We use cookies to make its website more user-friendly, secure and effective. Cookies collect information about the use of websites. Further information: Information on data protection
This Privacy Policy provides an overview of how we process your personal data and of your rights under the Data Protection Act in connection with the use of desktop e-banking and our mobile banking apps for smartphones and tablets (hereinafter referred to as “apps”). We process your personal data (hereinafter also referred to as “data”) to the extent necessary for the use of our apps and related applications (hereinafter collectively referred to as “services”). Your personal data will be treated as strictly confidential and processed in accordance with current data protection legislation. This Privacy Policy supplements the “Terms of Use for E-Banking and mobile banking” and the document “Legal Information on E-Banking”.
By using the apps, you consent to the processing of the data you provide and the data collected about you while using the apps in the manner described below and for the purposes stated, and you acknowledge your rights in this regard. When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Please therefore inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy or the relevant product information. If we inform you of a new version of these documents, please also pass on to such third parties these new versions in each case.
Our employees are regularly trained on data protection and are sworn to secrecy. In addition, our Data Protection Unit monitors compliance with data protection regulations.
Our apps may contain links to third-party websites to which this Privacy Policy does not apply. The privacy policies of the websites visited apply.
“Personal data” is data that relates to an identified or identifiable natural person. “Processing” means any handling of your data, in particular obtaining, storing, using, disclosing, archiving or deleting such data. We comply with the Federal Data Protection Act (FADP), the Data Protection Ordinance (DPO) and any other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation, GDPR).
If you have any data protection concerns or wish to exercise your rights, you can contact our Data Protection Unit as follows:
Baloise Bank Ltd
Data Protection Unit
Amtshausplatz 4
4502 Solothurn, Switzerland
E-mail: datenschutz-bank@baloise.ch
We primarily process the personal data necessary for the use of our apps and services, in particular the information you provide and the data we collect directly (see below).
When you activate the app, the following data is requested. This data is used to identify you and to permanently link the app to the device you are using and your e-banking contract: e-banking policy number, one-time activation code, password.
When you use our apps, additional technical data – known as metadata – is collected in the background. This includes, amongst other things, information about your device type (e.g. smartphone or tablet, manufacturer, operating system used, version, screen size, device ID, installed apps, jailbreak/root), your app version or your IP address. We also collect additional data regarding access to the apps, known as log data, in order to ensure their secure and proper operation and to enable error analysis. This includes, for example, the name of the website visited, the date and time of the visit, the amount of data transferred, confirmation of a successful visit, other app activities, app information, user IDs, app performance and crash logs, information about the operating system and details of the last website visited.
We only collect further personal data if you provide it to us in connection with our services. We only store the personal data you provide in this regard if you make it available to us through our services in our apps (e.g. in Messenger). This primarily includes master data, contract data and financial data relating to enquiries about your accounts, changes of address, stock market orders, etc., as well as communication data (e.g. the date or content of correspondence with you). The information is stored on the basis of our legitimate interests.
Further details regarding the personal data we process in connection with the use of our apps and services can be found below.
Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or for which we are legally obliged or entitled to process it. For further details on the basis of our processing, please refer to clause 5.
We process your data to implement the contractual relationship, in particular to enable you to use the features of the applications, such as account management, recognition of account transfers, making domestic and international payments, displaying asset and transaction overviews, scanning and processing QR invoices, etc.
When you contact us via Messenger, the data you provide, along with the communication and related data transmitted in the process, will be collected for the purpose of processing your enquiry and in case of any follow-up questions. The data is transmitted to us in encrypted form. The processing of your data is based on our legitimate interest and serves solely to process the enquiry.
We may also send you information via Messenger in connection with the performance of the contract, for example, notifications regarding an unsuccessful transaction or a reminder when your mortgage is due to expire.
In addition to the chat function, the Messenger app allows users to subscribe to channels and receive push notifications (see clause 4.3). This allows you to keep up to date with our offers and services (Up-to-Date channel) or the stock market (Stock Market News channel), take part in customer surveys and competitions (see clauses 4.3 and 4.5), and contact us via the feedback channel. Your enquiry may be answered by a chatbot, depending on the content of your message and the frequently used keywords it contains. The chatbot uses a label to identify itself as a digital assistant or adviser.
You can withdraw your consent to receiving push notifications at any time by clicking the relevant subscription button and disabling notifications.
In order to inform you from time to time about new products of Baloise Bank Ltd or our business partners that may be of interest to you, we use the personal data we have collected for marketing purposes as follows:
If you do not wish to receive marketing communications, you can notify us of this at any time by e-mailing bank@baloise.ch.
Data that we require for statistical evaluations and data analyses is anonymised and aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of statistics (e.g. for the development of new, and adjustments to existing, products) or for topic-specific evaluations and data analyses, as well as for sales reporting. We also use data concerning all existing contracts – likewise without the possibility of drawing conclusions about you personally – to analyse the entire customer base and for the fulfilment of our contractual obligations, for example for general consultation regarding a contract adjustment or contract amendment or for the provision of comprehensive information, that is, we perform anonymised evaluation which makes use in the individual contractual relationship possible.
We are committed to continuously developing our products and services to meet your needs. We therefore contact you as part of customer surveys for market research purposes and use the results in anonymised form to address various issues within the company. To determine customer satisfaction, we can ask you about your experience with us (feedback channel). We also use your responses to contact you personally, to actively address your concerns and to improve our internal processes. We also collect, store and process your data for the evaluation, improvement and redevelopment of our products and services. In doing so, we analyse which products are used by which groups of people and which adjustments would be necessary in the future. The results of these analyses are – as far as possible – carried out in pseudonymised or anonymised form.
In order to comply with laws, regulatory clarification, disclosure, information, reporting and other obligations (e.g. Banking Act, Financial Services Act, Collective Investment Schemes Act, guidelines of the Swiss Bankers Association, Anti-Money Laundering Act, sanctions law, automatic exchange of information and other banking supervisory decrees and requirements), as well as court or official orders (e.g. issued by public prosecutor’s offices), we must subject your data to more detailed investigations (e.g. with regard to identity, beneficial owners of funds or shareholdings in companies) as well as an automated comparison with external watch lists. In certain cases, we may be required to report to authorities or disclose documents due to statutory requirements or court or official orders. Personal data about you may be processed in the course of internal or external investigations, for example by law enforcement or supervisory authorities or an appointed private body.
These legal obligations may arise from Swiss law, but also from foreign regulations to which we are subject. For these purposes, we process in particular your master data, contract data, claims data and communication data, but also behavioural data under certain circumstances.
In order to prevent and investigate criminal offences and other misconduct, we may process data to protect both you and us from criminal or abusive activities (e.g. conducting internal investigations, analysing data to combat fraud).
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us in writing with effect for the future. Once we have received notice of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its withdrawal.
If we do not ask for your consent to process your personal data, we process it on the basis that such processing is necessary for the performance of a contract with you, e.g. for the purpose of account management. Processing is also based on our legitimate interests or those of third parties, for example, to pursue the purposes described and the associated objectives, and to be able to implement the relevant measures. Our legitimate interests also include the marketing of our products and services. In addition, we may be authorised to process data on the basis of legal provisions (see, for example, clause 4.5).
We primarily use data to create server log files in order to perform statistical analyses for the purpose of operating the apps, ensuring the security of the IT systems and optimising the apps. For this purpose, we primarily use log data. The legal basis for this data processing is our legitimate interest in providing you with a secure and smooth user experience at all times. We also reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of specific indications. The log data is automatically deleted after a period of 90 days.
The app requires a number of permissions to ensure its functionality and security. These permissions vary depending on the platform (smartphone, tablet) and operating system (Android, iOS, Windows, macOS).
The app may request the following permissions:
For security reasons, additional permissions are required in order to link the app to a single device. For example, the app uses a unique device identifier to prevent copying (this requires, among other things, the permission “Access phone status and identity”).
Furthermore, the app uses security features to protect itself; for example, it detects whether other potentially harmful apps and settings (such as “jailbreaks”) are active, which could compromise the security of your e-banking access (this requires, among other things, the “Retrieve active apps” permission).
If you do not need certain features of the app, you can cancel its permissions at any time (e.g. for the camera, microphone, contacts, Bluetooth and location). The options available depend on the operating system used.
The use of “eBill” is subject to the Privacy Policy of the provider, SIX BBS Ltd, Hardturmstrasse 201, 8021 Zurich, Switzerland. You can view the policy at the following web address SIX – eBill Privacy Statement.
As soon as you access the biller’s billing details, you will leave the secure area of the app. This could also reveal your bank account details. If you choose to be notified by email about new eBill invoices and payment reminders from billers, this information is usually sent unencrypted over unsecured networks. Data can also be processed abroad as part of the eBill system. To process eBill services, information such as invoice details and status updates is submitted to SIX BBS Ltd’s systems, where it is processed. It is possible that the financial institutions responsible for processing payments may also have access to certain data relating to you. In addition, SIX BBS Ltd may forward certain status information to the biller. For this reason, by using eBill, you release Baloise Bank Ltd and SIX BBS Ltd from their duty of confidentiality specifically in relation to the provision of eBill services and support services, and you waive your right to banking secrecy. Baloise Bank Ltd may also disclose your data in order to comply with legal obligations.
You can use the app to record stock market transactions, view up-to-date market data, apply to open new securities accounts, and view your most recent stock market orders along with the relevant details. For this purpose, the transaction and financial data you have provided will be transmitted to SIX Group Services Ltd, which executes your orders.
Further information on the processing of personal data by SIX Group Services Ltd can be found in the SIX Privacy Statement (six-group.com).
For the purposes mentioned in clause 5, we may also process, analyse and evaluate your data (including data concerning third parties that are also affected) automatically in order to assess certain personal characteristics or behaviour (so-called “profiling”). This automated data processing serves to combat money laundering and terrorist financing, to perform credit checks, to identify different interests and personal requirements for individual consultation and to provide offers and information, as well as being used for marketing purposes and other product and service offerings, and services that we or our Group companies may provide to you.
In the event that we base our decisions when concluding or processing a contract exclusively on automated data processing (so-called “automated individual decisions”) or if the decision is based to a significant degree on artificial intelligence, we will inform you of this in an appropriate manner, give you an opportunity to express your view and separately inform you that you can have the relevant decision reviewed by us if necessary, unless the automated individual decision is directly related to the conclusion or processing of a contract between the bank and you, your request is granted, or you have explicitly consented to the automated decision.
Below you will find details about the cookies used on our website/application.
We use cookies for the following purposes:
A cookie is a small piece of data (a text file) that your browser or app stores on your device at the request of a page you visit, in order to “remember” information about you, such as your language settings or login details. These cookies are stored by us and are known as first-party cookies. We also use third-party cookies, which originate from a domain other than that of the web page you are visiting. In particular, we use cookies and other tracking technologies for the following purposes:
Messenger uses various cookies. These are taken from the base implementation of rocket.chat and are essential:
These values are set when you log in to Messenger and are used for authentication. These are values generated by Messenger. No user information is stored in the cookies.
These cookies enable the co-browsing feature. They may be set by us or by third-party providers whose services we use on our pages or in our applications. If you do not allow these cookies, some or all of these features may not work properly. You can find all the cookies required for the co-browsing feature here: Unblu cookies.
We expressly do not use the Google functions listed above in our applications.
In order to improve the e-banking website and its content for the benefit of e-banking users, visitor behaviour is tracked using Friendly Analytics (Friendly GmbH, Meggen, www.friendly.ch). No cookies are stored, and no personal data is collected or generated. IP addresses are only recorded in truncated form, so that the third and fourth octets are always 0 (example: 123.123.0.0).
We have configured Friendly Analytics so that all data is stored in Switzerland. Friendly Analytics never shares data with third parties and does not it use it for advertising purposes.
With Friendly Analytics, we can analyse the following user activities:
We use this information from Friendly Analytics to analyse website usage, resolve issues and compile reports on website activity.
With co-browsing, participants share the content of their browser window with Baloise Bank Ltd employees so that they can provide tailored support. To use this service, you must first contact an employee of our Customer Service team by telephone. You will be given your personal, unique connection PIN during your conversation with the Customer Service employee. You must enter this PIN in the co-browsing window. Once you have clicked the “Connect” button, the contents of your browser window will be shared with the person you are talking to. Our employees have read-only access. They can only view the contents of the browser window; they cannot type or click. From a technical point of view, this is further restricted so that only the e-banking section is visible to customer service staff. Any other content on or from your device is not visible and will not be shared.
When you click the “Connect” button, the bank assumes that you have consented to the sharing of this information during the co-browsing session. You can tell from the green border and the status bar at the top of the window whether the content in your browser window is still being shared with us. You can cancel the sharing at any time by clicking the “Cancel” button. The content of your shared screen will not be recorded or saved. Data communication is encrypted. For statistical purposes, the subject matter (e.g. the nature of the issue or the type of assistance provided), the time and duration of the communication, and other non-personal data may be stored. Your data will not be shared with any third parties.
From time to time, third-party offers are integrated into our messaging service. These offers will only be suggested to you if you show an interest in the relevant product or service in Messenger by clicking on the relevant button (e.g. “30% off mobile phone insurance”). With your consent, we will then send you information, advertising and product offers from us and from third parties both within (e.g. Group companies) and outside the Group (e.g. business partners such as cashgate.ch and MOVU.ch). To this end, we primarily process communication and registration data. When you click on the links provided by the relevant service providers, those providers will be able to determine that you are using our apps or visiting our web pages. You acknowledge that this may enable a link to be established between you and Baloise Bank Ltd and agree to a waiver of banking secrecy to this extent. The providers act as independent data controllers. For information on the processing of data by the respective third-party provider, please refer to the privacy notice of the service in question. In this context, we may personalise our communications so that we can provide you with tailored information and make offers that match your needs and interests. To this end, we link the data we process about you, use it to identify your preferences, and use this information as the basis for personalisation.
Some of our services and business functions (e.g. in connection with the purchase of IT services) are provided on our behalf by legally independent companies in Switzerland and, in rare cases, abroad. They may process data about you if this is necessary for the performance of the contract. These service providers and agents work on our behalf, particularly in the areas of information technology systems and software services, securities management, payment transactions, telecommunications, fraud prevention and information security. They are involved in accordance with the provisions of banking and data protection law. Service providers are, for example, obliged to protect banking secrecy and to comply with our defined data processing purposes and the applicable data protection legislation. The bank verifies that data security is guaranteed by the service providers throughout the entire processing period by performing regular checks and audits. To the extent provided for by contract or law, such service providers may, in turn, engage third parties under the same terms and conditions with the prior approval of, and subject to a prior review by, the bank.
As part of the processing of your personal data, your data may also be transmitted abroad (e.g. in cases involving payment or securities orders), insofar as this is necessary to fulfil the business relationship, is provided for by law or you have given us your consent.
In the event that personal data is transferred abroad, we take contractual precautions, following a risk assessment, to compensate for the weaker statutory protection in countries outside of Switzerland, as well as further measures (e.g. pseudonymisation) to reduce the risk of government access abroad authorised under the foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest, if the fulfilment of the business relationship requires such disclosure (e.g. in cases involving payment or securities orders), if it is required by law (e.g. in cases involving reporting obligations under tax law), if you have given your consent (e.g. by using the digital account opening service) or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
For the conclusion or processing of the contract, sharing of data may also be necessary with other Group companies. If your contract was concluded by employees of other Group companies, the data will be disclosed in particular for the purpose of allocating commission.
In order to provide comprehensive and efficient customer support and advisory services, and to contact you regarding the Group’s products and services, we may share your master data and contract data, as well as other information provided in the course of our customer relationship, within the Group. This includes, in particular, master data, financial data, transaction data, communication data and information on usage and payment behaviour.
Your data may also be automatically evaluated and analysed within the Group. The aim of such analyses may be to identify customer preferences, behavioural patterns or future needs, on the basis of which personalised customer profiles may be created. These profiles are used, amongst other things, to optimise customer relations, provide individual advice and furnish information tailored to individual needs, and also to enable the bank or other Group companies to develop, optimise and present bespoke offers.
Such processing may also be carried out automatically or using artificial intelligence (see clause 8).
We may make data available to the Group in anonymised and aggregated form for the purpose of preparing Group-wide statistical evaluations and data analyses.
For the purposes of comparing customer bases, customer master data may be compared for statistical purposes within the Group. The comparison analyses how many joint customers there are, how this proportion develops over time and how the joint customers are distributed geographically.
We may also share data within the Group in accordance with statutory, regulatory or internal compliance requirements (e.g. anti-money laundering checks), for the purposes of risk management and internal control, and for the purposes of carrying out statistical analyses, marketing activities as well as analyses of market segments and customer structures.
We may disclose data to Group companies for the purpose of conducting joint campaigns, as well as for market segment analysis, customer structure analysis, market research and product optimisation, in order to improve our range of products and services, manage the use of and access to applications, products and information, maintain our business relationships with customers, and monitor the performance of our offerings.
In order to achieve the Group-wide purposes mentioned in this clause, your data may also be processed in the future by the parent company in an automated manner or using artificial intelligence with the aim of evaluating certain personal aspects.
To ensure consistent and tailored support, the list of active bank customers is cross-referenced with the insurance company’s customer database. This involves the use of identification data and contact details, as well as information regarding the customer relationship, in order to ensure that customers can be correctly identified and supported.
Additional information relevant to customer support may only be made available to the insurance unit that originally referred the customer in question to the bank. These notifications consist of selected event information, such as the occurrence of a significant cash transfer or the repayment in full of a mortgage. In the case of hybrid customers, the insurance company’s designated customer advisers may, where necessary for the performance of a specific service task, access further data relating to banking activities, in particular account information such as account balances, account movements, transaction data including payments, payees and transaction descriptions, and custody account information such as portfolio holdings and valuations. This information is used exclusively for the purposes set out in clause 17 of the General Terms and Conditions, in particular to provide personalised advice, tailored support, prepare for consultations, and also develop and present suitable offers within the Group.
Access to personal data is strictly governed by the need-to-know principle: Your data is only accessible to those departments that actually need it to perform their respective duties. Access is technically role-based and restricted to customers assigned to the relevant account manager. Each access is logged and regularly checked. Employees of the Group companies are obliged to treat your data as confidential and receive regular training in data protection and banking secrecy.
You can inform us at any time if you do not wish your data to be shared for the above purposes or if you wish to withdraw your consent in this regard (see contact address in clause 11).
You can request a list of the Group companies via the postal address or email address stated under clause 11 below.
In response to requests from public authorities (e.g. in the context of criminal proceedings), we may disclose the necessary personal data to government departments, courts and other authorities both in Switzerland and abroad if we are legally obliged or authorised to do so, or if this appears necessary to protect our interests. The authorities process data about you that they receive from us under their own responsibility as controllers.
In accordance with the applicable data protection law and under certain conditions, you have the following rights:
You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.
You can request that we correct incorrect data or complete incomplete data.
You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.
You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.
Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing.
In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.
You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.
You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.
You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.
Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
If you wish to exercise your rights, you can contact us in writing or by email at the address below.
Baloise Bank Ltd
Data protection unit
Amtshausplatz 4
4502 Solothurn, Switzerland
Email: datenschutz-bank@baloise.ch
Your data will only be retained for as long as is necessary to fulfil the aforementioned purposes and for as long as we are required to do so by law (e.g. due to obligations under the Anti-Money Laundering Act) or under contract.
In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate business interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.
We use adequate security measures to protect your data against foreseeable risks:
Despite comprehensive technical and organisational security measures being taken, data may be lost or intercepted and/or manipulated by unauthorised persons. However, the device you use to access e-banking is located outside the security perimeter controlled by Baloise Bank Ltd. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures. Baloise Bank Ltd does not, under any circumstances, accept liability for damage that you could incur as a result of data loss or manipulation.