Banca Credinvest SA
E-Banking Login IT EN DE E-Banking

Data protection information pursuant to the Data Protection Act (DPA) and the EU General Data Protection Regulation (EU GDPR)

Credinvest Bank Ltd, Via G. Cattori 14, 6900 Lugano, Switzerland (hereafter "Credinvest" or the "Bank") is committed to protecting the privacy and security of personal data provided to the Bank or collected by the Bank through its website and in the course of providing its services. This personal data includes, in particular, information about (current and former) clients, potential clients, business partners and their employees ("Clients/Counterparties"), and any other person interacting with the Bank ("Concerned Persons"). The Bank stores and processes personal data in accordance with the Swiss Federal Act on Data Protection ("FDPA") and, to the extent applicable, the EU General Data Protection Regulation ("EU GDPR").

The Bank complies with banking secrecy and data protection laws and regulations to ensure the protection and confidentiality of personal data.

This Privacy Notice describes the Bank's policies and procedures regarding the collection, use, and disclosure of personal data obtained about Clients/Counterparties and other Concerned Persons, as well as their rights in relation to that data.

1. Types of data processed

On the basis of the products or services provided, the Bank collects in particular the following personal data:

  • personal information such as first name and surname, date and place of birth, nationality, domicile, gender, telephone number, postal address and e-mail address, as well as data on family members or close persons such as spouse/partner and/or children;
  • financial information, such as records of payments and transactions, information on the client's property (movable and immovable), balance sheets, liabilities, taxes, income, gains and investments;
  • tax domicile and other tax documents and information such as the tax code;
  • professional information about the client, such as position and work experience;
  • knowledge and experience in the investment field;
  • details of contacts with the client and the products and services requested as well as details of any mandates given;
  • recordings of telephone conversations with the Bank;
  • identification number assigned to clients/counterparties, such as relationship number or account number;
  • in some cases (and to the extent permitted by law), special categories of personal data (sensitive personal data), such as biometric data, political opinions and affiliations, medical information, racial or ethnic origin, religious or philosophical beliefs, and data relating to any criminal convictions or offences.

The Bank may also collect such information by consulting public registers, government agencies or other third-party sources, such as asset screening services, credit reference agencies or fraud prevention agencies. Where relevant to the products and services provided to Clients/Counterparties and other Concerned Persons, the Bank also collects information on joint credit card holders or joint account holders, business partners (including other shareholders or beneficiaries), dependents or family members, representatives and agents.

When Clients/Counterparties and other Concerned Persons access the Bank's website (www.credinvest.ch), the Bank may collect certain information automatically, including, but not limited to, the date and time of access, name of the file consulted, volume of data transmitted, information accessed, browser type, language, domain and IP address, the time spent on our website, unique device identifiers and other diagnostic data. Additional data will only be recorded via the Bank's website in the event of voluntary consent, e.g. in the course of a registration or enquiry.

When Clients/Counterparties and other Concerned Persons access the Bank’s website through a mobile device, the Bank may collect certain information automatically, including, but not limited to, the type of mobile device used, the mobile device unique ID, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser used, unique device identifiers and other diagnostic data. The Bank may also collect information that the browser sends whenever the Bank’s website is visited or when the website is accessed by or through a mobile device.

2. Purpose of data processing and legal bases

The Bank processes the aforementioned personal data in accordance with the provisions of the FDPA and, if applicable, in accordance with the EU GDPR.

Personal data of Clients/Counterparties and other Concerned Persons are always processed for a specific purpose and only to the extent necessary to achieve that purpose. The main purposes of such data processing are as follows:

2.1. Fulfilment of contractual obligations

Data are processed to provide banking and financial services within the framework of the execution of contracts concluded with Clients/Counterparties and other Concerned Persons or to carry out pre-contractual activities in anticipation of the conclusion of the aforementioned contracts. The purposes of data processing depend primarily on the specific product (e.g. bank account, credit, securities or deposits) and may include analysis on needs, advice, asset management and assistance, as well as the execution of transactions.

2.2. Fulfilment of legal obligations

The Bank is subject to various legal obligations (e.g. Swiss laws such as the Banking Act, the Collective Investment Schemes Act, the Anti-Money Laundering Act, the Financial Services Act, the Mortgage Bond Act, FINMA ordinances and circulars, and tax regulations) and banking supervisory regulations (e.g. of the Swiss National Bank or FINMA), which may require the processing of personal data. Other purposes of data processing include, for example, the assessment of creditworthiness, identity and age verification, anti-fraud and anti-money laundering measures, the fulfilment of control and reporting obligations under tax laws as well as the assessment and management of risks of the Bank.

2.3. Pursuit of legitimate interests

Where necessary, the Bank processes data beyond what is strictly necessary for the effective fulfilment of its contractual obligations in order to pursue the legitimate interests of the Bank or those of a third party, provided that these do not override the interests or fundamental rights and freedoms of Clients/Counterparties and other Concerned Persons. The Bank obtains personal data from publicly available sources for the purpose of:

  • acquiring new clients;
  • exchange of data with information bureaus (e.g. debtors' register) to ascertain creditworthiness and credit risks in credit-granting activities and the existence of the requirements for holding an account with a negligible basic balance and basic accounts;
  • make legitimate claims and develop a line of defense in the event of litigation;
  • ensure the IT security and operation of the Bank's IT systems;
  • prevent and detect offences;
  • video surveillance, in order to prevent unauthorized access, collect evidence in the event of theft or fraud, or ascertain availability and deposits;
  • measures for the security of buildings and places (e.g. access control);
  • measures to manage activities and further develop services and products.

Where the Bank processes personal data pursuant to Sections 2.1, 2.2 and 2.3, it is not necessary to obtain the Clients/Counterparties and other Concerned Persons prior express consent to the processing of the data.

2.4. Specific Purposes

Where consent is required under applicable data protection law to process personal data for specific purposes, the Bank relies on the Clients/Counterparties and other Concerned Persons consent as legal basis for such processing. The consent given may be revoked at any time.

3. Access to and protection of personal data

Within the Bank, access to data is granted on a need-to-know basis only, i.e., to the business units that need it to fulfil contractual, legal and supervisory obligations. Service providers and representative agents (typically providers of banking, IT, logistics, printing, telecommunications, debt collection, consultancy, sales and marketing services) that may be commissioned by the Bank may also receive data for these purposes, provided that they comply with banking secrecy and the Bank's written instructions in accordance with the applicable regulations.

As far as the transfer of data to recipients outside the Bank is concerned, it should first of all be pointed out that the Bank's employees are obliged to observe secrecy with regard to any facts and evaluations concerning clients/counterparties of which they may become aware.

Under certain conditions, the Bank is authorized to disclose information to third parties, e.g. to:

  • public authorities and institutions (e.g. Swiss National Bank, FINMA, financial authorities or criminal prosecution authorities), provided there are legal obligations;
  • other companies within the Bank (affiliates), to control risk by virtue of legal obligations;
  • other credit and financial services providers, similar institutions and processors to which the Bank transmits personal data for the purpose of conducting business (e.g. for the processing of bank references, support / maintenance of data processing / IT applications, archiving, document processing, call-center services, compliance services, controlling, data screening for anti-money laundering, data destruction purchasing, physical space management, property appraisals, loan processing service, collateral management, collection, payment card processing (debit/credit cards), client management, marketing, media technology, reporting, research, risk control, expense accounting, telephony, video identification, website management, investment services, shareholder register, fund management, auditing services or payment transactions);
  • transaction partners and advisors in connection with a merger, acquisition or other business transaction involving the Bank or an affiliate of the Bank.

Appropriate technical and organizational measures have been taken to prevent any unauthorized or unlawful access to personal data of Clients/Counterparties and other Concerned Persons.

4. Cookies

A cookie is a small piece of data, stored in text files that are stored on the browser or other device when websites are loaded in the browser. Cookies are used to "remember" the user and his preferences when he visits the Bank’s website either for a single visit (through a "session cookie") or for multiple repeat visits (called a "persistent cookie"). A session cookie is deleted when the browser is closed or after a short time. A persistent cookie is kept for a set period of time after which it expires and is deleted.

The Bank uses session cookies and persistent cookies on its website to ensure consistent and efficient experiences for users of its website. Cookies also perform functions like allowing users to remain logged into the website, if applicable.

The Bank uses the following types of cookies for the following purposes:

  • Functional cookies: These cookies are required to ensure the basic functionality of the Bank’s website. Functional cookies cannot be deactivated. Although they can be blocked in the browser, this will render some parts of the site inaccessible, including secure areas.
  • Preference cookies: These cookies register users’ preferences regarding their use of the site. This enables them to benefit from a more personalized and simplified online experience. These cookies can store the device on which users connect to the website and the various choices that they make: the country from which the site is visited, the language selected and the search parameters employed.
  • Statistical cookies: These cookies allow statistical information to be collected, including the number of users, the frequency and duration of their visits, the number of pages viewed and the response time of the systems. These cookies allow the Bank to provide the user with an experience tailored to his needs. They may use technologies from external companies, such as Google Analytics. Please read the platform’s terms of service for more information.
  • Marketing cookies: These cookies are intended to identify the user on the website and show him advertising tailored to his interests on the websites/apps and those of third parties. These cookies may be managed, but not used, by third-party providers on behalf of the Bank.

The Bank’s website automatically uses Functional cookies.

Upon the consent of the user, the website uses Preference, Statistical and Marketing cookies for the purposes of providing relevant content, analyzing the traffic, and providing a variety of features to the user. The user may withdraw his consent to the use of certain cookies (other than Functional cookies) any time.

Some internet browsers are automatically set up to accept cookies. If a user wants to change the cookie preferences or refuse or delete any cookies (or similar technologies), he should refer to the help and support area on the internet browser for instructions on how to block or delete cookies.

Please note: a user may not be able to take advantage of all the features of the Bank’s website if certain cookies are deleted or disabled.

5. Transfer to a third country

The Bank may transfer personal data to the following countries that offer adequate protection pursuant to the FADP and EU GDPR: EEA member states, UK and USA (if the recipient is certified under the Swiss-US Data Protection Framework ("DPF)).

Under certain circumstances, the Bank may also transfer personal data to the following countries, which do not offer adequate protection pursuant to the FADP and/or EU GDPR: USA (if the recipient is not certified under the Swiss-US DPF) and potentially other countries (if necessary for the respective processing purpose, e.g. for IT services). Such transfer is secured by appropriate safeguards (such as Standard Contractual Clauses) or based on a statutory exemption (e.g., if you have given your consent to the transfer, if the transfer is directly connected with the conclusion or performance of a contract with you or if the transfer is necessary for the establishment, exercise or enforcement of legal claims before a foreign authority). Within the scope of the EU GDPR, Clients/Counterparties and other Concerned Persons may ask for a copy of the relevant safeguards by contacting the Bank.

6. Duration of storage

The Bank only retains personal data for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal regulatory requirements. To this end, specific criteria are applied to determine the appropriate periods for retaining personal data based on the purpose, such as proper accounting management, facilitating Clients/Counterparties and other Concerned Persons relations, defending against legal action or responding to requests from the regulator. In general, the Bank retains personal data for the duration of the relationship or contract plus an additional ten years, which reflects the period of time allowed for filing legal actions following the termination of that relationship or contract. Pending or threatened legal or regulatory proceedings may result in retention beyond that period.

7. Data protection rights

7.1. In general

Under the FADP and the EU GDPR, every Client/Counterparty and other Concerned Person may have the right to be informed about his data, the right to have them rectified or erased and to restrict or object to their processing and to be provided with his or her data in a structured, commonly used and machine-readably format. There is also, to the extent applicable, the right to lodge a complaint with the competent data protection supervisory authority. The data protection authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Berne, Switzerland (https://www.edoeb.admin.ch). Based on his residence, every Client/Counterparty and other Concerned Person may have the possibility to lodge a complaint with the appropriate data protection authority.

The consent to the processing of personal data may be revoked at any time. This revocation will only be applicable for the future, any processing carried out before the revocation will not be affected and it may mean that the Bank will no longer be able to provide certain services the person revoking his or her consent.

The Clients/Counterparties and other Concerned Persons rights of access, revocation or objection are not absolute as they are not applicable in certain circumstances or may be subject to exceptions (e.g. for the fulfilment of legal obligations). The Bank will comply with requests received in accordance with the applicable data protection rules. In addition, when a Client/Counterparty and other Concerned Person exercises his rights, the Bank may first ask to provide proof of identity. The Bank may also ask to provide additional information in the event that a request is unclear. If the Bank is unable to comply with the request, it will provide an explanation.

To exercise his or her rights, the concerned person is requested to use the contact details provided in Section 11.

6.2. Right to object to data processing for marketing purposes

In certain cases, the Bank processes personal data for direct marketing purposes. The concerned person has the right to object at any time to the processing of personal data for such purposes, including profiling insofar as it is related to such direct marketing. In the event of an objection to processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.

To exercise his rights, the Client/Counterparty and other Concerned Person is requested to use the contact details provided in Section 12. The Client/Counterparty and other Concerned Person will not, in general, have to pay a fee to exercise any of these rights. However, the Bank may charge a fee for access to personal data if the relevant data protection legislation allows for it, in which case the Bank will inform the Client/Counterparty and other Concerned Person as required by the law.

7.2. Right to object to data processing for marketing purposes

In certain cases, the Bank processes personal data for direct marketing purposes. The Client/Counterparty and other Concerned Person has the right to object at any time to the processing of personal data for such purposes, including profiling insofar as it is related to such direct marketing. In the event of an objection to processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.

To lodge an objection, the Client/Counterparty and other Concerned Person is requested to use the contact details provided in Section 12.

8. Obligation to provide data

Within the scope of the business relationship, the Client/Counterparty and other Concerned Person is required to provide the personal data necessary to initiate and conduct a business relationship and to fulfil the related contractual obligations, or the data required by law. Without such data, the Bank is in principle unable to enter into or perform a contract. Specifically, the provisions of the Anti-Money Laundering Act require the Bank to verify identity before entering into a business relationship. To enable the Bank to comply with this legal obligation, the Client/Counterparty and other Concerned Person is required to provide the necessary information and documents and to notify the Bank without delay of any changes that may occur in the course of the business relationship. In the absence of the necessary information and documents, the Bank is not permitted to enter into or continue a business relationship.

9. Use of automated decision-making procedures

As a rule, the Bank does not make decisions solely on the basis of automated procedures to establish and implement the business relationship. If the Bank uses such procedures in individual cases, it will inform the Client/Counterparty and other Concerned Person separately to the extent required by law. A right of objection will be granted in certain circumstances.

10. Profiling by the Bank

In some cases, the Bank automatically processes Clients/Counterparties and other Concerned Persons data for the purpose of assessing certain personal aspects (profiling). Here are some examples:

  • the law requires measures to be taken against money laundering, anti-fraud and the financing of terrorism and crimes that pose a threat to assets. In this context, the Bank also carries out data assessments (e.g. in payment transactions);
  • the Bank may carry out profiling of clients/counterparties to comply with regulatory and contractual requirements (e.g. for determining the risk or investment profile of clients/counterparties);
  • to provide services to its clients, the Bank may use profiling tools.

11. Data Security

The Bank takes appropriate technical measures (e.g. encryption, pseudonymisation, logging, access control or data backup) and organizational measures (e.g. instructions for the Bank’s employees, confidentiality agreements or reviews) to ensure the security of the information collected and processed and to protect it against unauthorized access, misuse, loss, falsification or destruction. Access to personal data is only granted to Client/Counterparty and other Concerned Person in cases of actual need.

However, it is generally impossible to completely rule out security risks: some residual risks are most often unavoidable. In particular, since perfect data security cannot be guaranteed for communication by e-mail, instant messaging or similar means of communication, the Bank recommends sending confidential information by particularly secure means.

12. Data controller and contacts

The unit responsible for data processing is the Bank's data protection officer (DPO), who can be contacted at the following addresses:

Credinvest Bank SA
Via G. Cattori 14
6900 Lugano
Phone: +41 58 225 70 28
dpo@credinvest.ch

13. Changes to this Privacy Notice

This Privacy Statement does not form part of any contract with you, and the Bank may amend it at any time. The version published on the Bank's website is the version that currently applies.

Last update: 01.01.2025

Credinvest Bank SA
Automatic Exchange of Information Data privacy notice Risks involved in trading financial instruments Deposit insurance
Mediation procedure Disclaimer Fraudulent communications ESG Policy
Copyright © 2026 Credinvest Bank, All Rights Reserved
Made by Organica - Edit Cookies preferences
Cookie bar

We use cookies and other tracking technologies to improve your experience and analyse our website traffic.

Please consult our Privacy Policy for more information.

By clicking on “Accept”, you consent to your data being collected

You can change your cookie settings and disable cookies, except for essential functional ones, at any time.

Accept all cookies
Accept selected
Functional
Preference
Statistical
Marketing
Show details