Data protection

Privacy Policy

Last update: January 2025

1. Data controller

B.A.I.F is committed to protecting the privacy of its customers and complying with the General Data Protection Regulation (GDPR) as well as Swiss legislation on data protection.

2. Data collected

We collect the following categories of data:

Identity data : Last name, first name, date and place of birth, nationality, ID document.

Contact data : Postal address, email, phone number.

Financial data : Income, assets, banking transactions, investment history.

Connection data : IP address, login logs, device used, approximate location.

Behavioural data : Pages viewed, actions taken on our website and app, preferences.

Identity verification data : Identity documents, proof of address and income, declaration of beneficial owners.

3. Purposes and legal bases

Purpose Legal basis
Opening and managing a bank account Performance of the contract
Anti-money laundering (AML-CFT) Legal obligation
Sending statements and contractual communications Performance of the contract
Risk analysis and scoring Legitimate interest
Improving our services and products Legitimate interest
Sending marketing communications Consent
Setting analytics cookies Consent

4. Data recipients

Your data may be shared with:

  • Authorised B.A.I.F staff (advisors, compliance teams, IT)
  • Technical providers under confidentiality agreement (host, software vendors)
  • Competent regulatory, financial supervision and tax authorities where legally required
  • Insurance and reinsurance partners for co-distributed products
  • Correspondent banks (SWIFT) for international transfers

We never sell your data to third parties for commercial purposes.

5. Retention periods

Active client data Duration of the contractual relationship + 5 years
KYC / AML-CFT data 5 years after the end of the relationship
Transaction data 10 years (legal accounting obligation)
Connection data (logs) 12 months
Analytics cookies 13 months maximum

6. Your rights

In accordance with the GDPR and the UK Data Protection Act, you have the following rights:

  • Access to your data
  • Rectification
  • Erasure (right to be forgotten)
  • Restriction of processing
  • Portability
  • Objection
  • Withdrawal of consent
  • Complaint to the supervisory authority

To exercise these rights, contact our Data Protection Officer (DPO):

7. Transfers outside the EU

Some of our providers may process your data outside the European Union. In such cases, we ensure that these transfers are governed by appropriate safeguards: standard contractual clauses approved by the European Commission or an adequacy decision.

8. Security

B.A.I.F implements appropriate technical and organisational measures to protect your data against unauthorised access, modification, disclosure or destruction. Our systems follow European banking standards for security and data protection. All communications are encrypted with TLS 1.3.

9. Changes

This policy may be updated to reflect regulatory developments or changes to our practices. The update date is shown at the top of the document. Substantial changes will be notified to you by email.

10. DPO contact

Data Protection Officer (DPO)

Address: B.A.I.F – DPO Department, Geneva, Switzerland

You also have the right to lodge a complaint with the competent supervisory authority.