Legal

Privacy Policy

Last updated: April 2026 · Eisenberg Bank AG, Bahnhofstrasse 42, 8001 Zürich, Switzerland

1. Who We Are

Eisenberg Bank AG (“Eisenberg Bank”, “we”, “us”) is a Swiss financial institution supervised by the Swiss Financial Market Supervisory Authority (FINMA), operating across the European Union via banking passport. Our registered office is at Bahnhofstrasse 42, 8001 Zürich, Switzerland.

This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, mobile application, Savings Vaults, Current Account, Eisenberg Bank Card, and related financial services.

2. Data Protection Framework

We comply with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and the applicable data protection laws of each EU/EEA member state in which we operate. Where Swiss and EU requirements differ, we apply the higher standard.

Our Data Protection Officer can be reached at privacy@eisenbergbank.eu.

3. What Data We Collect

3.1 Data You Provide Directly

  • Account registration: Full name, email address, phone number, country of residence, date of birth, nationality
  • Identity verification (KYC): Government-issued ID document (passport, national ID card), selfie photograph, proof of address, source of funds declaration
  • Financial data: IBAN for linked external accounts, transaction history, vault balances, card transactions, transfer instructions
  • Communication: Support tickets, emails, chat messages, phone call recordings (with consent)

3.2 Data We Collect Automatically

  • Device information: IP address, browser type and version, operating system, device identifier, screen resolution
  • Usage data: Pages visited, features used, time spent, click patterns, navigation paths
  • Cookies and similar technologies: See our Cookie Policy for details
  • Security data: Login timestamps, failed authentication attempts, session duration, geolocation (approximate, for fraud prevention)

3.3 Data from Third Parties

  • KYC verification partner: Identity verification results, document authenticity scores, PEP/sanctions screening results
  • EU partner bank: Account status confirmations, SEPA transaction settlement data
  • Credit reference agencies: Only where required by law for anti-money-laundering (AML) purposes

4. Why We Process Your Data

Purpose Legal Basis
Providing and managing your Savings Vaults, Current Account, and Eisenberg Bank CardPerformance of contract (Art. 6(1)(b) GDPR)
Identity verification (KYC) and anti-money-laundering (AML) checksLegal obligation (Art. 6(1)(c) GDPR; Swiss AML Act)
Calculating and crediting daily compound interest at rates up to 8.6% p.a.Performance of contract
Processing term-end transfers and weekly interest withdrawals to your Eisenberg Bank CardPerformance of contract
Fraud detection, prevention, and security monitoringLegitimate interest (Art. 6(1)(f) GDPR)
Compliance with FINMA supervisory requirements and EU banking regulationsLegal obligation
Sending you service-related communications (vault maturity, rate changes, security alerts)Performance of contract / Legitimate interest
Improving our services through aggregated, anonymised analyticsLegitimate interest
Marketing communications (only with your explicit opt-in consent)Consent (Art. 6(1)(a) GDPR)

5. Data Sharing

We share personal data only where necessary and lawful:

  • EU partner bank: For deposit custody, SEPA transfers, and deposit guarantee scheme participation. Your deposits held at the partner bank are protected up to €100,000 under the EU Deposit Guarantee Scheme.
  • KYC verification provider (Sumsub): For identity document verification and ongoing monitoring. Data is processed within the EU/EEA.
  • FINMA and EU regulatory authorities: Where required by Swiss financial law or EU anti-money-laundering directives.
  • Payment processors: For Eisenberg Bank Card transactions (Visa/Mastercard network).
  • Cloud infrastructure providers: Data is hosted on servers located in Switzerland and the EU (Supabase/AWS Frankfurt). All providers are contractually bound by data processing agreements.

We never sell your personal data. We do not share data with advertisers, data brokers, or any third party for their own marketing purposes.

6. International Data Transfers

As a Swiss institution operating in the EU, data may be transferred between Switzerland and EU/EEA member states. Switzerland is recognised by the European Commission as providing an adequate level of data protection (Adequacy Decision). Where data is transferred outside Switzerland/EU, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) or equivalent mechanisms.

7. Data Retention

  • Account data: Retained for the duration of your account relationship plus 10 years (Swiss banking record retention requirement).
  • KYC documents: Retained for 10 years after account closure (Swiss Anti-Money Laundering Act, Art. 7 AMLA).
  • Transaction records: 10 years (Swiss Code of Obligations, Art. 958f CO).
  • Marketing consent records: Until consent is withdrawn.
  • Website analytics: Aggregated data retained indefinitely; personal identifiers deleted after 26 months.

8. Your Rights

Under the FADP and GDPR, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (subject to legal retention obligations).
  • Restriction: Limit how we process your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Withdraw marketing consent at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@eisenbergbank.eu. We respond within 30 days (FADP) or one month (GDPR).

9. Security Measures

We protect your data with:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • ISO 27001-certified information security management system
  • Two-factor authentication (2FA) for all account access
  • Real-time fraud monitoring and anomaly detection (24/7)
  • Regular penetration testing and security audits by independent third parties
  • Employee access controls with least-privilege principle and audit logging

10. Children

Eisenberg Bank services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated via email and/or an in-app notification at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact & Supervisory Authorities

Data Protection Officer: privacy@eisenbergbank.eu

Postal address: Eisenberg Bank AG, Datenschutz, Bahnhofstrasse 42, 8001 Zürich, Switzerland

Swiss supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland

EU supervisory authority: You may also lodge a complaint with the data protection authority in your EU/EEA country of residence.