You are using an outdated browser. There may be optical and technical problems.
OK, CLOSE
Data protection is extremely important to the AXA Foundation for Occupational Benefits, Winterthur (hereinafter “Foundation”). This Privacy Policy sets out how and to what end your personal data is collated and processed (e.g. stored, used, transmitted, etc.) in connection with the provision of occupational benefits insurance, to what parties your personal data is transmitted, and what rights you hold in this respect under data protection legislation and other regulations.
This Privacy Policy does not contain an exhaustive description of the data processing activities carried out by the Foundation, and any action taken in specific instances may be governed in full or in part by specific privacy policies, general terms and conditions, summary sheets, or similar documents (with or without reference being made to such in this Privacy Policy).
The Foundation was established in order to provide occupational retirement, survivors’, and disability benefits insurance. Its purpose is to protect employees and employers of affiliated companies in accordance with its regulations against the economic consequences of loss of earnings resulting from old age, disability, or death. It provides benefits in accordance with the provisions governing mandatory occupational benefits insurance and also offers pension plans that exceed the minimum statutory requirements or offer only non-mandatory benefits. To this end, the Foundation processes the personal data of active insured persons and pensioners (together “beneficiaries”) from the companies affiliated to it. AXA Life Ltd is responsible for administration and distribution.
AXA Life Ltd processes personal data for the Foundation for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits cover in accordance with the tasks assigned to it. In this regard, it relies on personal data, including personality profiles and sensitive data requiring particular protection, so as to perform the tasks assigned to it by the Foundation in accordance with the applicable statutory framework.
Further information on data protection at AXA Life Ltd can be found in the data protection provisions of AXA Life Ltd, which can be accessed here.
Personal data as referred to below is any information relating to an identified or identifiable natural person (e.g. name, date of birth, email address, IP address). Information that has been anonymized or aggregated and cannot (or can no longer) be used to identify a specific person is not deemed to be data in this sense.
“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure/deletion of data.
The legal basis and purpose of the processing of your data is primarily the provision of occupational benefits cover, underpinned by the Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (BVG/OPA), the Federal Act on the Vesting of Occupational Old Age, Survivors' and Invalidity Benefits (FZG/VBA), as well as the related ordinances.
Over and above this, the processing of data is based on the initiation and/or performance of the affiliation contract, existence of a statutory requirement and/or consent (either from you or from a person you have authorized), as well as on the overriding legitimate interests of the Foundation (i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures).
The processing of your personal data is based on the principles of accuracy, lawfulness, transparency, data minimization, proportionality, responsibility, and data security.
This Privacy Policy is based on the requirements of the Federal Act on Data Protection (FADP), the implementing ordinance (OFADP), and – where applicable – other valid data protection legislation on a case-by-case basis. These data protection provisions do not contain an exhaustive description of the Foundation’s data processing activities; individual matters may be governed in full or in part by specific information (with or without reference to these data protection provisions). There are exemptions from the duty to provide information under data protection law. This duty does not apply if the information is not possible or if disproportionate effort is required, if you have already been notified about the data processing, if processing is provided for by law, or if the Foundation is legally bound to maintain confidentiality.
Data processing is the responsibility of:
AXA Foundation for Occupational Benefits, c/o AXA Life Ltd, Winterthur, General-Guisan-Strasse 40, CH-8400 Winterthur
The contact details for the Data Protection Consultant are:
Swiss Infosec AG
Centralstrasse 8A
6210 Sursee
Email address: DSB@infosec.ch
This includes first and last name, gender, date of birth, age, civil status, language, nationality, place of birth, place of origin, residence status, details of family members, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.
This includes information communicated during the application process, e.g. on the risk to be insured, on the level of employment, on the employment relationship and capacity for work, answers to questions, reports by experts, claims data from the previous insurer (claims history), as well as information on relationships with third parties affected by data processing (e.g. beneficiaries).
This is data that is made known in connection with the conclusion of an affiliation contract and/or performance of the contract. This includes, for example, social insurance numbers, policy or contract numbers, type of insurance and coverage, description of the risk, benefits, the premium, and the contract term.
This is data in connection with the processing of insured events: notification of the occurrence of an insured event, details of the reason for the insured event (e.g. accident, illness, date of event, etc.), and other information in connection with the verification and assessment of the insured event (e.g. details of especially sensitive personal data requiring particular protection, of persons involved and on third parties such as insurers, etc.), details of termination (withdrawal) benefits and other insured events.
This includes data on views or activities relating to religion, values, opinions, politics, or labor unions, on health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.
This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, as well as reports on other physical or mental impairments.
This includes, for example, salary data, account details, premium payments and outstanding premiums, reminders, and credit balances.
This includes, for example, notices of claim, medical reports, diagnoses, investigation reports, invoices, and pension dates.
This includes information about personal behavior, e.g. how the AXA website, www.axa.ch, and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.
This includes, for example, IP addresses, cookies, metadata, logs recording the use of systems, IP packets and other technical identification details, as well as data relating to online/telephone communication.
Beneficiary data that is communicated by employers as part of the onboarding process is processed in order to provide occupational benefits insurance. This ensures that beneficiaries are duly registered and insured in accordance with the provisions governing occupational benefits. The data that has been entered is processed to ensure that amounts are calculated correctly and that beneficiaries receive the precise amounts due to them should they become disabled or entitled to payments. Furthermore, processing beneficiaries’ personal data also allows the Foundation to ensure that insurance contracts are managed efficiently; this includes the settlement of payments and communication with the employers affiliated with the Foundation and their employees.
In addition, your personal data and the personal data of others is processed – insofar as is permissible and appears appropriate – for the purposes set out below, in which the Foundation and in some cases also third parties have a corresponding legitimate interest:
As the legal basis for the processing of your personal data in relation to mandatory occupational benefits insurance, the Foundation makes regular reference to a statutory basis, namely
as well as the related ordinances. As a federal body in the area of mandatory BVG/OPA benefits, the Foundation processes your personal data relating hereto in accordance with the processing powers granted by law (e.g. Art. 85a ff. BVG/OPA).
In the area of extra-mandatory occupational benefits insurance as well as of other non-mandatory areas, the Foundation processes your personal data based on:
The Foundation receives personal data from you when you transmit data to it or enter into contact with it. This can take place via various channels, e.g. via the online portal for employers/insured members, through the various ways you use to communicate with the Foundation (e.g. email, letter-based correspondence, phone, fax, etc.), or through the use of the Foundation website or the use of other services offered to you by the Foundation within the framework of its business activities.
The Foundation receives personal data in connection with the provision of occupational benefits insurance in accordance with the requirements laid down by law. The Foundation also receives personal data from third parties with which it works in order for business activities within the framework of occupational benefits insurance to be carried out and services to be provided. In addition, the Foundation receives personal data from public sources.
The Foundation receives, for example, personal data from the following third parties:
If your personal data is to be processed not by the Foundation but by AXA Life Ltd, by processors, or by other controllers, the Foundation will ensure by means of contractual provisions that the legal requirements are fully complied with. In principle, forwarding to third parties only takes place if:
Within the framework of its business activities and for the purposes set out above, the Foundation also discloses personal data to third parties – to the extent that this is permissible and appropriate – either because said third parties process data for the Foundation (order processing) or because they use the data for their own purposes (data disclosure). The third parties involved are, in particular, the following (all hereinafter referred to as “recipient” or “recipients”):
Not all recipients are based domestically; some may be based abroad. You must anticipate, in particular, that your data will be transferred to other countries within Europe and to the USA, where some of the IT service providers used by the Foundation are located.
If, by way of exception, the Foundation transfers data to a country which does not have an appropriate level of statutory data protection (such as the USA), it will require the recipient to put in place adequate measures to safeguard personal data (e.g. by means of the agreement of EU standard contractual clauses, the current version of which can be found here, other safeguards, or based on justification grounds).
The Foundation processes the data collected for as long as is necessary in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation), contractual retention periods, and the requirements imposed by the authorities for performing the specified processing tasks, as well as on the basis of overriding legitimate interests (e.g. documentation and evidence purposes), and in particular to provide evidence or to defend against claims and to demonstrate good data governance. The statutory retention period is generally at least 10 years. Social insurance legislation sets out longer retention periods. The statutory limitation period is generally between 5 and 20 years.
You have the right
Please note that the Foundation reserves the right to assert the restrictions provided for by law, such as if the Foundation is obliged to store or process certain data, or has an overriding interest in such (insofar as it may base its actions on this overriding interest), or requires the data in order to assert claims.
You should further note that the exercising of these rights may conflict with contractual agreements and this may lead to consequences such as the premature termination of the contract, or costs. Where this is not already contractually stated, in such an event the Foundation will inform you in advance.
If you believe the processing of your personal data violates the data protection legislation or that your rights under the data protection provisions are breached in any other way, you also have the option of submitting a complaint to the responsible supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/).
The exercising of your rights under data protection law generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport insofar as your identity is otherwise not clear and/or cannot be verified by other means). To assert your rights, please email the Foundation at the email address indicated in section 2.
This Privacy Policy may be amended over time, in particular should the Foundation implement changes in its data processing or if new legal requirements come into effect. Acts of data processing are generally governed by the version of the Privacy Policy in place when the respective data processing act began.