Privacy Policy Swiss Life Pension Services

Swiss Life Ltd provides the following pension management services for employee benefits institutions under  the name Swiss Life Pension Services (hereinafter “SLPS”, “we” or “us”):

• Technical administration, commercial accounting, securities accounting and management of an  employee benefits institution
• Support and comprehensive advice in the management of an employee benefits institution
• Training for boards of trustees and pension fund employees and analysis of all employee benefits institution processes (pension governance)
• Valuations in line with international accounting standards

We process personal data in connection with these services. The following persons in particular (referred to as “you”) are affected by this:

• Insured persons of employee benefits institutions which receive services from SLPS;
• Dependants of insured persons (e.g. current and former spouses, life partners, parents, siblings and children), supported persons and other beneficiaries;
• Past, current and future employers and/or their contact persons;
• Authorised representatives (e.g. legal representative);
• Contact persons of social and private insurers, employee benefits and vested benefits institutions,  reinsurers, suppliers and partners as well as authorities and offices.

SLPS takes the protection of your privacy and personal data very seriously. This includes ensuring that we  protect your personal data adequately and consistently, and safeguard the confidentiality, integrity and availability of your data. To this end we undertake to protect the data received from you against accidental or deliberate manipulation, full or partial loss, destruction or unauthorised third-party access by means of technical and organisational security measures.

This privacy policy explains how we process your data if you or your employee benefits institution use or are  affected by our services or if you are otherwise connected with us under a contract.

Further information on data protection in relation to individual products or business activities of Swiss Life,  as well as on the processing of your data on our website can be found at https://www.swisslife.ch/privacy.

Swiss Life Ltd (General-Guisan-Quai 40, 8022 Zurich) is responsible for the data processing described in this  privacy policy subject to other information in individual cases (e.g. in further privacy policies, on forms or in contract conditions).

If your employee benefits institution processes personal data itself, it is responsible for compliance with its obligations under data protection law. Information on the data processing carried out by your employee benefits institution can be found in the latter’s privacy policy.

It is also possible that your employee benefits institution has only commissioned SLPS with commercial administration and/or securities accounting, or that it has received software services from SLPS. In such cases, we are considered to be processors in the sense of data protection law. Accordingly, the commissioning employee benefits institution is also the controller for data processing in this regard. For information on data processing, you should also consult the privacy policy of the relevant employee benefits institution in these cases.

If you have any questions or concerns regarding data protection law in connection with the processing of  your personal data by SLPS, you can contact the following office:

 Swiss Life Ltd                                                                                                                                                                   Data Protection Officer                                                                                                                                               General-Guisan-Quai 40                                                                                                                                                       P.O. Box                                                                                                                                                                                   8022 Zurich

 E-mail: datenschutz@swisslife.ch

We process different data from different sources. Information on the categories of this data can be found here in cl. 3 and information on the purposes of its processing can be found in cl. 4. We usually receive this  data directly from you or from your employee benefits institution or employer, but under certain  circumstances also from other employee benefits institutions or social insurers and other third parties.

If you act on behalf of third parties or provide us with third-party data, we assume that you are authorised to do so by the respective third parties and that you have expressly informed these third parties of our data protection information for the processing of personal data. We process the following categories of data, but this list is not exhaustive:

3.1. Master data

Master data refers to the basic data that we need for the processing of our business relationships. We process master data, e.g. of insured persons, relatives, authorised representatives or beneficiaries of an  insured person, our customers, contact persons (e.g. banks, employee benefits or vested benefits  institutions, suppliers and authorities) and recipients of communications (e.g. in the context of invitations to events).

For example, we process the following master data:

• Title, last name and first name, gender and date of birth
• Address, contact details such as e-mail address and telephone and mobile numbers
• Nationality and place of origin
  
• Family data (e.g. marital status, number of children)
  
• Information from identification data (e.g. from your passport or ID)
• Your contract and insured person’s no.
  
• In accordance with legal stipulations, the AHV/AVS number
• Information on employment (e.g. employer, salary, function, start of employment)
• Details of self-employment or employment
  
• Entry benefit credit and all associated information
• For company contact persons, also relationships with the company for which you work
• Information on language and further information from pension documents

If we receive health-related data from the insured person or from (social) insurance companies as part of our service, we may also process such personal data.

3.2. Benefit data

Benefit data is information that is generated in connection with the preparation, processing and termination of an employee benefits relationship, e.g. information in connection with retirement or vested benefits,  payments and court orders.

This may also include health data and information about third parties. We may also collect data from other bodies in this context.

We process the following data, for example:

• Information on the type, duration and conditions of the employee benefits relationship in question
• Information on the claim (e.g. state of health, benefits applied for from employee benefits institutions and social insurance)
• Information on entitlement (e.g. amount of entitlement but also details of beneficiaries)
• Information on payment methods, invoices, contacts with us, complaints, feedback

3.3. Financial data

Financial data is information relating to financial circumstances, payments and the enforcement of claims, e.g. in connection with the financial circumstances of the insured person.

3.4. Communication data

Communication data is data in connection with our communication with you, e.g.

• Name and contact details such as e-mail address and telephone number
• Content of correspondence (e.g. e-mails, written correspondence, telephone conversations, etc.)
• Information on the type, time and location of the communication and other marginal data of the communication.

3.5. Other data

We may also collect data from you in other situations that we are unable to describe exhaustively in this  privacy policy. In connection with official or judicial proceedings, for example, data (such as files or evidence) are generated that may also relate to you. 

We may also collect data about who enters certain buildings and when they have access rights (including access controls, based on registration data or visitor lists etc.) or who takes part in events or promotions (e.g.
competitions) and who uses our infrastructure and systems and when.

We use the personal data collected by us primarily to carry out the tasks contractually assigned to us by  employee benefits institutions or employers. In particular, this includes carrying out technical administration, commercial accounting, securities accounting, management services and valuations in accordance with international accounting standards. In the case of employee benefits relationships, this also includes reviewing and processing claims, including coordination with other insurers, such as disability insurance.

In addition, we process personal data for other purposes insofar as we have a corresponding legitimate interest in doing so:

• For communication purposes, i.e. to contact you and maintain contact with you. This includes
  answering queries and contacting you if you have any queries, e.g. by e-mail.
• For legal protection and for our risk management: We may also process personal data in connection with legal disputes and in order to defend ourselves against any claims in court, before or out of court and before authorities in Switzerland and abroad. For example, we must also take measures against improper use.
• To meet legal and regulatory requirements and to comply with directives and recommendations issued by authorities and internal regulations (“compliance”): This includes, for example, the handling of complaints and other notifications, the fulfilment of duties to provide information, inform or report, compliance with orders issued by a court or public authority, measures to detect and clarify misuse and in general measures with which we are obliged to comply under applicable law or industry standards.
• We may also process your data for security purposes and for access control. We continuously review and improve the appropriate security of facilities and buildings and our IT.
• We also process data of contact persons from employee benefits institutions notified to us for the purpose of maintaining relationships.

If we ask for your consent for certain processing, we will inform you separately of the corresponding purposes of the processing. You can revoke your consent at any time with future effect.

Your personal data may be disclosed to the following categories of recipients insofar as this is necessary for the purposes set out in cl. 4:

• Employee benefits institutions which have commissioned SLPS to carry out tasks, as well as possibly  employers affiliated to these employee benefits institutions;
• Private and social insurance;
  
• Authorities, register offices, courts and offices;
• Other third parties, such as acquiring employee benefits institutions or banks;
• Service providers of Swiss Life Ltd (e.g. IT service providers, address and dispatch service providers, communication or printing service providers, facility management service providers etc.).

The customer administration systems of SLPS are currently hosted in Switzerland.

However, personal data may also be processed outside Switzerland. This may be the case if a data recipient is
located abroad. It cannot therefore be completely ruled out that the processing of personal data also takes place in countries outside the EU or the European Economic Area or globally (e.g. in the USA or on other continents). However, if the countries concerned do not have a level of data protection equivalent to Swiss law, we take contractual security precautions and generally use the standard contractual clause (further information can be found at https://www.edoeb.admin.ch), unless an exception applies (e.g. in legal proceedings abroad, in cases of overriding public interest, if the processing of a contract requires
such disclosure or if the data subject has given their consent). If further measures are required as a result of a specific instance of data transmission, we will also take this into account appropriately. Please note that while contractual provisions may partially compensate for weaker or missing legal protection, they cannot fully exclude all risks (e.g. of government interventions abroad). 

We store and process your personal data for as long as necessary for the purpose of the processing, as long  as we have a legitimate interest in its storage (e.g. to enforce or defend legal claims, for archiving, for  accounting after the end of the contract and for ensuring IT security) and as long as data is subject to a  statutory retention obligation. If there are no legal or contractual obligations, we will destroy or anonymise your data after the storage or processing period has expired as part of our usual procedures.

You have certain rights as defined by the relevant legal conditions and framework:

• To request information from us as to whether and which data we process about you;
• To have data corrected by us if it is inaccurate;
  
• To object to our processing and to request the deletion of data if we are not obliged or entitled to process it further;
• To ask us to hand over certain personal data in aconventional electronic format or transfer the data to another controller;
• To revoke your consent if our processing is based on your consent.
• If you wish to exercise any rights in respect of us, please contact us in writing or by e-mail (contact details listed in cl. 2). In order to rule out misuse, we need to identify you.

If you do not agree with our handling of your rights or data protection, please let us know as specified under cl. 2. You can contact the Swiss supervisory authority at https://www.edoeb.admin.ch.

This privacy policy is for your information and does not form part of the contract. We reserve the right to modify this privacy policy at any time without prior notice, especially to take account of current statutory provisions and changed business procedures. The version published on our website applies in each case.

Last update: August 2023