Privacy Policy

I. General Privacy Policy of GEMINI Collective Foundation and GEMINI Collective Foundation 1e

(Version September 2023)

Data protection is a high priority for the GEMINI Collective Foundation and the GEMINI Collective Foundation 1e (hereinafter called “GEMINI”, “we” or “us”). In this Privacy Policy, we explain how and for what purpose we collect and process (e.g. store, use, transmit, etc.) personal data from you in connection with the provision of occupational benefits and our related services and other activities, including the management of real estate, to whom we disclose your personal data, as well as your rights arising in this context from data protection legislation or other legal bases.

Personal data refers to all information about personal or factual circumstances that relate to an identified or identifiable natural person (e.g. name, address, e-mail address, etc.). In this Privacy Policy, we also use the terms “your data” or “your personal data”.

We are committed to handling your personal data responsibly. Therefore, we process personal data strictly in compliance with the Swiss Federal Law on Occupational Retirement, Survivors’ and Disability Benefit Plans (BVG), the Swiss Federal Law on Vested Benefits in Occupational Old-Age, Survivors’ and Disability Benefit Plans (FZG), the Swiss Federal Act on Data Protection (FADP) (Datenschutzgesetz, DSG), as well as the associated ordinances and other Swiss data protection regulations that may be applicable.

In this Privacy Policy we explain:

  • the type of personal data we collect and process;

  • the purposes for which we use your personal data;

  • who has access to your personal data;

  • for how long we process your personal data;

  • the rights you have with respect to your personal data; and

  • how to contact us.

 

This Privacy Policy covers the collection, both online and offline, of personal data in connection with our business activities, including those which we receive from various sources, e.g. from your employer, from public authorities and from other third parties (e.g. medical examiners).

In the following we provide you with detailed information. which is divided into a general part on data processing and a specific part which covers the provision of insurance services.

Please note that this Privacy Policy does not contain an exhaustive description of our data processing activities and that individual matters may be governed in whole or in part by specific privacy statements, general terms and conditions, fact sheets or similar documents (with or without reference in this Privacy Policy).

1. Controller and data protection advisor

1.1 Controller

Responsibility for data processing according to data protection law lies with:

 

GEMINI Collective Foundation
GEMINI Collective Foundation 1e
c/o Treuhand- und Revisionsgesellschaft
Mattig-Suter und Partner
Bahnhofstrasse 28
6430 Schwyz
Tel.: +41 41 819 54 00

If you have any concerns or queries related to this Privacy Policy, please use the contact information indicated in section 1.1. If you have concerns or queries related to the provision of our services, please contact: service@gemini.ch.

With regard to the use of our websites and the associated processing of your personal data, we refer to the Privacy Policy on our websites.

1.2 Data protection advisor

The contact details of our data protection advisors are:

GEMINI Collective Foundation                                                       
Data protection advisor                                                         
c/o Vischer AG                                                                         
Aeschenvorstadt 4                                                                           
4010 Basel                                                                                

 GEMINI Collective Foundation 1e
Data protection advisor
 c/o Advokatur Fanger
Sempacherstrasse 5
6002 Luzern

2     Data protection in general

2.1 Personal data processed by us

GEMINI processes a variety of personal data regardless of the means by which individuals contact us, e.g., by telephone, via a website, an application, a social network, at an event, etc. In particular, this involves personal data

  • that we collect in connection with our business activities in mandatory or supplementary pension provision from members and their dependants (e.g. current and former spouses, life partners, parents, children, and other beneficiaries), authorised representatives (e.g. legal representatives), future members, interested parties, service providers, or from other persons involved in the course of business activities;

  • that we collect from former, current or future employers or their contacts; from the employers’ family members and their employees;

  • that we collect from members of our bodies;

  • that we collect during the use of our websites;

  • that we collect from visitors to our offices;

  • that we collect when you contact us via e-mail / contact form / quote form / other forms or newsletters;

  • that we receive in the context of an authorisation;

  • that we are legally or contractually obliged to collect;

  • that we collect from authorities and other third parties (medical examiners, social security institutions and private insurance companies, other employee and vested benefits institutions, suppliers and partners).

Depending on the nature of the relationship, we process personal data from you such as:

  • Contact data, inventory data and identification data, for example, surname, first name, address, e-mail address, telephone number;

  • Personal details such as date of birth, gender, nationality, place of birth, place of origin, residence status, marital status, details from identification data (e.g. passport or ID), beneficiaries, language, data on dependants, health data, family certificate, birth certificate, educational certificates, insurance number and social security number, contract number, any details on previous employee or vested benefits institutions;

  • Details in connection with the processing of benefit claims: Notification of a benefit claim, information on the cause of the benefit claim (e.g. accident, illness, date of the incident, etc.) and other information related to the verification and assessment of the benefit claim (e.g. highly sensitive personal data, information on persons involved and on third parties such as insurance companies, etc.), information on termination benefits and other benefit claims;

  • Information on third parties, in particular information on family members;

  • Contract data such as contract type, contract content, type of products and services, forecast data, applicable terms and conditions, contract start date, contract term, invoice data and details regarding other insurance policies;

  • Financial and employment data such as salary data, account information, payment information, payment history, credit standing, income, purchasing power, employment status, employment type, capacity for work;

  • Marginal data from telecommunications traffic such as telephone number, value-added service codes, date, time and duration of connection, type of connection, location data, IP address, and device identification numbers such as MAC address;

  • Interaction and usage data such as correspondence, preferences and target group information, type of device, device settings, operating system, software, and information from assertion of rights.

2.2 How do we obtain personal data?

2.2.1 Personal data that you disclose to us

We obtain personal data from you when you submit data to us or when you contact us. This may occur through various channels, such as the online portal for members, by which you communicate with us (e.g. e-mail, letters, phone, fax, etc.) or through your use of our website or other services which we offer as part of our business activities.

2.2.2 Personal data that we collect from third parties

We collect personal data in connection with the provision of occupational benefits in accordance with the relevant statutory provisions. In addition, we collect personal data from third parties with whom we collaborate to be able to carry out business activities within the scope of the provision of occupational benefits and other services. We also collect personal data from published sources.

We collect personal data from the following third parties, for example:

  • employers;

  • persons associated with you (e.g. family members, legal representatives, etc.);

  • medical experts, physicians and other service providers who make inquiries about your health;

  • private insurance companies and social security institutions, other employee and vested benefits institutions;

  • banks and other service providers involved in the provision of occupational benefits (e.g. brokers, reinsurance companies, etc.);

  • property owners, sellers, grantors of building rights, notary’s offices, land registry offices, etc.;

  • persons involved in the management of properties (e.g. other property management companies, owners of rental properties, estate agents, etc.);

  • credit agencies;

  • authorities, courts, political parties and other third parties, in connection with administrative and judicial proceedings;

  • Swiss Post, for address updates;

  • other service providers;

  • public registers (commercial register, debt collection register, etc.).

2.3 Purposes for which we process personal data

2.3.1 Provision of occupational benefits

Within the scope of the provision of occupational benefits, we process the data of active members that are provided to us by the employer as part of the entry process to ensure that all active members are duly registered and insured in accordance with the occupational benefits regulations. The data collected are processed to guarantee that contributions are calculated correctly and that active members receive the benefits to which they are entitled if a benefit claim arises or in the event of disability. In addition, the processing of personal data of GEMINI’s active members is necessary for the effective administration of insurance contracts, including the processing of payouts and communication with employees or your employer.

2.3.2 Other purposes

Moreover, we process your personal data and those from other persons, to the extent permitted and deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • management of our properties

  • provision and optimisation of our services as well as our website and other platforms on which we are present;

  • communication and processing of requests (e.g. via contact forms, e-mail, telephone or media requests);

  • advertising and marketing (including the hosting of events), insofar as you have consented to the use of your data (if you receive advertising from us as an existing customer, you may object to this advertising at any time. In this case we will put you on a blocking list to stop further advertising mailings);

  • market research, media monitoring;

  • assertion of legal claims and defence in connection with legal disputes and official proceedings;

  • ·any transctions under company law affecting GEMINI and the associated transfer of personal data;

  • prevention and investigation of criminal offences and other malpractice (e.g. conducting internal investigations, data analyses to combat fraud);

  • compliance with legal and regulatory obligations as well as GEMINI’s internal regulations;

  • warranties concerning our operations, in particular IT, our website and other platforms.

2.4 Legal basis of the processing

2.4.1 Mandatory occupational pension provision

In the context of mandatory occupational benefits provision, we generally process your personal data based on compliance with applicable laws, in particular:

  • the Swiss Federal Law on the Occupational Retirement, Survivors’ and Disability Benefit Plans (BVG);

  • the Swiss Federal Law on Vested Benefits in Occupational Old-Age, Survivors’ and Disability Benefit Plans (FZG);

as well as the associated ordinances. As a federal body, we process your personal data in this context within the scope of our statutory processing powers (e.g. Art. 85a ff. BVG).

2.4.2 Supplementary pension provision and other contexts

In the context of supplementary pension provision as well as other non-mandatory contexts, we process your data based on:

  • consent, to the extent you have given it to us, to process your personal data for specific purposes. We process your personal data within the scope of and based on this consent where we require such a legal basis in the absence of any other legal basis. Consent given can be revoked at any time, however this has no effect on data processing that has already taken place. You can send us a revocation by e-mail or by post to the (e-mail) address indicated in section 1.1. In addition, you may to revoke your consent at any time via the GEMINI online portal.

  • the conclusion or performance of a contract with your employer (affiliation agreement for the provision of occupational benefits), the related Framework Regulations and the pension plan, insofar as you belong to the group of members as defined in the Regulations,

  • the conclusion or performance of a contract with you or your request to do so (in the case of home financing contracts, for example),

  • an overriding interest (for example, to guarantee information security or data protection or to perform tasks in the public interest); however, in this case you may have the right to object,

  • a legal obligation (for example, in the case of documents or information that must be retained for a specific period of time).

3. Data protection in particular: Provision of occupational benefits

As part of the entry process, in response to a corresponding entry notification from your employer, we collect your personal data when you are admitted to the GEMINI as a member (hereinafter “active member”). Starting from the moment you receive a pension from us (e.g. retirement pension, disability pension, etc.), your status changes to “pension recipient”.

3.1 Personal data processed within the context of the provision of insurance services by GEMINI

The personal data processed by us within the context of the provision of occupational benefits include in particular:

  • Your master data (e.g. name, address, contact details, age, gender, marital status and, if applicable, date of marriage or divorce or date of registration or dissolution of partnership, insurance number, details of previous employee or vested benefits institutions, if applicable, and, within the scope of the statutory provisions, the AHV number),

  • Health data, which are submitted to us via the entry notification from your employer, as supplementary information from active members, in response to questions on the insured risk, as disclosures from third parties within the scope of a possible in-depth health check (in particular physicians, other specialists, experts, previous employee benefits institutions, insurance companies / social security institutions, etc.),

  • Information on third parties, insofar as they are also affected by the data processing (e.g. relatives (children) or beneficiaries),

  • Data on your employment or the respective contact person (e.g. company, name and address, function in the company, and, in particular, salary data and degree of employment),

  • Contract data, case data and data with regard to benefit claims that arise in connection with a possible or actual affiliation agreement or its termination, the admission of new members into the occupational benefits scheme or the performance of a contract. These also include, for example, information provided in connection with benefit claims (e.g. notification of the benefit claim, claim number, cause) or other benefits (e.g. payment of the termination benefit) as well as health data (e.g. onset of incapacity for work or death),

  • Financial data (e.g. income, buy-ins into occupational benefits and payment of termination benefits, divorce payments, EHO advance withdrawals and pensions, financial data of beneficiaries such as surviving spouses / registered partners and bank details, choice of investment strategy, selected savings plan).

These data are submitted to us via the entry notification from your employer, as supplementary information from active members, in response to questions on the insured risk, as disclosures from third parties within the scope of a possible in-depth health check (in particular physicians, other specialists, experts, previous employee benefits institutions, insurance companies / social security institutions, etc.).

3.2 Purpose of the processing of personal data within the context of the provision of insurance services

We process your personal data for the purpose of providing occupational benefits. In more detail, the following purposes are included:

  • conclusion and processing of an affiliation agreement with your employer,

  • admission of new members and maintaining one or more pension plan capital accounts for which we process, in particular, information on contributions, buy-ins, retirement assets and payouts,

  • verification and processing of benefit claims (retirement, disability, death) and, if applicable, payment of benefits.

4. Disclosure and transfer of personal data to third parties

If your personal data are not processed by us, but by processors or other responsible parties, we ensure full compliance with the legal requirements. As a rule, data are disclosed to third parties only:

  • if the disclosure is necessary for the provision of occupational benefits or the provision of other services by us,

  • if the disclosure is necessary for the contractual arrangement with you,

  • if the disclosure is permissible due to a balancing of interests,

  • if the disclosure is necessary due to legal obligations, or

  • with your explicit consent.

Within the scope of our business activities and for the above-mentioned purposes, we also disclose personal data to third parties, insofar as this is permitted and appropriate. This is the case either if such parties process the data for us (processing) or if they want to use it for their own purposes (data disclosure). This applies in particular to (all hereinafter referred to as “Recipients”):

 

  • employers (affiliated companies; however, no information about your health, your retirement assets or individual transactions such as buy-ins or advance withdrawals will be disclosed);

  • service providers who take over the management of the employee benefits institution as well as the technical administration and asset management on our behalf;

  • other service providers, including processors (such as external administrators or IT providers) for the processing and storage of your data, sending and receiving e-mails, offering and developing certain functions in connection with our website, as well as for research, analysis, maintenance and security in connection with our website;

  • our auditors;

  • occupational benefits experts;

  • medical experts, physicians and other service providers;

  • pension fund committees and guarantee fund;

  • advisors, such as lawyers;

  • business partners (e.g. brokers and distributors), logistics partners, credit agencies, debt collection agencies;

  • authorities (supervisory and tax authorities);

  • other social security institutions (e.g. AHV or other employee benefits institutions);

  • insurance companies (e.g. for the reinsurance of risks);

  • banking institutions and payment service providers, notaries’ offices for advance withdrawals in the context of the encouragement of home ownership (EHO);

  • other departments within GEMINI (e.g. for the purpose of inviting pension recipients to events, informing about deaths, etc.) to allow the data to be communicated internally;

  • government offices and courts.

Most of the Recipients are based in Switzerland, however, some of them are located abroad. In particular, you should expect your data to be transferred to other countries in Europe and the US where some of our IT service providers are located.

 If, in exceptional cases, we transfer data to a country that does not have an adequate level of data protection, we require that the Recipient take appropriate measures to protect personal data (e.g. by agreeing to so-called EU standard clauses, taking other precautions or based on justification grounds).

5. Duration of data processing

We process personal data for as long as it is necessary for the fulfilment of our contractual obligations or for other purposes pursued with the processing, often for the duration of the entire business relationship (from the initiation, to the processing and termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against us or we are otherwise legally obligated to do so, or as long as is necessary due to legitimate interests (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will, as a principle, be deleted or anonymised.

6. Data processing location

As a principle, we process personal data exclusively in Switzerland or in countries pursuant to Art. 8 DSV (Swiss Data Protection Ordinance).

7. Transmission of personal data abroad

Personal data are transmitted abroad when they are disclosed in the context of the provision of benefits in the event of a benefit claim by a person insured by us (payment of occupational benefits to members living abroad) or when we use IT services for which the transmission of personal data abroad is unavoidable.

Where we transmit personal data to a country without an adequate level of data protection, we safeguard the protection of these data in an adequate manner. One means of guaranteeing sufficient data protection is the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the necessary data protection. This may include, for example, contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. from government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transmission is necessary for the performance of a contract.

8. Data security

To protect your personal data against unauthorised access, tampering, loss, destruction or disclosure by unauthorised persons, we have taken technical and organisational security measures that are state of the art.

Our security mechanisms include, among others, encryption of your personal data. All information that you enter online, for example, is transmitted via an encrypted transmission path, which means that this information cannot be viewed by unauthorised third parties at any time. Organisational security measures include, for example, directives to our bodies, confidentiality agreements and regular monitoring. In addition, we require our processors to take appropriate technical and organisational security measures.

With the support of external experts, we continuously improve our security measures in line with the latest technological developments.

Our bodies and external providers are subject to strict confidentiality and are obliged to comply with the provisions of data protection law. Furthermore, external providers are granted access to your personal data only to the extent necessary.

 9. Your rights

You have the right

  • to request information about your personal data stored with us;

  • to have inaccurate or incomplete personal data corrected;

  • to ask for your personal data to be deleted or rendered anonymous if they are not (or no longer) necessary for the provision of occupational benefits;

  • to request a restriction to processing your personal data insofar as the processing is not (or no longer) necessary for the provision of occupational benefits;

  • to receive certain personal data in a structured, common and machine-readable format;

  • to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke such overriding interest), or require certain data for the assertion of claims.

Note that exercising these rights may conflict with contractual agreements and may have consequences such as early termination of the contract or resulting costs. We will inform you in advance where such consequences are not contractually regulated.

 If you believe that the processing of your personal data breaches data protection law, or that your data protection rights have been breached in any other way, you may also complain to the competent supervisory authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/edoeb/en/home.html).

The exercise of your rights under data protection law generally requires that you prove your identity (e.g. by means of a copy of your ID card, if your identity is not otherwise ascertained or cannot be verified). To assert your rights, please contact us by e-mail at the e-mail address specified in section 1.1.

10. Amendments to this Privacy Policy

This Privacy Policy may be amended at any time, in particular to incorporate any changes to our data processing practices or any new legal requirements. In general, the version current at the start of the processing in question shall apply to the data processing in each case.

 II. Privacy Policy Governing the Use of the GEMINI Collective Foundation and GEMINI Collective Foundation 1e Website

(Version September 2023)

Data protection is a high priority for the GEMINI Collective Foundation and the GEMINI Collective Foundation 1e (hereinafter called “GEMINI”, “we” or “us”). In this Privacy Policy, we explain how and for what purpose we collect and process (e.g. store, use, transmit, etc.) personal data from you in connection with your visit to our website https://gemini.ch/en/collective-foundations/gemini-collective-foundation/retirement-benefit-solutions or https://gemini.ch/en/collective-foundations/gemini-collective-foundation-1e/retirement-benefit-solution and our related services, to whom we disclose your personal data, as well as your rights arising in this context from data protection legislation or other legal bases.

In principle, our website can be used without providing any personal data. However, if you wish to use specific services via our website, it may be necessary for personal data to be processed.

We collect and process your data when you visit our website primarily in order to be able to provide you with an interesting, user-friendly, functional, stable and secure website and to deliver the content and services it includes. If you contact us via a corresponding feature (e.g. correspondence by e-mail, contact form, etc.), we record the communication between you and us as well as the personal data transmitted to us in this context for the purposes of this communication.

Personal data refers to all information about personal or factual circumstances that relate to an identified or identifiable natural person (e.g. name, address, e-mail address, etc.). In this Privacy Policy, we also use the terms “your data” or “your personal data”.

We are committed to handling your personal data responsibly. Therefore, we process personal data strictly in compliance with the Swiss Federal Act on Data Protection (FADP) (Datenschutzgesetz, DSG) as well as the associated ordinance and other Swiss data protection regulations that may be applicable.

In this Privacy Policy we explain:

  • the type of personal data we collect and process;

  • the purposes for which we use your personal data;

  • who has access to your personal data;

  • for how long we process your personal data;

  • the rights you have with respect to your personal data; and

  • how to contact us.

This Privacy Policy covers the online collection of personal data in connection with our business activities.

Please note that this Privacy Policy does not contain an exhaustive description of our data processing activities and that individual matters may be governed in whole or in part by specific privacy statements, general terms and conditions, fact sheets or similar documents (with or without reference in this Privacy Policy).

1. Controller

Responsibility for data processing according to data protection law lies with:

GEMINI Collective Foundation
GEMINI Collective Foundation 1e
c/o Treuhand- und Revisionsgesellschaft
Mattig-Suter und Partner
Bahnhofstrasse 2
6430 Schwyz

If you have any concerns or queries related to the provision of our insurance services and other products or services or this Privacy Policy, please contact: service@gemini.ch

1.2 Data protection advisor

The contact details of our data protection advisors are:

GEMINI Collective Foundation
Data protection advisor
c/o Vischer AG
Aeschenvorstadt 4
4010 Basel                                                                           

GEMINI Collective Foundation 1e
Data protection advisor
c/o Advokatur Fanger
P.O. Box
6002 Luzern

2. Data protection in general

2.1 Personal data processed by us

GEMINI processes a variety of personal data regardless of the means by which individuals contact us, e.g., by telephone, via a website, an app, a social network, at an event, etc. In particular, this involves personal data

  • that we collect during the use of our websites;

  • that we collect when you contact us via e-mail / contact form / quote form / other forms or newsletters;

  • that we receive in the context of an authorisation;

Depending on the nature of the relationship, we process personal data from you such as:

  • Contact data, inventory data and identification data, for example, surname, first name, address, e-mail address, telephone number;

  • Marginal data from telecommunications traffic such as telephone number, value-added service codes, date, time and duration of connection, type of connection, location data, IP address, and device identification numbers such as MAC address;

  • Interaction and usage data such as correspondence, type of device, device settings, operating system, software, and information from assertion of rights.

2.2 How do we obtain personal data?

We obtain personal data from you when you submit data to us or when you contact us. This may occur through various channels, e.g. the means by which you communicate with us (e.g. e-mail, newsletter, contact form, etc.) or through your use of our website, our products or other services which we offer on our website.

2.3 Purposes for which we process personal data

We process your personal data and those from other persons, to the extent permitted and deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • provision and optimisation of our services via our website as well as our website itself and other platforms on which we are present;

  • communication and processing of requests (e.g. via contact forms, e-mail, telephone), media requests;

  • advertising and marketing (including the hosting of events), insofar as you have consented to the use of your data (if you receive advertising from us as an existing customer, you may object to this advertising at any time. In this case we will put you on a blocking list to stop further advertising mailings);

  • warranties concerning our operations, in particular IT, our website and other platforms.

2.4 Legal basis of the processing

We process your personal data based on:

  • consent, to the extent you have given it to us, to process your personal data for specific purposes. We process your personal data within the scope of and based on this consent where we require such a legal basis in the absence of any other legal basis. Consent given can be revoked at any time, however this has no effect on data processing that has already taken place. You can send us a revocation by e-mail or by post to the (e-mail) address indicated in section 1.1.

3. Disclosure and transfer of personal data to third parties

If your personal data are not processed by us, but by processors or other responsible parties, we ensure full compliance with the legal requirements. As a rule, data are disclosed to third parties only:

  • if the disclosure is necessary for the contractual arrangement with you,

  • if the disclosure is permissible due to a balancing of interests,

  • if the disclosure is necessary due to legal obligations, or

  • with your explicit consent.

Within the scope of our business activities and for the above-mentioned purposes, we also disclose personal data to third parties, insofar as this is permitted and appropriate. This is the case either if such parties process the data for us (processing) or if they want to use it for their own purposes (data disclosure). This applies in particular to (all hereinafter referred to as “Recipients”):

  • service providers, including processors (such as external administrators or IT providers) for the processing and storage of your data, sending and receiving e-mails, offering and developing certain functions in connection with our website, as well as for research, analysis, maintenance and security in connection with our website.

Most of the Recipients are based in Switzerland, however, some of them are located abroad. In particular, you should expect your data to be transferred to other countries where some of our IT service providers are located.

4. Duration of data processing

We process personal data for as long as it is necessary for the fulfilment of our contractual obligations or for other purposes pursued with the processing, often for the duration of the entire business relationship (from the initiation, to the processing and termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against us or we are otherwise legally obligated to do so, or as long as is necessary due to legitimate interests (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will, as a principle, be deleted or anonymised.

5. Transmission of personal data abroad

Personal data are processed almost exclusively in Switzerland. An exception is the disclosure of personal data when we use IT services for which the transmission of personal data abroad is unavoidable.

Where we transmit personal data to a country without an adequate level of data protection, we safeguard the protection of these data in an adequate manner. One means of guaranteeing sufficient data protection is the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the necessary data protection. This may include, for example, contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses which are available here.

Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. from government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transmission is necessary for the performance of a contract.

6. Visiting our web pages

In principle, our web pages can be used without providing any personal data. This does not apply to areas and services that require your name, address or other personal data by nature, e.g. completing an online form, registering for the newsletter or creating a profile when using our app, for the company portal or another application.

If you contact us via e-mail and online forms (contact form or quote form), personal data are collected and transmitted to us. It depends on the corresponding input mask which data are involved. If you use the corresponding functions, we also process your personal data

  • to contact you (e.g. to arrange an appointment, process a loan application in connection with mortgages or building loans, etc.);

  • for electronic mail dispatch (receiving information via e-mail when asking for it on our website).

6.1 Server log files

Each time you visit our website, our servers temporarily store your access in a log file, the so-called server log file.

In this context, the following date are recorded: your IP address, the date and time of your visit, the name of the page and files accessed, access status (successful, partially successful, not successful, etc.), the web browser and operating system used, as well as other information, which serves to avert risks in the event of attacks on our information technology systems.

We will not analyse personal data in a traceable manner and your personal data in the server log files will not be linked to any other personal data that might be available from you.

The purpose of processing this information is to display our website, its content and services correctly; to ensure data traffic; to optimise our website, its content and services; to guarantee the stability and security of our website and systems on a permanent basis; and to enable the clarification, defence and prosecution of cyberattacks, spam and other unlawful acts in relation to our website and systems, and to enforce claims in this regard.

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for calling up our website, the deletion takes place when the respective session has ended.

For the hosting of the website, we may use services of third parties in Switzerland and abroad, which perform the above-mentioned processing on our behalf. Currently, our websites are hosted exclusively by Swiss hosting providers and on servers in Switzerland and the EU.

6.2 Contact

On our website, you have the option of contacting us by e-mail, via various online forms as well as by telephone. The data collected in the case of contact via an online form can be found in the respective form. If we are contacted by you via e-mail or telephone, the personal data transmitted in the context of this contact (e.g. e-mail address, name, telephone number, etc.) will be collected, stored and used by us to respond to your request.

Your information will be stored for the purpose of processing your request, its handling and in case of follow-up questions with us and will not be disclosed to unauthorised third parties without your consent. Of course, this also applies to requests that you send to us by post.

Mandatory data are necessary to process your request. The voluntary provision of further data facilitates the processing of your inquiry and enables us to provide you with the information requested by you.

You can object to this data processing at any time. Please send your objection to the e-mail address indicated in section 1.1 and we will review your objection. In the event of an objection, your contact request will not be processed further.

Your personal data will be deleted as soon as the request you have made has been resolved, i.e. when the circumstances indicate that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

6.3 Online portal for active members

Registration is required to use our online portal for members. First and last name, e-mail address, mobile phone number and language are recorded. We require this information to provide you with password-protected direct access to your data stored with us (e.g. insurance policies, news and services offered) and to process your request. You will receive a letter with the access code for registration via mail. After entering this access code, you will receive an activation code by e-mail. 

After the initial registration, users can assess the online portal for members via multi-factor authentication (SMS). This means that you will receive an SMS with an access code. 

You can access the online portal for members via our website.

6.4 Online portal for employers

For initial registration, we will send a letter to the registered contact person (administrator) with the access code for registration. After entering this access code, an activation code is sent to the administrator by e-mail. After the initial registration, users can assess the online portal for employers via multi-factor authentication (SMS or OTP).

You can access the online portal for employers via our website.

6.5 Cookies

We use so-called cookies on our website. Cookies are small text files that are placed and stored on your device (laptop, tablet, smartphone, etc.) by your browser. They are used to make our website more user-friendly and effective and thus make your visit to our website as pleasant as possible. Cookies do not damage your end device. They cannot be used to run programs and they do not contain viruses.

Most of the cookies we use are so-called session cookies. They are automatically deleted when you log out or close the browser. Other cookies remain on your device beyond the respective usage process and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit. If other cookies (such as those used to analyse your surfing behaviour) are stored, they will be treated separately in this Privacy Policy.

You can change the settings of your browser, so that it informs you prior to a cookie being stored on your device. You can also allow the use of cookies only in individual cases or generally deactivate the use of cookies via your browser settings. However, please note that if you do this you may not be able to use all the features of our website.

6.6 Web beacons

Single pixel gifs, so-called web beacons, are automatically placed in every newsletter. These are invisible graphic files that are associated with the user ID of the respective e-mail recipient. For each newsletter sent, the web beacons provide information about which recipients have opened the newsletter, when the newsletter was opened and whether certain links within the newsletter were clicked on. This data is used for statistical, anonymous evaluations and to optimise the content and structure of the newsletter.

In order to prevent the use of web beacons in our newsletters, you must set up your mail program so that no HTML is displayed in messages.

6.7 Google services

On our website, we use various services provided by Google LLC, based in the U.S., or if your usual residence is in the European Economic Area (EEA) or Switzerland, Google Ireland Ltd, based in Ireland (“Google”). When using Google Maps and YouTube, Google LLC is responsible for the processing of personal data. We use the following Google services on our websites:

  • Google Tag Manager

  • Google Analytics

  • Google Maps

Further information on the individual services can be found below.

Google uses technologies such as cookies, web storage in the browser and tracking pixels, which enable us to analyse your use of our website. The information generated about your use of our website may be transmitted to a Google server in the U.S. or other countries and stored there. Information about Google’s data centre locations can be found here.

We use tools provided by Google which, according to Google, may process personal data in countries where Google or its sub-processors maintain facilities. Google promises in its Data Processing Addendum for Products where Google is a Data Processor to ensure an adequate level of data protection by relying on the EU Standard Contractual Clauses.

For more information about Google’s processing and privacy settings, please refer to Google’s Privacy & Terms and the Privacy Controls.

6.7.1 Google Tag Manager

Our website uses Google Tag Manager which provides an efficient tool to manage website tags. Website tags are placeholders stored in the website’s source code to record, for instance, the integration of frequently used website elements, such as code for web analytics services. Google Tag Manager triggers other tags that may in turn collect data. The latter data is, however, not accessed by Google Tag Manager. A deactivation that has been applied at domain or cookie level remains in place for all tracking tags implemented with Google Tag Manager.

For more information, please refer to the Google Tag Manager Terms of Service.

6.7.2 Google Analytics

For the purpose of analysing our website and its visitors, as well as for marketing and advertising purposes, we use the web analytics service Google Analytics 4.

Google Analytics deploys cookies, which are stored on your device (laptop, tablet, smartphone, etc.) to help us analyse your use of our website. This helps us to evaluate user behaviour on our website and improve our services based on the resulting statistics/reports.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. This means that Google truncates your IP address in Switzerland or the EU/EEA prior to transmission. Only in exceptional cases will the full IP address be transferred to a Google server and be truncated there. Google states it may process personal data in any country where Google or Google’s sub-processors  maintain facilities. In its Data Processing Addendum for Products where Google is a Data Processor Google promises to ensure an adequate level of data protection by relying on the EU Standard Contractual Clauses.

Google uses this information to evaluate your pseudonymous use of our website, create reports about activity on the website and provide other services for us related to the use of the website and the Internet. According to Google, the IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data. When you visit our website, your user behaviour is recorded in the form of events (such as page views, interaction with the website or your “click path”) as well as other data, such as your approximate location (country and city), technical information about your browser and the devices you use, or the referrer URL, i.e. via which website / advertising material you came to our website.

You may prevent the collection and transfer of the data generated by the cookie and related to your use of our website (including your IP address) by Google and the processing of these data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on. If you wish to object to interest-based advertising by Google, you can use the settings and opt-out options provided by Google.

For an overview of data usage in Google Analytics and the measures Google has taken to protect your data, please see Google Analytics Help.

For further information about the Google Analytics Terms of Service and Google’s Privacy & Terms, please refer to the respective documents.

6.7.3 Google Maps

We use the online map service Google Maps to embed interactive maps on our website.

When you access a website on which maps from Google Maps are embedded, Google Maps will set a cookie. As a rule, this cookie is not deleted when you close the browser, but expires after a certain period of time, unless you delete it manually beforehand.

When using Google Maps, information about your use of our website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may store this data as user profiles for the purposes of customising its services, advertising and market research. If you are logged in to Google, your data will be associated directly to your account. If you wish to avoid this, you must log out beforehand.

If you do not agree to the processing of your information in this context, you have the option of deactivating the Google Maps service. To do so, you have to deactivate the JavaScript function in your browser settings. However, if you deactivate the JavaScript function, other functions of our website may be affected as well.

For further information about the Google Maps Terms of Use and Google’s Privacy Policy, please refer to the respective documents.

6.8 Social media presence

We have a social media profile on LinkedIn.

The data you enter on our social media profiles is published by the social media platform and will not be used or processed by us for any other purpose at any time. However, we reserve the right to delete content if this should be necessary. At most, we communicate with you via the social media platform.

Please be aware that the operator of the social media platform employs web tracking methods. Web tracking, which is beyond our control, may occur regardless of whether you are logged in or registered with the social media platform.

Further details on data processing and additional information on your respective rights and configuration options regarding the protection of your privacy as well as your right to opt out of the creation of user profiles by the provider of the social media platform are included in the privacy policy of the provider:

  • LinkedIn: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland): Privacy policy

7. Data security

To protect your personal data against unauthorised access, tampering, loss, destruction or disclosure by unauthorised persons, we have taken technical and organisational security measures that are state of the art.

Our security mechanisms include, among others, encryption of your personal data. All information that you enter online, for example, is transmitted via an encrypted transmission path, which means that this information cannot be viewed by unauthorised third parties at any time. Organisational security measures include, for example, directives to our employees, confidentiality agreements and regular monitoring. In addition, we require our processors to take appropriate technical and organisational security measures.

With the support of external experts, we continuously improve our security measures in line with the latest technological developments.

Our employees and external providers are subject to strict confidentiality and are obliged to comply with the provisions of data protection law. Furthermore, external providers are granted access to your personal data only to the extent necessary. 

8. Your rights

You have the right

  • to request information about your personal data stored with us;

  • to have inaccurate or incomplete personal data corrected;

  • to ask for your personal data to be deleted or rendered anonymous if they are not (or no longer) necessary for the provision of occupational benefits or the leasing of residential and commercial properties;

  • to request a restriction to processing your personal data insofar as the processing is not (or no longer) necessary for the provision of occupational benefits;

  • to receive certain personal data in a structured, common and machine-readable format;

  • to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke such overriding interest), or require certain data for the assertion of claims.

Note that exercising these rights may conflict with contractual agreements and may have consequences such as early termination of the contract or resulting costs. We will inform you in advance where such consequences are not contractually regulated.

If you believe that the processing of your personal data breaches data protection law, or that your data protection rights have been breached in any other way, you may also complain to the competent supervisory authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/edoeb/en/home.html).

The exercise of your rights under data protection law generally requires that you prove your identity (e.g. by means of a copy of your ID card, if your identity is not otherwise ascertained or cannot be verified). To assert your rights, please contact us by e-mail at the e-mail address specified in section 1.1.

9. Amendments to this Privacy Policy

This Privacy Policy may be amended over time, in particular to incorporate any changes to our data processing practices or any new legal requirements. In general, the version current at the start of the processing in question shall apply to the data processing in each case.