12
If you are located in Switzerland: The countries recognized by Switzerland as adequate are Andorra, Argentina, Austria,
Belgium, Bulgaria, Canada (commercial organizations only), Croatia, Cyprus, Czech Republic, Denmark, Estonia, Faroe Islands,
Finland, France, Germany, Gibraltar, Greece, Guernsey, Hungary, Iceland, Ireland, Isle of Man, Israel, Italy, Jersey, Latvia,
Liechtenstein, Lithuania, Luxembourg, Malta, Monaco, Netherlands, New Zealand, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, United Kingdom, Uruguay.
For transfers from the UK, Switzerland and the EEA, and KSA to countries not considered adequate by the European
Commission, UK, or Switzerland, we have put in place adequate measures, such as standard contractual clauses adopted by
the European Commission, Switzerland, UK, and KSA to protect Personal Data.
Given the global nature of the Company’s activities, the Company may transfer your Personal Data to countries located outside
of the EEA, UK, Switzerland or KSA . Some of these countries are recognized by the European Commission as providing an
adequate level of protection according to EEA standards (the full list of these countries is available within the European
Commission site. With regard to transfers from the EEA, UK, Switzerland or KSA to other countries, we have put in place
adequate measures, such as standard contractual clauses adopted by the European Commission to protect your information.
Employees and Contractors in the EEA may obtain a copy of these measures by using the European Commission site
here: https://commission.europa.eu/index_en
Updates to This Privacy Notice
We may change this Privacy Notice, including the list of BofA EU/UK/Swiss/KSA Entities, from time to time. The “LAST
UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will
become effective when we post the revised Privacy Notice. Use of the Services following these changes (or your continued
provision of Personal Data to us) signifies acceptance of the revised Privacy Notice.
Contacting Us
The BofA EU/UK/Swiss/KSA Entity who provides the Services in connection with which your Personal Data has been provided
is the company responsible for collection, use and disclosure of your Personal Data under this Privacy Notice.
If you do not know which BofA EU/UK/Swiss/KSA Entity is responsible for those Services or you have any questions about this
Privacy Notice, please contact your Client Relationship Manager. You may also contact our Data Protection Officer for EU/UK
Swiss/KSA at
You can also find contact details for our Affiliates by following this link:
https://business.bofa.com/content/boaml/en_us/contactus.html
To help us to manage your query, please include your full name and the name of the BofA EU/UK/Swiss/KSA Entity you
understand is processing your Personal Data and/or any reference number that was made available by a BofA
EU/UK/Swiss/KSA Entity to you.
Additional Information for Germany
For enquiries about your Personal Data processed or controlled by Bank of America N.A. Frankfurt branch or Bank of America
Europe Designated Activity Company, Zweigniederlassung Frankfurt am Main or to exercise rights granted by the Federal Data
Protection Act, you can also contact the Data Protection Officer at Taunusanlage 9-10, 60329 Frankfurt am Main, directly at
Additional Information for France
Under French law, in addition to the above, individuals shall have the right to set guidelines regarding the retention, erasure
and disclosure of their Personal Data after their death. Such right can be exercised by contacting us as set out in the ‘Choices
and Access’ section above.
Appendix 1 – BofA EU/UK/Swiss/KSA Entities
(a)
1. BAL Global Finance (Deutschland) GmbH