Data Protection Notice
1. Preliminary remarks
The Vontobel 3a Pension Foundation (hereinafter “the Foundation”, “we”) very much appreciates your interest in our services. The protection of your data in general and of your personal data in particular, is important to us, and we want you to feel comfortable using our services and visiting our website. It is a major concern for the Foundation that your personal data is treated in a responsible manner and in compliance with legal requirements.
This data protection notice (together with our Terms and Conditions of Use for our website and other documents referred to herein, the “Data Protection Notice”) explains how we process your personal data and does not constitute a document that contractually binds the Foundation or any other party.
Other notices may apply to other types of data processing, such as our presence on social media or our app. The corresponding notices are available in scope of the relevant services.
We not only process personal data of our Pension Account Holders and other beneficiaries, but also personal data of third parties, in particular of the following persons (hereinafter collectively referred to as "you"):
- Dependents of beneficiaries (e.g., current and former spouses, domestic partners, parents and children) and other beneficiaries
- Authorized representatives and agents
- Claimants, injured parties, and other persons involved (e.g., liable parties)
- Persons related to our Pension Account Holders (legal connection)
- Contact persons of social and private insurers, other pension and vested benefits institutions, contractual partners, any reinsurers, suppliers and partners, as well as official bodies and authorities
- Members of our organization (e.g. members of the Board of Trustees, managing directors, administrative staff).
If you transmit personal data to us via third parties, we assume that you are authorized to do so and that this personal data is correct. Please inform these third parties about the data processing by us and give them a copy of the Data Protection Notice in the current version.
2. Processing of personal data
2.1 Categories of personal data
The Foundation processes different categories of personal data depending on which services you receive.
These categories may be:
- Master data (e.g. name, address, email address, telephone number, date of birth, account number, other account information, completed transactions, or third parties, such as family members, authorized representatives, and consultants who may also be affected by the data processing).
- Risk management, transaction, and/or order data (e.g., data with respect to beneficiaries of a transfer, fraud cases).
- Technical data (e.g., IP addresses, browser plug-in types and versions, cookies, internal and external identifiers, logging data, record of access and changes, and content accessed by the website user, including time and date of access).
- Marketing data (e.g., preferences, wishes).
- Telephone records (e.g., between you and your relationship manager).
- Especially sensitive personal data (e.g., disability).
2.2 Purpose of the processing
The personal data described in Section 2.1 may be processed by the Foundation for the following purposes:
- Auditing, providing, and managing Foundation business relationships and services, as well as products requested by clients (e.g., identity verification, pension planning, and client service).
- Compliance with legal obligations (e.g., disclosures, notification, and reporting obligations to authorities and courts, and retention obligations).
- Marketing (e.g., organization of events, raffles, and advertising).
- Product development and market research (e.g., development of new products, further development of existing services, research of client needs, usage statistics, and transaction analyses).
- Protection of interests (e.g., receivable claims and processing of legal claims).
- Risk assessment (e.g., monitoring and managing risks, combating fraud, training, and business audits).
- Individual services (preparation and provision of customized services).
- Other purposes about which you will be informed at a later date.
2.3 Origin of the personal data
For the purposes described in Section 2.2, the Foundation may process personal data if they:
- have been communicated directly to the Foundation (e.g. in the context of an inquiry, a visit to our website, or the use of certain products and services).
- are based on a contractual relationship (e.g., by using a product or service of the Foundation or its partners).
- originate from third-party sources (e.g., authorities, international companies, rating agencies, credit agencies, or Vontobel affiliated companies).
- originate from public sources (e.g., entries in public registers).
2.4 Legal basis for the processing
Your personal data may be processed on the following legal bases:
- Consent (e.g., processing of contact requests)
- Contract (e.g., provision of the contractually agreed-upon services)
- Legal obligation (e.g., retention periods)
- Performance of duties in the public interest
- Legitimate interests (e.g., processing of legal claims)
2.5 Duration of storage
We store personal data only to the extent and for as long as this is necessary to fulfill the purposes stated in Section 2.2, there is a legal obligation to store it, or the Foundation has a legitimate interest in storing it.
2.6 Recipients of personal data
Your personal data may be disclosed for processing in accordance with the purposes set out in Section 2.2 to the following categories of recipients for the initiation or performance of a contract, on the basis of legal obligations, for the performance of duties in the public interest or for legitimate interests of the Foundation:
- Vontobel affiliated companies
- Parties involved in a transaction (e.g., payees, intermediaries, payment institutions, stock exchanges, clearing houses, credit card providers, and their platforms)
- Securities issuers
- Credit agencies
- Fund managers and asset managers
- Authorities and supervisory bodies
- Service providers (e.g., marketing service providers, hosting companies, printers, and anti-fraud agencies)
The aforementioned recipients may also process your personal data outside of Switzerland (including in countries within the European Union or the European Economic Area, as well as in so-called third countries, which include any country outside the European Union or the European Economic Area), if the relevant country (or data protection framework applicable to such country) is considered to provide an adequate level of data protection by the relevant authorities; or in the absence of such adequacy decision, if the recipient guarantees adequate protection based on appropriate safeguards provided by applicable data protection law (for example, Standard Contractual Clauses issued by the European Commission, adapted to local law as required), or statutory exemptions provided by applicable data protection law (for example, your explicit consent). A copy of the relevant safeguards can be requested from the unit mentioned in Section 5.
3. Rights of the data subject
You have rights in relation to your personal data that we process, depending on applicable data protection law. Thus, you might have the right to:
- access and, if applicable, to a copy
- rectification of your personal data
- restriction of processing
- object to processing.
If we process your personal data based on your consent, you have the right to revoke this consent at any time.
If the Foundation processes your personal data using automated decision-making, including profiling, you will be informed about the logic used and its possible consequences. You may be able to request that you not be subject to automated decision making, including profiling.
4. Secure communication with the Foundation
Please be advised that data can be transferred across national borders over the Internet without being subject to any control while in transit even if the sender and recipient are both located in the same country.
We cannot guarantee the security of data transferred over the Internet and accept no liability in respect thereof. Any notices emailed to us by you may not be secure. If you email any confidential information to us, you do so at your own risk. When contacting us, please send data via a secure mechanism, where appropriate, instead of over the Internet.
Third parties could inadvertently draw the conclusion that there is a commercial relationship between you and the Foundation. Therefore, we recommend avoiding the transmission of any strictly confidential information via open networks.
5. Responsible unit and contact
The Vontobel 3a Pension Foundation is the data controller for the data processing activities described in this Data Protection Notice.
Please let us know if we do not meet your expectations with respect to the processing of personal data or if you wish to exercise your rights. This will offer us the opportunity to examine your concern and to carry out improvements where necessary. In any of these cases, please send your request to the following unit:
Vontobel 3a Vorsorgestiftung
Legal Data Privacy
6. Changes to the Data Protection Notice
We reserve the right to amend this Data Protection Notice without giving prior notification. We, therefore, advise you to check our Data Protection Notice on our website on a regular basis. This Data Protection Notice was last updated on 1 September 2023.