1. What is the purpose of this Privacy Statement?
Data protection is a high priority for the SIX Group Staff Pension Fund; this applies in particular to the processing of personal data. Our Privacy Statement explains how and why the SIX Group Staff Pension Fund processes data. It applies to all natural persons with whom we come into contact. In this Privacy Statement, you will learn, among other things:
- What personal data we collect and process.
- The purposes for which we use your personal data.
- Who has access to your personal data.
- How our data processing benefits you.
- How long we process your personal data.
- What rights you have in relation to your personal data.
- How to contact us.
2. Who is responsible for data processing?
The legal entity named below is responsible for the processing of personal data in accordance with this Privacy Statement:
SIX Group Staff Pension Fund
3. For whom and for what purpose is this Privacy Statement intended?
This Privacy Statement applies to all persons whose data we process, regardless of how they contact us, for example by phone, e-mail, on a website, in an application, via a social network, at an event, etc. It applies to the processing of personal data that have already been collected as well as personal data that will be collected in the future. It also applies to the processing of all personal data that we process in connection with the implementation of occupational pension schemes and related activities. In particular, our data processing activities may affect the following categories of persons to the extent that we process personal data:
- insured persons in the mandatory, supplementary and voluntary occupational pension schemes;
- past, current and future employers or their contact persons;
- relatives of insured persons (e.g., current and former spouses, life partners, parents and children) and other beneficiaries;
- authorized representative (e.g., statutory representative);
- claimants, liable persons and other persons involved;
- members of our governing bodies;
- contact persons of social and private insurers, other pension funds and vested-benefit institutions, suppliers and partners, and public authorities and offices;
- visitors to our websites;
- visitors to our premises;
- people who write to us or otherwise contact us.
We are active in the area of both mandatory and supplementary occupational pension schemes for the employees of SIX Group. In the field of mandatory pension schemes, we process your personal data on the basis of the applicable legal provisions (see Section 7 for more information). In this area, we are exempt from the obligation to provide information about our data processing. Nevertheless, this Privacy Statement provides you with information about our entire field of activity. The information in this Privacy Statement applies to both the mandatory and supplementary areas, unless otherwise noted. Please also refer to our other documents that may contain additional information on how we handle personal data, e.g., foundation documents such as the Organization Regulations, the Pension Fund Regulations and separate forms such as the Leaving or Retirement Form. You can find these documents on the SIX intranet pages or order them directly from us: pk@email@example.com. For information on the collection and processing of personal data when using the SIX websites, please also consult the Privacy Statement of SIX and the associated cookie information.
4. What personal data do we process?
“Personal data” is any information that can be associated with a specific person. See Section 5 to find out more about the origin of this data and Section 6 to learn about the purposes for which we process it.
4.1 Master data
Master data is the basic information about you that we need to process our contractual and other business relationships. For example, we process your master data if you are an insured person or a relative or beneficiary of an insured person, if you are a contact person for an employer, another pension fund, a supplier or if you are a member of one of our governing bodies. We also collect master data about contact persons and representatives of contractual partners, organizations and public authorities. Depending on the capacity in which you are dealing with us, the master data include:
- salutation, first name, last name, gender, date of birth;
- address, e-mail address, phone number and other contact information;
- in the case of insured persons: also marital status and, if applicable, date of marriage or divorce, age, sex, nationality and place of origin, details of identification data (e.g., from your passport, ID or other identification documents), within the scope of legal provisions, the AHV number, the contract number, if applicable, the policy number and the insured person number, the details of the previous pension fund or vested-benefit institution, the date of entry and, if applicable, the date of leaving the employer, if applicable, the personnel category, the degree of ability to work, the level of employment, if applicable, the duration of the employment relationship and the reported and insured annual salary and the OP annual salary. This data also includes information about relationships with third parties who are also affected by the data processing, e.g., relatives and beneficiaries;
- in the case of employers and other contractual partners who are companies, we process data about contact persons, e.g. name and address, title, function in the company, qualifications and, where applicable, information about supervisors and employees.
4.2 Contract, case and benefit data
These are personal data relating to the conclusion, processing or termination of contracts, the admission of insured persons to the occupational pension scheme, the receipt of notifications, the processing of insured events and other services (e.g., payment of termination benefits). This data includes, in particular, the following:
- information related to the affiliation contract with the employer (e.g., type and date of the contract conclusion and its processing and administration, also information related to complaints and contract adjustments);
- information in connection with the processing of insured events (e.g., notification of the occurrence of the insured event, claim number, information on the reason for the insured event such as accident or illness and the date of the event, information in connection with the investigation of the insured event, information on other insurance companies and insurers and on third parties such as persons involved, and also sensitive personal data (e.g., health data) and information on third parties (e.g., persons involved in the occurrence of inability to work or death);
- information on the termination benefit, e.g., its amount and on possible and effected purchases;
- in the case of other benefit claims, e.g., information in connection with the payment of the termination benefit (such as the reason for it, but also information on accounts and vested-benefit institutions and, if applicable, the spouse’s consent) or in connection with a change in marital status (such as the date of a divorce, termination benefits acquired, early withdrawals or disability pensions drawn and court orders in this regard).
4.3 Financial data
Financial data are personal data relating to financial circumstances, payments and the enforcement of claims. This includes information on payments and bank details, e.g., employer contribution payments and the enforcement of claims; in case of insured persons, it also includes information on salary, occupational pension scheme purchases and the payment of termination benefits and pensions. We also process financial data about beneficiaries, for example, in connection with pensions to surviving spouses, children and other beneficiaries.
4.4 Communication data
When you contact us or we contact you, for example when you write to us or call us, we process the content of the communication and information about the type, time and location of the communication. In certain situations, we may also ask you to provide proof of identity for identification purposes. Communication data includes, for example, name and contact details such as postal address, e-mail address and telephone number, the content of e-mails, other written correspondence, telephone calls, video conferences, etc.; information on the type, time and, where applicable, location of the communication; proof of identity such as copies of official identification; and peripheral data of the communication.
4.5 Other data
We also collect data from you in other situations. In connection with official or court proceedings, for example, data (such as files, evidence, etc.) are generated that may also relate to you.
5. Where do the personal data come from?
5.1 Provided data
You often disclose personal data to us yourself, for instance when sending us data or communicating with us. This can be done through various channels.
5.2 Received data
We receive personal data in connection with the provision of occupational pension schemes primarily from current or former employers. They are legally obliged to provide the SIX Group Staff Pension Fund with all data required for the implementation of the occupational pension scheme. However, we may also receive information about you from other third parties, such as companies we work with, persons who communicate with us, or public sources. For example, we may receive information about you from the following third parties:
- persons close to you (family members, legal representatives, etc.), e.g., powers of attorney;
- the Swiss Post and public offices, e.g., for address updates;
- banks and other financial service providers, private and social insurance companies, pension funds and vested-benefit institutions;
- experts and physicians and other service providers from whom we also receive health data during clarifications, if necessary with a separate declaration of childbirth;
- service providers;
- authorities, courts, parties and other third parties in connection with administrative and court proceedings;
- public registers such as the debt collection register or the commercial register, public authorities such as the Federal Statistical Office, the media or the Internet.
The data that we process in accordance with this Privacy Statement relates not only to insured persons, but often also to third parties. If you provide us with data about third parties, we assume that you are authorized to do so and that this data is correct. You acknowledge this by transferring data through third parties. Therefore, please inform these third parties that we are processing their data and provide them with a copy of this Privacy Statement.
6. For what purposes do we process personal data?
Personal data are processed primarily for the purpose of implementing the occupational pension scheme. This includes:
- the conclusion and processing of affiliation contracts with the employer, including consulting and customer service, the enforcement of legal claims arising from the contracts, accounting and the termination of the contracts. For this purpose, we process in particular master data, contract, case and benefit data, financial data and communication data;
- admission of insured persons. For this purpose, we process master data in particular. We then maintain one or more retirement accounts for each member, for which we process information on contributions, purchases, retirement assets and withdrawals;
- the examination and settlement of insured events, including coordination with other insurers such as disability insurance and the enforcement of rights of recourse. For this purpose, we primarily process contract, case and benefit data of the insured persons and their dependents and beneficiaries, as well as health data and data of third parties such as external experts and service providers.
We also process personal data for related purposes, in particular as follows:
- Communication: We process personal data for communication with you, e.g., responding to inquiries and customer care. For this purpose, we use in particular communication and master data and, depending on the subject of the communication, also contract, case and benefit data.
- Contract processing: We process personal data in connection with the initiation, administration and processing of contractual relationships, including contracts other than affiliation contracts. In particular, we use master data, contract data and communication data for this purpose.
- Security and prevention: We also process personal data for security purposes, to ensure IT security, to prevent fraud and abuse, and for evidentiary purposes. This may concern all categories of personal data mentioned in Section 4.
- Compliance with legal requirements: We want to create the conditions for compliance with legal requirements. Therefore, we also process personal data to comply with legal obligations and to prevent and detect violations. This includes, for example, complying with disclosure, information or reporting requirements, such as those related to regulatory obligations, complying with archiving obligations and assisting in the prevention, detection and investigation of criminal offenses and other violations, as well as receiving and responding to complaints and other reports, the monitoring of communications, conducting internal or external investigations, or disclosing documents to authorities if we have a factual reason to do so or are required to do so by law. For these purposes, we process in particular master data, contract data, financial data and communication data of employers and their contact persons, and possibly of insured persons (e.g., where there is a suspicion of improper benefits).
- Protection of rights: We want to be able to enforce our claims and defend ourselves against claims made by others. Therefore, we also process personal data to protect our rights, e.g., to enforce claims in or out of court and before authorities in Switzerland and, if necessary, abroad, or to defend ourselves against claims. Depending on the situation, we process different types of personal data, such as contact details and information about events that have given rise or may give rise to a dispute.
- Other purposes: We may also process personal data for other purposes, such as our internal operations and administration. This includes IT management, accounting, data archiving and management of our archives, training and education, reviewing or executing corporate transactions such as acquisitions, divestitures and mergers, the forwarding of inquiries to the competent bodies, and in general reviewing and improving internal processes.
7. What is the legal basis for the processing of personal data?
Our activities in the area of mandatory occupational pension schemes are governed by legislation on occupational pension schemes, in particular the Swiss Federal Law on Occupational Pension Schemes and the Relevant Old-Age, Survivors’ and Invalidity Benefits (OP) and the Swiss Federal Act on Vesting in Pension Plans (FZG) and the associated regulations. As a federal body, we process your personal data in this area within the scope of our statutory processing powers (e.g., Article 85a et seq. of OP). In the area of supplementary pension schemes, our data processing is not subject to the data protection provisions of the OP, but to those of the Data Protection Act (DSG). In this context, we process your personal data in particular for the performance of a contract with the data subject or for pre-contractual measures (e.g., examination of a contract application), for the exercise of legitimate interests, on the basis of a separate consent or to comply with legal provisions.
8. To whom do we disclose personal data?
Not only pension funds, but also other entities are involved in the implementation of occupational pension schemes – employers, vested-benefit institutions, other insurers, medical care providers, etc. Your data will therefore be processed not only by us, but also by third parties. Below you will find an overview of the categories of recipients to whom we may disclose your personal data under certain circumstances. For further information, please refer to Sections 3 and 4.
- Employer: We do not disclose any information about your health or transactions such as purchases, early withdrawals, etc. to your employer
- Disclosures in the event of an insured event: In connection with the reporting and occurrence of an insured event and in connection with other services, such as the transfer or payment of a termination benefit, we may exchange data with, for example, vested benefit institutions, other pension funds, authorities and agencies (e.g., social insurers such as disability insurance or social welfare offices), other insurers, medical service providers and experts, banks and lenders, courts and external lawyers. As part of the processing of insured events and related investigations, we may also collect data from third parties (Section 3) and also share it with them, e.g., doctors and other service providers, experts, authorities, courts, respondents and lawyers. For example, we inform other social and private insurers about specific insured events in order to coordinate benefit obligations and to clarify and enforce the right of recourse. In particular, in the event of divorce or inheritance disputes, we disclose personal data to courts and other pension funds or vested-benefit institutions.
- Authorities and agencies: We may disclose personal data to public authorities, agencies, courts and other public bodies if we are legally obliged or entitled to do so or if this is necessary to protect our interests, e.g., in the context of official, court and pre- and extra judicial proceedings and in the context of legal obligations to provide information and to cooperate. Possible recipients are the following: Debt collection offices, criminal courts and criminal investigation authorities, tax offices or social security authorities. Data is also disclosed if we obtain information from public bodies, e.g., in connection with the processing of insured events (see above).
- Other persons: Where the involvement of third parties is required for the purposes set out in Section 4, data may also be disclosed to other recipients, such as persons involved in legal or regulatory proceedings, but also, where necessary, to potential purchasers of businesses, receivables and other assets and to other third parties about whom we will inform you separately where possible. Other persons also include recipients of a payment, authorized representatives, correspondent banks, other financial institutions and other entities involved in a legal transaction.
Service providers: We may also share your personal data with companies when we use their services. These service providers process the personal data on our behalf as so-called processors.
Our processors are required to process personal data only in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly and severally liable with us (e.g., pension fund experts). By selecting service providers and entering into appropriate contractual arrangements, we ensure that data protection is maintained throughout the processing of your personal data. These include, for example, IT services (such as policy administration and data retention services), the sending of e-mail newsletters, data analysis, etc., or consultancy services (such as those provided by occupational pension scheme experts, lawyers, recruitment consultants, medical officers, etc.).
The above information is required for legal or operational reasons. Legal and contractual confidentiality obligations therefore do not preclude these disclosures. Beneficiary data in connection with the mandatory occupational pension schemes will only be disclosed as required by law.
9. Where do we transfer personal data?
We process personal data exclusively in Switzerland.
10. How do we process sensitive personal data?
Certain types of personal data are considered “particularly sensitive” under the Data Protection Act, such as health information and biometric traits. The SIX Group Staff Pension Fund processes sensitive personal data only to the extent that this is necessary in connection with the implementation of the occupational pension schemes, in particular when processing disability cases. For further information, please see Section 4.
11. How do we protect personal data?
We take appropriate technical and organizational security measures to maintain the security of your personal data, to protect them from unauthorized or unlawful processing, and to protect them from the risk of loss, accidental alteration, unauthorized disclosure or access. However, like all companies, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable. Security measures of a technical nature include, for example, the encryption and pseudonymization of data, logging, access restrictions and the storage of backup copies. Organizational security measures include, for example, instructions to our employees, non disclosure agreements and controls. We also require the processors to take appropriate technical and organizational security measures.
12. How long do we process personal data?
We process and store your personal data:
- as long as it is necessary for the respective purpose of the processing;
- as long as we have a legitimate interest in storing it. In particular, we may need personal data to enforce or defend against claims, for archiving purposes, and to ensure IT security;
- as long as they are subject to legal retention requirements (cf. Article 27i et seq. of the Ordinance on Occupational Pension Schemes and the Relevant Old-Age, Survivors’ and Invalidity Benefits).
13. What are your rights regarding the processing of your personal data?
You have the following rights:
- the right to request information about your personal data stored by us;
- the right to rectification of incorrect or incomplete personal data;
- the right to erasure or anonymization of your personal data if they are not (or no longer) required for the implementation of the occupational pension schemes;
- the right to restrict the processing of your personal data insofar as the processing is not (or no longer) necessary for the implementation of the occupational pension schemes;
- the right to receive certain personal data in a structured, commonly used and machine readable format;
- the right to revoke consent with effect for the future, insofar as the processing is based on consent.
Please note that these rights may be limited or excluded in individual cases, e.g., if there are doubts about the identity or if this is necessary to protect other persons, to protect interests worthy of protection or to comply with legal obligations.
You can exercise the most important of the above rights via our web form
14. How to contact us
If you have any questions about this Privacy Statement or the processing of your personal data, you can contact us at: Dataprotection@six-group.com
15. Update of this Privacy Statement
Future updates may be required in response to changing legal, technical or business developments.