Privacy Policy

Last updated: September 12, 2025

Your privacy is important to us. It is UBS Global's policy to respect your privacy regarding any information we may collect from you across our website, and other sites we own and operate.

---

1. Data Controller Information

UBS Global acts as the data controller for your personal information. We are a licensed financial institution regulated by the Swiss Financial Market Supervisory Authority (FINMA) under Swiss banking law.

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our services to you. We only ask for personal information when we truly need it to provide a service to you, and we collect it by fair and lawful means, with your knowledge and consent.

2.1 Personal Information

When you open an account or use our services, we may collect:

• Identity Information: Full name, date of birth, nationality, government-issued ID numbers, photographs for verification
• Contact Information: Email address, phone numbers, residential and mailing addresses
• Financial Information: Income details, employment information, account balances, transaction history, credit history
• Security Information: Passwords, PINs, security questions and answers, biometric data for authentication

2.2 Technical and Usage Data

We automatically collect certain information when you use our digital services:

• IP addresses and device identifiers
• Browser type, version, and operating system
• Pages visited, time spent on pages, and click patterns
• Login times, session duration, and access logs
• Location data (where consented to)
• Cookies and similar tracking technologies

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contractual Necessity: To perform banking services and fulfill our contractual obligations
• Legal Obligation: To comply with banking regulations, anti-money laundering laws, and tax reporting
• Legitimate Interest: To prevent fraud, ensure security, and improve our services
• Consent: For marketing communications and optional services (where applicable)

4. How We Use Your Information

We use the collected data for various purposes related to our banking operations:

4.1 Core Banking Services

• Account opening, maintenance, and closure
• Processing transactions and payments
• Credit assessment and loan processing
• Investment services and portfolio management
• Customer identification and verification

4.2 Legal and Regulatory Compliance

• Anti-money laundering (AML) and counter-terrorism financing (CTF) monitoring
• Sanctions screening and compliance
• Tax reporting (FATCA, CRS, and local requirements)
• Regulatory reporting to supervisory authorities
• Record keeping as required by law

4.3 Security and Risk Management

• Fraud detection and prevention
• Security monitoring and threat detection
• Risk assessment and management
• System security and data protection

4.4 Customer Service and Communication

• Responding to inquiries and providing support
• Account statements and notifications
• Service improvements and product development
• Marketing communications (with your consent)

5. Data Sharing and Disclosure

We may share your personal information in the following circumstances:

5.1 Legal and Regulatory Requirements

• Banking supervisory authorities (FINMA, ECB)
• Tax authorities (Swiss and international)
• Law enforcement agencies when legally required
• Courts and legal proceedings
• Financial intelligence units for AML/CTF compliance

5.2 Service Providers

We work with trusted third-party service providers who help us deliver our services, including:

• IT infrastructure and cloud service providers
• Payment processors and clearing systems
• Credit reference agencies
• Professional advisors (auditors, lawyers)
• Marketing and communication service providers

All third parties are bound by strict confidentiality agreements and data protection requirements.

6. Data Security Measures

We implement comprehensive security measures to protect your personal information:

• Encryption: All data is encrypted in transit and at rest using industry-standard encryption
• Access Controls: Strict access controls and multi-factor authentication for all systems
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Staff Training: Regular security and privacy training for all employees
• Audits: Regular security audits and penetration testing
• Incident Response: Comprehensive incident response and breach notification procedures

7. Data Retention

We retain your personal data for different periods depending on the purpose and legal requirements:

• Account Records: 10 years after account closure (Commercial Code requirement)
• AML/CTF Records: 5 years after relationship ends (Monetary and Financial Code)
• Transaction Records: 5 years from transaction date
• Marketing Consent: Until withdrawn or 3 years from last interaction
• Security Logs: 1 year from creation date

8. Your Data Protection Rights

Under GDPR and Swiss data protection law, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Processing: Object to automated decision-making

To exercise these rights, contact our Data Protection Officer at [email protected]

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Help us understand website usage and performance
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Deliver relevant advertisements (with your consent)

You can manage cookie preferences through your browser settings or our cookie management tool.

10. International Data Transfers

We may transfer your data outside the European Economic Area (EEA) for service provision and regulatory compliance. All international transfers are protected by appropriate safeguards, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes through our website, email, or other appropriate means.

12. Contact Us and Complaints

If you have questions about this Privacy Policy or wish to file a complaint: