Data processing principles at Swiss Life

Introduction

We explain in this privacy policy how personal data are collected and processed at the Swiss Life Group (hereinafter collectively named “Swiss Life”). This privacy policy is intended for visitors to the www.swisslife.com website. It is primarily intended for investors, analysts, shareholders, journalists and anyone interested in Swiss Life. At swisslife.com you will find information on key financial figures, on the divisions, on corporate governance, strategy, management, corporate responsibility and on the history of Swiss Life. You can find insurance and financial product offerings on swisslife.ch.

This description is not exhaustive; other privacy policies or general terms and conditions of business, entry conditions and similar documents may govern further specific matters relevant to data protection. Personal data are understood to comprise all details that relate to a specific or identifiable person. 

Responsible controller, data protection officer

Responsibility for the data collection and processing described here lies with

Swiss Life Holding Ltd
General-Guisan-Quai 40
8022 Zurich

For queries concerning data protection law you can contact us at the following address:

Swiss Life Holding Ltd
Data Protection Officer
General-Guisan-Quai 40
P.O. Box, 8022 Zurich
www.swisslife.ch
group-dataprotection@swisslife.ch

Unless explicitly stated otherwise, this privacy policy applies exclusively to the swisslife.com website of Swiss Life and to further Swiss Life websites that are linked to it and to the processing of personal data at Swiss Life.

The collection and processing of personal data

Swiss Life takes the protection of the privacy and confidentiality of the data of its customers and visitors to its websites very seriously.

When processing your personal data, we comply with the applicable provisions of Switzerland, the EU and other applicable local laws governing the storage, processing, accessing and transmission of personal data. In order to protect our customers’ data, Swiss Life applies strict internal data protection policies and ensures their compliance by means of intensive staff training and continuous supervision.

The processing of your personal data is indispensable if you make your data known to us for the sending of informational material. We primarily process the personal data that we receive within the scope of our business relationship from you, other business partners and other persons involved or that we collect from users during the operation of our websites, apps and other programmes. Your data are at all times only used for the purpose, specified for instance at collection, to which you have consented, that is evident from the circumstances or required by law.

The personal data processed by Swiss Life comprise personal data communicated by you and such data that are publicly accessible. The data categories are:

  • Personal data and contact information: these particularly include but are not restricted to title, first name and last name, address, poss. company for which you work, domicile, language, e-mail address, telephone number and, if necessary for the processing of your enquiry, nationality etc.
  • Data in connection with benefits if you have a contractual relationship with us as our business partner
  • Data in connection with online communication with Swiss Life;
  • Data in connection with the marketing of products and services: These include details such as newsletter registrations/cancellations, received documents and special activities, personal preferences and interests etc.;
  • To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. commercial registers, the press, internet) or receive such data from other companies within the Swiss Life Group, from authorities or other third parties.

The processing of your personal data is primarily carried out by employees of Swiss Life. Such employees in each case have access to the data required for fulfilling the task at hand.

Scope and purpose of the collection, processing and use of per-sonal data

We use the personal data collected by us primarily for the processing of the following, in which we and any third parties commissioned by us have a legitimate interest:

  • Inquiries submitted via contact forms, chats, e-mails, telephone calls;
  • Registrations for newsletters, portals and the like;
  • Enhancement of the internet presence (adjustment of the website to your needs);
  • Prevention and recording of hacker attacks;
  • Responding to your questions and concerns;
  • Compilation of usage statistics;
  • In this connection Swiss Life also processes your personal data for quality controls, for advertising purposes, for market and opinion research (including the evaluation of data using profiles and automated decisions) such as customer satisfaction surveys, the staging of events, general customer communication and personalised adjustment of Swiss Life’s products and services as well as for the creation of customer profiles. Also for the management of statistics;
  • Evaluation, offering, improvement and new and further development of our products, services and websites, apps and other platforms on which we are present;
  • Communication with third parties and processing of their inquiries (e.g. applications, media inquiries);
  • Assertion and/or defence of legal claims in connection with legal disputes and official proceedings;
  • Compliance with legal and regulatory requirements and internal regulations of Swiss Life, pursuit and implementation of various rights;
  • Prevention and investigation of criminal offences and other misconduct and conducting of internal investigations etc.;
  • Guaranteeing of business operations, particularly information technology, our websites, apps, systems and other platforms;
  • Video surveillance to uphold domiciliary rights and other measures geared towards IT, building and investment security, protection of our employees, other persons and assets entrusted to us (e.g. access controls, visitor lists, network and mail scanners), protection of customers, employees and other persons in particular in the event of risks to employees and the protection of data, the secrets and assets entrusted to Swiss Life, security of systems and buildings;

Visit to swisslife.ch website

The processing of the personal data of the users of our website is limited to the data that are required for the provision of a functioning website, its content and our products and services.

The processing of such data only takes place for the purposes communicated to and agreed with you or if another legal basis (within the meaning of prevailing data protection legislation) exists for this. Only those personal data are collected that are actually required for the product-related implementation and processing of our services or that you voluntarily make available to us. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons or processing of the data is permitted by law.

You may visit our websites and access the data, information and references contained therein without having to provide any information about your person. We shall notify you in advance if we require identification and/or specific information from you in order to provide the services you require, send you information material, create profiles and analyses, or for your participation in competitions etc. You will likewise be requested in advance to enter the requisite data in the case of binding online offers. Should you decide not to supply personal data requested by us, this may mean that you will be unable to use certain parts of the website or that we are unable to answer your inquiry.

It may be that we collect and process non-personal information about your visit to our websites such as data about your internet provider, operating system, websites visited, previously visited websites, searches conducted and the date and time of the website visit. We use this information to improve the content of the website and to compile anonymous statistics for internal market analysis purposes about individual use of the website. 

Linked websites

Swiss Life makes no assurances in connection with third-party websites that can be accessed via a link on a Swiss Life website. Information contained on third-party websites is independent of Swiss Life’s own information. Links, hyperlinks and web addresses leading to one or more other websites are for information purposes only and in no way imply that Swiss Life assumes responsibility for the content of such websites or approves of their content or use. This privacy policy only applies to the websites operated by Swiss Life and we recommend contacting third-party providers directly regarding their applicable data protection guidelines.

Contact form or newsletter

Should you complete a contact form on our website or send us an e-mail or other electronic message, your details will only be stored for processing your inquiry and for any associated further questions and exclusively used for your inquiry.

If you register for one of our newsletters or confirm a newsletter registration, we require personal data from you (such as title, first name, last name, company if applicable, address, e-mail address). By registering you consent to the storage and processing of the applicable personal data.

Should you no longer wish to receive our newsletter, you can cancel it at any time via the link specified for the newsletter in question.

Server logfiles

Swiss Life collects data about access to its website via so-called server logfiles. The access data collected include:

  • Name and title of the website retrieved;
  • Definition of retrieved file;
  • Date and time of retrieval;
  • Transferred data volume;
  • Notification of successful retrieval and any previously visited site;Browser type including version;
  • Operating system of user;
  • Referrer URL (previously visited site);
  • IP address (address in computer networks) and requesting provider;
  • User name (user ID) for use of our customer portal;
  • Device (e.g. PC or smartphone).

Swiss Life uses the log data only for statistical evaluations for the purpose of safeguarding the operation, security and enhancement of its website. However, Swiss Life reserves the right to review the log data subsequently if there is a justified suspicion based on specific grounds of unlawful use.

These data are deleted as soon as they are no longer required for achievement of the purpose of their collection and there is no legal basis for their retention.

Cookies

We use cookies and comparable technologies on our website that can be used to identify your browser or device in order to make our website user-friendly. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone etc.) when you visit our site. If you click to retrieve our website again at a later time, we are able to recognise you thanks to the cookies. However, we do not know who you are but merely that your computer has already visited our website in the past. As well as cookies that are only used during a session and are deleted again after your visit to the applicable website (“session cookies”), cookies can also be used to store user settings and other information over a given period of time (“permanent cookies”). However, you can configure your browser in such a way that it rejects cookies, only stores them for a session or otherwise deletes them prematurely. This means that when you next visit we can recognise your browser but not you as a person. The cookies stored on your access device can also originate from other Swiss Life companies or third parties such as advertising partners (so-called third-party cookies). They are used for individual advertising purposes and to measure their impact.

When calling up the websites of Swiss Life you will be informed about the use of cookies for analytic purposes and your consent will be sought for the processing of the data used in this connection.

Data received via cookies are primarily used for website administration purposes, the collection of demographic data and to monitor the use and performance of a website.

You can normally deactivate the cookie function or install corresponding filters on the device or in the browser with which you access our websites. In this case you may not be able to retrieve all the information and data of the applicable website.

Use of Google Analytics

In order to keep improving our internet presence and the functionality of our website, we need to know how our website is used. For this purpose we make use of Google Analytics, a web analysis service provided by Google Inc., headquartered in Mountain View, California, USA (“Google”).

In its analyses Google Analytics also uses “cookies” saved on your computer that enable it to analyse your use of the website.

Google uses these cookies to evaluate the use of the website, to report on website activities and to provide us as the website operator with other services associated with website and internet use.

The information concerning your use of our websites collected using cookies may be transmitted by Google to countries outside the EU and in particular also to servers in the US and stored there (see below for information on data protection during data transfer to the US). Google may make this information available to third parties as well if provided for by law or if third parties are commissioned by Google to use such data.

To safeguard your privacy, your IP address, which is like a postal address and makes it possible to contact you via the internet, is anonymised before it is saved, so that it can no longer be traced to a particular terminal. To this end, we have enhanced Google Analytics on our websites with the “anonymized” code.

You can also prevent data generated by a cookie with regard to your use of the website (including your IP address) from being registered with Google and Google’s processing of such data by downloading and installing the browser plug-in available at this link: https://tools.google.com/dlpage/gaoptout?hl=en (this link will take you to an external website).

When processing personal data, Google has undertaken to comply with the EU-US Privacy Shield Framework published by the US Department of Commerce and the Swiss-US Privacy Shield Framework concerning the collection, use and storage of personal data from EU member states and/or Switzerland. Google has declared by means of certification that it observes the Privacy Shield principles.

Social Plug-ins

Our internet presence facilitates the sharing of content via online social networks. These networks are operated by Twitter (www.twitter.com), headquartered in San Francisco (California, USA), LinkedIn (www.linkedin.com), headquartered in Dublin (Ireland), Xing (ww.xing.com) headquartered in Hamburg (Germany) and Google (www.google.com), headquartered in Mountain View (California, USA). The plug-ins are displayed with the logo of the corresponding network.

No data is transferred to social networks via social plug-ins (hereinafter “plug-ins”) when retrieving our website. A direct connection with the servers of the corresponding social network is only established when you actively retrieve the share function. If at this time you are logged onto this network with your user name and password, the applicable network will be automatically informed that you are visiting our website. This information can be assigned to your user account there. If you make use of the share function or other functions in social networks (such as the “like” or “share” function on LinkedIn or “Tweet this” on Twitter), the contents of our website will be linked with your profile in the applicable social network. Other users of the network may become aware of this interaction. Swiss Life is neither connected in any way with these third-party operators whose websites are integrated via plug-ins, nor is it in any way responsible for them and their published content. If you are not a member of a social network or not logged onto such, there is nevertheless the possibility that your IP address will be transferred and stored there.

The specific data protection guidelines and liability regulations of the respective third-party operators apply to their websites integrated via plug-ins. The storage and use of your data by such website operators can deviate from the data processing and storage of Swiss Life as per this privacy policy. Swiss Life has no influence on and no knowledge of the purpose and scope of data collection and the further processing and use of these data by such third-party website operators. Please therefore consult the data protection guidelines of the applicable third-party operators themselves.

Usabilla

Swiss Life collaborates with the company Usabilla, which is headquartered in Amsterdam, Netherlands. This company offers a leading digital voice of customer solution.

On our website www.swisslife.com we use the “Usabilla for Websites” tool to obtain quantitative and qualitative feedback from visitors to this website. The software assists us in continuously improving the performance and quality of the website with the help of user feedback, increasing customer satisfaction and offering you an optimum platform.

We have configured the Usabilla tool in such a way that no personal data are processed. We exclusively process the following information:

  • Survey data of the user such as net promoter score, customer effort score and content rating (Was the site helpful? Yes/No).
  • Text field in which the user can explain why he/she has provided a given assessment or what he/she dislikes about the site.
  • URL on which the user was located when he/she completed the survey.
  • Device of the user (desktop/tablet/mobile).
  • Browser of user if applicable.
  • Date and time when survey was completed.

This information is transmitted to Usabilla and saved by the latter in Ireland on an AWS Virtual Private Cloud operated by Amazon. Swiss Life receives the aforementioned assessments in order to enhance its website on an ongoing basis.

Options when disclosing personal data

Should you decide to disclose personal data in the forms or data fields on our websites intended for this, you are entitled to view and amend your data at any time by selecting the relevant application. Certain websites may ask for your consent to use the data concerning you for specific purposes. You can subsequently consent to or deny such use.

Integration of third-party services and content

Third-party content such as videos from YouTube, map material from Google Maps, RSS feeds and charts from other websites are partially integrated within our online offering. This is at all times contingent on the providers of such content (hereinafter referred to as “third-party providers”) knowing your IP address. Without this IP address the third-party providers are unable to send the content to your browser. The IP address is thus essential for the presentation of such content. We endeavour only to use content for which the providers use the IP address only for delivery. However, we have no influence on the extent to which third-party providers store the IP address, for example for statistical purposes. We undertake to inform users accordingly where we are aware of this.

Data security

Swiss Life undertakes to protect the data that we receive from you against accidental or deliberate manipulation, full or partial loss, destruction or unauthorised third-party access by means of technical and organisational security measures. The controls deployed for this are based on the globally recognised information security standard ISO/IEC 27001. We thereby protect your rights and guarantee compliance with the applicable provisions under data protection law. Our established measures guarantee the confidentiality and integrity of your data and safeguard the long-term availability and resilience of our systems and services for the processing of your data.

We also deploy specific further technical and organisational measures to safeguard the rapid recovery and availability of your data and access thereto in the event of a physical or technical incident. Our data processing and security measures are continuously further developed and enhanced in accordance with technological developments.

You can find further valuable information in connection with the use of e-mail and internet for the collaboration between you and Swiss Life and the handling of associated suspicious or fraudulent online activities at the “security information” link.

Products and services of Swiss Life

Basic principles

Swiss Life complies with the fundamental principles of data protection legislation. This includes adequately protecting your data and consistently upholding the requirements pertaining to the confidentiality, integrity and proportionality of the processing of personal data.

We aim to achieve a high level of protection in close collaboration with our cooperation partners such as hosting providers in order to protect your data against unauthorised access, loss or misuse and in doing so to safeguard the confidentiality, integrity and availability of your data.

(Limitation on) use of the data of our customers

Your data are processed at Swiss Life only for the purpose for which you have made them available to us or that you have (additionally) consented to. If we use your data for other purposes than the original one, we will obtain further consent from you for this or inform you accordingly.

Disclosure and transmission of data

We will not disclose your personal data to third parties for commercial purposes. Any disclosure or other use of data will take place exclusively in accordance with the manner described in this privacy policy and with your consent. Your personal data may in particular be disclosed to commissioned third parties that act for us or on our behalf so that they are able to process the data further in accordance with the purpose for which they were originally collected or for another legally or contractually permissible purpose. Swiss Life may also fully or partially outsource business areas to third parties in Switzerland and abroad. We may also disclose personal data to branches or companies of the Swiss Life Group. All these commissioned third parties have clear instructions, so that your personal data are only processed for the agreed purposes.

We remain responsible as controller for carrying out controls and ensuring the use of data and information in accordance with this privacy policy. It may be that certain data are stored or processed on computers and computer systems located in other jurisdictions that do not offer the same level of data protection as Switzerland. We will ensure in such cases that adequate precautions are taken that oblige the processors in question to apply data protection measures that are comparable with those in Switzerland.

Should Swiss Life partially or fully outsource certain business areas and services to third parties in Switzerland and abroad as specified in the above provisions, this shall comprise so-called contract data processing. If we transfer data to a country without adequate statutory data protection, we will ensure an adequate level of protection through the deployment of appropriate contractual arrangements (e.g. on the basis of standard contractual clauses of the European Commission) or based on so-called binding corporate rules or fall back on legal exceptions such as consent, contract processing, establishment, exercise or enforcement of legal claims and an overriding public interest in disclosed personal data.

We collaborate with the following contract data processors or third parties:

  • Service providers (internal and external) including contract data processors;
  • External printers (partially by way of outsourcing);
  • IT software providers and hosting partners;
  • InventX AG as a provider of private cloud services (headquartered in Chur, Switzerland);
  • Microsoft AG as a provider of public cloud services (headquartered in Redmond, USA);
  • Other companies of the Swiss Life Group;
  • HR Diagnostics, headquartered in Germany, for the procurement of data from applicants;
  • Data may be exchanged with selected partners (e.g. Swisscom or Swiss Post Solutions AG) to ensure the correctness of your delivery address;
  • Other partners within the scope of potential or actual official or judicial proceedings;
  • Data may be exchanged with headhunters, cooperation partners, experts, external lawyers, recruitment agencies and the like for collaboration purposes (with your consent);
  • Acquirers or potential acquirers of business areas, companies or other parts of Swiss Life;
  • Industry organisations, associations, organisations and other bodies;
  • Finally, we may be obliged by law to submit personal data to public, local, national or foreign offices (e.g. the Federal Tax Administration), authorities in Switzerland and abroad, public authorities, courts, associations or to our external auditors.

This list contains the main sources of contract data processing. However, in view of the complexity and variety of tasks within Swiss Life, it cannot be considered exhaustive.

Automated individual decisions and profiling

Profiling enables Swiss Life to create segments so that we can provide you with customised advertising and offers that are better tailored to your needs. Swiss Life gains additional statistical information through the deployment of data analysis procedures. We particularly make use of profiling in order to inform you about products in a targeted manner and according to your needs. To do so we deploy evaluation tools that facilitate corresponding communication and advertising including market and opinion research.

We will notify you about all further forms of profiling according to the statutory requirements. We will ensure at your explicit request that the automated decision is reviewed by a natural person.

We may refrain from notification on the basis of corresponding statutory provisions if the decision

  1. is necessary for the conclusion or fulfilment of a contract between you and Swiss Life;
  2. is carried out with your express approval.

Period of retention for use of personal data

We process and store your personal data as long as this is required for the fulfilment of our contractual and statutory obligations or otherwise necessary for the purposes pursued by processing, for example for the entire duration of the business relationship (from initiation and conclusion through to termination of a contract). We also process and store such data in accordance with the statutory retention and documentation obligations or due to specific proof requirements where applicable. Shorter retention periods normally apply to operational data (e.g. system protocols, logs) than to personal data.

Your rights (rights of persons affected)

We are happy to provide you with information about which personal data about you we process and how we actually handle them (e.g. purposes of processing; categories of personal data; categories of recipients to whom your data have been or are disclosed; planned storage duration; existence of a right of correction, deletion, restriction of processing or origin of your data).

You also have the right to revoke any consent granted to the use of your personal data (however, this is only possible as long as the data are not required for processing and handling, for instance in connection with contractual obligations). However, any revocation of your consent shall not affect the legality of the processing carried out up to that point.

You have the right at any time for reasons arising out of your particular situation to register an objection to the processing of the personal data concerning you; this also applies to any profiling based on these provisions. After receiving the objection, Swiss Life will no longer process the personal data concerning you unless we are able to provide evidence of compelling contractual, statutory or other legitimate interests for such processing, or such processing serves the assertion, exercise or defence of legal claims.

You also have a right to the deletion of your personal data as long as this is not obstructed by any contractual or legal rights or deletion proves technically impossible or entails a disproportionate outlay.

You have a right towards Swiss Life of correction and/or completion of your personal data if the processed personal data concerning you are incorrect or incomplete. If the European General Data Protection Regulation is applicable, you also have a right to data portability. In such cases your rights are governed by Art. 15-18, 20 GDPR.

Irrespective of any other administrative or legal remedy, you have the right to appeal to a supervisory authority if you believe that the processing of your data violates legal provisions. The relevant data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

Should your rights be infringed, you have the option of lodging a complaint with the responsible data protection authority.

The exercise of your rights generally requires you to provide clear evidence of your identity (e.g. with a copy of your ID card if your identity is not otherwise clear or verifiable). You can contact us at the address stated in section 1 to assert your rights.

Marketing purposes

In addition to processing, we also make use of your personal data on the basis of your consent or any legitimate interest of Swiss Life for the following purposes: to communicate about specific products or marketing activities and recommend products and services that might be of interest to you.

Duty to provide personal data

The following applies if you wish to conclude a contract with Swiss Life: Within the scope of our business relationship you must provide the personal data that are required for initiating and implementing a business relationship and fulfilling the associated contractual obligations. Without these data we will normally be unable to conclude or process a contract with you and provide you with services. The website also cannot be used if certain data are not disclosed for safeguarding the flow of data.

Legal basis for the processing of personal data

Principle

Swiss Life makes use of the personal data on the basis of the following legal provisions:

  • Contract fulfilment;
  • Fulfilment of a legal obligation;
  • Consent of customer;

Legitimate interests of Swiss Life, e.g.:

  • Efficient and effective protection of interested parties, customers, employees and other persons;
  • Protection of data, secrets and assets;
  • Security of systems and buildings;
  • Compliance with legal and regulatory requirements and internal regulations;
  • Maintenance of contact and other communication with customers also outside contract processing;
  • Upholding of safe, efficient and effective organisation of business operations including safe, efficient and effective operation and successful further development of the website and other IT systems;
  • Sensible corporate management and development;
  • Tracking activities, customer needs and market research;
  • Efficient and effective improvement of existing products and services and development of new products and services;
  • Conduct of advertising and marketing;
  • Successful sale or purchase of business areas, companies or parts of companies and other corporate transactions;
  • Interest in the prevention of fraud, crimes and wrongdoing and in investigations in connection with such offences and other inappropriate behaviour, handling of legal claims and proceedings;
  • Participation in legal proceedings and cooperation with authorities;
  • Assertion, exercise or defence of legal claims.

Consent

By using our websites you declare your consent to the processing of data collected about you in the manner described and for the purposes mentioned.

You can revoke the collection and storage of data at any time with future effect.

If you wish to deactivate Google Analytics, you will find the applicable browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en.

Should you wish to delete all your cookies in the browser, you must repeat the procedure for all technologies. As already mentioned, you can also completely prevent the installation of cookies by configuring your browser accordingly. 

Definitions

Personal data

Personal data are all details that relate to a specific or identifiable natural person. These include, for instance, name, postal address, date of birth, e-mail address and telephone number. Personal data can also include data about personal preferences such as hobbies or memberships.

Particularly sensitive personal data

These include, for instance, data about religious, ideological, political or trade union-related opinions or activities; health data and any details of administrative or criminal proceedings or penalties. Even greater requirements concerning confidentiality and the handling of such data apply at Swiss Life to the processing of particularly sensitive data than is already the case.

Profiling

Profiling is the assessment of specific features of a person on the basis of automatically processed personal data, among other things in order to analyse and predict work performance, financial circumstances, health, behaviour, preferences, whereabouts or mobility. Swiss Life will notify you in advance about all kinds of profiling.

Aggregated data

In some cases we anonymise the data disclosed by you and use them in aggregated, anonymised form. We occasionally combine such data with other data to enable us to compile anonymous statistics (e.g. about visitor numbers or the domain name or internet provider from which our websites are accessed). This serves to improve our products and services.

Updating of this privacy policy

Swiss Life may revise this online privacy policy from time to time. Changes to this privacy policy will be communicated immediately on this and its associated websites. If you have received notification of an amendment to our privacy policy and continue to use our websites, you consent to data processing taking place in accordance with the amended privacy policy.

© Swiss Life / February 2019