Data protection Data protection

This privacy policy explains how the Pillar 3 pension foundation of Zürcher Kantonalbank and the Vested Benefits Foundation of Zürcher Kantonalbank handle your personal data. (Last updated: April 2024)

This privacy policy explains how the Pillar 3 pension foundation of Zürcher Kantonalbank and the Vested Benefits Foundation of Zürcher Kantonalbank handle your personal data. (Last updated: April 2024)

1. General

The Pillar 3 pension foundation of Zürcher Kantonalbank and the Vested Benefits Foundation of Zürcher Kantonalbank (hereinafter the “Foundations”) are also committed to an open, transparent and customer-friendly approach when it comes to the issue of data protection. By “personal data”, the Foundations mean information that relates to an identified or identifiable natural person. The Foundations interpret “processing” as referring to any handling of personal data, irrespective of the means and methods used; it particularly refers to the collection, storage, use, adaptation, publication, archiving or destruction of personal data.

There are additional policies and further provisions in place governing certain data processing, such as by the app or web-based platform offered by the Foundations (e.g. General Terms and Conditions of Business or Terms of Use) or in connection with media work. These are available on the relevant webpages, in the app or on the web-based platform.

1.1 General terms and con­di­tions of busi­ness

Section 6 of the January 2022 version of the General Terms and Conditions (GTC) of Business of the respective foundation contains general information about data protection, in particular in connection with the performance of contracts.

1.2 Data security

The Foundations are particularly bound by its duty of confidentiality and data protection law to protect your privacy in line with the applicable laws. To this end, the Foundations take numerous precautions such as the implementation of technical and organisational security measures (for example, the use of firewalls and personal passwords as well as encryption and authentication technologies, access restrictions and awareness-raising and training for employees).

2. Scope of proces­sing

2.1 Categories of per­son­al data

The Foundations can process the following categories of personal data, depending on which products and services they provide for you. In doing so, the Foundations will process the minimum amount of personal data necessary.

 

2.1.1 Former, existing and potential pension fund members

The Foundations process the personal data of former, existing and potential pension fund members (or interested). These include the following in particular:

  • Master data and inventory data such as name, postal address, telephone number, email address, date of birth, nationality, contract number and duration, identification and authentication data e.g. login for app and web-based platform, documents confirming the customer’s identity such as ID and passport, information relating to the account, securities account, payments for current or completed transactions, contracts, products, services, and information conducted or relating to third parties such as life partners, family members, authorised agents and beneficiaries who are also affected by the data processing.
  • Fiscal domicile and any other documents and information which may be relevant in terms of tax.
  • Transaction or order and risk management data such as information about beneficiaries in the event of death, counterparties and third party banks for transfers, information on your self-employment/employment, to your marital status, your risk and investment profile and the investment products you have requested as well as information about reasons for early withdrawal, changes in the designation of beneficiaries, and cases of fraud, enquiries, consultations, meetings, and physical or electronic correspondence.
  • Personal data requiring special protection (sensitive personal data), such as biometric data for voice recognition during telephone calls for the identification of the caller.
  • Recordings of telephone conversations between you and the Foundations, if applicable.
  • Marketing data, for example requirements, wishes, interests, preferences, information on the use of products, services or contact and communication channels.
  • Technical data such as internal and external identifiers, trade numbers, IP addresses, records of accesses or changes.
  • Any particularly sensitive personal data, e.g. data on disability.

 

2.1.2 Data relating to visitors

The Foundations processe data relating to visitors (i.e. those who visit Zürcher Kantonalbank branches or the websites of Zürcher Kantonalbank or the Foundations in particular). The Foundations consider this to mean the following data in particular:

  • Master data and inventory data, for example name, telephone number, email address, postal address and date of birth.
  • Recordings of telephone conversations between you and the Foundations, if applicable.
  • Technical data such as internal and external identifiers, IP addresses and records of accesses or changes.
  • Marketing data, for example requirements, wishes and preferences, interactions.
  • Data which is transmitted to us when you visit our website or with which you provide us (i.e. by filling in a form).

2.2 Length of stor­age

The period for which personal data is stored is determined according to statutory retention obligations and the purpose for which the data in question are processed. 

As a rule, the Foundations stores personal data for the duration of the business relationship or term of the contract and then for a further ten years or more (depending on the applicable legal basis). This corresponds to the interval of time within which legal claims can be brought against the Foundations. Current or anticipated legal or supervisory authority proceedings can lead to data being stored beyond this period.

2.3 Purpose

The Foundations can process the personal data described under section 2.1 in connection with the provision of its own services as well as for its own purposes or those required by law. These include the following in particular:

  • Customer registration procedures, due diligence, financial statements, the conduct, processing and administration of the business relationship and products and services provided by the Foundations as well as investment products requested by the customer (for example, communications, verification of identity, evaluation of applications, financial planning, payments, invoices, accounts, investment, pensions, succession and insurance, eFinance, customer service and communication).
  • Statistics, planning or product development, business decisions (for example, the determination of indicators relating to the use of services, utilisation figures, transaction analyses, development of ideas for new products or the evaluation or improvement and review of existing products, services, investment products, processes, technology, systems and returns).
  • Monitoring and management of risks, business reviews, establishment of businesses and timely processing of business (for example, combating of fraud, investment profiles, market or operational risks as well as system and product and staff training).
  • Marketing, market research, client relationship management, client recovery, comprehensive service, advice and information concerning the range of services offered, preparation and provision of tailor-made services (for example, direct marketing, print and online advertising, customer, promotional or cultural events, competition, sponsoring, prize draws, measurement of customer satisfaction, future customer needs or behaviour or assessment of customer, market or product potential).
  • Statutory or regulatory information, audit, disclosure or reporting obligations with respect to courts and the authorities, compliance with official orders (for example, identifying checks, orders by FINMA or public prosecutor’s offices, in connection with fraud and money laundering prevention or the financing of terrorism or for the purpose of recording and monitoring communications).
  • Protecting the Foundation’s interests and securing their claims in cases where claims are brought against the Foundations or athe pension fund members or beneficiary as well as protecting the security of pension fund members, beneficiaries and employees.
  • Maintaining the website (e.g. technical management and developing the websites).
  • Any other purposes about which the Foundations have informed you.

2.4 Sources

In order to fulfil the purposes set out in section 2.3, the Foundations can collect personal data originating from the following sources:

  • Personal data communicated to the Foundations, for example in connection with the opening of a business relationship or an advisory consultation at Zürcher Kantonalbank, communications with the Zürcher Kantonalbank or Foundations, for products and services provided by the Foundations or on the websites and apps of Zürcher Kantonalbank or the Foundations. Only disclose the personal data of third parties to the Foundations outside of a legal obligation if you have made the third parties concerned aware of this privacy policy in advance.
  • Personal data generated in connection with the use of products or services and communicated to the Foundations through the technical infrastructure or through collaborative processes, (for example on the Foundation’s website, in the app, on the web-based platform, in payment transactions, with respect to investing in or the liquidation of securities or during the course of cooperation with other financial or IT service providers or marketplaces and exchanges).
  • Personal data from third-party sources such as from correspondent banks in payment transactions, database marketing, the authorities, companies within the Zürcher Kantonalbank Group or sanction lists maintained by UNO, SECO and the EU.
  • Personal data that is publicly accessible, e.g. on the internet, in the media, and in public registers such as land registry and commercial registry offices.

2.5 Bases for the proces­sing of per­son­al data

Depending on which products and services the Foundations may provide for you or the purpose for which the personal data are processed, the data processing is carried out on the following basis:

  • Conclusion or performance of a contract or commencement of a business relationship with you or for the purpose of fulfilling the Foundation’s obligations arising from such a contract or business relationship (including necessary pre-contractual measures), e.g. for payments, invoices, accounts, investments, pension, succession and insurance, eFinance and customer service.
  • Where applicable, to safeguard the legitimate interests of the Foundations – for example, statistics and business decisions; monitoring and controlling risks, business audits; marketing, market research, client relationship management, comprehensive service, advice and information concerning the range of services offered, preparation and provision of tailor-made services – where no objection has been lodged; protection of the Foundation’s interests and securing the claims of the Foundations, its pension fund members/beneficiaries and employees.
  • If necessary, in order to fulfil the Foundation’s statutory or regulatory obligations or perform duties in the public interest, e.g. based on the Anti-Money Laundering Act, Pfandbrief Act and tax laws (see also information on tax agreements and the exchange of information with authorities).
  • If necessary, on the basis of your consent*.

* Consent obtained for other reasons, for example due to the provision on the duty of confidentiality according to Article 86 of the Federal Law on Occupational Retirement, Survivors‘ and Disability Pension Plans (BVG / LPP), is not affected by this section.

2.6 Obligation to provide personal data

If personal data processed by the Foundations are necessary in order to fulfil statutory or regulatory obligations or for the conclusion or performance of a contract or the commencement of a business relationship with you, it may be the case that the Foundations cannot accept you as a pension fund member or cannot provide you with products or services if the Foundations are unable to process this personal data. In this case, the Foundations will inform you accordingly.

  • Personal data that is given to the Foundations, for example, for the opening of a bank account, during an advisory discussion at Zürcher Kantonalbank for services carried out by the Foundations, or on the websites of Zürcher Kantonalbank or the Foundations.
  • Personal data that is necessary for the use of products or services and that is transmitted to the Foundations via the technical infrastructure or complex processes, e.g. via the Foundations’ websites, the app, the web-based platform or via collaboration with other financial or IT service providers or market places and stock exchanges.
  • Personal data from third-party sources such as the authorities, companies within the Zürcher Kantonalbank Group or sanction lists maintained by UNO, SECO and the EU.

2.7 Existence of automated individual decision-making in individual cases, including profiling

The Foundations also reserve the right in future to analyse and evaluate pension fund members’ data (including data of affected third parties, see section 2.1) in automated form in order to recognise key personal characteristics of the pension fund member or predict developments and

create customer profiles. These are particularly used for business reviews and processing reviews (e.g. when determining an investment strategy, risk profiles, combating money laundering, malpractice and fraud and IT security) and to provide individual consultations as well as offers and information (e.g. marketing, product development and improvement, so that you only receive products and services which match your interests) that the Foundations and the Zürcher Kantonalbank Group companies may make available to the member of the pension fund.

Customer profiles may in the future also lead to automated individual decisions, for example in order to accept and execute orders submitted by the pension fund member in eBanking by automated means.

The Foundations will ensure that a suitable contact person is available if the pension fund member wishes to discuss an individual automated decision; this opportunity of expression is provided for by law.

2.8 Categories of in­ten­ded re­ci­pi­ents, gua­ran­tees and dis­clo­sure ab­road

2.8.1 Recipient

 

Within the Foundations and Zürcher Kantonalbank, which is entrusted with the management of the Foundations, access to your personal data will only be granted to those departments requiring them for the conclusion or performance of a contract or the commencement of a business relationship in order to fulfil statutory or regulatory obligations or perform duties in the public interest.

The Foundations only disclose pension fund members’ data to third parties in the following cases – depending on the nature of the products and services used:

  • In order to execute orders, i.e. in relation to the use of products and services, for example to payees, beneficiaries, authorised representatives, intermediaries, correspondence banks, clearing houses and, if necessary, any other parties, service providers (e.g. Swisscom), exchanges or marketplaces involved in a transaction.
  • With the consent of the pension fund member, to companies belonging to the Zürcher Kantonalbank Group for the purpose of providing comprehensive customer services and for outsourcing.
  • On the basis of statutory obligations, legal justifications or official orders, for example to courts, to law enforcement or supervisory authorities or, where necessary, in order to protect the Foundation’s legitimate interests in Switzerland and abroad. The latter particularly applies in the event of legal steps or public statements against the Foundations being initiated or threatened by a customer, in order to secure the Foundation’s claims against the pension fund member or third parties, in connection with the collection of the Foundation’s claims against the pension fund member or beneficiary and in order to restore contact with the customer after communication with the competent Swiss authorities has ceased.
     

Contract processors are third parties who process personal data on behalf of and for the purposes of the Foundations, for example IT, marketing, market research, sales or communication service providers, logistics companies, printing services providers, financial services providers,

collection agencies, fraud prevention agencies, information and cybersecurity service providers or consulting firms. If personal data is communicated to such contract processors, they may only process the received personal data in the same way as the Foundations itself. The Foundations select their contract processors carefully and place them under a contractual obligation to guarantee confidentiality and professional secrecy in Switzerland as well as the security of the personal data.

 

2.8.2 Place of data disclosure

Where data is disclosed will depend on the type of product or service used. The Foundations issue, return and hold securities on behalf of the client. In this context, foreign law and contractual provisions may require that the Foundations or Zürcher Kantonalbank, which has been commissioned by the Foundations with their management, disclose who they are working for. This may result in the Foundations or Zürcher Kantonalbank, where the Foundations have entrusted it with their management, having to disclose certain persons, information and documents to authorities and companies either abroad or in Switzerland. It should be noted here that settlement and custody may take place in third countries. Disclosure requirements vary from country to country. In addition, new disclosure requirements may arise or existing requirements may be adjusted at any

time. Further information on the place of disclosure of personal data in connection with securities has already been provided to you (cf. General Terms and Conditions).

 

2.8.3 Guarantees

If in exceptional circumstances, personal data is disclosed in countries with an insufficient level of data protection, the Foundations require the recipient to comply with an adequate level of data protection by concluding recognised standard contractual clauses or the Foundations will make use of a statutory exemption (e.g. concluding or performing a contract, safeguarding of overriding public interests, enforcing legal claims, and your consent). The Foundations can provide you with a copy of the standard contractual clauses free of charge.

3. Rights

You have the right to information, rectification, erasure, restriction, objection, as well as – where applicable – the right to data portability. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (see section 5).

The Pillar 3 pension foundation of Zürcher Kantonalbank or the Vested Benefits Foundation of Zürcher Kantonalbank accept information requests in writing together with a clearly legible copy of a valid official identity document (for example, a passport, identity card or driving licence). The contact details can be found in section 5.

The right to erasure and the right to object are not unlimited rights. Depending on the individual case, overriding interests may necessitate further processing. The Foundations will examine each individual case and notify you of the result. If personal data are processed for the purpose of direct marketing, your right to object also extends to direct marketing, including profiling for marketing purposes. You can lodge an objection to direct marketing at any time by sending the Foundations a notification to this effect (see section 5).

You can always revoke any consent you may have given to the Foundations to process personal data. Please note that such a withdrawal of consent only has effect for the future. Processing which took place prior to withdrawal of consent is not affected.

If the Foundations fail to meet your expectations with respect to the processing of personal data, if you wish to complain about the Foundation’s data protection practices or if you wish to exercise your rights, please notify the Foundations of this (see section 5). This will give the Foundations the opportunity to address your concerns and make improvements, if need be. In order to assist the Foundations in responding to your enquiry, please provide the relevant details in your notification. The Foundations will look into your concerns and reply within an appropriate period of time.

 

4. Changes to per­so­nal data

The Foundations are obliged to process the personal data accurately and keep it up to date. Please notify the Foundations of any changes to your personal data.

5. Contact details and ex­er­cising your rights 

The Foundations are responsible for the processing of personal data:

Vorsorgestiftung Sparen 3 der Zürcher Kantonalbank 
Postfach 8010
8001 Zürich

Freizügigkeitsstiftung der Zürcher Kantonalbank 
Bahnhofstrasse 9
8001 Zurich

You can address general questions, suggestions and comments to your account manager or customer support.

 

You can address further questions in connection with data protection at the following addresses:

Vorsorgestiftung Sparen 3 der Zürcher Kantonalbank, Datenschutz, Postfach, 8010 Zürich or Freizügigkeitsstiftung der Zürcher Kantonalbank, Datenschutz, Postfach, 8010 Zürich or Ursula Wiedmer, Rechtsanwältin, Postfach 51, 8408 Winterthur (Datenschutzberaterin der Freizügigkeitsstiftung)

If you are not satisfied with the Foundation’s response, you have the right to lodge a complaint with the data protection authority.

6. Status of the data protection declaration

This privacy policy was issued in November 2019 and was last updated in April 2024. It provides a general explanation of how the Foundations processe personal data. This privacy policy does not constitute a part of any contract between you and the Foundations. The Foundations reserve the right to amend this privacy policy from time to time. In the event of such amendments, you will be informed in an appropriate manner depending on how the Foundations usually communicate with you, for example via the website zkb.ch.