relevate privacy policy

With this privacy policy, we, PensExpert AG (hereinafter referred to as “PensExpert” or “we”) would like to notify you that we process personal data when you use the portal (“relevate”) in your capacity as a policyholder of a Foundation (hereinafter referred to as “you”) within the context of the management of PensFree, Independent and Pens3a (hereinafter also referred to as “the Foundations”) and inform the affected individuals of their rights. We are aware of the significance that the processing of personal data has for you as an affected individual and the protection of your privacy is extremely important to us. All processing of personal data is done in compliance with the applicable statutory data protection provisions.

Further data processing outside the usage area of relevate by PensExpert or the Foundations may be defined in separate privacy policies.

I. Name and address of the responsible party

PensExpert processes your data in connection with the use of relevate together with the respective Foundations that have a pension relationship with you as the policyholder. PensExpert therefore decides together with the Foundations about the purposes for which and the means by which your data is processed.

The responsible party within the meaning of the applicable data protection laws is:

PensExpert AG

The Data Protection Officer/Data Protection Coordinator of the joint responsible party can be contacted using the following contact details:

PensExpert AG, Kauffmannweg 16, 6003 Lucerne (Switzerland).

Telephone number: +41 41 226 15 15
E-mail address: datenschutz@pens-expert.ch

II. General information about data processing

We process your personal data in order to ensure the correct functioning of relevate in the context of our services/the operation of the Foundations and make the relevate client portal available for this purpose. The processing of your personal data for these purposes is generally done on the basis of your consent to the use of relevate; however, we may also be obliged or entitled to process your personal data by legal requirements and we may have a legitimate interest in the data processing in question.

Use of relevate

1. General purpose and scope of data processing

relevate improves and simplifies the process of data transmission between you and PensExpert, the Foundations and any third parties, and thus enhances the digital services that the Foundations provide for the policyholders. The entire client onboarding process can be carried out digitally and without any paperwork via relevate.

The services provided by the Foundations are governed exclusively by the pension/contract terms agreed between you and the Foundations.

2. Data collection

You can enter information that is required from you as a policyholder via relevate.

You can also give your consent to share certain data with the Foundations via relevate.

Data collection is therefore done primarily by you or by the Foundations that you have a pension relationship with.

The services provided by the Foundations are governed exclusively by the pension/contract terms agreed between you and the Foundations.

The data processed via relevate includes, in particular:

Personal and contact details:

  • Surname, first name

  • Date of birth

  • Gender

  • Marital status

  • Address

  • E-mail address

  • Home/mobile telephone number

Insurance data:

  • Social security number

  • Insurance category

  • Date of entry and departure

  • Information on retirement, if applicable (e.g. deferral, partial retirement, retirement data, salary details)

  • Information on the employment relationship

  • Information on vested benefits institutions

  • Information on pillar 3 pension relationships

  • Information on the home ownership promotion scheme

  • Information about investment strategies, changes of strategy and fees

  • Information about custody accounts and performance

  • Information about pillar 3a deposits

  • Information about beneficiaries

  • Information about your state of health

  • Data and information in connection with simulation calculations (e.g. deposits made in the current year with an integrated tax calculator, possible remaining amount for the current year, questions about income subject to OASI contributions and enrolment in a pension fund, deposit instructions)

  • Information on the choice of investment strategy

  • Correspondence (electronic mailbox)

  • [Content, time and recipient of the] correspondence between you and us/between you and the Foundations

  • Any changes to master data

  • Any additional information

User data:

  • Internet protocol (IP) address

  • Uniform resource locator (URL) of the most recently visited website

  • Type of browser software used

  • User’s operating system

  • User’s Internet service provider

  • Pages on the PensExpert websites visited, with date and time of access and duration of visit

Login data:

  • User name

  • Initial password/subsequent setting of a personal password

  • Verification of e-mail address

  • Verification of mobile phone number

  • Security code by mobile phone or Authenticator app. You can download the Authenticator app in the Google app store and install it on your personal device. For authentication via the app, we process your personal details (surname, first name, company) and contact details (e-mail address, mobile number) and your password. When you use the app, it is not us who are responsible for the processing of your personal data but Google or the app provider. You can find information on the data processing by the app provider in its own privacy policies.

3. Data processing by the responsible parties (PensExpert and the Foundations)

3.1 Personal and contact details, insurance data

We process the personal data of the insured persons who have a direct contractual pension relationship with the Foundations (e.g. Pens 3a, PensFree, Independent).

The aforementioned personal data is processed for the purpose of managing the enrolment and pension relationships, providing our digital services that users use on relevate and for administration with other bodies that are involved in the provision of our service/that of the Foundations (see section V).

The legal basis for processing the data is your consent to the use of relevate, the management of the contractual enrolment or pension relationship and, where applicable, our legitimate interest or legal obligations.

3.2 User and login data

In addition to the personal data recorded via the user’s personalised login, data and information from the system of the computer being used is recorded every time the relevate application is accessed. In particular, actions of processes in the system are registered in the server log file/the protocol contained therein.

The temporary saving of the user’s IP address by the system is necessary to enable the website to be delivered to the user’s computer. To this end, the IP address has to be saved for the duration of the session.

Data is saved in log files to ensure that relevate functions properly. We also use the data to optimise relevate and ensure the security of our IT systems. No data is evaluated for marketing purposes in connection with this.

The processing of login data is necessary to ensure the secure use of relevate. The same applies to data that is processed as part of the two-factor authentication procedure (mobile number and/or e-mail).

Our legitimate interest in data processing also lies in these purposes.

3.3 Communication data

We process your data for the purpose of communications with you, to make the relevate service available to you and to react to your enquiries and submissions of documents and information.

We also process your data to answer enquiries, to assert your rights (section IX) and to contact you when we have questions. To this end, we use in particular communication and master data and user data related to offers and services you have used, i.e. data that is recorded by or about you during the use of relevate, or personal details. We keep this data to document our communication with you, for training purposes, for quality assurance and for enquiries.

The legal basis for processing the data is your consent to the use of relevate and, where applicable, our legitimate interest in the data processing.

4. Possibility of revocation

As a user, you have the option to revoke your consent to the processing of personal data in connection with the use of relevate in its entirety at any time. If you do so, however, you will no longer be able to use or access relevate. Deregistering from relevate leads to your consent being revoked. As a result, you cannot continue to use relevate if you revoke your consent.

5. Profiling and automated decision-making

We may perform automated evaluations of certain personal characteristics of yours for the purposes named in section III.1/section III.3 on the basis of your data (section III.2) (“profiling”), for instance in order to ascertain preference data, assess fraud and security risks, perform statistical evaluations or for operational planning purposes. We may also draw up profiles for the same purposes, i.e. we may combine the data mentioned in section III.2 (particularly preferences and user data) and combine technical data attributed to you in order to understand you better as a person with your different interests and other characteristics. We do not do any profiling that could have legal implications or a similar negative impact for you without human verification.

For reasons of efficiency and consistency in decision-making processes, it may be necessary in certain situations for us to automate discretionary decisions related to you with legal implications or potentially significant disadvantages (“automated individual decisions”). We will inform you accordingly if this is the case and take the measures necessary under the applicable law.

IV. Use of data for marketing purposes

We process your personal data for marketing purposes and for maintaining our relationship with you in order to send you personalised marketing on products and services of ours and third parties (e.g. our cooperation partners) that could be of interest to you. This may take the form, for example, of newsletters and other regular contact (electronic, by post, by telephone). It may also occur via other channels for which we have your contact details or in the context of individual marketing campaigns (e.g. events, competitions) and it may also include free services (e.g. invitations, vouchers). You can refuse such contact at any time or refuse to give or revoke your consent to being contacted for marketing purposes (see section III.4 for more details).

We may also combine data of yours that we process in order to ascertain preference data and then use this data as a basis for personalisation.

In addition, relationship maintenance includes approaching existing clients and their contacts, sometimes in a personalised manner on the basis of behavioural and preference data. As part of the relationship maintenance process, we may also operate a customer relationship management (CRM) system in which we save the data on clients, cooperation partners and other business partners required to maintain the relationship, e.g. with regard to contact persons, relationship history (products and services that have been purchased or delivered, interactions, etc.), interests, wishes, marketing measures (newsletter, event invitations, etc.) and other details.

All of these types of data processing are important to us not only because they enable us to market our products and services as effectively as possible; they also allow us to make our relationships with clients and other third parties more personal and positive, to concentrate on the most important relationships and to use our resources as efficiently as possible.

We also process your data for market research purposes, to improve our services and our operations, and for product development.

As a user, you consent that PensExpert may employee the e-mail address it uses for relevate for marketing purposes – e.g. newsletters and advertising.

On the basis of your consent, we process your e-mail address and your first name, surname and date of birth for marketing purposes/mailing of newsletters. The legal basis for processing the data after you register for the newsletter is your consent. We record your e-mail address so that we can send you the newsletter. We collect other personal data as part of the newsletter registration process in order to prevent abuse of the services and the e-mail addressed being used; in these cases, the justification for the data processing is our legitimate interest. This data is deleted as soon as it is no longer required for the purpose it was originally collected for. If you subscribe to one of our newsletters, you can cancel the subscription at any time by clicking on “Abbestellen” (“Unsubscribe”) in the newsletter e-mail.

V. Forwarding of data to third parties

We also transmit your data to third parties in connection with relevate and our associated services and products, legal obligations, and for purposes necessary to preserve our legitimate interests and the other purposes listed in section III. Depending on the recipient, this occurs on the basis of your consent or, where required to fulfil our contractual or statutory duties, on the basis of our legitimate interest. We pass your personal data on to the following categories of recipients in particular:

  • Cooperation partners
    As part of the provision of our services, we also work with various other cooperation partners (e.g. reinsurers, bank partners, a contracted third party). If you purchase a product or service that relates to such a cooperation (a pension account with one of our bank partners, asset managers, etc.), we will forward to those cooperation partners the data that they require to perform their duties in connection with your enrolment contract/your pension relationship with one or more Foundations. This also includes reinsurers.

  • Authorities
    We may pass on personal data to administrative bodies, courts and other authorities in Switzerland or other countries if we are legally obliged or entitled to do so or it appears necessary to protect our interests. The authorities process your data that they receive from us on their own responsibility.

  • Foundations
    We may pass on data to our Foundations/other Group companies, if applicable, which use the data for the same purposes as are listed in this privacy policy. We and our governing officers (employees, directors, individual departments such as Human Resources, etc.) also have access to the aforementioned data.

  • Service providers
    As part of the provision of our services, we may enlist internal and external service providers – e.g. IT service providers, cloud providers, security firms, marketing companies – and outsource certain business processes and services – e.g. communication technologies, identification processes – to them both in Switzerland and abroad. PensExpert may also outsource new services and business processes to new service providers in the future.

VI. Transmission of data outside Switzerland

As previously explained, we also pass data on to other parties. Your data may therefore be processed both in Switzerland and elsewhere in Europe; in exceptional cases, it may be processed in any country in the world.

We will only transmit data to countries that do not have adequate statutory data protection on the basis of your express consent or if the transmission is subject to data protection guarantees such as those in the standard contractual clauses approved by the European Commission/the Federal Data Protection and Information Commissioner (FDPIC).

VII. Duration of data storage

The personal data we collect is only processed or saved for as long as is necessary to manage the contractual relationship between you and the Foundations (from the initiation to the termination of a contract) or for the other purposes for which the data is being processed and/or for as long as a statutory retention and documentation obligation applies or there is an overriding private or public interest in the data processing or the data processing is necessary for the purpose of asserting or defending against legal claims, until the expiry of the retention period in question or until the claims in question have been dealt with. As soon as the personal data we collect is no longer required for the above purposes/the applicable retention period has expired, the data will be deleted or anonymised as far as possible by means of our standard internal processes.

We save log file data for a total of ninety (90) days on the basis of our legitimate interest in the data processing. After that, the log files and IP addresses are deleted or altered in such a way that attribution to the accessing client is no longer possible.

VIII. Pixel

If you give your consent, we may use so-called tracking pixels when you visit our website. Pixels are technically small image elements that are integrated into the website in order to collect and analyse data from users of a website.

In order to improve its advertising campaigns, Relevate uses tracking solutions from the US provider Xandr Inc (hereinafter referred to as «Xandr») on its websites. For this purpose, a script has been installed on certain Relevate websites which enables Xandr to analyse how you use these websites. This does not provide Relevate with any information that personally identifies users. According to Xandr, the information is stored anonymously so that users are not personally identifiable.

You can prevent data processing by Xandr by downloading the «opt-out cookie» available here. Xandr's privacy policy can be found here.

Relevate uses a remarketing solution from Xandr on its websites. This solution allows Relevate to target you with advertising by serving personalised, interest-based ads to you on other websites. To do this, a script has been installed on certain Relevate websites which allows Xandr to register your visit. This does not provide Relevate with any information that personally identifies users. According to Xandr, the information is stored anonymously so that users are not personally identifiable.

You can prevent data processing by Xandr by downloading the "opt-out cookie" available here. You can find Xandr's privacy policy here.

We use the collected data to display personalised advertising on the respective platforms (see below).

We may also define certain target groups in advance which we would like to address in relation to a particular campaign. Based on this, we identify people in a target group whose preferences are identical to the preferences of other users of our website, so that we can also play the corresponding content to people who have not yet visited our website based on the identical preferences and thus extend the reach of our advertising content.

We currently use the following pixels:

Please note that the providers of the respective pixels may process your personal data as independent data controllers for their own purposes and in accordance with their own data protection provisions. We therefore ask you to inform yourself in the data protection regulations.

IX. Possibility of objection and removal

The use of technically necessary cookies is mandatory. Consequently, there is no possibility of objection or removal. However, if you wish to block other cookies, you can do this via your browser settings and deactivate cookies that you do not want.

X. Data security

We take suitable security measures to preserve the confidentiality, integrity and availability of your personal data in order to protect you against unjustified or illegal processing thereof and reduce the risks of loss, unintentional alteration, unwanted disclosure or unauthorised access.

Despite this, it is still possible that we and your personal data will fall victim to cyber attacks, cyber crime, brute force methods, hacking and other fraudulent and malicious activities, including but not limited to viruses, forgeries, malfunctioning and disruptions, which are out of our control and responsibility.

We have put in place procedures for dealing with suspected breaches of the protection of personal data and will inform you and all responsible supervisory authorities of any breach that occurs if we are legally obliged to do so.

XI. Rights of the affected person

1. Overview

Within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR), you have the right to obtain information about your personal data, to have it rectified or erased, to restrict or object to its processing, to revoke your declaration of consent under data protection law for the future and to data portability.

However, if the data is required for the fulfilment of statutory duties of the responsible party, premature deletion or discontinuation of the data processing is only possible if this does not contravene statutory obligations.

You also have the right to assert your claims in court or lodge a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner.

2. Your rights in detail

Depending on the applicable data protection law, you have various rights in relation to our processing of your personal data:

  • Right to information
    You have the right to request information from us about whether we process your data and if so, which data of yours it is.

  • Right to rectification
    We endeavour to keep your personal data correct, up-to-date and complete. Please contact us and inform us if your personal data is incorrect or changes so that we can keep it up-to-date.

  • Right to deletion
    You have the right to request that we delete your personal data if that data is no longer required for the purpose for which it was collected or if your personal data has been processed unlawfully.

  • Right to restrict processing
    You have the right to ask us to restrict the processing of your personal data under certain circumstances.

  • Right to data portability
    You have the right to request that we return certain personal data to you in a common electronic format or pass it on to another responsible party. Right to withdraw consent

    If we process data on the basis of your consent, you have the right to revoke your consent. As soon as we receive the notification that you have revoked your consent, we will cease processing your data for the purpose(s) to which you originally agreed, unless there is another legal reason for us to continue processing it.

  • Right to revoke consent
    If we process data on the basis of your consent, you have the right to revoke your consent to a specific type of data processing. As soon as we receive the notification that you have revoked your consent, we will cease processing your data for the purpose(s) to which you originally agreed, unless there is another legal reason for us to continue processing it. Please note that this revocation only applies to future data processing. It does not affect the legality of data processing that occurred in the past.

  • Complaint
    If you believe that your data protection rights could have been breached, please notify us and contact the responsible supervisory authority, which in Switzerland is the Federal Data Protection and Information Commissioner.

XII. Right to object

According to applicable data protection law, you have the right to object to the processing of personal data relating to you at any time under certain circumstances, particularly if your data is being processed in the public interest, on the basis of a balancing of interests or for direct marketing purposes.

If you would like to exercise the aforementioned rights, please contact us using the contact details provided in section I, unless indicated or agreed otherwise. Please note that we have to identify you in order to prevent abuse, for instance via a copy of your ID card or passport, unless identification is possible by other means.

XIII. Amendment of this Privacy Policy

We may change or update this privacy policy at any time. You can find a current version of the privacy policy here.

Last updated: October 2023

Functional

Functional information stored as cookies or in local storage or session storage is absolutely necessary for the function of a website. They are used, for example, to save the shopping basket in an online shop or to set the language of a website. Technically necessary information may be set without the user's consent and cannot be deactivated, as otherwise the website will no longer function properly.
Furthermore, user preferences such as "dark mode", ad sizes, language, etc. are also stored in this information.

Statistics

Statistics Information is used to analyse user behaviour on a website. For this purpose, various data such as the pages visited, the time spent on a page or the clicks on certain elements are recorded. This data can then be used to improve the website, for example to increase user-friendliness or to better tailor the content to users' interests.

Marketing

Marketing and Ads information is used to display personalised advertising. For this purpose, information about user behaviour on various websites is collected and analysed. This information is then used to display advertising that is relevant to the respective user (retargeting and ads optimisation).