Protection of privacy is a primary consideration for Strateo Bank.
This Policy applies both to data which are initially collected when you contact the Bank and data which are later obtained by the Bank (for example, when you subscribe to an additional product or service, or when you update data that you have initially provided).
The processing of your data is subject to compliance with the Swiss Federal Data Protection Act (FADP), or any other legislative act amending it, as well as with certain provisions of the General Data Protection Regulation (GDPR) for nationals from European Union countries. For more information on data protection, please contact the Federal Data Protection and Information Commissioner.
This policy is updated regularly. Please check our Website regularly to find out which version currently applies.
- Who is your data controller?
- What do we mean by personal data?
- When do we collect these data?
- Where do we collect data about you?
- In what circumstances are you required to send these data to us?
- For what purpose and on what basis do we use your personal data?
- Storage period
- Data security
- Who receives your data? To whom may your data be transferred?
- What are your rights?
- How can you exercise your rights?
- How can you let us know that you no longer wish to receive marketing offers?
- Who should you contact if there is a dispute?
1. Who is your data controller?
Strateo, Swiss branch of ARKEA DIRECT BANK SA (France), which is situated at Geneva, Chantepoulet street 25, and is registered under the number CHE-114.731.197. (the "Bank").
You can contact our data protection officer ("DPO") :
Rue de chantepoulet 25
We do everything that we can to comply with the current data protection regulations, as well as measures implemented, overseen by the Privacy Commission.
For some services, we call upon specialist partners, who work as data processors. These partners must comply with our personal data protection policy and must also fulfil their relevant statutory obligations. We strive to ensure that your personal data are protected through appropriate provisions in our contracts with data processors, as well as other parties that may help us to process your personal data or that receive your data from us.
2. What do we mean by personal data?
By personal data, we mean not only data that identify you directly, but also data that identify you indirectly.
We generally need to collect the following different types of personal data:
We do not process sensitive data, namely data relating to a person's health, racial or ethnic origin, political opinions, religion or beliefs, trade union membership or sex life. We would only be able to have indirect access to these sensitive personal data under specific circumstances. For example, when you make a payment to join a political party or a trade union.
3. When do we collect these data?
4. Where do we collect data about you?
In most cases, you provide us the personal data that we process. However, we do also obtain these data via third parties. In particular, this happens when:
5. In what circumstances are you required to send these data to us?
You can visit our public site without sharing your identity with us. However, you will be using cookies that are intended to make it easier to use our Website, among other things. For more information, please read our Cookies Policy.
If you want to open an account at the Bank or use our services, you will be required to provide us with some information about yourself. We are legally required to request information from you that we need in order to be able to initiate a relationship with us.
You do, of course, have the right to refuse to disclose this information to us, but, should you do this, you will be unable to enjoy our services.
6. For what purpose and on what basis do we use your personal data?
Generally, we use your personal data:
6.1 Statutory obligations
The Bank is bound by a number of legal and regulatory obligations that require us to process your data. These obligations mainly fall within the following legal and regulatory areas:
The list of legal and regulatory areas that govern how the Bank must process your data is non-exhaustive and may change.
As part of its statutory obligations relating to fighting against money laundering and the financing of terrorism, to performing a credit check during a credit application and to protecting investors, the Bank carries out automated checks, using external sources or data which are specifically requested at that time. These automated checks may possibly result in us refusing you a contract or requesting additional information from you, depending on the case.
When this occurs, the Bank does not process any sensitive data and strives to avoid any form of discrimination.
6.2 Contractual relations
Before entering into a contract, the Bank may and, in some cases, must obtain and process certain data, in particular, in order to:
In addition, the Bank is unable to process applications for specific products or services without obtaining certain data from you beforehand.
For example, if you want acquire a new product or service (for example, Strateo INVEST, etc.), we will need certain personal data from you in order to assess whether we can provide these products or services to you.
More specifically, in the context of executing contracts, the Bank processes your data as follows:
- the sale of financial and investment products;
- management and granting of credits, by assessing the overall credit risk;
6.3 Legitimate interests
The Bank also processes your data in order to pursue its legitimate interests. For this purpose, the Bank strives to maintain a fair balance between its data processing needs and respect for your rights and freedoms, particularly privacy protection.
Personal data are therefore processed in order to:
- We use transaction data in order to get a better understanding of how our services are used, in order to improve them. For example, when you open an account, we measure the time between when your account was opened and the first transaction.
- We also analyze the results of our marketing activities, so that we can measure how effective our campaigns have been, in order to provide you, the customer, with more appropriate solutions.
- We analyze the results of surveys conducted on the Bank's customers, statistics, tests and comments left by customers on the Bank's different social media pages (Twitter, Facebook, etc.).
The Bank will only process your personal data if it has obtained your specific consent. This is particularly the case when the Bank wishes to analyse or predict your essential personal characteristics such as your economic situation, health, social circles, travels, etc.
The Bank will only send you marketing communications by e-mail or by SMS and will only process your electronic-communications data for this purpose if you have provided specific consent for it to do so (see 6.5).
Please note: your consent is only required for market communications that are sent electronically. In all other cases (such as part of your contract, or if required by law if we alter our general terms and conditions), we reserve the right to contact you by any means of communication, including via e-mail.
6.5 Direct marketing
The Bank offers you a wide range of financial products and services and, as a company, it has a legitimate interest in being able to tell you about the products or services that it provides or is promoting. With this in mind, it may need to use your personal data and, in particular, your contact details, in order to send marketing communications to you.
In practice, this means that you may be contacted in the following cases, for example:
As part of its direct marketing activities, the Bank may contact you using traditional methods, such as the telephone and ordinary mail. The Bank will only use these traditional methods of communication if you have not exercised your right of objection to your commercial data being used for direct marketing purposes (see 12.5).
The Bank may also contact you electronically (via e-mail, fax or SMS). However, it will only do this when you have provided your consent for it to do so.
Under no circumstances will the Bank disclose your data to third parties so that they can send you marketing communications for their own products and services. Furthermore, the Bank will never process sensitive data for direct marketing purposes.
Generally speaking, cookies are small data files stored on your computer. They may have different functions, but they are generally used to keep a record of websites that you have visited, which can use them to remember you and your preferences when you visit in the future.
We also use data recorded by cookies to compile statistics for our Website and to ensure that its performance and content are improved.
Most web browsers are automatically configured to accept cookies. However, you can configure your web browser to notify you each time a cookie has been sent or to stop it from saving cookies on your hard disk. If you do not accept our cookies, you may notice that our Website will slow down or you may no longer be able to access all of its services.
For more detailed information about using our cookies, please read the Bank's Cookies Policy.
We recommend that you read their personal data protection policies carefully.
8. Storage period
We try to not store your personal data for any longer than we need for the processing activity that requires us to collect them. When assessing how long we need to store your personal data, we must also take into account the applicable regulatory requirements (requirements stemming from legislation against money laundering, for example).
More specifically, your personal data as a prospective customer will be stored for a maximum period of a year.
If you are a customer of the Bank, the data that we will have collected as part of our contractual relationship will, in principle, be stored for the duration of this relationship and for a period of 10 years after you close your account. This period may be longer in some cases, for example, a dispute (until there is an outcome to the dispute).
9. Data security
We take suitable technical and organizational measures in order to guarantee that your personal data are adequately protected against being lost or accidentally divulged to unauthorized individuals.
We have put in place security technology that complies with international rules and current standards in order to protect your personal data.
You can also help to keep your personal data secure by following these tips:
- belongs to Strateo Bank (Arkea Direct Bank SA)
- is issued (verified) by Globalsign nv-sa
If you contact our customer service department about an issue relating to executing your orders, they will ask you for your bank account details. When using the "Telephone orders" service, they will ask you some personal questions in order to identify you.
10. Who receives your data? To whom may your data be transferred?
- to market and Swiss regulatory authorities, similar foreign authorities, Swiss and foreign tax authorities, when the Bank is required to disclose customer's personal data;
- to public or judicial authorities, such as the police, prosecutors, law courts, etc.. This can only be done at their explicit request;
- to lawyers (for example, in relation to the dissolution of a marriage or a bankruptcy), notaries (for example, when it involves a mortgage or inheritance), guardians or provisional administrators, etc.;
- to correspondent banks for payment transactions.
- Specialist providers from the financial sector, who must also fulfil their legal obligations as data processors in relation to personal data;
(For example: correspondent banking institutions in foreign countries, etc.);
- Service providers who help us to:
- Create and maintain our tools;
- Market our activities, organize events and manage communications with customers;
- Develop and/or manage our products and services.
In such cases, we ensure that these third parties only have access to the personal data that they need to complete their specific tasks. We also ensure that our data processors commit to treating data securely and confidentially, and to using them as outlined in our instructions.
When we work with data processors outside of the European Economic Area (EEA), we take appropriate measures to guarantee that your personal data will be properly protected in the recipient country. In such cases, we take action (for example, through contractual measures) to guarantee that your personal data are processed with the same level of security as required under European legislation.
Under no circumstances will we sell your personal data to third parties.
11. What are your rights?
11.1 Right of access and correction
You have a right of access to your personal data. In particular, the Bank can provide you with:
If you discover that your data are inaccurate or incomplete, you can ask us to correct them.
We take all necessary measures to ensure that your personal data are correct, up-to-date, complete and relevant, which is why we ask you to keep us informed of any changes (new addresses, new identity cards, acquisition of a new nationality, etc.).
If we correct your data and we have previously shared them with third parties, we will also notify them of these corrections.
11.2 Right to be forgotten
In some specific cases, legislation enables you to have your personal data deleted.
This is particularly the case if the data are no longer needed for the purposes for which we have collected them (for example, because you have disclosed your contact details to us in order to take part in an event which has finished), if we have only processed your data because you provided your consent for us to do so and you decide to withdraw it, or if you object to your data being processed and we have no legitimate reasons which take precedence over yours.
However, the Bank may store your personal data when they are needed for establishing, exercising or defending its rights in court, or for the Bank to comply with its statutory obligations. The Bank will therefore be required to comply with storage periods stipulated by different laws, particularly when the data are for transactions which you have carried out or have been collected as part of our obligations relating to fighting against money laundering and the financing of terrorism (see point 7).
11.3 Right to restrict processing
This particular right of objection enables you to ask the Bank to block your data temporarily in specific cases set out by regulations: the Bank will then no longer be able to process your affected data for a specified time.
You can ask for your data to be blocked:
If you exercise this right, we will be able store your data, but we will no longer be able to carry out any further processing on them, except when you provide your consent for us to do so, or in order to establish, exercise or defend our rights (or the rights of another person).
11.4 Right to data portability
Thanks to this right, you can ask the Bank to send your personal data to you or to send them directly to another data controller, when this is technically possible for the Bank. This right only applies to data which you yourself have supplied to the Bank and which are automatically processed, on the basis of the contract or when you have provided your consent.
11.5 Right to withdraw your consent
When your data are only being processed because you have provided your consent, you have the right to withdraw this consent at any time. However, withdrawing your consent does not provides the grounds for you to call into question the legality of the processing activity carried out during the period before you withdrew your consent.
11.6 Right of objection
You always have the right to object to your data being used for direct marketing purposes, without any justification and at no expense (see 14). If this occurs, your data will no longer be used for this purpose.
Furthermore, you also have the right to object, for reasons relating to your particular circumstances, to any processing of your personal data which has been carried out to further our legitimate interests. However, we will be unable to grant your request if our legitimate interests prevail over yours or if we are required to process your data in order to establish, exercise or defend our rights in court.
12. How can you exercise your rights?
In order to exercise your rights, you can send your dated and signed request to us, together with a readable copy of the front and back of your identity card, with as many specific details as possible:
Rue de Chantepoulet 25
Upon receiving your complete request, we will respond to it within 30 calendar days.
If you request any additional copies when exercising your right to access your personal data, we may charge you a reasonable amount for administrative costs.
13. How can you let us know that you no longer wish to receive marketing offers?
If you are a customer of the Bank and you no longer wish to receive commercial offers from us or wish to receive fewer of them, you can let us know by logging into the Transaction Site, then going to "Preferences" and then going to "Communication". For example, you can choose to receive only some of our newsletters or let us know your communication preferences.
If you are not yet a customer of the Bank, you can let us know about these preferences by sending us an e-mail to firstname.lastname@example.org.
If you wish to receive promotional informational from us or be contacted by telephone for marketing communications (again), you can inform us by e-mail at email@example.com or by amending your Preferences on the Transaction Site.
14. Who should you contact if there is a dispute?
In the event of a conflict concerning the processing of your personal data, you can submit a request to the Federal Data Protection and Information Commissioner:
Federal Data Protection and Transparency Officer
Phone : +41 (0)58 462 43 95 (Monday to Friday, 10:00 à 12:00)
Fax: +41 (0)58 465 99 96