Legal issues and privacy statement

Legal issues

The content available on the website and in the associated web applications is predominantly protected by copyright or other protective rights and is the sole property of the Swiss National Bank (hereinafter ‘SNB’) or other specifically named rights holders.

Copyright and trademark law

Die auf zur Verfügung gestellten Informationen und Daten können für nicht kommerzielle Zwecke gespeichert, ausgedruckt, übersetzt und übermittelt werden. Dabei müssen sie fehlerfrei und unter Quellenangabe wiedergegeben werden. Wenn die Informationen oder Daten vom Nutzenden verändert werden, so ist ausdrücklich darauf hinzuweisen.

Stammen Informationen oder Daten erkennbar aus fremden Quellen, sind Nutzer solcher Informationen oder Daten verpflichtet, allfällige Urheberrechte daran zu respektieren und selber entsprechende Nutzungsbefugnisse bei diesen fremden Quellen einzuholen.

Auf publizierte Artikel und Kommentare in unserem Blog-Archiv widerspiegeln die Meinung der jeweiligen Autoren und entsprechen nicht notwendigerweise der Auffassung der SNB.

Die SNB ist die Inhaberin der Wort- und Wort-/Bildmarke Iconomix.

Privacy statement

This privacy statement explains which personal data we process in connection with our activities and operations, including the website. In particular, we inform you about why, how and where we process which personal data. We also inform you about the rights of persons whose data we process.

Additional privacy statements and other legal documents such as general terms and conditions, terms of use, or conditions of participation may apply to specific or supplementary activities and operations.

1. Further information and contact

The SNB is responsible for processing your personal data as described in this privacy statement. If you have any questions about the processing of your data, you can contact the SNB using the details below:

Swiss National Bank
Data Protection Office
Börsenstrasse 15
P.O. Box
8022 Zurich

You can also contact the SNB’s Data Protection Officer using the above details.


2. Definitions and legal basis


Personal data are any information relating to an identified or identifiable natural person. A data subject is a person whose personal data we process.

Processing includes any handling of personal data, irrespective of the means and procedures used, e.g. consulting, aligning, adapting, archiving, keeping, retrieving, releasing, acquiring, recording, collecting, deleting, disclosing, structuring, organising, storing, modifying, disseminating, combining, destroying and using personal data.

Legal basis

We process personal data in accordance with Swiss data protection legislation such as, in particular, the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).

3. Type, scope and purpose

We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Such personal data may in particular fall into the following categories: inventory and contact data, browser and device data, content data, metadata/marginal data and usage data, location data and sales data, as well as contract and payment data.

We process personal data for the period required for the purpose(s) in question or by law. Personal data that no longer require processing are anonymised or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit such data to third parties. Such third parties are, in particular, specialised providers whose services we use. We also guarantee data protection when we work with such third parties.

We only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons. Processing without consent may, for example, be permissible in order to execute a contract with the data subject and for appropriate pre-contractual measures to safeguard our overriding legitimate interests; in cases where processing is obvious from the circumstances; or after having informed the data subject in advance.

In this context, we process, in particular, information that a data subject voluntarily provides to us when contacting us – for example by post, email, instant messaging, contact form, social media or telephone – or when registering for a user account. For instance, we may store such information in an address book or similar tools. If we receive data about other persons, the transmitting parties are obliged to guarantee the privacy of such persons and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, if and to the extent that such processing is permitted by law.

4. Personal data abroad

As a matter of principle, we process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular in order to process such data, or have such data processed, there.

We may disclose personal data to all states and territories on earth, provided that the laws of those countries guarantee an adequate level of data protection in accordance with the decision of the Swiss Federal Council.

We may disclose personal data in countries whose laws do not guarantee adequate data protection provided that an adequate level of data protection is otherwise ensured. Adequate data protection may be ensured, for example, via suitable contractual agreements, on the basis of standard data protection clauses or via other suitable guarantees. Exceptionally, we may export personal data to countries that do not guarantee an adequate or suitable level of data protection if the specific requirements set out in data protection law – for example, the express consent of the data subjects or a direct connection with the conclusion or performance of a contract – are met. Upon request, we will be happy to provide data subjects with information about guarantees or to provide a copy of such guarantees.

5. Rights of data subjects

Rights under data protection law

We grant data subjects whose personal data we process all the rights provided for under the applicable data protection legislation. In particular, data subjects have the following rights:

  • Information: Data subjects may request information about whether we process their personal data, and, if so, which personal data are concerned. Data subjects also receive the information required to be able to exercise their rights to data protection and ensure transparency. This includes the processed personal data per se, but also information about the purpose of the processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and restriction: Data subjects may have incorrect personal data corrected and the processing of their data restricted.
  • Deletion and objection: Data subjects may have their personal data deleted (‘right to be forgotten’) and may object to the processing of their data.
  • Data portability: Data subjects may request the delivery of personal data or the transfer of their data to another controller.

We may delay, restrict or deny the exercise of the rights of data subjects to the extent permitted by law. We may inform data subjects of any conditions that may have to be met for the exercise of their rights under data protection law. For example, we may partly or completely refuse to provide information on trade secrecy grounds or in order to protect other persons. We may, for instance, also refuse to delete personal data, in whole or in part, due to statutory retention obligations.

In exceptional cases, the exercising of rights may generate costs. We inform data subjects in advance of any such costs.

We are obliged to use appropriate measures to confirm the identity of data subjects who request information or assert other rights. Data subjects are obliged to cooperate.

Right to complain

Data subjects are entitled to enforce their rights under data protection law through the courts or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data security

We take suitable technical and organisational measures to guarantee a level of data security appropriate to the risk in question. However, we cannot guarantee absolute data security.

Our website is accessed using transport encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, or HTTPS). In most browsers, transport encryption is indicated by a padlock in the address bar.

7. Use of the website


We may use cookies. Cookies – both our own cookies (first-party cookies) as well as cookies from other parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies can be stored in your browser temporarily as session cookies or for a specific period as permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies are stored for a specific period of time. Cookies make it possible, in particular, for your browser to recognise our website the next time you visit and thus, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.

Cookies can be completely or partially deactivated and deleted at any time in your browser settings. However, without cookies, you may no longer be able to access all the features and functions of our website. We actively request your express consent for the use of cookies – if and to the extent necessary.

In the case of cookies used to measure performance and reach or for advertising, a general opt-out is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Server log files

We may record the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, and website last accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. The information is necessary in order for us to provide our website in a sustainable, user-friendly and reliable manner as well as to ensure data security and thus, in particular, the protection of personal data – including by or with the help of third parties.

Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to capture the same information as server log files.

8. Notifications and messages

We send notifications and messages via email and other communication channels such as instant messaging or SMS.

Performance and reach measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also record the use of notifications and messages in a person-related form. We need this statistical recording of use for performance and reach measurement, which in turn enables us to send notifications and messages based on the requirements and reading habits of the recipients in an effective and user-friendly as well as sustainable, secure and reliable manner.

In particular, we use:

Consent and objection

As a matter of principle, you must expressly consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. Wherever possible, we use a ‘double opt-in’ procedure, i.e. you will receive an email containing a web link that you must click on to confirm, in order to prevent misuse by unauthorised third parties. We may log such consents, including IP address, date and time, for evidentiary and security purposes.

As a matter of principle, you may object to receiving notifications and messages, such as newsletters, at any time. By objecting, you can simultaneously object to the statistical recording of your usage for performance and reach measurement. However, we reserve the right to send all necessary notifications and messages in relation to our activities and operations.

Service providers for notifications and messages

We send notifications and messages with the help of specialised service providers.

In particular, we use:

9. Social media

We are present on social media and other online platforms in order to communicate with interested parties and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The general terms and conditions and terms of use, as well as privacy statements and other provisions of the individual operators of such platforms, also apply in each case. In particular, these provisions provide information on the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

10. Third-party services

We use the services of specialised third parties in order to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. With such services, we may, among other things, embed features and content in our website. With such embedding, the services used have to record the IP addresses of users, at least temporarily, for essential technical reasons.

For necessary security, statistical and technical purposes, third parties whose services we use may aggregate, anonymise or pseudonymise data in relation to our activities and operations. This includes, for example, performance or usage data in order to be able to offer the relevant service.

In particular, we use:

Social media functions and social media content

We use third-party services and plugins to embed features and content from social media platforms, and also to enable content sharing on social media platforms and via other channels.

In particular, we use:

Digital audio and video content

We use services provided by specialised third parties to enable the direct playback of digital audio and video content such as music or podcasts.

In particular, we use:


We use third-party services to embed selected fonts, icons, logos and symbols in our website.

In particular, we use:

11. Performance and reach measurement

We use services and programs to determine how our online offering is used. In this context, we can, for example, measure the performance and reach of our activities and operations as well as the impact of third-party links to our website. For example, we may also test and compare how different versions of our online offering, or parts of our online offering, are used (‘A/B test’ method). Based on the results of the performance and reach measurement, we can in particular correct errors, enhance popular content or make improvements to our online offering.

When using services and programs for performance and reach measurement, the IP addresses of individual users must be stored. IP addresses are truncated (‘IP masking’) in order to observe the principle of data minimisation via appropriate pseudonymisation and thus improve data protection for users.

When using services and programs for performance and reach measurement, cookies may be used and user profiles may be created. User profiles include, for example, the pages visited or the content viewed on our website, information on the size of the screen or browser window and the – at least approximate – location. User profiles are generally created in pseudonymised form only. We do not use user profiles to identify individual users. Individual services of third parties with which users are registered may be able to assign the use of our online offering to the user account or user profile of the respective service.

12. Final provisions

We may amend or supplement this privacy statement at any time. We will inform you about any such changes and additions in an appropriate form, in particular by publishing the current privacy statement on our website.