Privacy Policy of the VZ Group

1. General provisions

The VZ Group includes all Swiss group companies owned by VZ Holding Ltd, in addition to companies closely associated with it. In this Privacy Statement, all such companies are referred to collectively as "VZ".

VZ is committed to handling personal data in a transparent and customer-friendly manner, and protecting these data is an important concern for VZ. This Privacy Statement provides you with an overview of how VZ handles such data. At the same time, it informs you of your rights under the Swiss Data Protection Act.

"Personal data" means any information relating to an identified or identifiable person. This includes, in particular, contact and master data, such as names, telephone numbers, postal addresses and email addresses. "Processing of personal data" includes any handling of personal data, including but not limited to the procurement, storage, use, modification, disclosure or deletion of such data.

This Privacy Statement is for your information. It does not constitute part of any contract concluded between you and VZ and may be amended from time to time.

This Privacy Statement is addressed to all persons who come into contact with VZ as the controller responsible for data processing. These include interested parties, clients and persons associated with them (e.g. partners and other family members, authorised representatives).

2. Origin and categories of personal data

VZ processes personal data that you disclose to it (e.g. during a visit, during a consultancy meeting, when ordering marketing material, in the course of providing services, when accessing our websites and apps and/or when using the VZ Financial Portal), which is publicly available (e.g. in address books and/or the commercial register), may be obtained from third parties (e.g. from address brokers and/or credit agencies), or which it receives from cooperation and business partners (e.g. from other VZ Group companies and/or external distribution and contractual partners of VZ).

This data is mainly comprised of master data (e.g. personal details, authorised representatives), contract data (e.g. information on the placing of orders, asset information), financial data (e.g. ratings and information on creditworthiness as regards the granting of credit), transaction data (e.g. information on payment transactions), health data (e.g. health status, illnesses and injury information relating to fiduciary or brokerage services) or marketing data (e.g. interest in services, website visits).

If you disclose to VZ the personal data of third parties (e.g. of the Partner and other family members and/or of authorised representatives), we ask that you inform these third parties of the processing of their data by VZ by making reference to this Privacy Statement.

3. Legal basis and purpose of processing

VZ processes personal data in accordance with data protection law:

For the conclusion and performance of our contracts

VZ processes personal data in connection with the initiation of business and the business relationship with you.

In order to comply with statutory or regulatory requirements

VZ processes personal data if required by statutory or regulatory requirements (e.g. to combat money laundering, to fulfil tax-related control and reporting obligations).

To safeguard the legitimate interests of VZ or third parties

VZ processes personal data to safeguard its legitimate interests (e.g. for initiating contact and carrying out communication, for market and opinion research, for developing and controlling services, for advertising and marketing, for investigating or preventing criminal offences or other misconduct, for preventing damage and losses (particularly to combat fraud and misuse and to conduct internal investigations), to defend against and/or enforce legal claims in proceedings and litigation, to comply with foreign laws, to ensure operations and infrastructure (particularly in the IT sector), to protect persons and assets (particularly to create visitor lists, access controls or other records), and to manage business and risk).

Where applicable, with your consent

VZ may process your personal data if you have given your consent.

4. Data security

VZ processes as little personal data as necessary and protects it against loss and misuse (e.g. against access, alteration or disclosure by unauthorised persons). The technical and organisational measures for data security are appropriate and meet stringent requirements (e.g. use of current firewall and anti-virus products, personal passwords with multifactor authentication technologies, as well as encryption and access restrictions, and awareness raising and training of employees). They are continuously adjusted to take account of specific hazards. The level of protection is state of the art and corresponds to the type and extent of the processing.

5. Recipients of personal data / disclosure of data to third parties

VZ shall comply with the confidentiality obligations laid down in data protection law and any other regulations (e.g. bank-client confidentiality). These duties apply to all employees and governing officers of VZ, as well as to any persons working on its behalf in the context of outsourcing tasks. Personal data may only be accessed within VZ by a person who requires them for the purpose for which they are being processed.

Personal data may be disclosed within VZ in order to guarantee a consistently high level of service throughout the Group or in order to provide comprehensive support and service provision.

Personal data may be disclosed to third parties if this is necessary to fulfil contractual obligations (e.g. to stock exchanges, brokers), to comply with statutory or regulatory requirements (e.g. to supervisory authorities, courts), to safeguard legitimate interests (e.g. to service providers in the context of outsourcing tasks) or if you have given your consent to this.

If personal data is disclosed to service providers in the context of outsourcing tasks (e.g. to IT service providers, marketing service providers, providers of communication and printing services, claim handlers), such service providers may only process such data in the manner that VZ itself may. VZ carefully selects the service providers and contractually obligates them to comply with duties of confidentiality and to ensure data security.

Under no circumstances will personal data be sold to third parties for marketing or other purposes.

6. Disclosure of personal data within Switzerland and abroad

Personal data may be disclosed by VZ abroad (worldwide) in order to fulfil contractual obligations (e.g. in the securities business, brokerage business), as well as statutory or regulatory requirements (e.g. to tax authorities, trading, clearing or custody agencies for securities) or in order to safeguard legitimate interests (e.g. in the context of outsourcing tasks, to defend against and enforce legal claims in proceedings and litigation).

In the case of the disclosure of personal data abroad, VZ warrants that the country in question offers adequate data protection or that adequate data protection is otherwise ensured unless a disclosure abroad is made in an individual case on the basis of a statutory exception.

7. Profiling and automated individual decisions

VZ may analyse and assess personal data using automated systems in order to identify characteristics, predict developments and create profiles (so-called profiling). Profiles are used, in particular, to provide you with optimal support (e.g. personalised offers) and to tailor marketing measures to your needs (e.g. personalised marketing). As part of the creditworthiness assessment, VZ may use scoring. In this case, VZ calculates the probability with which payment obligations will be met pursuant to the contract.

As a rule, VZ shall not take any individual decisions based solely on the automated processing of personal data. If automated individual decisions are utilised, the VZ shall inform data subjects thereof in accordance with statutory requirements and grant them the rights provided for by law.

8. Retention period

The length of time data is stored depends on the statutory or regulatory retention obligations, as well as the purpose of the processing. VZ normally stores data for the duration of the business relationship and for at least ten years thereafter or deletes/destroy them as soon as there is no longer any Group-wide contact with VZ.

9. Rights

You have the right to know which data about you is being processed, and you may request, in particular, that such data be erased or corrected. In addition, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC). However, these rights do not apply unconditionally: In specific individual cases, further processing of data may be required above all due to statutory or regulatory requirements (e.g. in order to comply with duties to provide access and information) or in order to safeguard legitimate interests (e.g. for enforcing or defending against legal claims) in proceedings and litigation before or pertaining to government agencies or courts). 

In order for VZ to be able to comply with your request for access, you must submit your request in writing to VZ along with a copy of valid official photographic identification (e.g. passport, identity card or driving licence).

If your data is processed for marketing purposes, your right to opt out also applies to marketing activities (e.g. mailings, newsletters) and to profiling for marketing purposes. You may stop any unwanted marketing activities at any time by informing VZ of your request.

You can withdraw your consent to the processing of your data at any time. However, any such withdrawal of consent will only apply prospectively: any data processed before then will not be affected by the withdrawal of consent.

10. Contacts

The relevant Swiss group company of VZ Holding Ltd is responsible for the processing of personal data.

Please do not hesitate to address any general questions, suggestions or observations to your contact person at VZ. 

You can also contact the following specialist unit with any questions relating to data protection:

VZ VermögensZentrum AG
Data Protection
Gotthardstrasse 6
8002 Zurich
E-mail: datenschutz.ch [at] vzch.com

Last update: 1 January 2022