comPlan General Privacy Policy
Validity date: 1 October 2023
This website uses cookies subject to consent.
This website uses cookies subject to consent.
Validity date: 1 October 2023
In this General Privacy Policy, we, the comPlan pension fund (hereinafter âweâ or âusâ), as a registered occupational pension foundation, explain how we collect and process your personal data.
As part of our activities as a pension fund, we receive and process your personal data. We have established data protection guidelines to fulfil our responsibility to protect your personal data and safeguard your privacy rights in accordance with applicable Swiss data protection laws.
This General Privacy Policy applies to all persons whose data we process, regardless of how they contact us (by telephone, e-mail, website, insured person portal, etc.). It also applies to the processing of all personal data that we process in connection with the implementation of the occupational pension scheme and our related activities.
We provide both mandatory and extra-mandatory occupational pensions for employees of Swisscom Ltd and its economically or financially associated companies. In the area of mandatory pension provision, we process your personal data on the basis of the applicable statutory provisions. In this area, we are exempt from the obligation to provide information about our data processing. However, this General Privacy Policy still provides you with information about our entire area of activity. The information in this General Privacy Policy applies to both mandatory and extra-mandatory portions, unless stated otherwise by us.
In this General Privacy Policy, we inform you in particular about the personal data we collect and process, the purposes for which we use it, with whom we may share it, for how long we process your personal data and your rights in this regard.Â
If you have any questions about this General Privacy Policy, you can e-mail comPlan.Datenschutz@swisscom.com at any time.
Who is the controller responsible for data processing?
According to this General Privacy Policy, the controller responsible for the processing and use of personal data is:
 comPlan
Stadtbachstrasse 36
CH-3012 Bern
Telephone: +41 58 221 72 73
E-Mail: comPlan.Datenschutz@swisscom.com
How can you contact the comPlan data protection advisor?
You can send enquiries to the data protection advisor at any time by e-mail to comPlan.Datenschutz@swisscom.com.
What terminology is used?
In this General Privacy Policy, we use the following definitions, amongst others:
Â
Personal data: | All information relating to an identified or identifiable natural person. |
Data subject: | Natural person whose personal data is processed. |
Processing: | Any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data. |
Controllers: | Private persons or federal bodies that decide alone or jointly with others on the purpose and means of processing. |
Processors: | Private persons or federal bodies that process personal data on behalf of the controllers. |
Federal body: | Federal authority or agency or person entrusted with federal public tasks. |
From whom do we receive personal data?
As controller, we primarily collect and process the personal data that we need to implement the occupational pension scheme. The data mainly comes from current or former employers, who are legally obliged to provide us with all the data required for the implementation of the occupational pension scheme. However, we may also receive information about you from people who communicate with us or from public sources. This could be, for example, the following third parties:
Employers
People known to you (family members, legal representatives)
Swiss Post, public bodies
Banks and other financial services companies, private and social insurance companies, pension funds and vested benefits institutions
Experts, doctors and other service providers from whom we also receive health data in the course of investigations
Service providers
Authorities, courts, parties and other third parties in connection with official and judicial proceedings
Public registers, such as debt collection or commercial registers, the media or the internet
Other service providers within the scope of occupational benefit schemes (e.g. brokers, reinsurers, etc.).
The data we process in accordance with this General Privacy Policy not only relates to insured persons, but often also to third parties. If you send us data about third parties, we assume that you are authorised to do so and that the data is correct. By transmitting data about third parties, you confirm this. Please therefore inform these third parties about our processing of your data and make this General Privacy Policy available to them.
For what purpose do we collect and process personal data?
Personal data is processed primarily for the purpose of implementing the occupational pension scheme. This includes, for example:
Concluding and executing affiliation agreements with the employer, asserting legal claims arising from contracts, keeping accounts and terminating contracts. For this purpose, we process in particular your master data, contract, case and benefit data plus financial and communication data.
The admission of insured persons. In particular, we process your master data for this purpose. We then maintain one or more pension capital accounts for you, for which we process information on contributions, incoming funds, retirement savings and payments.
Checking and processing of insured events. This also includes coordination with other insurance providers, such as the disability insurance scheme provider, and assertion of recourse claims. For this purpose, we primarily process contract, case and benefit data from you and your relatives and beneficiaries, as well as health and other data from third parties such as external experts and service providers.
We also process personal data for purposes related to the implementation of the occupational pension scheme, in particular for the following:
Communication: We process personal data in order to communicate with you. This includes, for example, responding to queries and customer relationship management. For this purpose, we use in particular communication and master data and, depending on the subject matter of the communication, also contract, case and performance data.
Contract execution: We process personal data in connection with the initiation, management and execution of contractual relationships, including those relating to contracts other than affiliation agreements. In particular, we use master, contract and communication data for this purpose.
Security and prevention: We also process personal data for security purposes, to ensure IT security, to prevent fraud and misuse, and for evidentiary purposes.
Compliance with legal requirements: We process personal data to comply with legal obligations and to prevent and detect breaches. This includes, for example, the fulfilment of disclosure, information or reporting obligations, e.g. in connection with supervisory duties, the fulfilment of archiving obligations and assistance in the prevention, detection and investigation of criminal offences and other breaches, as well as receiving and processing complaints and other reports, monitoring communications, internal or external investigations or disclosing documents to an authority if we have an objective reason for doing so or are legally obliged to do so. For these purposes, we process in particular master, contractual, financial and communication data of employers and their contact persons and, under certain circumstances, of insured persons (e.g. in the event of suspicion of improper performance).
Assertion of rights: We process personal data for the purposes of asserting our rights, e.g. to enforce claims through legal action, judicially, extrajudicially and before authorities in Switzerland and, if necessary, abroad, or to defend ourselves against claims. Depending on the situation, we process various personal data, such as contact details and information about processes that have or could give rise to a dispute.
Other purposes: We may process personal data for other purposes, such as in the context of our internal processes and administration. These include IT management, accounting, archiving data and managing our archives, training and education, auditing or conducting corporate transactions such as company acquisitions, sales and mergers, forwarding enquiries to the competent authorities, sales of receivables where we provide the purchaser with, for example, information about the reason and amount of the receivable and, where appropriate, the credit rating and behaviour of the debtors, and generally reviewing and improving internal processes, the further development of our offer and our services, as well as for. Advertising and marketing (including the organisation of events), insofar as you have consented to the use of your data, or market research.
With whom do we share personal data?
Not only pension funds are involved in the implementation of the occupational pension scheme, but also other bodies: employers, vested benefits institutions, other insurance companies, medical service providers, etc. Your data is therefore not only processed by us, but also by third parties. Below is an overview of the categories of recipients to which we may disclose your personal data:
Employers: We do not disclose any health data or any of your activities, such as purchases, early withdrawals, etc.
Disclosures in the case of insured events: In connection with the reporting and occurrence of an insured event and in connection with other benefits such as a transfer or payment of vested benefits, we may, for example, share data with vested benefits institutions, other pension funds, authorities and agencies (e.g. social insurance providers such as in particular the disability insurance scheme provider, Central Compensation Office CCO or social welfare offices), other insurance companies, medical service providers and experts, banks and creditors, courts and external lawyers. As part of the processing of insured events and the corresponding clarifications, we may collect data from third parties, but also pass it on to them, such as doctors and other service providers, experts, authorities, courts, notaries, respondents, and lawyers. For example, we inform other social and private insurers about certain insured events to coordinate benefit obligations and to clarify and enforce recourse claims. In the event of divorce and inheritance disputes, we share personal data with courts and other pension or vested benefits institutions.Â
Authorities and agencies: We may disclose personal data to authorities, agencies, courts, and other public bodies if we are legally obliged or entitled to do so or if this is necessary to safeguard our interests, for example in the context of official, legal, judicial, and extrajudicial proceedings and in the context of legal information and cooperation obligations. Recipients include, for example, debt enforcement offices, criminal courts and criminal investigation authorities, tax offices, guarantee fund or social security authorities. Data is also disclosed if we obtain information from public bodies, for example in connection with the processing of benefit claims.
Authorities and agencies: We may disclose personal data to authorities, agencies, courts and other public bodies if we are legally obliged or entitled to do so or if this is necessary to safeguard our interests, for example in the context of official, legal, judicial and extrajudicial proceedings and in the context of legal information and cooperation obligations. Recipients include, for example, debt enforcement offices, criminal courts and criminal investigation authorities, tax offices or social security authorities. Data is also disclosed if we obtain information from public bodies, for example in connection with the processing of benefit claims.
Other people: -Â Â Â Â Â Â Â Â Where third parties are involved as a result of the purposes, data may also be disclosed to other recipients, such as persons involved in proceedings before courts or authorities (for example, in the case of recourse to liable third parties or their liability insurance). Other recipients include beneficiaries of a payment, agents, correspondent banks, other financial institutions and other entities involved in a legal transaction or auditing agencies. Also, to business partners (e.g. brokers and sales partners), logistics partners, credit agencies, debt collection partners;
Processors (service providers): We may share your personal data with companies if we use their services. These service companies process personal data as processors on our behalf. Our processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate measures to ensure data security. By selecting service providers and entering into suitable contractual agreements, we ensure that data protection is guaranteed throughout the entire processing of your personal data. This includes, for example, IT services (such as services in the areas of insured person administration and data storage), the sending of e-mail newsletters, data analysis and processing, etc., and advisory services (such as those provided by occupational pension experts, lawyers, etc.).
We take the necessary measures to ensure that only authorised personnel with the relevant knowledge have access to your personal data. We also carefully select our partners and processors. They must be able to guarantee that they have implemented appropriate technical and organisational measures in compliance with legal requirements. Our processors may process personal data only if we have documented instructions. They are subject to confidentiality requirements and may only use your personal data to the extent necessary to fulfil the purpose for which your personal data was collected, unless otherwise required by law. We process the following categories of personal data:
a) Insured person support
We process personal data of insured persons and surviving dependants, their partners, children and/or other beneficiaries as well as data of persons drawing old age, survivorsâ, invalidity or divorced personâs pensions:
Master data
Master data is the basic data about you that we need for the execution of our contractual and other business relationships. For example, we process your master data if you are an insured person, relative or beneficiary, if you are a contact person for an employer, another pension fund or a supplier company or if you are a member of one of our governing bodies. We also collect master data to control access to events and offices. Furthermore, we collect master data from contact persons and representatives of contractual partners, organisations and authorities.
Depending on the capacity in which you deal with us, master data includes, for example:
Title, surname, first name, gender, date of birth
Address, e-mail address, telephone number and other contact details
Marital status, date of change in marital status, age, nationality and place of origin, social security number, personnel number, organisational unit, employee group, user account
Bank details, details of previous pension or vested benefits institutions, starting and leaving dates with the employer, staff category, degree of ability to work, level of employment, insured annual salary and occupational pension-related salary, details of relationships with third parties, such as relatives and beneficiaries
Contract, case and performance data
This is personal data relating to the conclusion, execution or termination of contracts, the admission of insured persons into the occupational pension scheme, the receipt of notifications, the processing of insured events and other benefits (e.g. payment of vested benefits). This includes, in particular, the following data:
Information in connection with the affiliation agreement with the employer (e.g. type and date of conclusion of the agreement, processing and administration, as well as information relating to complaints and contractual amendments)
Information in connection with the processing of insured events , such as the notification of the occurrence of an insured event, the claim number, details of the reason for the insured event, such as accident or illness, and the date of the event, details in connection with the assessment of the insured event, details of other insurance providers and third parties such as persons involved, and sensitive personal data (e.g. health data) and information about third parties (e.g. persons involved in the occurrence of the incapacity to work or death)
Information on vested benefits, e.g. voluntary purchases
In other cases, for example, details in connection with the payment of vested benefits (such as the reason for the payment, but also details of accounts and vested benefits institutions and, where applicable, the consent of the spouse) or in connection with a change in marital status (such as the date of a divorce and acquired vested benefits, early withdrawals or invalidity benefits received and court orders in this context)
Financial data
Financial data is personal data that relates to financial circumstances, payments and the enforcement of claims. This includes information in connection with payments and bank details, such as the employerâs contribution payments and the enforcement of claims, as well as further information on insured personsâ salary, purchases into the occupational pension scheme and disbursement of vested benefits and pensions. We also process financial data on beneficiaries, for example in connection with survivorsâ benefits for surviving spouses, children and other beneficiaries.
b) Capital investments in general
We process personal data of service companies (asset managers, custodian banks, administrations, fund management companies, legal and tax advisers, etc.) and the data of individuals who work for service companies.
c) Human resources
We process the personal data of (potential) employees/members of the Foundation Council and third parties involved (spouses, partners), payroll data, health data and extracts from the criminal register/debt collection register of (potential) employees. We share this data with medical examiners and potential employeesâ employers.Â
The processing of employeesâ personal data is governed separately in Swisscom (Switzerland) Ltdâs General Privacy Policy.
Personal data transmitted automatically via the website, the insured person portal or other electronic offerings
 We collect and process information that your browser automatically transmits to us by means of server log files when you visit our website. This personal data is collected automatically and includes, for example:
IP address used (anonymised, truncated if necessary)
Information about your device and its configuration
Date and time stamp
Web browser and operating system used
Language and version of the browser software
Information about your movements and actions on our website and in our insured person portal
Information about your internet provider
Recording of access and log data within the system
We use the automatically collected personal data for the following purposes:
To enable the display, operation and functionality of the website
To ensure the stability and security of the system
To improve and protect our services
For statistical purposes in the event of attacks on the network infrastructure on which the website is made available
To analyse your usage behaviour
Contact with us
We collect and process personal data that you send to us voluntarily via our contact form, to our e-mail address, via any other applications connected to the website, by telephone or in any other way.
On what legal grounds do we collect or process data?
 Our activities in the area of mandatory occupational pensions are governed by the legislation on occupational pensions, in particular the Swiss Federal Act on Occupational Old Age, Survivorsâ and Invalidity Pension Provision (BVG) and the Swiss Federal Act on the Vesting of Occupational Old Age, Survivorsâ and Invalidity Benefits (FZG) and the associated ordinances. As a federal body, we process your personal data in this area within the scope of our statutory processing powers (e.g. Art. 85a et seq. BVG). In the area of extra-mandatory pension provision, our data processing is not subject to the data protection provisions of the BVG, but to those of the Swiss Data Protection Act (DSG). In this context, we process your personal data in particular for the performance of a contract or for pre-contractual measures (e.g. checking a contract application), for the defence of legitimate interests, based on separate consent or in order to comply with legal provisions.
Do we transfer data abroad?
We process personal data almost exclusively in Switzerland. An exception is the disclosure of personal data in connection with an insured event involving a person insured with comPlan.
 We also use standard IT services where certain data flows outside Switzerland are unavoidable (this generally includes all countries in the world). If, in individual cases, we transfer your personal data to a country without an adequate level of data protection, we ensure that your personal data is adequately protected.
 One means of ensuring adequate data protection is, for example, the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the necessary data protection. This includes contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner (âStandard Contractual Clausesâ). Such contractual precautions partly compensate for weaker or missing legal protection, but cannot completely exclude all risks (such as government access abroad). In exceptional cases, transfer to countries without adequate protection may also be permitted in other cases, for example on the basis of consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.
 How long do we process personal data?
 We process and store your personal data:
As long as it is necessary for the particular purpose of the processing.
As long as we have a legitimate interest in storage. This may be the case in particular if we need personal data to enforce or defend against claims, for archiving purposes and to ensure IT security.
As long as it is subject to a statutory retention obligation (cf. Art. 27i et seq. of the Swiss Ordinance on Occupational Old Age, Survivorsâ and Invalidity Pension Provision).
How do we protect your personal data?
We take appropriate technical and organisational security measures to safeguard the security of your personal data, to protect it against unauthorised or unlawful processing and to counter the risk of loss, unintentional alteration, unwanted disclosure or unauthorised access. We review these security measures on a regular basis. Like all companies, however, we cannot exclude data security breaches with absolute certainty; certain residual risks are unavoidable. Technical security measures include encryption and pseudonymisation of data, logging, access restrictions and storage of back-up copies. Organisational security measures include instructions to our employees, confidentiality agreements and controls. We also oblige our processors to take appropriate technical and organisational security measures.
Right of access: You have the right to obtain information about the personal data stored about you and a copy of the available documents at any time. This right of access includes the following information:
The identity and contact details of the controllers
The personal data processed as such
The purpose of the processing
The period of retention of your personal data or, if this is not possible, the criteria for determining this period
The available information on the origin of your personal data, unless it was obtained from you
Where applicable, the recipients or categories of recipients to whom personal data is disclosed, as well as information if personal data is processed by processors
Furthermore, you have the right to information as to whether your personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transfer.
Right to data portability: You have the right to receive your personal data in a structured and machine-readable format. In addition, you have the right to have this data transmitted to another controller by the controller to whom the personal data was provided, insofar as the processing is based on consent or on a contract and the processing is carried out by automated means, insofar as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Other rights: In addition to the right of access and the right to data portability, you have the right to request the rectification, deletion or restriction of the processing of your personal data as well as to object to the processing of your personal data. If the processing of personal data is based on your consent, you may withdraw that consent at any time.
 Exercise of rights: We accept requests for information in writing, together with a legible copy of a valid official form of identification (e.g. passport, identity card, driving licence) and a proof of address.
 Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with a supervisory authority (in particular at your place of residence, place of work or place of the alleged infringement of data protection regulations).
Competent supervisory authority for Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
www.edoeb.admin.ch
Telephone: +41 58 462 43 95
Please note that these rights may be restricted or excluded on a case-by-case basis, e.g. if there are doubts about your identity or if this is necessary to protect another person, safeguard legitimate interests or comply with legal obligations.
When you access the website, we may place so-called cookies - small text files - on your computer. We use these cookies to recognise you as a user of the website, to customise content, to improve the performance of the website and to enhance its usability.
Â
Categories of cookies we use
Depending on their function and intended use, the cookies we use can be divided into the following categories:
Essential cookies: These cookies are necessary for the basic functionality of the website. They only contain technically necessary services. It is not possible to object to these services.
Functional cookies: These cookies serve a variety of purposes related to the presentation, functionality and performance of a website and, in particular, to improve visitors' experience of the website. They allow a website to remember information already provided (e.g. username, location or language selection) and provide visitors with improved, more personalised functionality. Functional cookies are used, for example, to remember things like your login details. These cookies cannot track your movement on other websites.
Analytics Cookies: We use Matomo Analytics to analyse how visitors use our website. The data collected is stored on our own server in Geneva, Switzerland, at our hosting partner Infomaniak. We emphasise that data protection regulations are strictly adhered to when using Matomo Analytics. The data we collect is anonymised and complies with the principles of Swiss data protection laws. In particular, users' IP addresses are anonymised to protect their identity. IP addresses are reduced to the form 193.150.X.X on our servers, with the first two octets preserved to allow geolocation.
These cookies may be placed by us or a third party on our behalf. You can configure your browser settings so that cookies are not stored on your computer. Completely disabling cookies may prevent you from using all the features of our website.
List of cookies
Below is a full list of the cookies we use or will use on this website, including information about their use and expiry.
Provider | Cookie | Category | Purpose and procedure |
comPlan | complan_session | Functional cookies | This cookie stores the session ID of the user. |
comPlan | XSRF-TOKEN | Functional cookies | This cookie is used for security and prevention of CSRF attacks. |
Matomo Analytics | _pk_id.xxxx | Analytics cookies | This cookie collects information about the use of the website and creates reports about the activities on the website. It expires after 13 months. |
Matomo Analytics | _pk_ses.xxxx | Analytics cookies | This cookie is used to track the duration of the user session. It expires at the end of the session. |
Matomo Analytics | _pk_ref.xxxx | Analytics cookies | This cookie stores the URL of the page from which the visitor came to our website. It is used to measure the effectiveness of marketing campaigns and expires after 6 months. |
Social Media Plug-ins
We use the plug-ins below on our website:
YouTube: Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.
We reserve the right to adapt, supplement or otherwise change this General Privacy Policy in relation to personal data at any time and without giving reasons. The latest General Privacy Policy in relation to personal data published on this website applies.