This text applies analogously to female and a plural number of persons. Edition June 2022.
Data protection is a particularly high priority for the Terzo Pension Foundation of WIR Bank (hereinafter the ‘Foundation’). In this data protection declaration, the Foundation provides information about the type, scope and purpose of the personal data that it gathers, uses and processes, and the rights of the data subject. The scope of the personal data that the Foundation processes is effectively determined by the individual pension agreement, the applicable pension rules, the pension products obtained by the data subject, the agreed service, and statutory and regulatory obligations regarding the gathering and processing of personal data.
The Foundation processes the data that it receives from the data subject (e.g. customers, potential customers, third parties associated with customers). In addition, the Foundation obtains data from other pension and vested benefits institutions, service providers (e.g. databases), public registers or agencies (e.g. compensation offices, courts, taxation offices) that the Foundation requires to deliver services or for statutory or regulatory reasons.
The following, in particular, are deemed to be associated third parties:
Where data is transmitted by or via third parties, the Foundation assumes that a corresponding authority/consent exists and that the data is accurate.
The categories of personal data that the Foundation processes include personal information (e.g. name, gender, date and place of birth, marital status, address, nationality, family relationships, signatures, data from ID documents, contact details (telephone number or email address), transaction data, financial situation, investment goals, tax residency, US status, occupational information, data from use of the Foundation’s website (e.g. IP address, cookies) and additional information on powers of attorney, personal relationships, regulatory relationships, log files). In accordance with the statutory retention period, the Foundation can also store previous versions of this data along with the current data.
There is a possibility that data other than that outlined above will be processed when signing up for certain pension products (e.g. VIAC). This may include: order data, payment orders, direct debit data, documentation data, investment behaviour, investment strategy, business data.
Sensitive personal data is personal data accorded special protection by the law due to its sensitivity (e.g. health data). Where the Foundation processes sensitive personal data, it does so in connection with:
The Foundation only gathers and processes the personal data it needs to fulfil a particular purpose. In particular, personal data is processed for the following purposes:
The Foundation processes personal data, taking particular account of the Swiss Data Protection Act (FADP) and the Data Protection Ordinance (DSV). When processing personal data, the Foundation verifies that such processing is carried out lawfully, fairly and proportionately. The data is only processed in the manner stated when it was obtained, which is evident to the data subject or provided for by law. The Foundation does not process personal data covertly or secretly, unless required to do so under law. Personal data is only obtained by the Foundation for a specific purpose that is evident to the data subject. The Foundation ensures by means of appropriate technical and organisational measures, taking into account the state of technology and implementation costs, that the processed personal data:
If personal data should prove to be inaccurate or incomplete, the Foundation will rectify, erase or destroy it, unless prohibited from doing so by law or regulatory provisions.
Where necessary, the Foundation processes personal data on the following bases:
The Foundation is obliged to process personal data on various statutory and regulatory bases. In particular, these include:
The contractual elements required for consent derive from the individual pension agreement and the applicable pension rules. Where additional consent is necessary in individual cases for special processing of personal data, the Foundation will obtain this from the data subject. Once given, consent may be withdrawn at any time. Such a withdrawal of consent only becomes effective upon receipt by the Foundation and it does not affect the lawfulness of the processing of personal data prior to the withdrawal. There may be grounds (for example by reason of law) that require the processing of the personal data despite the withdrawal of consent. A withdrawal of consent may result in the restriction of certain services or the termination of the pension relationship by the Foundation.
The Foundation processes personal data to bring about or enter into a pension relationship (e.g. account management/custodian account management or execution of orders and transactions), for analysis of customer behaviour, for measures to improve products and services or for marketing.
The Foundation has additional legitimate private interests in processing personal information:
The Foundation processes and stores personal data for as long as this is necessary to fulfil the purpose for which the personal data was gathered or to fulfil contractual or statutory obligations. As a rule, this is 10 years after the ending of the pension relationship (cf. Art. 27j OPO2).
If personal data cannot be erased, technical and organisation measures are taken to ensure that:
The data subject is fundamentally entitled to the following rights, unless precluded by a statutory obligation:
The detailed procedures for exercising the above-named rights of the data subject and the obligations of the Foundation, such as the spoken or written form, are to be settled by mutual agreement between the data subject and the Foundation. If the provision of access, the handover or the transmission of data is associated with disproportionate expense, the Foundation may insist on a cost contribution to a maximum of CHF 300.
Pursuant to the pension agreement and pension rules, the personal data is processed only by those persons who require the data to fulfil contractual or legal obligations. Service-providers and third parties (e.g. outsourcing partners) are given access to the data where necessary.
Service providers and third parties as recipients of personal data may include:
In principle, there is no transmission of data to other countries. If personal data is to be transmitted to foreign countries, this will take place in compliance with the provisions prescribed by law and where this is necessary in order to perform the contract (e.g. to process international transactions or execute orders in foreign trading venues). If processors are employed in other countries, they are required to comply with the obligation of secrecy (Art. 86 OPA) and the Data Protection Act.
In principle, the Foundation does not use any automated individual decisions in order to establish and carry out the business relationship. If the Foundation should employ this process in individual cases, customers will be informed of this separately, where prescribed by law.
The protection of personal data has top priority for the Foundation. Customers’ personal data is subject to the obligation of secrecy under pension law (Art. 86 OPA). Personal data is treated as strictly confidential and protected from access by unauthorised third parties. In general, anyone who is not subject to a duty of confidentiality has no access to the personal data gathered. The Foundation likewise ensures that the recipients of personal data comply with the applicable data protection provisions.
The Foundation does not have its own internet presence, but rather uses the websites and applications (e.g. VIAC app) of the WIR Bank Genossenschaft (www.wir.ch and www.viac.ch). The websites can be used without registration and hence without the transmission of personal data. There is no automatic gathering of personal data – with the exception of the IP address – associated with usage of the services offered. Where personal data is gathered, this is to be provided by the data subject themselves (e.g. use of a contact form). The websites named above use cookies, analytics tools (e.g. Google Analytics) and social media plugins (e.g. Facebook, X (formerly Twitter), LinkedIn etc.). You can find detailed information about the type, use and any data processing by the tools used in the data protection declarations of WIR Bank Genossenschaft (https://wir.ch/de/produkte-loesungen/privatkunden/vorsorgen/3-saeule/terzo; in German) and VIAC AG (https://viac.ch/en/data-protection-use-of-analysis-tools/).
The Foundation reserves the right to amend the data protection declaration at any time while complying with legal data protection requirements. You can retrieve the current version of this data protection policy at https://www.wir.ch/fileadmin/user_upload/Dokumente/Formulare/datenschutzerklärung.pdf and https://viac.ch/en/data-protection-use-of-analysis-tools/.
The Foundation is the data controller for the processing of personal data. Queries in relation to data protection may be addressed to:
Terzo Pension Foundation of the WIR Bank
Data Protection Consultant
Auberg 1
4002 Basel
datenschutzberater@wir.ch
Basel, 19 June 2023