Data Privacy Policy

The Personalvorsorgestiftung der Feldschlösschen-Getränkegruppe (hereinafter “PVS Feldschlösschen”, “we”, “us”) places great value on data privacy. In this Data Privacy Policy, we explain how and for what purpose we collect and process (e.g., store, use, transfer etc.) your personal data in connection with carrying out the occupational pension plan and our related services and other activities, including the granting of capital benefits for home ownership funding as well as visits to our website, to whom we forward your personal data, and your rights in this regard based on the data protection laws and other legislation.

Personal data is understood to mean all information concerning personal or factual circumstances which relate to a specific or specifiable natural person (e.g., name, address, e-mail address etc.) In this Data Privacy Policy, we also use the terms “your data” or “your personal data” to refer to such information.

We are committed to the responsible handling of your personal data. Consequently, we consider it a matter of course to comply with the Swiss Federal Law on Occupational Retirement, Survivors’ and Disability Pension Plans (BVG), the Federal Law on Vesting in Occupational Pension Plans (FZG), the Housing and Property Promotion Act (WEG), the Federal Law on Data Protection (Data Protection Act, DSG), as well as the associated ordinances and other Swiss data protection regulations that may be applicable.

In this Data Privacy Policy, we inform you about:

  • which personal data we collect from you and process;
  • the purposes for which we use your personal data;
  • who has access to your personal data;
  • how long we process your personal data;
  • which rights you have with regard to your personal data; and
  • how you can contact us.

This Data Privacy Policy covers the collection of personal data both on-line and off-line in connection with our business activity, including such data we have received from different sources e.g., from your affiliated employer, from authorities and other third parties (e.g., trusted physicians).

We subsequently make detailed information available to you. This information is divided into a general data processing part and a special part which includes the insurance area.

Please note that this Data Privacy Policy does not contain an exhaustive description of our data processing practices and that individual matters may be governed in whole or in part by specific privacy statements, terms and conditions, fact sheets or similar documents (with or without reference in this Data Privacy Policy).

1     Responsible office

The responsible office for data processing under the terms of the Data Protection Act is the:

Personalvorsorgestiftung der Feldschlösschen-Getränkegruppe
Feldschlösschenstrasse 34
4310 Rheinfelden, Switzerland
Tel.: +41(0)58 123 48 44
E-mail: info@pvs-feldschloesschen.ch

If you have any concerns or questions on data protection legislation in connection with the provision of our insurance services or this Data Privacy Policy, please contact: info@pvs-feldschloesschen.ch.

1.1          Data privacy advisor

The contact details for our data privacy advisor are:

Swiss Infosec AG
Centralstrasse 8a
6210 Sursee, Switzerland
Tel. +41(0)41 984 12 12
E-mail: dsb@infosec.ch
Website: www.infosec.ch

2     Data privacy in general

2.1          Personal data processed by us

PVS Feldschlösschen processes various personal data irrespective of the way in which individuals contact us, e.g., by telephone or e-mail etc. These concern in particular personal information:

  • which we receive in connection with our business activity in mandatory, supplementary or voluntary pension provision (e.g., current and former spouses, life partners, parents and children and other beneficiaries), authorised representatives (e.g., legal representatives), future insured persons, interested parties, service providers, or other persons involved in the course of business activities;
  • from former, current or future employers or their contacts; members of the employer’s family and their employees;
  • from members of our organs;
  • from visitors to our website or our premises;
  • which we receive through contacts/contact forms/offer forms/other forms;
  • which we receive under the terms of an authorisation;
  • which we are legally or contractually obliged to collect;
  • which we receive from authorities or other third parties (trusted physicians, social and private insurers, other pension and vested benefits institutions, suppliers and partners).

Depending on the type of relationship, we process your personal data such as:

  • Contact details, user data and identification details such as surname, first name, address, e-mail address, telephone number;
  • Personal details such as date of birth, gender, nationality, place of birth, domicile, residency status, marital status, information from ID details (e.g., passport or ID), beneficiaries, language, next-of-kin details, health data, family certificate, birth certificate, educational diplomas/certificates, insurance number and social security number, contract number, if required information on former pension or vested benefits institutions;
  • Information related to the processing of benefit cases: Notification of the occurrence of a benefit case, information on the reason for the benefit case (e.g., accident, illness, event date, etc.) and further information in connection with the examination and assessment of the benefit case (e.g., information on personal data requiring special protection, on persons involved and on third parties such as insurance companies, etc.), information on termination benefits and other benefit cases;
  • Information on third parties such as esp. information on family members;
  • Contract data such as type and content of contract, type of products and services, forecast data, applicable terms and conditions of business, start and duration of contract, billing details and information on other insurances;
  • Financial and work data such as salary details, account information, payment information, payment history, credit rating, income, purchasing power, FTE, employment relationship, fitness for work;
  • Peripheral data from telecommunications traffic such as telephone number, date, time and duration of connection, type of connection, location data, IP address, device ID numbers such as MAC address;
  • Interaction and usage data: such as correspondence, preferences and target group information, device type, device settings, operating system, software, information relating to the enforcement of rights;

2.2          Where do we get personal data from?

2.2.1 Personal data that you provide us with

We receive personal data from you when you transfer data to us or get in touch with us. This can happen through various different channels and via different media which you use to communicate with us (e-mail, letters, telephone, fax etc.) or by using our website.

2.2.2 Personal data we receive from third parties

We receive personal data in connection with carrying out the occupational pension plan in accordance with the legal provisions (see Sections 2.3.1 and 3 below). We also receive personal data from third parties with whom we work in order to carry out the occupational pension plan business and provide products and services, or to ensure the operation of our website. In addition, we receive personal data from public sources.

For example, we receive personal data from the following third parties:

  • employers;
  • persons close to you (family members, legal representatives etc.);
  • experts, physicians and other service providers who conduct investigations into your health;
  • private insurance companies and social security offices, other pension and vested benefits institutions;
  • banks and other financial service providers (e.g., Brokers, re-insurers etc.);
  • credit agencies;
  • authorities, courts, parties and other third parties in connection with official and legal proceedings;
  • other service providers;
  • public records (commercial register, debt collection register).

2.3          Purposes for which we process personal data

2.3.1 Occupational pension plan business

We process data provided to us by actively insured persons as part of the entry process for the purpose of implementing the affiliation agreement of the companies affiliated for the statutory occupational pension plan. In so doing, we ensure that the active insured persons are correctly registered and insured according to the regulations of the occupational pension plan. The collected data are processed in order to ensure that the contributions are correctly calculated and that, in the event of claims or disability, the active insured person receives the benefits to which they are entitled. Furthermore, processing the personal data of persons actively insured with the PVS Feldschlösschen also enables the effective administration of insurance contracts, including the settlement of payments and communication with actively insured persons.

2.3.2 Additional purposes

In addition, we also process personal data concerning you and other individuals, where permitted and where we consider it appropriate, for the following purposes in which we (and in some cases also third parties) have a legitimate interest commensurate with the purpose:

  • communication and processing of enquiries (e.g., via contact forms, e-mail, telephone, media queries);
  • assertion of legal claims and defence in connection with legal disputes and official proceedings:
  • corporate law transactions which concern the PVS Feldschlösschen, and the transfer of personal data related to these;
  • prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analyses to combat fraud);
  • compliance with legal and regulatory obligations as well as the internal regulations of the PVS Feldschlösschen;
  • guaranteeing our operation, in particular IT, our website and other platforms, if applicable.

2.4          Legal bases for processing

2.4.1 Obligatory occupational pension area

As the legal basis for processing your personal data in the area of obligatory occupational benefits, we regularly rely on a legal basis, namely on the following:

  • Federal Law on Occupational Pensions for Old Age, Survivors and Disability (BVG);
  • Federal Law on the Transfer of Vested Benefits (FZG);
  • Federal Law on Funding for Home Ownership (WEG);

and the related ordinances. As a federal body, we process your personal data in this area within the scope of our statutory processing powers (see Art. 85a ff. BVG).

2.4.2 Supplementary occupational pension area and other areas

In the supplementary occupational pension plan area and other non-mandatory areas, we process your personal data base on:

  • a declaration of consent, provided you have given us one to process your personal data for specific purposes. We process your personal data within the scope and on the basis of this consent, insofar as we have no other legal basis and we require such a legal basis. Any consent that has been granted may be revoked at any time but with no impact on data already processed. You can revoke your consent by e-mail or by post to the e-mail or postal address given in Section 1.1,
  • conclusion or fulfilment of a contract with your employer (affiliation contract concerning the occupational pension plan),
  • conclusion or fulfilment of a contract with you or your query in advance of this (e.g., for home ownership funding agreements),
  • overriding interest (for example, to guarantee information security or data protection or perform tasks in the public interest), in this case, however, you can under certain circumstances lodge an appeal,
  • a legal obligation (e.g., In the case of documents or information for which there is a time-limited retention obligation).

3     Data privacy in particular: Occupational pension plan

If you are an employee of a company which has affiliated itself to PVS Feldschlösschen for the purpose of the statutory occupational pension plan, we collect personal data from you as part of the joining process in response to a corresponding notification of joining from your employer, in order to include you as an insured person with the PVS Feldschlösschen (hereinafter referred to as “active insured person”). As soon as you receive a pension from us (e.g., old age pension, disability pension etc.), you are a “pension recipient”.

3.1          Processed personal data in the PVS Feldschlösschen insurance area

The personal data processed by us within the framework of the occupational pension plan include in particular:

  • your master data (e.g., name, address, contact details, age, gender, marital status and, if applicable, data of marriage or divorce or registration or dissolution of the partnership, insurance number, if applicable details on former pension or vested benefits institutions as well as your AHV number as legally required),
  • Health details: we collect these details from the respective notification of joining or from the employer’s case management, from supplementary information about the actively insured person or their answers to questions about the insured risk or information and data from third parties as part of any more detailed medical examination (esp. physicians, other professionals, experts, former pension plan, insurances/social security providers, etc.)
  • information on third parties insofar as they are affected by the data processing (e.g. on family members (children) or beneficiaries),
  • details of the employment relationship or the respective contact person (e.g., company, name and address, function within the company and in particular salary details and FTE),
  • contract, case and benefit data that arise in connection with a possible or actual affiliation agreement or its termination, the inclusion of insured persons in the occupational pension plan and the settlement of the contract. This also includes, for example, information relating to benefit cases (e.g., notification of the occurrence of a benefit case, claim number, cause) or other benefits (e.g., payment of termination benefit) as well as health details (e.g., date of occurrence of incapacity to work or death).
  • financial details (e.g., income, buy-ins to the occupational pension plan and payments of termination benefits, divorce benefits, advance withdrawals for home ownership funding and pensions, financial details of beneficiaries such as surviving spouses/registered partners and bank coordinates).

We collect these data from the employer’s notification of joining, from supplementary information about the actively insured person or their answers to questions about the insured risk or information, and data from third parties as part of any more detailed medical examination (esp. physicians, other professionals, experts, former pension plan, insurances/social security providers, etc.)

3.2          Purpose of processing personal data in the insurance area

We process your personal data in order to carry out the occupational pension plan business. This covers the following purposes:

  • Conclusion and settlement of affiliation agreements with employers
  • Inclusion of insured persons as well as keeping one or more pension capital accounts, for which we process, in particular, information on contributions, buy-ins, retirement capital and pay-outs
  • Examination and settlement of pension cases (retirement, disability, death) and, if applicable, payment of benefits
  • Granting of capital benefits within the framework of home construction or home ownership funding.

4     Third parties to whom we disclose and transfer personal data

If your personal data are processed by contractors or other responsible persons and not by us, we ensure that the legal provisions are fully observed. In principle, personal data are disclosed to third parties only if:

  • This is necessary to perform the occupational pension plan’s business,
  • This is necessary for drawing up the contract,
  • The disclosure is permissible on the basis of a balancing of interests,
  • We are legally required to disclose, or
  • We have received your consent.

We also disclose personal data to third parties within the scope of our business activities and for the above-mentioned purposes, insofar as this is permitted and appropriate, either because they process such details for us (order processing) or because they want to use it for their own purposes (data disclosure). In particular, this concerns (all referred to hereinafter as «recipient»):

  • Employers (affiliated business, auditor and actuary of the employer; however, no information relating to your health, your retirement capital or individual transactions such as buy-ins or advance withdrawals is disclosed);
  • Other service providers, including entities contracted by us for the processing and storage of your data (e.g., external administrators, IT providers), for sending and receiving e-mails, for offering and developing specific functions related to our web presence;
  • Our auditors;
  • Pension plan experts;
  • Trusted physicians, experts and other service providers;
  • Security funds;
  • Business partners, credit rating companies, debt collection partners;
  • Authorities (supervisory and tax authorities);
  • Other social security providers (e.g., AHV or other pension plans);
  • Insurance companies (e.g., for risk reinsurance);
  • Banking institutions and payment service providers;
  • Other Feldschlösschen departments (e.g., the human resources (HR) department for the purpose of inviting pensioners to events, in the event of deaths, etc.) so that such cases can be communicated internally.
  • Public offices and courts.

Some recipients are in Switzerland, but others are abroad. In particular, they must be aware that their details may be disclosed to other countries in Europe where some of the IT service providers contracted by us are based.

If, as an exception, we transfer data to a country in which no appropriate level of legal data protection exists (e.g. the USA), we ask that the recipient takes appropriate measures to protect personal data (e.g. through an agreement on so-called EU standard clauses, current version available here, other precautions or based on justification grounds).

4.1          Duration of data processing

We process personal data for as long as is necessary to fulfil our contractual obligations or otherwise for the purposes pursued in connection with the processing, for example for the duration of the entire pension relationship (from entry to exit from the pension plan or until the termination of our obligation to provide benefits) and beyond that in accordance with the statutory retention and documentation obligations. In some circumstances, personal data may be retained for the duration of the period in which claims are made against us and if we are otherwise legally obliged to retain such data, or if justifiable interests necessitate this (e.g., for the purposes of evidence and documentation). As soon as your personal data are no longer required for the above purposes, they are essentially deleted or anonymised.

4.2          Processing location

In principle, we process personal data only in Switzerland or in an EU/EEA country or in a country which has appropriate data protection in place.

5     Disclosure of personal data abroad

Personal data are processed almost exclusively in Switzerland. One exception is the disclosure of personal data in order to provide a service in a benefit case involving a person insured with us (payment of insurance benefits to an insured person resident abroad), or if we use IT services for which the disclosure of personal data abroad is unavoidable.

If we disclose personal data to a state without an appropriate level of data protection, we ensure the adequate protection of such data.  One way to ensure an appropriate level of data protection, for example, is to conclude data transfer agreements with the recipients of your personal data in third-party countries which ensure the requisite level of data protection. This includes agreements that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner: so-called standard contractual clauses, which can be viewed here.

Please note that such contractual precautions can partially compensate for a weaker level of legal protection or the lack thereof, but cannot completely exclude all risks (e.g., of access by governments abroad). In exceptional cases, disclosure of data may be permissible in countries without adequate data protection or in other cases, e.g., based on consent, in connection with legal proceedings abroad, or if the disclosure is required in order to process a contract.

6     Visiting our website

When you visit our website, we collect and process your data primarily in order to provide you with an interesting, user-friendly, functional, stable and secure web presence and the on-line content and services.  If you want to contact us via a specific function (e.g., e-mail correspondence), we record the communication between you and us as well as the personal data disclosed to us in this context for the purpose of this communication.

6.1          Server logfiles

When you visit our website, our servers temporarily store every access in a protocol file: the so-called server logfiles

For example, this lists your IP address, the data and time of your visit, name of the requested file, access status (done, partially done, not done, etc.), the web browser and operating system used, as well as other similar information that serves to avert dangers in the event of attacks on our IT systems.

Before we store your IP address it is anonymised and not linked with any other data. No personal analysis is carried out and your personal data in the server logfiles is not linked with any other personal data that may exist about you.

The purpose of processing this information is to display our website and its content and offers correctly and to ensure data traffic, to optimise our website, content and offers, to ensure the stability and security of our website and systems on a permanent basis and to enable the clarification, defence and prosecution of cyber attacks, spam and other unlawful acts in relation to our website and systems and to enforce claims in this respect.

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected.  Data recorded for accessing our website is deleted when the session has ended.

For website hosting services we can contract the third parties in Switzerland and abroad who carry out the above processing on our behalf.  Currently our websites are exclusively hosted by Swiss hosting providers and on servers in Switzerland.

6.2          Making contact

On our website you have the option of contacting us by e-mail or by telephone. If we are contacted by e-mail or telephone, the personal data (e.g., E-mail address, name, telephone number etc.) disclosed to us during this contact are recorded, stored and used to respond to your concerns.

Your data are stored by us in order to process your query and for the purpose of follow-up queries, and are not forwarded to any unauthorised third party without your consent. Naturally this also applies to queries we receive by post.

You can object to this data processing at any time. Please send your objection to the e-mail address given in Section 1.1 and we will review your request. In such a case, your contact record is not further processed.

Your personal data are deleted as soon as your request has been carried out. This is the case if it can be inferred from the circumstances that the matter has been conclusively cleared up and the deletion does not violate any statutory retention obligations.

6.3          Links to third-party websites

Our website can contain links to other websites which are not operated by us and not covered by this privacy policy. After you click on the link, we have no more influence on any third parties processing the transferred data (e.g., the IP address or URL), since naturally the behaviour of third parties is beyond our control. For this reason, we accept no liability for this third-party content. The respective provider or operator is responsible for the content of the linked websites.

Illegal content was not identifiable at the time of linking. However, a permanent control of the contents and examination of the linked pages without concrete indications of an infringement is not feasible. Such links will be immediately removed if infringements are detected.

7     Data security

We employ state-of-the-art technical and organisational security measures to protect your personal data against access, manipulation, loss, destruction or disclosure by unauthorised persons.

Our security measures also include the encryption and/or pseudonymisation of your personal data. This prevents unauthorised third parties from viewing such information at any time. Security measures of an organisational type cover e.g., directives to our employees, confidentiality agreements and controls. We also oblige our contractors to take appropriate technical and organisational security measures.

Our security measures are continually being optimised by us and external experts in line with technical developments.

Our employees and our contracted service providers are sworn to secrecy and obliged to observe all data protection legislation. Over and above this, access to your personal data is granted only to the extent necessary.

8     Your rights

You have the right

  • To request information about the personal data stored by us
  • To have incorrect or incomplete personal data corrected
  • To request the deletion or anonymisation of your personal data if they are not or no longer required for the purpose of the occupational pension plan.
  • To request that processing of your personal data be limited insofar as they are not or no longer necessary for occupational pension plan purposes;
  • To receive specific personal data in a structured, straightforward and machine-readable format;
  • To revoke your consent with effect for the future if data processing is based on a letter of consent.

Please note that we reserve the right to comply with legally prescribed restrictions, for instance if we are obliged to store or process certain data, have an overarching interest in so doing (as far as we can enforce it) or require the data for the purpose of enforcing claims.

Note that exercising these rights may be in conflict with the contractual agreements and may result, for example, in premature termination of contract or have cost implications. In such cases we will notify you in advance unless the matter is already contractually governed.

If you believe that the processing of your personal data violates data protection legislation, or that your rights under data protection legislation have been infringed in any other way, you can also lodge a complaint with the responsible supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (EDÖB; https://www.edoeb.admin.ch/).

As a rule, exercising your data privacy rights requires you to provide clear proof of your identity (e.g., copy of an ID in cases where your identity is not otherwise clear or verifiable). To exercise your rights, please contact us by e-mail at the e-mail address given in Section 1.1.

9     Amendments to this Data Privacy Policy

This Data Privacy Policy may be amended in the course of time, in particular if we change our data processing or if new legal provisions become applicable. In general, the Data Privacy Policy in the version current at the start of the relevant processing applies to data processing in each case.

This “Data Privacy Policy” have been translated into French, Italian and English. In the event of differences between the various language versions, the German version is authoritative.