think may be of interest to you, including products and services offered by us, Saxo Group companies or our business partners, and to carry out promotions.
5.2.2 Service Providers
We may pass on personal data to external service providers who are contractually bound to confidentiality, e.g. B. IT hardware, software and outsourcing providers, service providers for logistics, shipping, printing and storage of documents, marketing and communication companies, facility service providers, providers of market data services, providers of consulting services and market information systems, providers of transport and travel management and other service providers. When Saxo Bank transfers your data to service providers who process data on behalf of Saxo, we take steps to ensure that they comply with our data security standards so that your personal data is protected. Irrespective of their location, service providers are obliged to comply with a series of technical and organizational security measures.
5.2.3 Authorities or public bodies
In certain cases we have to hand over personal data to authorities, e.g. B. supervisory authorities, law enforcement authorities or government agencies, courts or parties to proceedings, where disclosure is required by law or other legal provisions, a code of conduct or rules of conduct. If these authorities or bodies require such disclosure or if we need to do this to protect our legitimate interests.
5.2.4 Other Recipients
A disclosure of personal data can be used for:
- necessary for the establishment, exercise or defense of legal claims of Saxo Bank, its employees or other stakeholders, or to respond to requests from individuals or their representatives;
- prospective buyers, absorbing entities, merger partners or sellers and their advisers in connection with any actual or potential transfer or merger of all or any portion of Saxo's business or assets, or any rights or interests related thereto, or acquisition of any business or merger with a company, be necessary;
- authorized Recipients of Notices where required by applicable law or regulation as required by law;
- other third parties may be possible with your consent.
5.3 Data Transfers to Other Countries
Some of the personal data transmitted within or outside Saxo and the Saxo Group is also processed in other countries. We only transfer your personal data to countries that ensure an adequate level of data protection or, in the absence of such legislation, which guarantee adequate protection on the basis of appropriate measures (e.g. standard data protection clauses approved by the European Commission or other suitable guarantees, such as Binding Corporate Rules (BCR)). You may request additional information in this regard and obtain a copy of the safeguards put in place by Saxo Bank by contacting the Group Data Protection Officer (DPO) and/or Data Protection Advisor (DPA).
List of countries to which your data may be transferred because Saxo and the Saxo Group operate there or have your data processed there as described above:
- Switzerland, Denmark, European Union, India, Australia, China (incl. Hong Kong), Singapore, United Kingdom, Dubai, Brazil.
6. How long do we store your data?
We only store personal data for as long as is necessary to fulfill the purpose for which it was collected or in accordance with legal, regulatory or internal regulations. To do this, we apply criteria to determine the appropriate periods for storing your personal data, depending on the purpose of the data.
As a rule, this is e.g. ten years after the end of the banking relationship, taking into account the statutory limitation periods, during which claims can be asserted against Saxo Bank.
There may be exceptions to this general rule. If necessary, we will store your data in accordance with the applicable legal and regulatory requirements. In certain cases, Saxo Bank may also store and process personal data, in particular for compliance or risk management purposes, to comply with (other) legal and regulatory requirements or where this is in Saxo Bank's legitimate interests.
Due to the requirements of the Financial Markets Authority ("FINMA"), Saxo Bank is also obliged to record the external and internal telephone calls of all employees working in client services as well as the electronic correspondence (e-mail, communication via Bloomberg or Reuters, etc.) and the supporting documents of the connections made by these employees via business phones for two years and make them available to FINMA if necessary. This also affects employees who, according to the risk assessment, are particularly exposed to receiving information relevant to market surveillance.
7. What data protection rights do you have and how can you exercise them?
7.1 Your Rights
Under applicable data protection legislation, you have the following rights:
- Request information about the personal data that we collect and process from you. We will comply with your request for information to the extent legally possible. In order to process a request, we will typically ask you to verify your identity and/or provide information that will help us better understand your request. If we are unable to accommodate your request, we will explain why.
- Request that this data be corrected if it is inaccurate.
- Request the deletion of this data if we are not allowed or required to store it.
- Request the restriction of processing if you have contested the accuracy of the data stored by the bank and the bank has not yet completed the verification; or if the bank is obliged to delete it, but you object to the deletion.
- Object to the processing by the Bank where the Bank is only processing the data based on its legitimate interests, in which case we will stop processing unless the legitimate interests prevail or Saxo Bank needs to process the data to exercise its rights.
- Withdraw your consent where Saxo Bank has obtained your consent to process your personal data for a specific purpose. This does not affect the lawfulness of the processing of your personal data before the revocation. If personal data is processed for direct marketing purposes, for example, your right to object extends to direct marketing. If you wish to exercise your right to opt-out of direct marketing, please click "unsubscribe" in any of our emails (if any) to you or contact us. request the transmission of your personal data in a generally available, machine-readable and commonly used format,
- In the case of an automated individual decision, require that this be checked by a natural person. You also have the right to express your point of view.
- In addition, if applicable to you, you have the right to lodge a complaint with the competent data protection supervisory authority.
7.2 Exercising Your Rights
To exercise your rights, please contact us using the following link.
If you are a former Saxo employee or applicant. If you are not satisfied with the way Saxo Bank is handling your personal data, please let us know using the link above or by email (address below) and we will look into your concerns.
8. Changes to your personal data
In order to properly keep your personal information up to date and accurate, we will periodically ask you to review and confirm your personal information and/or to promptly notify us of any changes to your personal information.
9. Company name
Saxo Bank (Switzerland) Ltd
The Circle 38
If you have any questions or comments about this data protection notice, please contact the data protection department (Data Protection Compliance) at
Swiss data protection law («FADP»)
Saxo Bank (Switzerland) Ltd
The Circle 38
Attention: Data Protection Compliance
10. representatives in the European Union
In accordance with Article 27 GDPR, Saxo Bank has appointed the following body as data protection representative in the EU.
European General Data Protection Regulation (“GDPR”)
Saxo Bank A/S (Headquarters)
Philip Heyman's All 15
Attn: Data Protection Officer Saxo Bank Group («DPO»)
11. Status of this data protection notice
This privacy notice was last updated in August 2023.
11.1 Complaint to the authorities
If you wish to lodge a complaint about the processing of personal data by Saxo Bank, please contact the competent Swiss authority.