Data Protection Statement of Profond Pension Fund
1. What is this data protection statement about?
In this data protection statement, we will inform you how we process your personal data (also called your "data").
By processing, we mean obtaining, storing, using, reworking, disclosing, archiving or destroying data.
You will learn:
- which data,
- for what purpose,
- for how long and
- for what reason
is processed by us.
We will also show you,
- to whom we disclose your data,
- how we protect your data and
- what your rights are.
2. Who is responsible for data processing?
Profond Pension Fund is responsible for data processing in line with this declaration. You can reach us with your concerns about data protection at:
Profond Vorsorgeeinrichtung
Datenschutzberater
Zollstrasse 62
8005 Zürich
058 589 89 81
datenschutz@profond.ch
3. Who is the data protection statement intended for?
Our data processing may in particular relate to the following persons:
- insured persons,
- employers (incl. contact persons at the employer),
- dependants of insured persons and other beneficiaries,
- contact persons for social security and private insurance, other pension funds, vested benefit institutions, contractual partners, public authorities and offices,
- visitors to our websites,
- subscribers to our newsletter,
- people who contact us.
If you provide us with information about other people, we will assume that you are authorised to do so and that the information is accurate. By submitting the data, you confirm this. Please also ensure that these third parties have been informed of this data protection statement.
4. Which data do we process?
We process various categories of data about you. The most important categories are the following:
What we call "master data" is the basic data that we need in addition to the contract data (see below) for the fulfilment of our legal and contractual obligations or for marketing and advertising purposes.
The master data includes, for example:
- your first name, last name
- your address, e-mail address, telephone number and other contact details,
in the case of insured persons or their dependants:
- their marital status, date of birth, age, gender, nationality, AHV number,
- starting date or leaving date at the employer, the level of employment, the annual salary, the retirement assets
- health data, such as the degree of capacity of the insured person to work.
Contract data is data that we process in connection with the conclusion of a contract or the performance of a contract. This includes, for example, personal data that we need for the implementation of occupational retirement benefits (pension data) or for the processing of benefit cases (benefit data).
The contract, pension and benefit data include, for example:
- information in connection with benefit cases (e.g. the reason for the benefit case, such as accident or illness, health data in connection with a benefit case)
- information related to a life event (e.g. the purchase of residential property, the date of divorce)
- information in connection with the affiliation agreement with the employer (e.g. the pension plan, the composition of the staff pension fund commission)
By this we mean personal data that relates to your financial circumstances. This also includes data relating to payments and bank details.
In the case of the insured persons, for example, we process:
- retirement assets information
- data on salary,
- purchases into the occupational retirement benefits
- payments of pensions and
- information on the termination benefit.
We also process the financial data of relatives and beneficiaries, e.g. when paying pensions to surviving spouses.
If you are in contact with us via ProfondConnect, by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details.
Certain services (e.g. ProfondConnect or our newsletter) can only be used with a user account or registration. When creating the account or registering, you must provide us with certain data and we also collect data about the use of the offer or service.
When you use our websites, ProfondConnect or other electronic services, we collect certain technical data (e.g. the IP address of your device or logs in which the use of our websites is recorded).
We also collect your data in other situations. Data is collected in connection with official or judicial proceedings, for example (such as files, evidence, etc.) which may also relate to you. We may also collect data for reasons of health protection (e.g. in the context of health and safety plans).
Finally, we may also collect data about:
- who enters certain buildings and when, or
- who participates in events or activities and when they do so.
The above-mentioned personal data is, in some cases, particularly sensitive personal data. In connection with retirement and benefit cases, we may use health data (health questionnaires, medical reports, other medical information, etc.). We only process particularly sensitive personal data if this is necessary in connection with the provision of occupational retirement benefits or if you have consented to the processing.
5. Where does the personal data come from?
We receive master data from yourself, from your employer, from third parties such as other pension funds and social insurance providers, public authorities, courts, contractual partners, financial service providers and from publicly accessible sources such as public registers or the Internet.
6. For which purposes do we process your data?
- for the conclusion and execution of affiliation contracts with the employer. In particular, we process master, contract, pension and benefit data, financial data and communication data;
- for the admission of insured persons. At this time, we process, for example, master data, contract data, pension data, benefit data, financial data and communication data.
- For the handling of retirement and benefit cases, incl. coordination with other pension institutions and social and private insurance providers. In doing so, we process contract, pension, benefit, financial and health data.
- We process contract and financial data in order to determine the employer's contribution obligation.
- For answering inquiries and for customer care. In doing so, we process master, communication, pension and benefit data;
- In order to process further contracts, we process master data, contract data and communication data in particular;
- In order to prevent fraud and abuse and to ensure security – in particular IT security – we mainly process communication, registration and technical data;
- To comply with laws, directives and recommendations from public authorities and internal regulations (compliance). In doing so, we process master, contract, pension and benefit data, as well as financial and communication data.
- To ensure risk management, internal audit and prudent corporate management (including business organisation and corporate development), we mainly process master, contract, pension, benefit and financial data.
- For the protection of rights, for example before courts or public authorities, all categories of personal data may be affected;
- For other purposes; e.g. as part of our administration, this includes, for example, accounting, the archiving of data and the training and education of employees. In doing so, all categories of data can be processed.
7. On what basis do we process the data?
The data processing is based on the Federal Law on Occupational Retirement, Survivors' and Disability Insurance (BVG/LPP) and the Federal Act on Vested Benefits in Occupational Retirement (FLV) and the associated ordinances.
We generally process the data only after you have given your consent for the provision of services that are not regulated in the BVG and in the FLV. Consent can be revoked at any time by written notice with effect for the future. Once we have received the notice of withdrawal of your consent, we will no longer process your data for the purposes you originally consented to, unless we have another legal basis for doing so. The revocation of your consent does not affect the legality of the processing before the revocation.
Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or processing of a contract or that we have a legitimate interest in pursuing the purposes described under Point 6. This also includes the marketing of our services and our interest in improving our understanding of your needs and managing and developing our company securely and efficiently, including our operations.
If we receive particularly sensitive data, we may also process your data on other legal bases, for example in the event of disputes due to the need of processing for possible legal proceedings or to enforce or defend legal claims. In specific cases other legal grounds may apply. We will inform you of these separately if necessary.
8. To whom do we disclose your data?
In connection with the provision of occupational retirement benefits, we also transfer your personal data to third parties, in particular to the following categories of recipients:
Employers: the transfer only concerns personal data that may be disclosed to the employer;
In the processing of pension and benefit cases, we may disclose data to other pension and social insurance providers, other insurance companies, public authorities and offices, courts and external lawyers, medical service providers and experts, financial service providers and lenders;
Third parties can be involved in the checking of addresses and credit worthiness as well as the collection of receivables;
Public authorities, offices and courts may receive personal data from us if we are required or authorised to do so or if it appears necessary to protect our interests.
Other persons: data may also be disclosed to other recipients if the involvement of third parties results from the purposes described in Section 6.
Service providers: we work with service providers in Switzerland and abroad who receive data from us on our behalf and use it as a processor in accordance with our instructions. They must take appropriate data protection and data security measures. Other service providers may be so-called data controllers, who individually or jointly with us decide on the purpose and means of processing (e.g. lawyers). These service providers also include brokers and agents. The brokers and agents are required by us to comply with the applicable legal data protection regulations and the confidentiality obligations pursuant to the BVG. We ensure by means of contracts that brokers and agents process information on the personal pension situation of insured persons that the brokers and agents receive from Profond exclusively for the purpose of preparing offers. They may only forward this data to other Swiss pension funds. Any further use or processing of the data by brokers and agents is not permitted in the contract. In particular, brokers and agents may not forward this information to the employer or other third parties without anonymisation. They must ensure data security.
This disclosure is required for legal or operational reasons. Contractual confidentiality obligations therefore do not preclude this disclosure.
All of these categories can, in turn, involve third parties, so that your data can also be made accessible to them. The processing by certain third parties may be partially restricted (e.g. in the case of IT providers), but not by other third parties (e.g. public authorities, financial service providers, etc.).
9. Will your personal data also be sent to foreign countries?
As explained in Section 7, we also disclose data to other bodies. These are located not only in Switzerland. Your data can, therefore, also be processed in Europe, but in exceptional cases in any country in the world.
If the recipient is located in a country without adequate legal data protection, we place the recipient under a contractual obligation to comply with the applicable data protection, unless they are already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may, in particular:
- apply to legal proceedings abroad,
- in cases of overriding public interest,
- where the performance of a contract requires such disclosure; or
- if you have given your consent.
Please also note that data exchanged over the Internet is often transmitted via third countries. Your data can, therefore, even be transferred abroad if the sender and recipient are in the same country.
10. How long do we process personal data for?
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require, or for as long as storage is technically necessary.
We usually retain your data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer insofar as this is necessary for reasons of evidence or to comply with legal or contractual requirements or is technically required.
If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our usual procedures.
11. How do we protect your data?
We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to minimise the risk of loss, accidental alteration, unwanted disclosure or unauthorised access.
The security measures of a technical and organisational nature may include, for example, measures, such as the encryption and pseudonymisation of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements and audits. However, security risks cannot be completely ruled out in general; residual risks are unavoidable.
12. What are your rights?
You have the following rights in connection with our data processing:
- The right to request information from us as to whether and which data of yours we process;
- The right to have data corrected if it is inaccurate;
- The right to request the deletion of data;
- The right to demand the surrender of certain personal data by us in a common electronic format or its transfer to another controller;
- The right to withdraw consent, insofar as our processing is based on your consent;
- The right to request further information necessary for the exercise of these rights;
If you wish to exercise the above rights, please contact us in writing; our contact details can be found in Section 2. In order for us to prevent misuse, we must identify you (e.g. with a copy of your identity card). Please note that these rights may be subject to conditions, exceptions or restrictions under applicable data protection law (e.g. for the protection of third parties or trade secrets).
If you do not agree with our handling of your rights or data protection, please let us know. You also have the right to complain to the Federal Data Protection and Information Commissioner (FDPIC).
13. Do we use online tracking and online advertising techniques?
On our website and on ProfondConnect, we use various techniques by which we and third parties we engage can recognise you when you use our website and may also track you over several visits. We will inform you about this in this section.
It is essential that we can distinguish between your access (through your system) and access by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisations. We do not want to infer your identity, even if we can do so, to the extent that we or third parties we involve can identify you by a combination of registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor every time you visit our website, for example by our server (or the servers of third parties) assigning you or your browser a certain identification number (a so-called "cookie").
Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contractual partners transmits to your system when you connect to our website and that your system (browser or mobile) accepts and stores until the programmed expiry date. With each further access, your system transmits these codes to our server or the server of the third party. This means that you will be recognised even if your identity is unknown.
Other techniques can also be used, with which you are more or less likely to be recognised (i.e. differentiated from other users), e.g. fingerprinting. Fingerprinting combines your IP address, the browser you use, your screen resolution, language selection and other information your system shares with each server, resulting in a more or less unique fingerprint. This means that cookies can be dispensed with.
Whenever you access a server (e.g. when using a website or an app or because an image is visibly or invisibly integrated into an e-mail), your visits can, therefore, be tracked. If we integrate offers from an advertising partner or the provider of an analysis tool on our website, they can track you in the same way, even if you cannot be identified in individual cases.
We use such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, however, we ask for your consent before they are used. You can access your current settings here. You can program your browser to block, deceive or delete certain cookies or alternative techniques. You can also supplement your browser with software that blocks tracking by certain third parties. Further information can be found on the help pages of your browser (usually under the keyword "data protection") or on the websites of the third parties which we list below.
The following cookies are distinguished (techniques with comparable functions, such as fingerprinting, are also meant here):
Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they can make sure that you can switch between pages without losing information entered in a form. They also ensure that you stay logged in. These cookies are only temporary (“session cookies”). If you block them, the site may not work.
Marketing Cookies store information about the pages visited by users on our website. This information may be used to deliver relevant advertising and measure the performance of marketing campaigns.
Video sharing services help to add rich media on the site and increase its visibility.
Before we use cookies, we ask for your consent. You can revoke this consent via the cookie settings here at any time. Cookies have an expiry date of up to 24 months. Details can be found on the third-party websites.
We currently use offers from the following service providers (insofar as they use data from you or cookies set by you for advertising control):
Google Analytics: Google Ireland (based in Ireland) is the provider of the “Google Analytics” service and acts as our data processor. Google Ireland relies on Google LLC (based in the USA) as its processor (both referred to as "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and to generate reports on the use of our website on this basis. We have configured the service in such a way that the IP addresses of visitors to Google in Europe are abbreviated before being forwarded to the USA and, therefore, cannot be traced. We have disabled the “Data sharing” and “Signals” settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website, app and device information as well as individual IDs) to the USA and other countries. You can find information about Google Analytics' data protection here here and if you have a Google account, you can find more information about Google's processing here here.
What data do we process on our pages in social networks?
We may operate online presences on social networks and other platforms operated by third parties. We receive data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g. your behaviour and your preferences). They also process this data for their own purposes on their own responsibility, in particular for marketing purposes and to manage their platforms (e.g. which content they display to you).
We can distribute the content published by you (e.g. comments) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the terms of use (e.g. inappropriate comments).
Further information on the processing by the operators of the platforms can be found in the data protection statements of the platforms. There you will also learn the countries in which they process your data, which information they process, its deletion and other data subject rights you have and how you can exercise these or receive further information. We currently use the following platforms:
15. Can this data protection statement be changed?
This data protection statement is not part of a contract with you. We can, therefore, adjust this data protection statement at any time. The version published on this website is the current version.
Last updated: 16.6.2023