Data privacy


Data privacy notice from BCV Group companies

Data privacy notice from BCV Group companies (“BCV Group”), and in particular Banque Cantonale Vaudoise (“BCV”).

BCV Group is firmly committed to protecting its customers’ personal data and to collecting and processing such data transparently and in compliance with the Swiss Federal Act on Data Protection (the “Act”). This notice describes customers’ data-protection rights and informs data subjects of the types of personal data processed by BCV and how BCV uses them, as well as the legal basis for its policy. This notice supplements both the contractual documentation governing the relationship between BCV and its customers (including Articles 17 to 19 of BCV’s General Conditions on outsourcing, data protection, and banking confidentiality) and the specific terms and conditions applicable to BCV’s various digital products and channels (particularly websites and mobile applications).

The term “personal data” refers to all information relating to an identified person (e.g., through their first and last name) or identifiable person (e.g., through a name or passport number). In the course of its business, BCV must collect and process personal data on the customer and related persons (hereinafter referred to collectively as the “data subject”), such as the representative of a legal entity, a trustee, a beneficial owner, the recipient of a payment order, or the holder of a power of attorney over one of the customer’s accounts. BCV asks the customer to provide any such related persons with the information contained in this document.

Depending on the product or service provided, BCV may be required to process the following types of personal data:

This information may be collected by BCV directly from each data subject or, in some cases, from public sources (such as a telephone directory or the United Nations sanctions list) or third parties (such as an intermediary or wealth screening services).

BCV processes data subjects’ personal data on the following legal grounds:

In keeping with the legal grounds set out in section 2.1 above, BCV processes personal data mainly for the following purposes:

BCV may process personal data when evaluating certain aspects of data subjects through automated data processing (“profiling”), in particular to provide tailored offers and advice or to provide information on BCV’s products and services, or aspects of affiliated entities or business partners. If BCV makes individual decisions based on automated data processing in its business relationships with customers, it will comply with applicable legal and regulatory requirements.

In order to provide its products and services, BCV may disclose personal data to:

In accordance with Article 17 of its General Conditions, BCV contractually requires its service providers to protect and maintain the confidentiality of the personal data that they process. Personal data may be disclosed to public, judicial, or administrative authorities or to regulatory or governmental bodies (such as supervisory authorities), upon their request. Personal data may also be disclosed to these entities so that BCV can determine facts, exercise its rights or defend itself from a current or future claim, or respond to an investigation carried out by a public authority in Switzerland or abroad.

Personal data may also be disclosed outside of Switzerland to the individuals mentioned in sections 3.1 above, as long as it complies with Swiss law. If personal data is disclosed to a State that cannot guarantee adequate protection as set out in the Act, BCV will put in place adequate technical, organizational, and legal measures to protect the personal data, including binding contractual commitments with the personal data recipient. With regard to the disclosure of personal data to authorities outside Switzerland within the meaning of section 3.2 above, BCV complies with the applicable legal provisions on international judicial assistance and with FINMA’s provisions on the direct transmission of non-public information to foreign authorities and entities.

The length of time personal data are stored depends on the applicable legal and regulatory storage period as well as the purpose for which they are processed. BCV generally stores personal data for 10 years after the business relationship ends. A longer storage period may be justified to enable BCV to determine facts, exercise its rights or defend itself from a current or future claim, or to respond to an investigation carried out by a public authority in Switzerland or abroad.

Data subjects have the following rights with regard to their personal data, subject to the applicable regulations, particularly in the event of a legal restriction, the overriding interest of a third party, or an unjustifiable request:

To exercise the rights set out in this section, data subjects must inform BCV in writing by sending a letter to the address below together with a copy of their valid ID card or passport.

Banque Cantonale Vaudoise
Legal Department
PO Box 300
1001 Lausanne
SwitzerlandThis notice was published on 1st October 2021; any updates will be published on BCV’s website (

  1. To identify data subjects when they open an account and/or enter into a business relationship with BCV, and to assess the customer’s credit application.
  2. To effectively manage the business relationship with the customer and to execute transactions in accordance with the customer’s instructions and the contractual terms.
  3. To improve BCV’s functioning, products, services and internal processes, including in the area of risk management.
  4. To further develop the business relationship, such as by proposing other products or services that may interest the customer, and to use the personal data for marketing purposes, unless the data subject objects to their personal data being used for this purpose.
  5. To enable BCV to determine facts, exercise its rights or defend itself from a current or future claim, or to respond to an investigation carried out by a public authority in Switzerland or abroad.
  6. To fulfill its legal and regulatory obligations, particularly with regard to combating money laundering when BCV applies international sanctions in accordance with its established procedures (which includes, for example, processing personal data for verification and screening purposes), but also with regard to managing market, credit, operational, and liquidity risks.
  7. When recording telephone conversations and electronic communications with data subjects, to combat fraud and other crimes, to protect BCV’s interests, to analyze and improve the quality of the products and services it provides, to train its employees, and to manage its risks.
  8. To comply with requests from authorities in charge of criminal proceedings, supervisory authorities, authorities in charge of combating money laundering and the financing of terrorism, and authorities involved in the automatic exchange of information for tax purposes (including under the Foreign Account Tax Compliance Act (FATCA)).