1. General provisions
"Personal data" means any information relating to an identified or identifiable person. This includes, in particular, contact and master data, such as names, telephone numbers, postal addresses and email addresses. "Processing of personal data" includes any handling of personal data, including but not limited to the procurement, storage, use, modification, disclosure or deletion of such personal data.
2. Origin and categories of personal data
VZ processes personal data that you disclose to it (e.g. during a visit, during a consultancy meeting, when ordering marketing material, in the course of providing services, when accessing our websites and apps including use of the login feature), which is publicly available (e.g. in address books and/or the commercial register), may be obtained from third parties (e.g. from address brokers and/or credit agencies), or which it receives from cooperation and business partners (e.g. from other VZ Group companies and/or external distribution and contractual partners of VZ).
This personal data is mainly comprised of communication data (e.g. data in written, telephone or electronic correspondence), documentation data (e.g. minutes of consultancy meetings or conversations), registration data (e.g. user name, e-mail), master data (e.g. personal details, authorised representatives), tax and pension data (e.g. information on income and assets as well as pension assets incl. information on denomination within the context of consultancy services), contract data (e.g. information on services used), financial data (e.g. information on assets and their origin, scoring and creditworthiness data within the context of financial services), transaction data (e.g. information on payment transactions within the context of financial services), data in connection with claims or benefit settlements (e.g. notifications of claims, clarification reports within the scope of insurance services), data in connection with the processing of pension or claims cases (e.g. notification of the occurrence of the insured event, clarification reports within the context of pension services), health data (e.g. health status, illnesses and injury in the context of insurance, pension, fiduciary or brokerage services), behavioural and preference data (e.g. visits to websites, interest in services) or technical data (e.g. IP addresses and logs recording the use of our systems).
3. Legal basis and purpose of processing
VZ processes personal data in accordance with data protection law:
For the conclusion and performance of our contracts
VZ processes personal data in connection with the initiation of business and the business relationship with you.
In order to comply with statutory or regulatory requirements
VZ processes personal data if required by statutory or regulatory requirements.
To safeguard the legitimate interests of VZ or third parties
VZ processes personal data to safeguard its legitimate interests (e.g. to initiate and maintain contact or communication, for market research, to develop and manage services, for quality assurance (e.g. for training and education), for advertising and marketing, for investigating or preventing criminal offences or other misconduct, for preventing damage and losses (e.g. to combat fraud and misuse and to conduct internal investigations), to defend against and/or enforce legal claims in proceedings and litigation, to ensure operations and infrastructure (e.g. in the IT sector), to protect persons and assets (e.g. to create visitor lists, access controls or other records), and to manage business and risk (e.g. for business organisation and corporate development) or for compliance with foreign law).
Where applicable, with your consent
VZ may process your personal data if you have given your consent.
4. Data security
VZ processes as little personal data as necessary and protects it against loss and misuse (e.g. against access, alteration or disclosure by unauthorised persons). The technical and organisational measures for data security are appropriate and meet stringent requirements (e.g. use of current firewall and anti-virus products, personal passwords with multifactor authentication technologies, as well as encryption and access restrictions, and awareness raising and training of employees). They are continuously adjusted to take account of specific hazards. The level of protection is state of the art and corresponds to the type and extent of the processing.
5. Recipients of personal data
VZ shall comply with the confidentiality obligations laid down in data protection law and any other regulations (e.g. bank-client confidentiality). These duties apply to all employees and governing officers of VZ, as well as to any persons working on its behalf in the context of outsourcing tasks. Personal data may only be accessed within VZ by a person who requires them for the purpose for which they are being processed.
Personal data may be disclosed within the VZ Group in order to guarantee a consistently high level of service throughout the Group or in order to provide comprehensive support and service provision.
Personal data may be disclosed to third parties if this is necessary to fulfil contractual obligations (e.g. to payees as well as stock exchanges and brokers within the context of financial services, to beneficiaries and insurers as well as co-insurers and reinsurers within the context of insurance services, to employers as well as medical service providers and experts within the context of insurance, pension, fiduciary or brokerage services), to comply with statutory or regulatory requirements (e.g. to authorities, courts), to safeguard legitimate interests (e.g. to service providers in the context of outsourcing tasks) or if you have given your consent to this.
If personal data is disclosed to service providers in the context of outsourcing tasks (e.g. to IT service providers, marketing service providers, providers of communication and printing services, claim handlers), such service providers may only process such personal data in the manner that VZ itself may. VZ carefully selects the service providers and contractually obligates them to comply with duties of confidentiality and to ensure data security.
Under no circumstances will personal data be sold to third parties for marketing or other purposes.
6. Disclosure of personal data within Switzerland and abroad
The recipients of personal data mentioned in section 5 may be located in Switzerland or abroad. Personal data may therefore be processed anywhere in the world.
In the case of the disclosure of personal data abroad, VZ warrants that the country in question offers adequate data protection or that adequate data protection is contractually guaranteed with the recipient, unless a disclosure abroad is made in an individual case on the basis of a statutory exception (e.g. for the conclusion and fulfilment of our contracts, for the defence or enforcement of legal claims in proceedings and litigation).
7. Profiling and automated individual decisions
VZ may analyse and assess personal data using automated systems in order to identify characteristics, predict developments and create profiles (so-called profiling). Profiles are used, in particular, to provide you with optimal support (e.g. personalised offers) and to tailor marketing measures to your needs (e.g. personalised marketing). As part of the creditworthiness assessment, VZ may use scoring. In this case, VZ calculates the probability with which payment obligations will be met pursuant to the contract.
As a rule, VZ shall not take any individual decisions based solely on the automated processing of personal data. If automated individual decisions are utilised, the VZ shall inform data subjects thereof in accordance with statutory requirements and grant them the rights provided for by law.
8. Retention period
The length of time for which personal data is processed depends on the purpose of processing in section 3. VZ takes particular account of statutory or regulatory retention periods, the safeguarding of our legitimate interests (e.g. to contact and maintain contact) and data storage for technical reasons.
You can request information about your personal data processed by us, and in particular, you have the right to object to the processing of your personal data or to request the deletion of your personal data.
However, these rights do not apply without restriction: In particular, statutory or regulatory obligations (e.g. in order to comply with duties to provide access and disclose information) or the safeguarding of legitimate interests (e.g. to defend or enforce legal claims in proceedings and litigation before or by authorities and courts) may make further processing of your personal data necessary in individual cases.
In order for VZ to be able to comply with your request for access, you must generally submit your request in writing to VZ along with a copy of a valid official photographic identification (e.g. passport, identity card or driving licence).
If your personal data is processed for marketing purposes, your right to opt out also applies to marketing activities (e.g. mailings, newsletters) and to profiling for marketing purposes. You may stop any unwanted marketing activities at any time by informing VZ of your request.
If the processing of your personal data is based on your consent, you can withdraw this consent at any time. However, any such withdrawal of consent will only apply prospectively: any data processed before then will not be affected by the withdrawal of consent.
The relevant VZ Group company is responsible for the processing of personal data.
Please do not hesitate to address any general questions, suggestions or observations to your contact person at VZ.
You can also contact the following specialist unit with any questions relating to data protection:
VZ VermögensZentrum AG
E-mail: datenschutz.ch [at] vzch.com
Last updated: 1 February 2023