Select company website
You are currently visiting: EFG Bank (Luxembourg)
- Asia Pacific
EFG Entities are committed to protect your Personal Data by complying with bank-client confidentiality as well as data protection laws and regulations.
This Privacy Notice shall provide current and potential clients of EFG with an overview of how we process your Personal Data.
In this Privacy Notice “we” refers (as applicable) to any EFG entity belonging to the EFG Group, which must comply with the data protection legislation (“EFG Entities”).
This Privacy Notice applies to all clients and prospective clients of EFG Entities (“you”), who are subject to the provisions of any applicable data protection legislation. This Privacy Notice covers Personal Data that is held electronically and also applies to paper-based filling systems.
(a) Explanation of terms used in this Privacy Notice
Personal Data means information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
EFG Group means the group of companies composed of EFG International AG and its affiliates (where an “affiliate” of, or a person “affiliated” with, a person is a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified and “control,” including the terms “controlling,” “controlled by” and “under common control with,” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting shares, by contract, or otherwise).
2. Information and Data Security
It is our policy to protect your right to privacy. We will take all reasonable steps to ensure that adequate technical and operational security measures, confidentiality obligations and compliance procedures are in place to prevent inappropriate access to, disclosure, alteration or deletion of, Personal Data.
In addition, we limit access to your Personal Data to those employees; agents and contractors who have a business need to know. Our agents and contractors will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
3. Types of Personal Data collected
In the course of providing services to you, we may process Personal Data and Special Category Personal Data. This typically includes the following information relating to you:
(a) Information received from you, including:
(b) Information received from third parties, including:
(c) Information specific to our services, including:
(d) Special Category Personal Data
In some cases (where permitted by law), special categories of personal data, such as your political opinions or affiliations, health information, racial or ethnic origin, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.
If relevant to the services we provide to you, information about your additional card holders or account holders, business partners (including other shareholders or beneficial owners), dependents or family members, representatives, and agents. Before providing us with this information, you should provide a copy of this notice to those individuals.
4. How we collect your Personal Data
We collect your Personal Data:
5. Sources of Personal Data
We collect your Personal Data:
6. How we use Personal Data
We are a data controller which means that we are responsible for deciding how we hold and use Personal Data about you. We may use your Personal Data before, during and after our relationship ends with you.
(a) Legal basis for using your Personal Data
We will only use your Personal Data when the law allows us to. Most commonly and depending on the situation in which we will use your Personal Data (see paragraph b below), we will use your Personal Data in the following circumstances:
We may also use your Personal Data in the following situations, which are likely to be rare:
(b) Situations in which we will use your Personal Data
The situations in which we will process your Personal Data are listed below.
(c) If you fail to provide Personal Data
If you fail to provide certain information when requested, we may not be able to enter into a contract with you/ perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations (such as to complete our “know your client” checks). Please note that EFG may still process any available Personal Data.
7. Recipients of your Personal Data
We (and those parties to whom Personal Data is disclosed) may disclose Personal Data when permitted by law or with your prior consent, in the situations described above:
8. Overseas transfers
The Recipients referred to in section 7 above can be located outside of Luxembourg and the European Economic Area. In those cases, except where the relevant country has been determined to provide an adequate level of protection, we require such recipients to comply with appropriate measures designed to protect personal data.
9. Retention of Personal Data
We will retain Personal Data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements. To determine the appropriate retention period for Personal Data, we consider the applicable legal requirements, as well as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means.
Further information on the retention periods of Personal Data can be requested from your Private Banker and/ or the Data Protection Officer/ the Privacy Officer of the EFG Entity that supports you.
10. Your rights and duties
(a) You duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if you Personal Data changes during your relationship with us.
(b) Your rights in connection with Personal Data
Under certain circumstances, and subject to applicable law, you have the right to:
If you want to exercise your rights, as per above, please contact your Private Banker and/ or contact the Data Protection Officer/ the Privacy Officer of the EFG Entity that supports you by sending a letter.
The exercise of some of these rights may result in an EFG Entity no longer being able to provide a product or service to you.
Finally, you have the right to lodge a complaint with a supervisory authority.
(c) No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
(d) What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
(e) Queries relating to the processing of your Personal Data
If you have a query regarding the processing of your Personal Data please contact your Private Banker and/ or the Data Protection Officer/ the Privacy Officer of the EFG Entity that supports you.
11. Changes to this Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will notify you either in writing or by updating this Privacy Notice on our website at: https://lu.efgbank.com . We may also notify you in other ways from time to time about the processing of your Personal Data.
Aimed at always offering the best services to its clients, EFG Bank (Luxembourg) S.A. (hereafter “the Bank”) has decided to centralize part of its infrastructure at its headquarter based in Switzerland. In accordance with article 45 of regulation (EU) 2016/679, known as GDPR, and further to the decision whereby the European Commission has recognised Switzerland as providing an adequate level of data protection as well as subsequent validation by the Luxembourgish supervisory authority of the financial sector (the ‘CSSF’), the Bank’s clients data will be stored at the headquarter with a high level of security and data segregation, including in full compliance with banking secrecy rules.
Further details on the outsourcing of this activity to our headquarter in Switzerland are available in the General Terms and Conditions governing the business relationship between the Bank and its customers.