Privacy policy
Introduction
Thank you for your interest in our company and our insurance products. We take the protection of your personal data seriously and the protection and security of your personal data is of the utmost importance to the Substitute Occupational Benefit Institution (hereinafter referred to as “AEIS,” “we” or “us”). Accordingly, we adhere to the relevant principles of the Data Protection Act and other regulatory provisions. This also includes ensuring that we protect your personal data appropriately and consistently and meet the requirements for confidentiality, integrity, availability, traceability and proportionality in relation to the processing and management of your data.
This Privacy Policy explains how we collect and otherwise process personal data. This description is not exhaustive; other documents (general regulations or similar documents) regulate specific matters.
Personal data refers to all information relating to an identified or identifiable person.
This Privacy Policy applies to all persons whose data we process, regardless of how they contact us. It applies both to the processing of data that has already been collected and to data that will be collected in the future.
Data protection: your rights
If AEIS processes your personal data, you have the following rights:
- Right to information
You may ask us to confirm whether we process your personal data. If this is the case, you have the right to find out more about this data, such as what categories of data are involved and for what purpose the data is processed. - Right to rectification
If we have stored information about you that is incorrect, you may request that we correct or complete it. - Right to erasure or anonymisation
You may request that your personal data be erased or anonymised if it is no (longer) required for the provision of the occupational pension scheme or a related purpose. Under certain circumstances, we are unable to accept this request. Deletion or anonymisation is not possible, for example, if data processing is operationally necessary or if the statutory retention period has not yet expired. - Right to restriction of data processing
You may request that the processing of your personal data be restricted insofar as the processing is no longer necessary for the purposes of implementing the occupational pension scheme or a related purpose. - Right to data portability
You have the right to receive certain personal data in a structured, commonly used and machine-readable format. - Right of withdrawal
Insofar as data processing is based on your consent, you are entitled to revoke this consent with effect for the future.
Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about identity or if this is necessary to protect other persons, protect legitimate interests or comply with legal obligations.
You are free to lodge a complaint with the relevant regulatory authority, the Swiss Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/edoeb/en/home.html), if you have concerns as to whether we process your personal data in accordance with the law.
Contact and data controller
If you have data protection concerns, you can contact us at the following address:
Substitute Occupational Benefit Institution
Legal & Compliance
Elias-Canetti-Strasse 2
8050 Zürich
No response will be provided to any enquiries which we receive via that are not connected to data protection. For all other enquiries, you can use our online services or give us a call on +41 41 799 75 75.
General information about data processing
Purposes and legal bases of data processing
AEIS fulfils the tasks set out in Art. 60 and Art. 60a of the Swiss Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (BVG/LPP) and processes personal data primarily for the purpose of providing occupational pension benefits. The processing of this data is based on Art. 85a et seq. BVG/LPP as well as the Federal Act on Data Protection (FADP) and the corresponding Ordinance (FDPO).
Source of data
You often provide us with personal data yourself, e.g. when you provide us with data or communicate with us. This can be done via the contact forms, the upload platform, the customer portal or other channels.
We mainly receive personal data from current or former employers in connection with the implementation of the occupational pension scheme. They are legally obliged to provide AEIS with all the data required for the implementation of the occupational pension scheme. However, we may also obtain information about you from other third parties, such as:
- from people close to you (family members, legal representatives, etc.; e.g. powers of attorney);
- from Swiss Post and public offices, e.g. for address updates;
- from Swiss Post and public offices, e.g. for address updates;
- from banks and other financial service providers, private and social insurance schemes, pension benefit schemes and vested benefits institutions;
- from experts and from doctors and other service providers, from whom we also receive health data during investigations, possibly with a separate declaration of waiver;
- from service providers;
- from authorities, courts, parties and other third parties in connection with administrative and judicial proceedings;
- from public registers such as the debt enforcement or commercial register, from public bodies such as the Federal Statistical Office, from the media or from the Internet.
The data that we process in accordance with this Privacy Policy relates not only to insured persons, but often also to third parties. If you provide third-party data to us, we will assume that you are authorised to do so and that the data is accurate. By transmitting data from third parties, you confirm this.
Data transfer
As part of our business activities and the aforementioned purposes of data processing, we also disclose personal data to third parties to the extent permitted and deemed appropriate, whether because they process it for us or because they want to use it for their own purposes. This applies in particular to the following categories of recipients to whom we may disclose personal data:
- Employer (no disclosure of health data or information about transactions such as purchases, early withdrawals, etc.);
- Disclosures in the processing of insured events and corresponding clarifications;
- Address check, credit check and debt collection;
- Public authorities and offices;
- Other persons whose involvement results from the aforementioned purposes (e.g. recipient of a payment, authorised representatives, correspondent banks, other entities involved in a legal transaction).
Service providers: we may also share your personal data with companies whose services we use. These service providers process the personal data on our behalf as so-called “processors”. Insofar as the processors get third parties involved, we may approve this on a case-by-case basis so that your data can also be accessed by third parties. Our processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate measures to ensure data security. By selecting the service providers and by entering into suitable contractual agreements, we ensure that data protection is guaranteed for the entire time during which your personal data is processed.
These announcements are necessary for legal or operational reasons. Statutory and contractual confidentiality obligations therefore do not preclude such disclosures. Recipient data in connection with the occupational pension benefits shall only be disclosed within the statutory framework.
Duration of data processing
We process and store your personal data for as long as it is necessary for the respective purpose of processing.
Location of data storage
We store your data exclusively in Switzerland.
Data security
We take appropriate technical and organisational measures to safeguard the security of your personal data, to protect it against unauthorised or unlawful processing and to counter the risk of loss, unintentional modification, unintentional disclosure or unauthorised access.
Technical security measures include, for example, the encryption and pseudonymisation of data, logging, access and access restrictions and the storage of backup copies.
Security measures of an organisational nature include, for example, instructions and training for our employees, confidentiality agreements and checks. We also oblige our processors to take appropriate technical and organisational security measures.
As your device (tablet, PC, smartphone, etc.) is outside the security area we can control, you are required to find out about the necessary security precautions and to take appropriate measures in this regard. AEIS shall not be held liable under any circumstances for any damage that you may incur as a result of data loss or manipulation.
Application process
If you apply for a position with us, we process your personal data to carry out the application process. As a rule, your personal data is provided to us directly by you or a person appointed by you for the recruitment of personnel. Without this data, we will not be able to consider your application and decide on your suitability for the position in question.
For example, we use your contact details to make appointments with you. We collect personal information, such as that contained in your CV, and process data from references and education diplomas. In addition to this absolutely necessary data, you have the option of providing us with additional information for the application process. We use the data provided to us to evaluate your application and to make a decision.
Your data in connection with the application will only be shared with people who are involved in the application process, such as employees of Human Resources or superiors of the department involved. In addition, your data may be disclosed to authorities if there is a legal obligation to provide such information. Your data in connection with the application will be treated confidentially at all times. Should we wish to process your data in this regard in a way which deviates from the purpose of conducting the application process, we will inform you of this in advance and, if necessary, obtain a separate declaration of consent from you.
We can commission a service provider to advertise the position and conduct the application process (processor). The service provider may solely process the data of persons applying to AEIS (contact data, application documents, communication) for the purpose of managing the data. As a processor, the service provider is obliged to comply with all data protection legal requirements, in particular those of the Swiss Data Protection Act (DPA), when processing personal data. The service provider may only process the data to the extent that we ourselves are authorised to. The transfer of data processing to a third party (subcontractors) is only allowed subject to our prior approval. In principle, access to your data is granted only to persons who are aware of data protection and data security concerns and who are subject to a contractually imposed duty of confidentiality that extends beyond the termination of the contract.
If you send us your application by post, we will digitise the submitted documents and, if necessary, process them further via the web application of the commissioned service provider. The physical application documents provided will be destroyed after digitisation.
The data of the people applying to us will generally be erased no later than six months after completion of the application process. This does not apply if there is a justification for further processing, e.g. statutory provisions prevent deletion if further storage is necessary for the purposes of providing evidence or if you have consented to storage for an extended period.
If your application leads to the conclusion of an employment contract, the data will be stored and used for the usual organisational and administrative process and for the execution of the employment relationship. Further details are set out in the employment contract documents.
We reserve the right to compile statistics on the application process. This is done exclusively for the company’s own purposes and is always anonymised.
Privacy Policy for the website
Purposes of processing personal data on our website
Data on your user behaviour (such as search terms, sites visited, surfing behaviour, etc.) is collected for the purpose of optimising search results and user experience. This information is used to make our website more user-friendly and to continuously improve your browsing experience. For more information, please refer to the “Cookies and web tracking” section. The data you transmit to us in connection with your visit to our website depends in particular on the browser used and its settings. If your settings allow this, we use cookies and similar tools to provide you with the best possible browsing experience on our sites. This includes information such as the region you are in, the language you have chosen and the services you prefer.
Input fields
Various input fields are available on our website, which visitors can use to automatically forward information relevant to them in order to simplify their search (“Have you received a letter?” or “Search using your OASI number!”). If a user makes use of this option, the data of the document ID is transmitted to us and stored by us. Data is transmitted in encrypted form. Additional data such as the IP address and the time of sending are transmitted at the time of sending. The use of these input fields is voluntary and data is only transmitted during use. The social insurance number entered will not be stored and will not be further evaluated after the search.
Contact forms
Various contact forms are available on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored in our systems. Additional data such as the IP address and the time of submission are transmitted at the time of submission.
The data on the contact form is transmitted in encrypted form. The use of these input fields is voluntary and data is only transmitted during use. The information provided is stored and used to process the enquiry and any other related questions.
Call service
On our website, there is a callback service which can be used by our customers to arrange an appointment for telephone contact.
The data entered in the online form for the callback service is processed for the purpose of arranging a callback appointment. The arrangement of the callback appointment is our responsibility and will be technically implemented by our service provider ServiceOcean AG, Multergasse 11, 9000 St. Gallen, Switzerland. The data entered shall be transmitted to ServiceOcean AG. In order to provide its services, it is necessary for ServiceOcean AG to collect, store and process personal data on behalf of AEIS. ServiceOcean AG shall provide AEIS with the agreed callback appointment including the data entered. The call will be made by AEIS employees.
ServiceOcean AG stores all data in encrypted form on servers located in Switzerland. In its capacity as a processor working for AEIS, ServiceOcean AG is obliged to comply with all data protection regulations, in particular those set out in the Swiss Federal Act on Data Protection (FADP), when processing personal data. In principle, access to the data is granted only to persons who are aware of data protection and data security concerns and who are subject to a contractually imposed duty of confidentiality that extends beyond the termination of the contract. The web application used by ServiceOcean AG for the callback service is encrypted and meets the most stringent security requirements. The security standard is continuously updated by ServiceOcean AG in line with the latest technological developments.
The data shall be deleted by ServiceOcean AG once it has been successfully transmitted to AEIS. The deletion deadline is 30 days from the respective appointment/callback date. AEIS shall delete the data in accordance with the legal requirements.
Upload platform
We offer our customers the opportunity to upload documents via our upload platform. If this option is used, the uploaded documents are transmitted to us and stored in our systems. Additional data such as the IP address and the time of the upload are transmitted at the time of the upload.
Data is transmitted on the upload platform in encrypted form. The use of the upload platform is voluntary and data is only transmitted during use. The information provided is stored and used to process the enquiry and any other related questions
E-mail correspondence
We recommend that our customers exchange data electronically via our contact forms, the upload platform or the customer portal, as data transmission is encrypted via these channels.
If you contact us by e-mail, you are acting at your own risk and agree that we may reply to you via the same channel to the sender’s address. As data transmission in such cases is unencrypted, it is not possible to guarantee data security, which is why AEIS disclaims any warranty and liability. The information provided will only be stored for the purpose of processing the enquiry and any other related questions and will only be used in connection with the enquiry. If an e-mail is requested on behalf of a third party, the corresponding consent must be obtained.
Pension calculator
If you use the pension calculator on our website, we process the data you enter with a view to approximating pension benefits and contributions to financing.
The data entered and transmitted in the input screen of the pension calculator is used exclusively for the approximate calculation of benefits and contributions. This data is not stored or combined with other personal data that we process about you.
Cookies and web tracking
We typically use cookies and similar technologies on our website to identify your browser or device. Cookies are text files that are stored on your device (tablet, PC, smartphone, etc.) and enable an analysis of your use of the website. If necessary, the stored information will be retrieved at a later date in order to facilitate the use of our online services.
When you visit our website, cookies are also set in order to analyse your user behaviour on our website (web tracking). The data generated by the cookies about your user behaviour (search engines and search terms used, set browser language, browsers and plug-ins used, the referring URL, how long you spend on the website, entry/exit pages, cancellation rates and your IP address as well as its associated location) is anonymous and serves exclusively statistical purposes (data traffic analysis). The data is used separately from your personal data. These two data sets are not merged; therefore, the data about your user behaviour does not allow any conclusions to be drawn about your identity.
In the “Cookie settings” section, you can adjust the use of cookies on our website according to your needs. For information on how to enable and disable cookies via your browser’s settings, please refer to the “Allowing or blocking cookies” section.
Google Analytics
This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files that are stored on your device (tablet, PC, smartphone, etc.) and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and Internet use to the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other data held by Google. You may refuse the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at this link: Download browser plug-in.
For more information on terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://support.google.com/analytics/answer/6004245?hl=en
If you have registered with Google yourself, Google also knows you. Google will then be responsible for processing your personal data in accordance with its data protection regulations. Google only informs us of how our respective website is used (no information about you personally).
Tracking by Google Analytics can be blocked by disabling performance cookies or via your browser’s settings (see “Allowing or blocking cookies” section).
Friendly CAPTCHA (bot/spam protection)
Our website uses the "Friendly Captcha" service (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee, Germany).
Friendly Captcha is a privacy-friendly security solution that makes it difficult for automated programs and scripts ("bots") to use our website. We use Friendly Captcha to protect online forms on our website. Friendly Captcha checks whether data entered on our web pages (e.g. in a contact form) comes from a person or an automatic program.
For this purpose, we have integrated a program code from Friendly Captcha into the forms on our website so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the task was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them.
Friendly Captcha does not set or read cookies on the visitor's end device.
IP addresses are only stored in hashed (one-way encrypted) form for up to 30 days. They do not allow us or Friendly Captcha to draw any conclusions about an individual person. The data is used solely for the above-mentioned protection from spam and bots.
Further information on data protection when using Friendly Captcha can be found at friendlycaptcha.com/legal/privacy-end-users/.
Vimeo
Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our sites equipped with a Vimeo plugin, a connection to the Vimeo servers is established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged into your Vimeo account, you allow Vimeo to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your Vimeo account.
Tracking by Vimeo can be blocked by disabling performance cookies or via your browser’s settings (see “Allowing or blocking cookies” section).
Further information on how user data is handled can be found in Vimeo’s Privacy Policy at: https://vimeo.com/privacy
Google Maps
This site may use the Google Maps map service via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission. Google Maps is used in the interest of an appealing presentation of our online offerings and to make it easy to find the places indicated by us on the website.
For more information on how user data is handled, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=en/
Allowing or blocking cookies
You can use your browser’s settings to allow or block cookies – including for web tracking. You can either set your browser to block all cookies or to display a notification when a cookie is set. Please note, however, that you may not be able to use all of the services on our website if you have disabled cookies in your browser. The links below provide information on blocking or allowing cookies in the most popular web browsers:
- Microsoft Edge https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
- Firefox https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Google Chrome https://support.google.com/chrome/answer/95647?hl=en
- Safari https://support.apple.com/en-gb/guide/safari/ibrw850f6c51/mac
Cookie settings
Video surveillance locations
Purpose of video surveillance
A video surveillance system is used when accessing our sites. It serves to prevent criminal offences, to secure evidence and to exercise our right to impose the rules of our company. Information signs provide information about the video surveillance system. There is a right of access. Access to the video data is limited to a few people. The files are deleted on a regular basis.
Data controller
Substitute Occupational Benefit Institution
Legal & Compliance
Elias-Canetti-Strasse 2
8050 Zürich
Involvement of third parties
For the aforementioned purposes, AEIS may get third parties involved (e.g. specialists for technical support, service providers for processing enquiries, or communication partners) who thereby gain access to data, but only insofar as this is necessary for the performance of their services. AEIS ensures that third parties only process personal data in accordance with the requirements of the applicable data protection regulations.
Changes to this Privacy Policy
This Privacy Policy may be amended by us at any time without prior notice. The version published on this website at the relevant time shall apply.