Personal details are data that relate to an identified or identifiable natural person. Sensitive personal data are personal details that are specially protected by law due to their sensitivity, for example health data. Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or deletion. We comply primarily with the Federal Act of 25 June 1982 on Occupational Retirement, Survivors’ and Disability Pension Plans (BVG) and the implementing Ordinance of 18 April 1984 on Occupational Retirement, Survivors’ and Disability Pension Plans (BVV 2) and, subsidiarily, with the Federal Act of 19 June 1992 on Data Protection (FADP), the implementing Ordinance of 14 June 1993 to the Federal Act on Data Protection (OFADP) and any other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR]).
In the following, we will show what data we collect, what we use it for and what your rights are in this regard. Additional information can be found in other documents, for example declarations of consent, forms or regulations.
We not only process data of our insured persons, but also data of third parties, in particular of the following persons (each referred to as “they”):
- Applicant with an affiliated employer
- Dependants of insured persons (e.g. current and former spouses, life partners, parents and children) and other beneficiaries
- Authorised representatives and agents
- Claimants, injured parties and other persons involved
- Contact persons of social and private insurance providers, other pension and portable benefits institutions, contracting parties, any reinsurers, suppliers and partners as well as official bodies and authorities
- Members of our governing bodies
Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.
The following unit is responsible under data protection law for the forms of data processing described here:
- Pension Foundation of Baloise Insurance Ltd
4051 Basel, Switzerland
If you have any data protection concerns or wish to exercise your rights under clause 10, you can contact our data protection unit as follows:
- Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
3.1 General information
We process the categories of data described below within the scope of occupational pension provision, although this list is not exhaustive.
In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.
3.2 Master data
We refer to the basic data that we require in addition to the insured-person data (see below) for the processing of our pension relationships or for relationship management. Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, data from identification documents), other identification data (e.g. AHV number, customer number, UID number or Tax Identification Number) or information about your relationship with us (e.g. partner / insured person status, insured person history). Account information is also collected, including bank account details (e.g. account numbers).
Information on the persons affected by the data processing is also part of the master data, for example correspondence recipients, contact persons, family members or other beneficiaries.
If you are listed as a beneficiary in the claim to pension benefits, irrespective of whether you are also an insured person under pension law, we collect and process relevant information about you (e.g. name, date of birth, marital status), contact details (e.g. address, telephone number, email address) and bank account details for the purpose of processing subsequent payments (e.g. account number) in the course of processing pension obligations – for example in the case of payment of pension benefits (benefits in the event of retirement, death or disability) or modifications.
If you are a contact person of a company with which we have a business relationship, we also process data about you (e.g. name and address, titles, function in the company, qualifications and, where applicable, details of line managers and employees). Depending on the area of activity, we are also required to examine the company in question and its employees more closely, for example through a security check.
We receive master data from you or from third parties, for example an employer affiliated with the pension fund, other pension funds or social insurance institutions, authorities or the insured person you have appointed as beneficiary, as well as from public registers (e.g. the Commercial Register).
3.3 Data related to contracts and insured-person data
This is data that is collected in connection with the conclusion or processing of a contract. Insured-person data concerns data from information on employment conditions with an affiliated employer or other income data (e.g. entry date, degree of employment and salary component), in connection with the admission of insured persons to the pension fund (e.g. information on the previous pension fund or portable benefits institution), information on modifications (e.g. divorce, purchases), information in connection with the processing of claims to pension benefits (e.g. notification of the occurrence of the claim to pension benefits, reason for the occurrence of the claim to pension benefits such as age, death or disability and the event date, details in connection with the review of the claim to pension benefits), information about other benefit cases (e.g. withdrawal, divorce, advance withdrawal to finance home ownership), as well as information on your family situation (e.g. marital status, beneficiaries).
We also collect sensitive personal data, such as health data within the scope of a health examination upon admission to the pension fund or the review of risk benefits (e.g. information on the state of health and on previous accidents or illnesses, as well as information from relevant physicians), insofar as we require this information for the processing of the insurance relationship.
Insured-person data also includes financial data, i.e. information relating to payments and bank account details and to the enforcement of receivables, as well as information on income from employment, pensions and, occasionally, payment behaviour (i.e. information relating to payment demands and collection of receivables).
We generally collect data related to contracts and insured-person data directly from you, from contracting parties and from third parties involved in the processing of the insurance relationship (e.g. employers, other social insurance institutions or pension funds, physicians, authorities, courts), but also from third-party sources (e.g. the Central Compensation Office [CCO]), from persons in your environment (e.g. family members, legal representatives) and from publicly accessible registers (e.g. Register of Criminal Convictions when admitting new members to the supreme governing body). In doing so, we collect this data, and in some cases health data, for example from other pension funds and social insurance providers (e.g. previous insurers, regarding previous pension relationships), medical treatment providers and experts, external lawyers or credit reference agencies. If you enter into a pension relationship with us, you thereby release these offices from any duty of confidentiality. If necessary, we will obtain separate consent from you (e.g. as part of the health examination upon entry).
Data on the occurrence of a risk event primarily includes information on the specific risk event of death or disability, for example death certificate, clarifications and coordination of benefits. For this purpose, we work with third parties, for example other social insurance providers, experts or external claims adjusters in Switzerland and abroad, from whom we also receive data. In the event of a risk, we also process sensitive personal data (e.g. health data or, in some cases, data on criminal proceedings). Based on your declaration of release from confidentiality, we obtain relevant information from service providers (e.g. Federal Disability Insurance, daily sickness allowance insurance, physicians, psychologists, persons who provide services on the orders of or on behalf of a physician, laboratories, hospitals, facilities for [partially] inpatient or outpatient care, nursing homes). In order to clarify entitlement to benefits, for example in the event of recourse, we may also receive and process information on the risk event from other private and social insurance providers or other third parties involved.
3.4 Communication data
When you contact us via the contact form, via Baloise’s Customer Service, by email, telephone or chat, by letter or via other means of communication (e.g. customer portal), we collect the data exchanged between you and us, including your contact details and the marginal data of the communication.
We will specifically point out to you if we record telephone conversations, such as for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.
When communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents, answers to security questions) in order to prevent us releasing information to unauthorised third parties.
3.5 Other data
We may also collect data from you in other situations. In connection with official or judicial proceedings, for example, data accumulates (e.g. files, evidence) that may also relate to you. We may also collect data for health protection reasons (e.g. within the framework of protection concepts).
We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities).
Your data will only be processed by us for the purposes we have indicated to you when collecting your data, for which we are legally obliged or entitled to process it, and for other purposes compatible with this. For further details on the basis of our processing, please refer to clause 5.
4.1 Provision of the occupational pension
Prior to the establishment of a pension relationship, we process your data in order to offer you the desired consultation and to be able to contact you in this regard. Personal details – in particular master data, insured-person data and communication data – are collected from you or are derived from communication. When you conclude an employment contract with an affiliated employer, and to verify that you meet the requirements for Pillar 2 insurance with our pension fund, we also need your information to assess and evaluate the risk to be assumed by us (if necessary also with the assistance of third parties, e.g. physicians, other social insurance schemes).
If an insurance relationship is established, we process your data to implement the pension relationship, in particular to collect contributions, to provide regulatory benefits and to manage the insurance relationship, for example to process modifications and to communicate with you. This also includes consultation and insured person support, the enforcement of legal claims arising from contracts (debt collection, court proceedings, etc.) as well as accounting and termination of the pension relationship. In this context, we process in particular master data and insured-person data (incl. sensitive data) as well as communication data.
4.2 Statistical evaluations and data analyses
Data that we require for statistical evaluations and data analyses are aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of insurance-specific statistics (e.g. for the development of new insurance rates) or for topic-specific evaluations and data analyses. We also use the data of all existing contracts – likewise without the possibility of drawing conclusions about you personally – to analyse the entire insured person base and for the fulfilment of our insurance contractual obligations, for example for consultation regarding an adjustment to a regulation, for discretionary benefits or for the provision of comprehensive information.
4.3 Relationship management
If you are a pension recipient with our pension fund (e.g. retired person with pension or lump-sum withdrawals, recipient of a disability or spouse’s pension), we may pass on your data to your former employer in the Baloise Group for relationship management purposes. Your former employer sometimes grants retired and disabled employees and their relatives certain benefits and invites them to events for which it needs your contact details, for example invitations to a retirement event or delivery of gifts or magazines. In particular, we use your communication data for this purpose.
If you do not wish your data to be processed for the purpose of maintaining your relationship with your former employer in the Baloise Group, you can inform us of this (see “Responsible unit” in clause 2).
4.4 Statutory and regulatory obligations
In certain cases, we may be obliged to submit notifications to the authorities (e.g. tax notifications to the Swiss Federal Tax Administration in the case of pension or lump-sum withdrawals or to the Office for Debt Collection Assistance in the case of neglect of obligation to pay maintenance as part of the examination of an application for lump-sum withdrawals) or disclose documents. Your personal details may also be processed in the course of internal and external investigations, for example by law enforcement or supervisory authorities or an appointed private body. In doing so, we process your master data, insured-person data and communication data in particular.
4.5 Other purposes
We may also process your data for other purposes, for example, as part of our internal processes and our in-house administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims, such as by preserving evidence, legal clarifications and participation in judicial or official proceedings), security purposes (e.g. access controls), statistical purposes and the evaluation and improvement of internal processes.
Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us in writing with effect for the future. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.
Unless we ask you for your consent to processing, we base the processing of your personal details on the fact that the processing is necessary for the initiation or execution of a pension relationship with you or that we or third parties have a legitimate interest in doing so, for example in order to pursue the purposes described above under clause 4 and the associated objectives as well as to take appropriate measures.
Our activities in the area of compulsory occupational pension provision are governed by occupational pension legislation, in particular the BVG and the Federal Act of 17 December 1993 on Vesting in Occupational Retirement, Survivors’ and Disability Pension Plans (Federal Law on Vesting in Pension Plans, FZG) and the associated ordinances. As a federal body, we process your personal details in this area within the scope of our legal processing powers (data processing, file inspection, duty of confidentiality and data disclosure are governed by Art. 85a et seqq. BVG). In the area of non-compulsory pension provision, our data processing is not subject to the data protection provisions of the BVG, but to those of the FADP. Unless express written consent is required by law, the pension fund may pass on your data to the employer, other pension funds and social insurance institutions or other insurance institutions, namely any reinsurers or authorities. The disclosure and sharing of your data with third parties is governed by the data protection provisions of the BVG. Health data is treated in strict confidence. Such data can only be viewed by a restricted group of people.
In connection with the purposes set out in clause 4 above, we may also disclose your personal details to third parties, in particular to the categories of recipients below, who are bound by us to treat your details as confidential:
6.1 Affiliated employers
The pension fund shall provide occupational pension benefits for the employers affiliated in accordance with clause 1 of its Pension Regulations. Other employers with close financial or economic ties to Baloise Holding may also be affiliated. We may pass on your personal details to affiliated employers if we are legally obliged or entitled to do so. We will obtain your consent separately if such sharing of data requires your consent.
Your contact details will be passed on to your former employer in the Baloise Group for the purposes of maintaining relationships with pension recipients (e.g. retired person with pension or lump-sum withdrawals, recipient of a disability or spouse’s pension). If you do not wish your data to be shared for relationship management purposes, you can inform us of this or refuse or revoke your consent (see “Responsible unit” in clause 2).
6.2 Stakeholders in the occupational pension
In the interests of all insured persons, data may be shared, for the purpose of assessing and distributing risks, with reinsurers and any previous insurers, both in Switzerland and abroad:
In order to check and, if necessary, supplement your information when concluding the pension relationship in the event of a risk, your data (in particular the master and insured-person data) may be exchanged with other pension funds and social insurance institutions (so-called “previous insurers”) to the extent necessary for this purpose. We will obtain your consent separately if such sharing of data requires your consent.
We may insure risks assumed by us with special insurance companies (so-called “reinsurers”). If reinsurers make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. Such information, in particular, is data relevant to the contract and claim, such as name, date of birth, gender, policy number, type of insurance cover and risk, as well as the extent of the claim. We transfer your data to the reinsurer only to the extent necessary to fulfil our insurance contract with you or to protect our legitimate interests.
In the event of a claim to pension benefits or recourse, a mutual sharing of data with relevant liability insurers or social insurance providers can also take place in order to clarify the obligation to pay benefits. We may require separate consent for this.
In connection with the notification and occurrence of a claim to pension benefits and in connection with other services, for example a transfer or payment of withdrawal benefits, we may exchange data with, for example, portable benefits institutions, other pension funds, authorities and offices (e.g. social insurance providers such as, in particular, Federal Disability Insurance or social welfare offices), other insurers, medical treatment providers and experts, banks and lenders, courts and external lawyers. As part of the processing of claims to pension benefits and corresponding clarifications, we may collect data from third parties, but also pass it on to them, for example to physicians and other service providers, experts, authorities, courts, informants and lawyers. We inform, for example, other social and private insurance providers about specific claims to pension benefits in order to coordinate benefit obligations and to clarify and enforce recourse claims. Especially in the case of divorce and inheritance disputes, we disclose personal details to courts and other pension or portable benefits institutions.
The pension fund is required by law to appoint an auditor and an occupational pensions expert. These two bodies audit certain activities of the pension fund. In particular, we transmit insured-person data to these two bodies insofar as they require it for the performance of their activities.
6.3 Official bodies and authorities
We may also share your data with official bodies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- or extra-judicial proceedings and within the framework of statutory duties to inform and cooperate.
Data is also disclosed if we obtain information from public bodies, for example in connection with claims settlement or when checking an address.
6.4 Other third parties
In the event of a risk, the data required for this purpose can be processed and transmitted in the event of recourse to a liable third party (or its liability insurer) or in the event of the involvement of claims adjusters in Switzerland and abroad.
Your data may also be shared for the aforementioned purposes with other recipients (e.g. experts, physicians, informants, parties involved in legal proceedings or acquirers of assets). Other persons are, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.
6.5 Service providers in Switzerland and abroad
Some of our services and business functions are provided on our behalf by legally independent companies in Switzerland and abroad (see clause 9 below) (e.g. for the procurement of IT services). These service providers may process data about you where this is necessary for the performance of the contract. Data processed in this way also includes health data. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation. Where contractually or legally provided, these service providers may in turn engage third parties under the same conditions.
As part of the processing of your personal details by recipients in accordance with clause 6 above, your data may also be transmitted abroad, for example when personal details are transmitted to service providers. Under certain circumstances, we may also transmit data to third parties based abroad who are involved in the processing of the contract (e.g. any reinsurers, authorities or courts), as well as to other bodies such as foreign tax authorities.
In principle, data is always stored in Switzerland. In exceptional cases, your data may also be processed worldwide, including outside Switzerland or the EU or the European Economic Area (i.e. also in so-called “third countries” such as the USA), provided that a risk assessment carried out in advance does not reveal any risks for the data subjects that conflict with outsourcing. Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP. Therefore, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
You have the following rights in accordance with the applicable data protection law and if the conditions are met:
- You can request information about whether we process your personal details and, if so, what these details are.
- You can request us to correct incorrect data or complete incomplete data or correct or complete such data yourself to a limited extent via the customer portal at any time.
- You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations.
- You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out using automated processing, you have consented to the processing, or your data is processed for the conclusion or settlement of the pension relationship.
- In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.
- You may have the right to object to the processing of your data.
- You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss supervisory authority at www.edoeb.admin.ch.
Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a pension relationship with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We retain information in connection with the processing of data subject requests in accordance with the storage period (see clause 9).
If you wish to exercise your rights, you can contact us in writing or by email at the address below.
Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Your data will be stored by us for at least as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
Personal details may be retained for longer, for example if claims are asserted against us (during the statutory limitation period), if we are otherwise contractually, legally or officially obliged to do so or if legitimate (business) interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.
We treat your data as confidential and comply with the applicable data protection provisions. We also follow recognised security standards, for example ISO 27001, and continuously adapt our security measures to maintain the confidentiality, integrity and availability of your personal details.
10.2 Internet risks
In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our websites during transit by means of appropriate encryption mechanisms. In addition, we take appropriate technical and organisational security measures to reduce the risks on our websites. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.
10.3 Email encryption
We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer).
10.4 Blocking of access
In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our websites and customer portals. We do not accept any liability for any loss or consequential damage arising from the suspension or blocking of access.
Last updated in February 2023.