Pension Fund Privacy Statement

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspend Varius Enim in Eros Elementum Tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean Faucibus Nibh et Justo Cursus id Rutrum Lorem Imperdiet. Nunc ut sem vitae risus tristique posuere.

Privacy statement

This is TRANSPARENTA's general privacy policy. Information regarding data protection and cookies on our website can be found here.

Personal names are not gender-specific.

1. Introduction

The TRANSPARENTA Pension Fund (hereinafter TRANSPARENTA or Foundation), Hauptstraße 105, 4147 Aesch, is a collective foundation with the purpose of implementing occupational benefits under the BVG and its implementing provisions for employees and their members of affiliated companies against the economic consequences of the risks of old age, disability and death. This includes, among other things, the handling of personal data and particularly sensitive data (Art. 5 DSG). Data protection and data security are of central importance to us in our workflow.

With this privacy policy, we would like to explain to you what types of your personal data provide information about you (hereinafter also referred to as “data” for short) and which particularly sensitive data we process for what purposes and to what extent. The privacy policy applies to all processing carried out by us, whether as part of the provision of our contractual services as well as to the use of websites, online applications or social media profiles.

It is generally possible to use our website without providing personal data. When personal data (such as name, address or e-mail addresses) is collected on our website, this is always done — as far as possible — on a voluntary basis. If necessary, this data may be passed on to third parties in accordance with this privacy policy. We not only process data from our insured persons, pensioners and other beneficiaries, but also data from third parties, in particular from the following persons (hereinafter collectively referred to as “you”):

  • Relatives of insured persons (e.g. current and former spouses, partners, parents and children) and other beneficiaries
  • Agents and representatives
  • Claimants, injured parties and other persons involved (e.g. liability parties)
  • People who are in contact with our insured persons (legal connection)
  • Contact persons of social and private insurers, other pension and free movement institutions, contract partners, any reinsurers, suppliers and partners, as well as authorities and authorities
  • Members of our organization (e.g. members of the board of trustees, managing directors, administrative staff)

If you provide us with information about third parties, we assume that you have the authority to do so and that this information is correct. Please inform these third parties of our data processing and provide them with a copy of this privacy policy in the latest version. We ensure that the persons entrusted with data processing comply with the legal provisions that are decisive for processing data from affiliated employers and their insured persons (e.g. BVG, OR, ZGB, ATSG, VVG, AHVG, IVG, MVG, KVG, MVG, KVG, etc.).

2. Responsible body and contact

The body responsible for data protection for the forms of data processing described here is:

TRANSPARENTA pension fund
Main road 105, 4147 Aesch

You can also contact our data protection advisor for your data protection concerns and to exercise your rights in accordance with Section 12:

TRANSPARENTA pension fund
Heidi Neubacher Data Protection Advisory
Main road 105, 4147 Aesch BL

info@transparenta.ch

3. Categories of processed personal data

As part of the implementation of occupational benefits plans, we process the categories of personal data described below, although this list is not exhaustive.

If data changes over time (e.g. due to a change of address, a change in civil status or another mutation), we can continue to store not only the current but also the previous status of this data within the framework of legal retention periods.

3.1 Master data

Master data is the basic data that we need in addition to insurance data (see below) to process our pension relationships. Master data includes in particular:

  • contact information (e.g. name, address, telephone number, and email address)
  • Personal information (e.g. date of birth, age, gender, nationality, data from identity documents, SV number)
  • Further identification data (e.g. AHV number, customer number, VAT number or tax identification data)
  • Information about your relationship with us (e.g. partner/insured status, insurance history)
  • Account information, including bank details (e.g. account numbers), is also collected.

Master data also includes information about the persons affected by data processing, e.g. recipients of correspondence, contact persons, family members or other beneficiaries.
If you are listed as a beneficiary in a pension case, regardless of whether you are also an insured person under pension law, we collect and process relevant information about you (e.g. name, date of birth, marital status), contact details (e.g. address, telephone number) as part of the settlement of pension obligations, e-mail address) and bank details for the purpose of processing later payments (e.g. account number).

We receive master data from yourself or from third parties, e.g. an employer affiliated with the pension fund, other pension or social security institutions, authorities or the insured person who has appointed you as a beneficiary, as well as from public registers (e.g. the commercial register).

3.2 Contract and insurance data

Contract data is data that is generated in connection with the conclusion or processing of a contract. Insurance data includes in particular:

  • Data from information on employment conditions at the affiliated employer or other income data (e.g. start date, level of employment and salary component) in connection with the admission of insured persons to the pension fund (e.g. information on the previous pension or free movement scheme)
  • Information about mutations (e.g. divorce, purchases)
  • Information in connection with the processing of pension cases (e.g. the notification of the occurrence of the pension claim, reason for the occurrence of the pension claim, such as age, death or disability and the date of occurrence, information in connection with the audit of the pension case)
  • Information about other benefits (e.g. resignation, divorce, WEF advance payment) as well as information about your family situation (e.g. marital status, beneficiaries).
  • Financial data, i.e. information relating to payments and bank details and the enforcement of claims as well as information on income from employment, pensions and, in some cases, payment history (i.e. information regarding reminders and collection of claims).

We usually collect contract and insurance data directly from you, from contract partners and from third parties involved in processing the insurance relationship (e.g. employers, other social or pension institutions, doctors, authorities, courts), but also from third sources (e.g. the Central Compensation Office ZAS), from people from your environment (e.g. family members, legal representatives) and from publicly available registers (e.g. to check criminal records extracts for new members of the highest body).

In doing so, we collect this data, including health data, e.g. from other pension and social insurance providers (e.g. pre-insurers, regarding previous pension relationships), medical service providers and experts, external lawyers or credit agencies. If you enter into a pension relationship with us, you release these bodies from any confidentiality obligations. If necessary, we will obtain separate consent from you (e.g. as part of the health check upon admission).

Data when a risk case occurs primarily includes information about the specific risk case of death or disability, e.g. certificate of death, clarifications and coordination of benefits. To this end, we work with third parties, e.g. with other social insurance providers, experts or external claims adjusters in Germany and abroad, from whom we also receive data.
To clarify claims for benefits, e.g. in the event of recourse, we may also receive and process information about the risk situation from other private and social insurance companies or other third parties involved.

3.3 Communication data

When you contact us by email, telephone, letter, or other means of communication, we collect the data exchanged between you and us, including your contact details and communication details.

3.4 Other personal data

In certain situations, we may also collect other personal data, for example in connection with official or court proceedings (files, evidence), or for reasons of health protection (e.g. as part of protection concepts).

4. Particularly sensitive personal data

We also process particularly sensitive personal data, e.g. health data as part of a health check upon admission to the pension fund or the review of risk benefits, insofar as we need this information to process the insurance relationship. In particular, this may include:

  • Information on health status and previous accidents or illnesses (including information from doctors involved)
  • Data on administrative and criminal prosecutions or sanctions
  • Data on social assistance measures

Based on your confidentiality agreement, we obtain appropriate information from service providers (e.g. disability insurance, daily sickness benefit insurance, doctors, psychologists, persons who provide services on the orders of or on behalf of a doctor, laboratories, hospitals, facilities for [partial] inpatient or outpatient care, nursing homes).

5. Recipients of personal data

Within the pension fund, those bodies who need it to fulfill their contractual, legal and regulatory obligations have access to your data. In connection with the purposes listed in Section 6, we may also transfer your data to third parties, in particular to the following categories of recipients:

  • Affiliated employers
  • Occupational pension providers (e.g. beneficiaries, beneficiaries and providers, reinsurers, insurance companies, insurance brokers/brokers, occupational pension experts, business and contract partners (e.g. administrative office), communication partners
  • Authorities, offices and courts
  • Other third parties involved, such as liable third parties (or their liability insurer), financial service providers or auditors
  • Service providers within and outside the Foundation who are commissioned to process your data (e.g. information technology services, marketing, sales, communication or printing service providers, credit agencies, collection service providers, consulting companies, real estate service providers). These service providers are contractually obliged to comply with our specified purposes of data processing and applicable data protection law. Where required by contract or law, these service providers may in turn involve third parties under the same conditions.

6. Purposes of processing

We will only process your data for those purposes that we have shown you when they were collected, which we are legally obliged or entitled to do, and for other purposes that are compatible with them. Further information on the principles of our processing can be found in Section 7.
We process your data for the following purposes:

  • Implementation of occupational benefits
  • Contractual benefits and services
  • Managing and responding to inquiries
  • Conclusion of insurance contracts
  • Contracts for investment products (in particular acquisition, advice, support and for retirement and financial analysis, financial, pension, inheritance and estate planning or for retirement and insurance checks, processing and review of applications including the appropriateness review of the investment, processing and administration of offers and contracts, including the transfer of data to our cooperation partners and the custodian bank, etc.)
  • Compliance with legal and other legal requirements (e.g. from self-regulations, industry standards, official instructions and internal requirements, e.g. to combat money laundering and terrorist financing, clarifications on legal and reputational risks, filing of reports, fulfilment of information, or reporting obligations, archiving, processing of complaints and other reports, monitoring of communication, internal or external investigations, disclosure of documents to authorities, assistance with prevention, detection and clarification of crimes and other violations)
  • Organization of business relationships
  • Events and events: We process the data of participants in events, events and similar activities offered or organized by us (hereinafter uniformly referred to as “participants” and “events”) in order to enable them to participate in the events and take advantage of the services or promotions associated with participation
  • Customer service: As part of our customer service, it is possible for our service units to contact you
  • Contact requests and communication
  • prevention, risk management, legal compliance (e.g. risk assessments, prevention of abuses, internal and external investigations, legal proceedings, corporate governance and development)
  • Care Management
  • Other purposes: e.g. security purposes, monitoring of buildings and publicly accessible premises, internal administration, training and education, accounting, data archiving, managing IT, protecting our rights, evaluating and improving internal processes, statistics and research, protecting other legitimate interests.

7. Principles and lawfulness of data processing

The obligation to protect personal rights when processing personal data is primarily governed by the Federal Data Protection Act (DSG) and its Ordinance (DSV). The Foundation and all persons working on its behalf (e.g. members of the Board of Trustees, managing directors and employees) and third parties (e.g. agents) are required to comply with laws and to maintain trade secrecy. A corresponding confidentiality agreement is obtained.

Our activities in the area of compulsory occupational pensions are regulated by legislation on occupational benefits, in particular by the BVG and the Federal Act of 17 December 1993 on the free movement of persons in occupational retirement, survivors' and disability benefits (Freedom of Movement Act, FZG) and the associated ordinances. As a federal body, we process your personal data in this area within the framework of our legal processing powers (data processing, file inspection, confidentiality and data disclosure are governed by Art. 85a ff. BVG). In the area of supermandatory pension provision, the pension contract and, accordingly, the BVG are decisive for the processing of the pension contract.

If we ask you for your consent for certain types of processing, we will inform you separately about the corresponding purposes of processing. You can withdraw your consent at any time by means of a written notification with effect for the future. As soon as we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented. Such a revocation does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

8. Data security (TOM)

To protect data from misuse, the data protection system meets the requirements for compliance with legal regulations. Privacy-by-design and privacy-by-default are guaranteed. Within TRANSPARENTA, a data protection consultant is responsible for regular training and updating to the latest technical security standards. Training courses are carried out continuously. Information about changes, e.g. regarding data protection changes, is provided through infomails. The measures are documented.

8.1 Access control

Only persons responsible for data processing have access to the premises where the data is processed. The main entrance area is also equipped with a security door. Visitors can only enter the building with registration.

8.2 Access Control

The authorizations for data access must be requested by processing persons or are activated in accordance with their function. The processing persons only have the rights for the functional areas necessary to perform tasks. Remote access to data is only possible via encrypted access with multi-factor authentication.

8.3 Using hardware and software

Secure handling instructions are also decisive for the use of hardware and software, Internet and e-mail. To protect systems, access is generally only possible with authorization by user name and password. Time-limited access is set up for web portals. If the system is not used for a longer period of time, a new password must be entered (Art. 3 DSV). Passwords must be changed periodically due to the system. Data is exchanged via encrypted data channels. Personal data is only sent via unencrypted emails if the recipient is the person concerned and the recipient wishes the unencrypted transmission.

8.4 Input control

All entries and changes in the management system are logged (Article 4 DSV).

8.5 Recovery, system security

An automated “full backup” of databases and IT networks is carried out daily on internal and external data carriers. The recovery of data is therefore ensured. The security of the IT infrastructure is regularly checked by external specialists (cyber security checks, penetration testing).

9. Data transfer abroad

In principle, we do not disclose personal data abroad, except to the persons concerned themselves. An exception may apply, in particular, to legal proceedings abroad, but also in cases of overriding public interest or when the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made publicly available and whose processing you have not objected to.

As part of order data processing, your data will only be transferred to countries outside Switzerland if, in the opinion of the Federal Council, the country concerned (or the data protection framework applicable to that country) offers an adequate level of data protection; in particular if the Federal Council has determined that the legislation of the relevant state provides adequate protection, or if such an adequacy decision does not exist, if the recipient guarantees adequate protection on the basis of appropriate guarantees, or the basis for exceptions listed in the DSG (e.g. your express consent). A copy of the relevant guarantees can be obtained from our data protection consultant.

In the cases listed, your data may be processed outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the United States of America).

10. Obligation to provide personal data

For our business relationship, the personal data required to establish and carry out a business relationship and to fulfill the associated contractual obligations must be provided. Without this data, we will generally not be able to conclude and process a contract with you (or the body or persons you represent) or to fulfill our legal duties.

11. Retention of personal data

We process and store personal data as long as it is necessary to fulfill our contractual and legal obligations or for the purposes for which the processing is carried out. This means for business relationships from initiation, processing to termination of contracts. It is also possible that personal data may be retained for the period during which claims can be made against our company or required by legal storage obligations. Otherwise, the data is deleted or anonymized.

12. Your rights

Under certain conditions, you have the right to information, the right to information, the right to correction, the right to delete, the right to restrict processing, the right to object and, where applicable, the right to data portability. There may be exceptions or restrictions on the exercise of the right (e.g. in legal cases, protection of third parties). You may also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.

If you have any concerns about the points set out herein or the Foundation's privacy policy, please contact us. Our data protection consultant will answer them in the foreseeable future.

13. Publication/right of amendment

This privacy statement was last updated on January 11, 2025 and is published on our website. This privacy policy can be amended at any time. The version published on this website is the latest version.

Release 11.01.2025

Under Construction