Like every provider of complex products and services, we process various data from various sources. Information regarding this data can be found here in sub-paragraph 3, and information regarding the purpose of the processing in sub-paragraph 4.
We frequently gather data from the employers of insured persons, e.g. when the employer registers you as a new employee with us, when the employer registers a resignation, a change to remuneration or informs us of another change or registers a claim event. However, we also gather data directly from you, e.g. when you register with us as a self-employed person, provide us with health information, register a beneficiary or a civil partnership, buy into a pension fund or wish to draw on your termination benefits, or if you change your job, wish to transfer your vested termination benefit to another pension or vested benefits institution or if you communicate with us about another matter. We can also collect data from other sources. You will find further details in this sub-paragraph 3.
We primarily process the categories of data described below, although this list is not exhaustive. If data changes over time (for example, if an address changes or in the event of another modification), we may, as circumstances dictate, process the previously provided data in addition to the current data. Beneficiary data in connection with compulsory pension provisions is only processed within the framework of the BVG.
Master data: We use the term "master data" to refer to the basic data that we require, in addition to the contractual data (see below), to process our contractual and other business relationships. We process your master data for example if you are an insured person, a dependent or beneficiary of an insured person, if you are a contact person from an employer, another pension provider or a supplier for such an organization or if we need to otherwise contact you for our own purposes or for the purposes of a contractual partner.
The master data consists first and foremost of name, address and contact details and, if applicable, date and place of birth, age and gender.
Furthermore, both private and professional contact data for insured persons likewise belong to the master data e.g. email address and telephone number, marital status and, if applicable, the date of marriage or divorce, or the date of entry or dissolution of a partnership, date and place of birth, age, gender, nationality and hometown, details of identification data (e.g. from your passport, your ID or other identification documents), OASI number (to the extent required by law), your contract, policy and insured-person numbers, details regarding previous pension or vested benefit institutions, the date you started or ended employment with an employer, personnel category, degree of fitness to work, level of employment, whether or not you are working in a fixed term contract, the registered and insured annual salary and the BVG annual salary.
Details regarding relationships to third persons, who are also affected by the data processing also fall under this data, e.g. about dependents and beneficiaries.
In the case of employers and other contractual partners who are companies, we process data concerning our contact persons, this may include name and address, details of titles, position in the company, qualifications and, where applicable, details of supervisors and employees. Depending on the area of activity, we are also required to check the company in question and its employees more closely, for example, by carrying out a security audit. In this case, we collect and process additional data, if necessary also from third party providers.
We frequently receive master data from your employer and from you but also incorporate further third party data. Third parties from whom we obtain data may include other Zurich Group companies and credit reporting agencies, media monitoring companies, financial service suppliers and banks from which you transfer assets to us or make transfers to us, address dealers, internet analysis services, public authorities, other insurers, parties to proceedings and publicly available sources such as the commercial register, media and sources on the Internet, public registers, media, etc.
Contract, claim and benefits data: This is information arising in connection with a possible or actual subsequent contract or its dissolution, the processing of a contract and the incorporation of insured persons into the occupational pension plan, but may also include information relating to the receipt of reports and the processing of pension claims (i.e. retirement, disablement or death) and relating to other services such as, for examples, a transfer, payout or termination benefit. Health related data and information about third parties also all under this category, e.g. if a person is declared unfit for work or upon the death of an involved person. We may also obtain this kind of data from third parties such as public authorities and agencies (e.g. social insurers or social offices), employers, other insurers, medical benefits providers and experts, from law courts or external lawyers.
Data relating to the conclusion of a subsequent contract with the employer, type and completion date and its processing and administration (e.g. information in connection with billing, consultation and customer service) also form part of this data. Contract data also includes information relating to complaints about and adjustments to a contract, as well as information about customer satisfaction which we may collect, for example, by means of surveys.
Furthermore, we also process data regarding termination benefits during the benefits relationship, e.g. their amount and about possible and completed buy-in. We receive this information from the insured person, from their employers and from other pension or vested benefits institutions.
We gather data in the course of processing pension claims such as, for example, reporting the occurrence of a claim event, claim number, details about the reason for the insurance event (if inability to work has been determined then the cause, e.g. illness or accident) and the date of the occurrence, details in connection with assessing the pension claim, details about other insurances and insurers, details about third parties, if applicable, such as persons involved, also especially sensitive personal data such as health data. We obtain this information from the insured person, from the insured person’s employer, and also work with third parties, e.g. with other insurers such as disability insurers, experts and doctors and all service providers from whom we receive data – including health data, if applicable with a separate release agreement.
For other claim events we process the data related to them, e.g. for the payment of termination benefits, data relating to the reasons for payment of the termination benefit (e.g. if the insured has become self-employed, completed a buy-in into the second pillar, left Switzerland permanently or if the termination benefit is negligible), details regarding your private account or that of a vested benefits institution and, if applicable, spousal agreement or agreement from registered life partner and the attestation of your signature. In the case of divorce or dissolution of a registered partnership we process information relating to the settlement of pension benefits (e.g. date of divorce or dissolution of registered partnership, any termination benefits obtained, advance withdrawals or drawn disability pension payments and court order in this context). We obtain this information from insured persons, their spouses or registered partners and from public authorities and courts.
Depending on the product we also process other data.
Financial Data: This is data relating to financial circumstances, payments and the securing of claims.
Financial data is, for example, information relating to payments and bank account details. This includes data in connection with premium payments from the employer and the securing of claims. For insured persons this also includes information about salary, buying into occupational retirement provisions and about the payment of termination benefits and pensions. We process financial data about beneficiaries, e.g. in connection with pensions to surviving spouses and registered partners, to children and other beneficiaries. We receive this data from insured persons, e.g. in the course of buying in or from the payment of termination benefits but also from banks, credit reporting agencies and from publicly available sources.
Communication Data: This is data relating to our communication with you and information regarding your use of our website. If you contact us via the contact form, email, telephone or chat, by letter or by any other means of communication, we record the data that is exchanged between you and us, including your contact details and other marginal data. If we record telephone conversations, we will draw your attention to this fact. If we want or need to establish your identity, for example, in the context of a request for information, application for media access, etc., we collect data to identify you (such as a copy of an identity document).
Communication data includes your name and contact details, the manner, place and time of the communication and normally its content, such as details in emails or letters from you or to you or from third parties or to third parties, if the latter also relate to you. This also includes direct and indirect contacts with us, e.g. customer service and your customer consultant (e.g. via a website or an app, in a chatbot in the internet or an app).
Other Data: We also collect data from you in other situations. This also would include data relating to you which accrues in connection with official or judicial proceedings (e.g. files, evidence etc.). We may also collect data for health protection reasons (for example, in the context of protection concepts). We may obtain or produce photographs, videos and audio recordings in which you may be identifiable (for example, at events, via security cameras etc.). We may also collect data about who enters certain buildings and when (including in the case of access controls, on the basis of registration data or visitor lists, etc.), who participates in events or campaigns (such as competitions) and when or who uses our infrastructure and systems.
The data we process in accordance with this Privacy Policy relates not only to our customers, but often also to third parties (you will find information on this in sub-paragraph 1 and in this sub-paragraph 3). We receive some data regarding third parties from employers (e.g. reporting a death) and from third party sources, but or the main part from the insured person. If you provide us with information about third parties, we shall assume that you are authorized to do so and that the information is accurate. By transmitting data about third parties, you confirm this fact. Therefore, please inform these third parties about our processing of their data and provide them with a copy of this Privacy Policy or the Customer Information Sheet on Data Protection. If we refer you to a new version of these documents, please also hand over these new versions in each case.
Certain data must be disclosed to us in connection with compulsory pension provisions due to a legal obligation i.e. as part of the employer’s cooperation obligations, e.g. affiliation with the pension scheme, and by insured persons in the event of pension claims and in connection with the legal obligations of other insurers. You are not usually obliged to disclose data to us, with the exception of certain individual cases, such as in the context of binding protection concepts. However, in the case of voluntary processes, such as buying into voluntary pension schemes or drawing upon termination benefits, we must process data for legal and operational reasons. If you do not wish to made this data available to us, we would therefore be unable to complete the applicable processes. When using our website, the processing of specific technical data is unavoidable (it is not usually personal data).
There are certain services which we can only make available to you if you provide us with certain registration data because we or our contractual partners wish to know who, for example, has responded to an invitation to take an action, because it is either technically necessary or because we wish to communicate with you. If you or someone you represent (such as your employer) wish to enter into or perform a contract with us, we need to collect relevant master, contract and communication data from you, and we process technical data when you wish to use our website or other electronic offers. Likewise, we can only send you a response to a request you have made if we process the relevant communication data and - if you communicate with us online - any applicable technical data. It is not possible to use our website without us receiving technical data.