Data protection provisions of the AXA Foundation for Occupational Benefits

Data protection is extremely important to the AXA Foundation for Occupational Benefits, Winterthur (hereinafter “Foundation”). This Privacy Policy sets out how and to what end your personal data is collated and processed (e.g. stored, used, transmitted, etc.) in connection with the provision of occupational benefits insurance, to what parties your personal data is transmitted, and what rights you hold in this respect under data protection legislation and other regulations.

This Privacy Policy does not contain an exhaustive description of the data processing activities carried out by the Foundation, and any action taken in specific instances may be governed in full or in part by specific privacy policies, general terms and conditions, summary sheets, or similar documents (with or without reference being made to such in this Privacy Policy).

The Foundation was established in order to provide occupational retirement, survivors’, and disability benefits insurance. Its purpose is to protect employees and employers of affiliated companies in accordance with its regulations against the economic consequences of loss of earnings resulting from old age, disability, or death. It provides benefits in accordance with the provisions governing mandatory occupational benefits insurance and also offers pension plans that exceed the minimum statutory requirements or offer only non-mandatory benefits. To this end, the Foundation processes the personal data of active insured persons and pensioners (together “beneficiaries”) from the companies affiliated to it. AXA Life Ltd is responsible for administration and distribution.

AXA Life Ltd processes personal data for the Foundation for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits cover in accordance with the tasks assigned to it. In this regard, it relies on personal data, including personality profiles and sensitive data requiring particular protection, so as to perform the tasks assigned to it by the Foundation in accordance with the applicable statutory framework.

Further information on data protection at AXA Life Ltd can be found in the data protection provisions of AXA Life Ltd, which can be accessed here

Information on data protection

Personal data as referred to below is any information relating to an identified or identifiable natural person (e.g. name, date of birth, email address, IP address). Information that has been anonymized or aggregated and cannot (or can no longer) be used to identify a specific person is not deemed to be data in this sense.

“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure/deletion of data.

The legal basis and purpose of the processing of your data is primarily the provision of occupational benefits cover, underpinned by the Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (BVG/OPA), the Federal Act on the Vesting of Occupational Old Age, Survivors' and Invalidity Benefits (FZG/VBA), as well as the related ordinances.

Over and above this, the processing of data is based on the initiation and/or performance of the affiliation contract, existence of a statutory requirement and/or consent (either from you or from a person you have authorized), as well as on the overriding legitimate interests of the Foundation (i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures).

The processing of your personal data is based on the principles of accuracy, lawfulness, transparency, data minimization, proportionality, responsibility, and data security.

This Privacy Policy is based on the requirements of the Federal Act on Data Protection (FADP), the implementing ordinance (OFADP), and – where applicable – other valid data protection legislation on a case-by-case basis. These data protection provisions do not contain an exhaustive description of the Foundation’s data processing activities; individual matters may be governed in full or in part by specific information (with or without reference to these data protection provisions). There are exemptions from the duty to provide information under data protection law. This duty does not apply if the information is not possible or if disproportionate effort is required, if you have already been notified about the data processing, if processing is provided for by law, or if the Foundation is legally bound to maintain confidentiality. 

1. Data controller

Data processing is the responsibility of:

AXA Foundation for Occupational Benefits, c/o AXA Life Ltd, Winterthur, General-Guisan-Strasse 40, CH-8400 Winterthur

2. Data Protection Consultant

The contact details for the Data Protection Consultant are:

Swiss Infosec AG
Centralstrasse 8A
6210 Sursee
Email address:

3. Data categories

  • 3.1. Personal information and contact data

    This includes first and last name, gender, date of birth, age, civil status, language, nationality, place of birth, place of origin, residence status, details of family members, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.

  • 3.2. Application data

    This includes information communicated during the application process, e.g. on the risk to be insured, on the level of employment, on the employment relationship and capacity for work, answers to questions, reports by experts, claims data from the previous insurer (claims history), as well as information on relationships with third parties affected by data processing (e.g. beneficiaries).

  • 3.3. Customer/contract data

    This is data that is made known in connection with the conclusion of an affiliation contract and/or performance of the contract. This includes, for example, social insurance numbers, policy or contract numbers, type of insurance and coverage, description of the risk, benefits, the premium, and the contract term. 

  • 3.4. Provision of occupational benefits insurance

    This is data in connection with the processing of insured events: notification of the occurrence of an insured event, details of the reason for the insured event (e.g. accident, illness, date of event, etc.), and other information in connection with the verification and assessment of the insured event (e.g. details of especially sensitive personal data requiring particular protection, of persons involved and on third parties such as insurers, etc.), details of termination (withdrawal) benefits and other insured events.

  • 3.5. Personal data requiring particular protection

    This includes data on views or activities relating to religion, values, opinions, politics, or labor unions, on health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.

  • 3.6. Health data

    This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, as well as reports on other physical or mental impairments.

  • 3.7. Finance and payment data

    This includes, for example, salary data, account details, premium payments and outstanding premiums, reminders, and credit balances.

  • 3.8. Data pertaining to any claims/benefits/legal cases

    This includes, for example, notices of claim, medical reports, diagnoses, investigation reports, invoices, and pension dates.

  • 3.9. Data on behavior and preferences

    This includes information about personal behavior, e.g. how the AXA website,, and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.

  • 3.10. Technical data

    This includes, for example, IP addresses, cookies, metadata, logs recording the use of systems, IP packets and other technical identification details, as well as data relating to online/telephone communication.

4. Purpose of the data processing

  • 4.1. Provision of occupational benefits insurance

    Beneficiary data that is communicated by employers as part of the onboarding process is processed in order to provide occupational benefits insurance. This ensures that beneficiaries are duly registered and insured in accordance with the provisions governing occupational benefits. The data that has been entered is processed to ensure that amounts are calculated correctly and that beneficiaries receive the precise amounts due to them should they become disabled or entitled to payments. Furthermore, processing beneficiaries’ personal data also allows the Foundation to ensure that insurance contracts are managed efficiently; this includes the settlement of payments and communication with the employers affiliated with the Foundation and their employees.

  • 4.2. Further purposes

    In addition, your personal data and the personal data of others is processed – insofar as is permissible and appears appropriate – for the purposes set out below, in which the Foundation and in some cases also third parties have a corresponding legitimate interest: 

    • Offering and further development of services as well as the website and other platforms on which the Foundation is present;
    • Communication and processing of inquiries (e.g. via contact forms, email, phone, job applications, media requests);
    • Market research, media monitoring; 
    • Assertion of legal claims and defense in connection with legal disputes and official proceedings; 
    • Any transactions under company law involving the Foundation, and the transfer of personal data in connection therewith;
    • Prevention and investigation of offenses and other wrongdoing (e.g. conducting internal probes, data analyses for the purpose of combating fraud); 
    • Compliance with statutory and regulatory obligations as well as the Foundation's internal requirements;
    • Ensuring operations, in particular IT, the website, and other platforms. 

5. Legal basis of processing

  • 5.1. In relation to mandatory occupational benefits insurance

    As the legal basis for the processing of your personal data in relation to mandatory occupational benefits insurance, the Foundation makes regular reference to a statutory basis, namely

    • the Federal Act on Occupational Old Age, Survivors’ and Invalidity Pension Provision (BVG/OPA);
    • the Federal Act on the Vesting of Occupational Old Age, Survivors' and Invalidity Benefits (FZG/VBA);

    as well as the related ordinances. As a federal body in the area of mandatory BVG/OPA benefits, the Foundation processes your personal data relating hereto in accordance with the processing powers granted by law (e.g. Art. 85a ff. BVG/OPA).

  • 5.2. In relation to extra-mandatory benefits and other areas

    In the area of extra-mandatory occupational benefits insurance as well as of other non-mandatory areas, the Foundation processes your personal data based on:

    • consent, insofar as you have provided such, to the processing of your personal data for specific purposes. The Foundation processes your personal data within the framework and on the basis of this consent, insofar as it has no other legal basis that is applicable and such a legal basis is required. Consent that has been granted can be revoked at any time. This will, however, have no impact on data processing that has already been carried out. Notice of revocation can be sent via email or by post to the (email) address specified in section 2. You can also revoke your consent at any time via the Foundation’s online portal.
    • the conclusion or performance of a contract with your employer (affiliation agreement regarding occupational benefits insurance),
    • the conclusion or performance of a contract with you or an inquiry from you ahead of such (e.g. with contracts relating to the financing of residential property),
    • an overriding interest (such as to ensure information security or data protection or to carry out tasks in the public interest); in this event you can, however, lodge an objection under certain circumstances,
    • a legal requirement (e.g. with documents or information subject to a mandatory retention period).

6. Where does the Foundation receive personal data from?

  • 6.1. Personal data you communicate to the Foundation

    The Foundation receives personal data from you when you transmit data to it or enter into contact with it. This can take place via various channels, e.g. via the online portal for employers/insured members, through the various ways you use to communicate with the Foundation (e.g. email, letter-based correspondence, phone, fax, etc.), or through the use of the Foundation website or the use of other services offered to you by the Foundation within the framework of its business activities.

  • 6.2. Personal data the Foundation receives from third parties

    The Foundation receives personal data in connection with the provision of occupational benefits insurance in accordance with the requirements laid down by law. The Foundation also receives personal data from third parties with which it works in order for business activities within the framework of occupational benefits insurance to be carried out and services to be provided. In addition, the Foundation receives personal data from public sources.

    The Foundation receives, for example, personal data from the following third parties:

    • Employers;
    • Persons who are close to you (e.g. family members, legal representatives, etc.);
    • Experts, doctors, and other service providers that carry out investigations as to the state of your health;
    • Private insurers and social insurance schemes, other occupational benefits and vested benefits institutions;
    • Banks and other service providers within the framework of occupational benefits insurance (e.g. brokers, reinsurers, etc.);
    • Credit investigation agencies;
    • Authorities, courts, parties in connection with official and court proceedings as well as other third parties in connection with such;
    • Other service providers (e.g. from Swiss Post for updated address details);
    • Public registers (commercial registers, debt enforcement registers, etc.).

7. Third parties to which personal data is forwarded and transmitted

If your personal data is to be processed not by the Foundation but by AXA Life Ltd, by processors, or by other controllers, the Foundation will ensure by means of contractual provisions that the legal requirements are fully complied with. In principle, forwarding to third parties only takes place if: 

  • this is necessary for the provision of occupational benefits insurance or for the provision of other services by the Foundation (e.g. AXA Life Ltd), 
  • this is necessary in order to draft the contract with you,
  • such forwarding is permissible following a balance-of-interest analysis,
  • the Foundation is legally obliged to carry out such forwarding, or
  • the Foundation has received consent from you. 

Within the framework of its business activities and for the purposes set out above, the Foundation also discloses personal data to third parties – to the extent that this is permissible and appropriate – either because said third parties process data for the Foundation (order processing) or because they use the data for their own purposes (data disclosure). The third parties involved are, in particular, the following (all hereinafter referred to as “recipient” or “recipients”):

  • Employers (affiliated businesses; however, no data relating to your health, your retirement assets, or individual transactions such as purchases or advance withdrawals is forwarded);
  • Service providers that take on management of the occupational benefits institution, technical administration, distribution, and asset management on behalf of the Foundation;
  • Other service providers, including processors of the Foundation for the processing and storage of your data (such as external administrators, IT providers), the sending and receiving of emails, the offering and developing of certain functions in connection with the internet presence, as well as for research, analysis, maintenance, and security in connection with the internet presence;
  • The Foundation’s auditors;
  • Pension fund actuaries;
  • Appointed medical examiners and experts;
  • Companies’ occupational benefits fund commissions and the Guarantee Fund;
  • Consultants, such as legal attorneys, acting for the Foundation;
  • Business partners (such as brokers and distribution partners), logistics partners, credit investigation agencies, collection partners;
  • Authorities (supervisory and tax authorities);
  • Other social insurance schemes (e.g. AHV/OASI or other pension institutions);
  • Insurers (e.g. for risk reinsurance);
  • Banks and payment service providers, notary offices in connection with advance withdrawals under the legislation governing advance withdrawals for the purchase of residential property;
  • Public offices and courts. 

Not all recipients are based domestically; some may be based abroad. You must anticipate, in particular, that your data will be transferred to other countries within Europe and to the USA, where some of the IT service providers used by the Foundation are located. 

If, by way of exception, the Foundation transfers data to a country which does not have an appropriate level of statutory data protection (such as the USA), it will require the recipient to put in place adequate measures to safeguard personal data (e.g. by means of the agreement of EU standard contractual clauses, the current version of which can be found here, other safeguards, or based on justification grounds).

8. Length of processing

The Foundation processes the data collected for as long as is necessary in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation), contractual retention periods, and the requirements imposed by the authorities for performing the specified processing tasks, as well as on the basis of overriding legitimate interests (e.g. documentation and evidence purposes), and in particular to provide evidence or to defend against claims and to demonstrate good data governance. The statutory retention period is generally at least 10 years. Social insurance legislation sets out longer retention periods. The statutory limitation period is generally between 5 and 20 years.

9. Your rights 

You have the right

  • to request information about the personal data the Foundation stores about you;
  • to have incorrect or incomplete personal data rectified;
  • to request the erasure/deletion or anonymization of your personal data should this data not be required or no longer be required for the provision of occupational benefits insurance or for other services provided by the Foundation;
  • to request restrictions on the processing of your personal data, insofar as processing is not required or no longer required for the provision of occupational benefits insurance;
  • to receive certain elements of personal data in a structured, standard, and machine-readable format;
  • to revoke consent with future effect, where processing is based on consent.

Please note that the Foundation reserves the right to assert the restrictions provided for by law, such as if the Foundation is obliged to store or process certain data, or has an overriding interest in such (insofar as it may base its actions on this overriding interest), or requires the data in order to assert claims.

You should further note that the exercising of these rights may conflict with contractual agreements and this may lead to consequences such as the premature termination of the contract, or costs. Where this is not already contractually stated, in such an event the Foundation will inform you in advance. 

If you believe the processing of your personal data violates the data protection legislation or that your rights under the data protection provisions are breached in any other way, you also have the option of submitting a complaint to the responsible supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC;

The exercising of your rights under data protection law generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport insofar as your identity is otherwise not clear and/or cannot be verified by other means). To assert your rights, please email the Foundation at the email address indicated in section 2.

10. Amendments to this Privacy Policy

This Privacy Policy may be amended over time, in particular should the Foundation implement changes in its data processing or if new legal requirements come into effect. Acts of data processing are generally governed by the version of the Privacy Policy in place when the respective data processing act began.

DE FR IT EN Terms of use Data protection / Cookie Policy © {YEAR} AXA Insurance Ltd