• What is this data protection statement about?
• Who is responsible for processing your data?
• What is "personal data" and what is "processing"?
• Who is affected by our data processing?
• What data do we process about you, for what purpose do we do so and from whom is it collected?
• Do we make automated individual decisions?
• To whom will your data be disclosed?
• Will your data be disclosed to other countries?
• How long will your data be processed for?
• How is your data protected?
• What are your rights?
• Can this data protection statement be changed?

Data protection is a matter of trust and your trust is important to us. Although we have not changed the way we handle our personal data, we will inform you how we handle the personal data of our insured persons, tenants and mortgagees in accordance with the requirements of the revised Federal Act on Data Protection as of 1 September 2023.

It is important to us that you are fully informed about the processing of your personal data. It is important to us that you understand:

• which personal information about you we process;
• the purpose that we use your personal data for;
• who has access to your personal data;
• how long we keep your personal data for;
• what happens to your personal data after the end of our business relationship or after the statutory retention period.

This data protection statement applies to all of our services and activities, unless we provide you with a separate data protection statements for such purposes.

The following pension fund is responsible for the data processing according to this data protection statement, either alone or together with others:

Ascaro Vorsorgestiftung
Belpstrasse 37
3007 Bern

For data protection inquiries, you can contact us as follows:

E-mail address:
Libera AG, datenschutzberater.pk@libera.ch

"Personal data" refers to data that relates to a specific or identifiable person, i.e. that allow conclusions to be drawn about their identity.

 "Sensitive personal data" are categories of personal data that are sensitive, which is why their processing may be subject to special requirements. Sensitive personal data includes, for example, health data and data on criminal or administrative sanctions, as well as on social assistance measures. 

In Section 5 you will find information on the data that we process in the context of this data protection statement.

"Processing" means any handling of personal data, in particular its collection, storage, use, disclosure and deletion.

Our data processing may, in particular, concern the following persons ("data subjects"):

• Actively insured persons who work for an employer affiliated with us and, as a result, are insured for occupational pensions
• Persons who receive retirement, disability or survivors' benefits
• Third parties legally affiliated with those persons who are insured with us
• Tenants of our properties
• Mortgagees
• Contact persons of our affiliation and business partners
• Claimants, liable persons and other parties involved
• Members of our corporate bodies

If we process data from third parties that we have received from you, we assume that the data subject has been informed about and agrees to the data processing by us.

Depending on the reason and purpose, we process different data from different sources.

In the area of the mandatory occupational pension insurance, we process personal data exclusively to fulfil our legal obligation. In the non-mandatory occupational pension insurance, the processing of personal data is governed by the pension contract and pension fund regulations. If you are tenant of one of our properties or mortgagees, the purpose depends on the conclusion and execution of the rental or mortgage agreement.

We primarily process the categories of data described below for the above-mentioned purpose, although this list is not exhaustive. If data changes over time, in addition to its current status, we also retain its previous status.

Master data

We refer to the basic data that we need to process our contractual, legal and other relationships as master data. For example: the name, gender, address, date of birth, marital status and social security number of insured persons and beneficiaries.

We receive the master data from you or our business partners who work on our behalf (for example, property managers).

Financial data

We process payroll data on actively insured persons in order to determine the following values in particular:

• the amount of contributions
• purchasing potential
• the benefit level in risk cases (death, disability and old age)
• retirement assets

The payroll data will be transmitted to us by your employer.

Furthermore, we process bank data as well as, for example, purchases into occupational pension insurance and the payment of termination benefits, for benefit orientation. We receive this data from you.

Health data

In accordance with our regulatory provisions, a health check may be provided for the non-mandatory occupational pension insurance before entering our pension fund. We will receive the necessary information from you or from our trusted doctor.

In order to clarify the obligation to pay in the event of disability, we can obtain files from the Disability Insurance (these usually also contain documents on daily sickness benefits insurance) and accident insurance. In addition, we can seek clarifications from your employer.

It may happen that your health becomes the subject of legal proceedings, which is why we may also receive files from lawyers and courts.

Information on social assistance or criminal and administrative sanctions

If you make use of social assistance measures or if you are subject to an administrative or criminal sanction, we will receive information in this regard from the Social Security Office, the dept collection agency or other competent authorities, insofar as this is relevant to us (payment of a retirement benefit to the dept collection agency or the like).

If you are a tenant of a property or mortgagees, you have provided us or our commissioned data processor (see ("service provider")) with an excerpt from the debt collection register at the start of the rental, as well as all other information and documents listed on the rental mortgage application form.

Communication data

If you contact us, we will process your communication data (address, e-mail address, telephone number, etc.).

We receive this data primarily from you, but it may also be disclosed to us by third parties, such as Swiss Post (address updates) or by employers and contractual partners.

Other data

Information about relationships with third parties who are also affected by the data processing is included in this data, e.g. a partnership and children in beneficiary declarations or child pension benefits.

It may happen that we receive personal data from authorities and offices of all kinds (unemployment insurance, tax authorities, supplementary benefits, etc.)

In addition, we can gain knowledge of civil law matters for a range of proceedings (e.g. an extract from the land registry, a will, a divorce). However, we will only receive these documents from you or your descendants. 

According to the Federal Act on Data Protection, automated, i.e. purely computer-based and without the involvement of an employee, individual decisions must be marked as such. Depending on the process, such automated individual decisions can occur the area of occupational pension insurance.

Such automated decisions are marked as such by us. You can also assert the rights pursuant to Section 11 with regard to these automated individual decisions.

Our employees have access to your personal data insofar as this is necessary for the purpose of processing and the activities of the employees concerned. These employees act according to instructions and must maintain confidentiality and secrecy in the handling of your personal data.

In addition, the following institutions may become aware of your data:

Authorities and offices

It may happen that we disclose your personal data to authorities and offices pursuant to legal obligations (unemployment insurance, supplementary benefits, social welfare office, a specialist office in the event of negligence of a maintenance obligation).

Courts

In the event of social security disputes or family or inheritance disputes, disclosure of data by us to the competent court may be required.

Occupational pension insurance experts

Your personal data will be disclosed to the occupational pension insurance experts within the framework of the legal obligation. You can find more information about this activity in the annual report.

Auditors

Your personal data will also be disclosed to the auditor within the scope of our legal obligation. You can find more information about this activity in the annual report.

Financial institutions

In the event of entry/termination, advance withdrawal for home ownership promotion, benefit payments, etc., we disclose personal data to banks, other pension funds and vested benefits institutions. 

Service providers

We may disclose your personal data to third parties if we wish to make use of their services ("commissioned data processors"). This mainly concerns the following areas: 

• Attorney-at-law/legal advice
• IT services
• Real estate management
• Mortgage service provider

We mainly work with service providers in Switzerland. We provide the service providers with the data required for their services and ensure through our selection and suitable contractual agreements that data protection is also complied with by the service providers during the entire processing time.

In principle, your personal data will not be disclosed by us abroad, unless to yourself.

As explained in Section 7, it is not only we, but also our service providers who process your personal data. In principle, we ensure contractually that your data is not disclosed to other countries by our service providers.

However, using the latest technologies (e.g. cloud solutions), there is a residual risk that your data will be transmitted to another country. The relevant countries may not have laws that protect your personal data to the same extent as in Switzerland or in the EU or EEA (e.g. the USA). Therefore, we make contractual arrangements (or require our service providers to make these arrangements) to contractually compensate for the weaker legal protection. For this purpose, we generally use the standard contractual clauses issued or recognised by the European Commission and the Swiss Data Protection and Information Commissioner (DPA) (further information on this and a copy of these clauses can be found under Standard contractual clauses for controllers and processors in the EU/EEA (europa.eu), unless the recipient is already subject to a legally recognised set of rules to ensure data protection.

We store your data for as long as our processing purposes and, above all, the statutory retention periods require. After the expiry of the relevant deadlines, we will erase or anonymise your personal data.

We treat your data confidentially and take both technical (encryption, pseudonymisation, logging, access restrictions, regular backups, etc.) and organisational (instruction and training of employees, confidentiality agreements, etc.) security measures to protect the confidentiality, integrity and availability of your personal data and to protect it against unauthorised or unlawful processing.

If the corresponding area is within our control, we protect your data that is transmitted via our websites by means of suitable encryption mechanisms.

In order to maintain control over your personal data, you have a range of rights in connection with data processing by us:

• the right to request information from us as to whether and which of your data we are processing;
• the right for us to rectify data if it is inaccurate;
• the right to object to our processing for specific purposes and to request the restriction or erasure of data, unless we are required or entitled to further processing;
• the right to require us to disclose certain personal data in a common electronic format;
• the right to withdraw consent, insofar as our processing is based on your consent.

If we inform you of an automated decision (Section 6), you have the right to request a review of the respective decision by a natural person.

Please note that certain conditions must be met to exercise these rights and that exceptions or limitations may apply (e.g. to protect third parties or trade secrets). Furthermore, we would like to point out that according to legal regulations, cost sharing of up to 300 CHF may be incurred. You will be informed of this accordingly.

If you do not agree with our handling of your rights or this data protection statement, please inform us at the contact address given in Section 2.

This data protection statement can be amended at any time. We will actively inform you of any changes. The version published on this website is the current version.

This version of " Information on data protection for our insured persons and beneficiaries" is a translation of the German version of "Information zum Datenschutz für unsere Versicherten und Destinatäre". The German version is the binding version. In the event of any discrepancies between the German text and a translation into another language, the German text shall prevail. Any translations of the German version are for the convenience of the parties only and are not binding on the parties.

Version September 2023/Ascaro Vorsorgestiftung