Privacy policy for occupational provisions and group life insurance for occupational provisions (incl. vested benefit policies)

Within the framework of the occupational provisions and group life insurance (including vested benefit  policies) offered by the Swiss Life Collective BVG Foundation, the Swiss Life Collective Foundation for  Complementary Pensions, the Swiss Life Collective Foundation 2nd Pillar, the Swiss Life Collective Occupational Pension Foundation, the Swiss Life Collective Foundation Invest (each c/o Swiss Life Ltd, General-Guisan-Quai 40, 8002 Zurich; collectively referred to as the “Swiss Life Collective Foundations”) and Swiss Life Ltd (General-Guisan-Quai 40, 8002 Zurich), the Swiss Life Collective Foundations and Swiss Life Ltd (collectively referred to as “Swiss Life” or “we”) process personal data.

Swiss Life takes the protection of your privacy and personal data very seriously. Accordingly, the relevant principles of data protection legislation, the Insurance Policies Act, insurance supervisory legislation, the special data protection provisions of the Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (“BVG”) and other regulatory requirements apply in everyday practice at Swiss Life.

This includes ensuring that Swiss Life protects your personal data adequately and consistently, and safeguards the confidentiality, integrity and availability of your data. To this end we undertake to protect the data received from you against accidental or deliberate manipulation, full or partial loss, destruction or
unauthorised third-party access by means of technical and organisational security measures. The controls used for this are based on the globally recognised information security standard ISO/IEC 27001. We also undertake to ensure the rapid recovery and availability of your data and access thereto in the event of a physical or technical incident. Our security measures are continuously developed and enhanced in accordance with technological developments.

This privacy policy provides you with an overview of the processing of personal data by Swiss Life. This 
description is not exhaustive. Matters relevant to data protection may also be dealt with in other specific privacy policies, regulations, group life insurance contracts, general policy conditions and terms and  conditions of business, conditions of participation and similar documents. In the event of any  contradictions, the specific privacy policies of the regulations or group life insurance contracts shall take precedence over this policy with regard to data protection.

Further information on data protection in relation to individual products or business activities of Swiss Life, as well as on the processing of your data on our website can be found at https://www.swisslife.ch/privacy.

2.1  Data processing in connection with the Swiss Life Collective Foundations

If you are a beneficiary of a Swiss Life Collective Foundation (see section 1), the relevant Swiss Life Collective Foundation or Swiss Life Ltd is responsible for the data processing described in this privacy policy.

2.2  Data processing in connection with group life insurance outside the Swiss Life Collective Foundations

If you are insured with Swiss Life Ltd as part of a group life insurance policy (outside the Swiss Life  Collective Foundations), Swiss Life Ltd is responsible for processing data in the context of the services it offers and/or provides.

2.3  Data processing in connection with vested benefit policies

If you have a vested benefit policy for which Swiss Life Ltd is the insurer, Swiss Life Ltd is responsible for processing data within the scope of the vested benefits insurance it offers or provides.

2.4  Contact details of the controllers

If you have any questions or concerns under data protection law regarding the processing of your personal data by a Swiss Life Collective Foundation and/or Swiss Life Ltd, please contact the following office:

 Swiss Life Ltd                                                                                                                                                                   Data Protection Officer                                                                                                                                                 General-Guisan-Quai 40                                                                                                                                                     P.O. Box                                                                                                                                                                           8022 Zurich

 E-mail: datenschutz@swisslife.ch

We may process the following categories of personal data for the purposes set out in section 4:

• Master data: e.g. first and last names, address, country of domicile, gender, date of birth, age, (social) insurance numbers, marital status, languages, nationality, residence permit, e-mail address, telephone numbers, occupation, employer, level of employment, salary, health data, family members and other beneficiaries;
• Data from applications and offers including any supplementary questionnaires: e.g. details provided by the applicant concerning the insured risk, answers to questions, health data, expert reports, details of the previous insurer such as claims experience to date;
• Contract, claim and benefit processing data: e.g. data on the contract of affiliation and pension plan, amount of your retirement savings, details of any purchases, early withdrawals or pledges for home  ownership and pension compensation as a result of divorce, details of insured and current benefits, data in connection with applications, requests and insured events (in particular retirement, disability and death), including associated data on state of health as well as medical reports, expert reports and  details of any proceedings and benefits from other (social) insurers, details of limitations for pre-existing conditions;
• Financial data: e.g. income data, account data, selected investment strategies, asset situation,  information you provide to us in connection with the risk profile;
• Payment data: e.g. payment method data, date and amount of incoming payments, outstanding and paid invoices, reminders; 
• Communication data: e.g. type, time and place of communication and its content; 
• Data in connection with online communication with Swiss Life: When using our customer portal, this includes in particular the IP address, access data and detailed information on use such as behavioural and preference data;
• Data in connection with legal proceedings and disputes: e.g. data concerning complaints and differences in benefits or related contracts;
• Data from publicly accessible sources: e.g. data from the debt collection register, land registers,  commercial register, the press or internet, or data from other companies within the Swiss Life Group,  from authorities or other third parties.

We usually receive personal data in the above-mentioned categories from you, from your employer and  your reinsured employee benefits institution (e.g. master or contract data) but also potentially from third parties such as contractual partners, your family members, address service providers (master data), credit  reporting agencies and other information service providers (e.g. master and financial data), representatives of yourself and other persons associated with you, and other sources (e.g. the media or internet).

If you act on behalf of third parties or provide us with third-party data (e.g. when designating  eneficiaries), we kindly ask you to inform these third parties in advance about our processing of their personal data. We also ask you not to disclose to us any personal data of third parties without their consent.

Swiss Life processes personal data within the framework of occupational provisions and group life insurance  (incl. vested benefit policies) for the following purposes:

4.1  Implementation of occupational provisions and/or group life insurance (incl. vested benefit policies)

Your personal data is processed for the purpose of implementing occupational provisions and group life  insurance (incl. vested benefit policies), which includes in particular the following sub-purposes:

• Processing and managing offers and contracts;
• Staff orientation (in connection with an employer’s affiliation with a Swiss Life Collective Foundation or with a foundation reinsured with Swiss Life Ltd); 
• Risk assessment; 
  
• Administration of insured persons and beneficiaries (e.g. processing of admittance, departure, address  changes, benefit or beneficiary changes and other changes);
• Assessing and calculating entitlements to benefits; 
• Answering your queries and concerns;
• Calculation and collection of contributions and premiums;
• Pricing; 
  
• Advising insured persons and other beneficiaries;
• Providing benefits and processing payment transactions;
• Drawing up the investment and risk profile and implementing the selected investment strategy if an individual investment strategy can be selected within the scope of the employee benefits and/or insurance relationship;
• Preparing certificates and documentation in connection with the employee benefits and/or insurance relationship;
• Providing information to and notifying the responsible supervisory authorities within the framework of  the statutory duty to provide information (see also section 4.3 below);
• Communicating with the affiliated employer, the insured person and any other beneficiaries and providing information to the employer in accordance with the statutory and contractual provisions;
• Contacting the insured persons and beneficiaries and issuing documents concerning the implementation of occupational provisions and group life insurance; 
• Asserting rights of recourse against liable third parties.

For these purposes, we process in particular master data, contract, claims and benefit processing data, payment data and communication data. Health data may also be processed for risk assessment purposes.

4.2  Legal obligations and combating abuse

The processing of personal data is necessary to comply with legal and regulatory requirements. For this  purpose we process, in particular, master data, contract data and financial data, as well as behavioural and communication data.

If insurance fraud is suspected, we are entitled, subject to the principles of proportionality and data  protection, to process personal data and pass it on to other insurers in Switzerland and abroad as well as to courts and authorities for the purpose of detecting or preventing insurance fraud.

4.3  Market research purposes and investigations

Swiss Life uses personal data to an appropriate extent for voluntary participation in surveys and  investigations for market research purposes and to evaluate customer satisfaction. We use these results to actively address customer concerns and continuously improve internal processes.

The answers from all the survey respondents are consolidated, evaluated anonymously and used for  statistical purposes (no interviews are conducted with open or covert advertising, sales or business  intentions).

4.4  Data processing on the Swiss Life portals

Swiss Life provides a range of online customer portals for the use of customers, insured persons and other
beneficiaries, employers and brokers. The following portals are available for the implementation of the  services offered by Swiss Life in connection with occupational provisions and group life insurance:

• Swiss Life customer portal as a pension and financial portal; 
• Swiss Life myLife as a self-service portal for affiliated employers;
• The VPP distribution partner network as a distribution platform for pension and financial solutions for  brokers, partners and independent insurance consultants engaging in a distribution partnership with  Swiss Life;
• Swiss Life Business Direct as a web-based offer system for occupational pension, short-term disability  benefit and accident insurance solutions for SMEs. Swiss Life collects and processes personal data about the employer and beneficiaries for the purpose of their identification and the correct evaluation of the risks to be insured. If you take out short-term disability benefit insurance [A1] with Helsana  Supplementary Insurances Ltd or accident insurance with Helsana Accidents Ltd [A2] via our portal, they, as your contractual partner, are independently responsible for data processing.

Personal data can be accessed on these Swiss Life portals which can be processed within the scope of the  respective portal’s functions. Such processing is used for the administrative implementation of the  occupational provisions and group life insurance offered by Swiss Life.

4.5  Other processing purposes

Your data is processed beyond the actual fulfilment of the contract or mandate if this is necessary to uphold Swiss Life’s legitimate overriding interests or those of third parties. Examples include:

• Processing of personal data for the purpose of protecting data, secrets and assets;
• Processing of personal data (including temporary video recordings) for the security of systems and  buildings;
• Processing of personal data for optimising and ensuring the functioning and security of the website(s)  and other IT systems, preventing fraud, misdemeanours and crimes, as well as investigating such  offences and other unlawful conduct, handling legal action and asserting, exercising or defending legal claims.

Your personal data may be disclosed to the following categories of recipients insofar as this is necessary for  the purposes set out in section 4:

• Swiss Life Group companies (for details see www.swisslife.com/en/home/about-us.html);
• Employers affiliated to a Swiss Life Collective Foundation or a foundation reinsured with Swiss Life Ltd;
• Insured persons and beneficiaries;
• Brokers and insurance intermediaries;
• Previous insurers, co-insurers and reinsurers;
• Social insurance schemes; 
  
• Authorities, register offices, courts and offices;
• Other third parties, e.g. banks;
• Internal and external service providers of Swiss Life (e.g. IT service providers, address and shipping service providers, marketing, distribution, communication or printing service providers, service  providers in building management, credit reporting agencies, debt collection service providers, consulting firms, auditors, etc.).

The aforementioned recipients may be located abroad (e.g. if the insured person or beneficiary is not  domiciled in Switzerland or the address for service is not in Switzerland, when transmitting personal data to banks and other bodies in connection with assets located abroad, when purchasing IT services from abroad, in foreign legal proceedings, etc.). Personal data may therefore be processed anywhere in the world,  including outside the EU or the European Economic Area (e.g. in the USA or in other continents). Not all of these countries have a level of data protection equivalent to Swiss law. We therefore take contractual precautions and generally make use of standard contractual clauses (further information can be found at  www.edoeb.admin.ch), unless an exception applies (e.g. in legal proceedings abroad, in cases of overriding  public interest, if the processing of a contract requires such disclosure, or if the data subject has given their consent). If further measures are required as a result of a specific instance of data transmission, we will also  take this into account appropriately. Please note that while contractual provisions may partially compensate for weaker or missing legal protection, they cannot fully exclude all risks (e.g. of government interventions  abroad).

In addition, the transmission and disclosure of data to third parties (including authorities and other social insurance schemes) takes place in compliance with the special provisions contained in the BVG.  

The provisions of special law under Art. 3 of the Vested Benefits Ordinance (“FZV”) are taken into account when transmitting medical data in the case of vesting. 

Swiss Life does not make any automated individual decisions based on personal data. Should this change in  the future, Swiss Life will ensure transparency and the associated rights. If we notify you of an automated  decision in a specific instance, you have the right to state your position and to request that the decision be reviewed by a natural person.  

Data is stored for as long as the processing purposes, statutory retention periods and legitimate interests of  the respective Swiss Life Collective Foundation or Swiss Life Ltd in processing for documentation and  evidence purposes require, or storage is technically necessary. The storage duration is based on legal and  internal regulations and the processing purposes (section 4). If these purposes have been achieved or no  longer apply and there is no longer any obligation to retain your data, we will delete or anonymise the data  as part of the usual procedures at Swiss Life.

You have certain rights as defined by the relevant legal conditions and framework:

• To request information from us as to whether and which data we process about you;
• To have data corrected by us if it is inaccurate; 
• To object to our processing and to request the deletion of data if we are not obliged or entitled to process it further; 
• To ask us to hand over certain personal data in a conventional electronic format or transfer the data to another controller;
• To revoke your consent if our processing is based on your consent.

If you wish to exercise any rights against us, please contact us in writing or by e-mail (contact details listed in section 2). In order to rule out misuse, we will need to identify you.

If you do not agree with our handling of your rights or data protection, please let us know as specified under section 2. You can contact the Swiss supervisory authority at https://www.edoeb.admin.ch.

Should the provision or disclosure of information be manifestly unfounded or not possible, in particular due  to a law, a judicial order, overriding interests of third parties or for other reasons, we are entitled to refuse, restrict or postpone such provision or disclosure of information. 

This privacy policy is for your information and does not form part of the contract. Swiss Life reserves the  right to modify this privacy policy at any time without prior notice, especially to take account of current  statutory provisions and changed business procedures. The version published on our website applies in each  case.

Last update: August 2023