Privacy Policy of Liberty Pension

1. Overview and scope
This Privacy Policy contains information on how and for what purpose the Liberty Pension foundations and Liberty Pension Ltd. (hereafter «we» or «Liberty Pension») process your personal data that you (hereafter «you») disclose to us or which we collect from you. This Privacy Policy is not exhaustive; other privacy policies, foundation regulations or general terms and conditions and similar documents of Liberty Pension may govern further specific data protection matters. «Personal data» means all data and any information relating to an identified or identifiable natural person.

Liberty Pension comprises the following foundations and companies:
- Liberty BVG Collective Foundation, Schwyz, CHE-114.944.178;
- Liberty Foundation for vested pension benefits, Schwyz, CHE-112.534.444;
- Liberty Investment Foundation, Schwyz, CHE-241.246.404;
- Liberty Foundation for 3a Retirement Savings, Schwyz, CHE-114.298.496;
- Liberty 1e Flex Invest Foundation, Schwyz, CHE-115.296.086;
- LibertyGreen Foundation for 3a Retirement Savings, Schwyz, CHE-116.030.444;
- Lealta Foundation for vested pension benefits, Schwyz, CHF-115.930.138;
- Liberty Pension Ltd., Schwyz, CHE-101.093.677.

2. Controller and contact point for data protection enquiries
For the processing of your personal data in connection with our pension services, the responsible party in terms of data protection law is the Liberty Pensions foundation with which you have concluded a corresponding affiliation or pension contract. For the processing of your personal data in connection with the Liberty Pension websites, the responsible controller is Liberty Pension Ltd. Moreover, the foundation or Liberty Pensions company with which you correspond or deal, or which has referred you to this privacy policy in the context of an inquiry, contract or other correspondence is responsible for processing your personal data in accordance with this privacy policy.

Depending on the data processing, the Liberty Pension foundations and companies may each individually act as controller, or may also assume the role of a contracted processor.

Regardless of which Liberty Pension entity of is responsible for the processing your personal data in any given case, we ask you to address your data protection-related inquiries to the following point of contact:

Liberty Pension Ltd.
Steinbislin 19
6423 Seewen SZ

Phone: +41 58 733 03 03
Email: info@liberty.ch

3. Data sources and data categories
As a matter of principle, we only process personal data which we receive or collect from clients, accountholders, interested parties and website visitors in the scope of our business activities. To the extent permissible, we also obtain certain data from publicly accessible sources (e.g. debt collection register, land registers, commercial register, the press and internet) or receive such data from other companies, authorities or third parties (e.g. employers, external consult-ants, brokers and asset managers, other occupational benefits or vested benefit institutions, social insurances, public agencies, courts, the 2nd Pillar Central Office and the LOB Guarantee Fund). If you provide us with personal data relating to other persons (e.g. family members, co-workers, etc.), we ask you to ensure that these persons are aware of this privacy policy and only share their personal data with us if you have been permitted to do so and if the relevant per-sonal data is true and accurate.

The personal data, or categories of personal data, processed by us includes, depending on the case, personal particulars and contact data (e.g. name, address, gender, date of birth, social security number, marital status, number of children, hometown and/or nationality, telephone number and email address); identification and background information (e.g. passport number, ID number, social security number, language, date of birth, nationality,  gender, denomination); information on employment (e.g. job title, employment or self-employment, degree of employment, capacity to work, employment relationship, salary, bonus); pension-related information (e.g. retirement savings capital, withdrawals of pension assets, buy-ins and voluntary purchases); information about adult protection measures (e.g. guardianships); information for processing benefit claims (e.g. information on disability, health, retirement, death, purchase of residential property/real estate); information for mortgage processing purposes (e.g. purchase agreement and other contracts, tax returns, salary data, marital status); cross-border employment information (e.g. confirmation of definitive cessation of employment in Switzerland, confirmation of return of work permit or confirmation of cancellation of cross-border work permit, copy of passport or ID with legible signature, current foreign residence certificate and proof depending on marital status); information on emigration status (e.g. confirmation of departure, copy passport or ID with legible signature, current foreign residence certificate and proof depending on marital status); contractual data which we receive or collect in connection with the initiation, conclusion and processing of contracts with you (e.g. products and services used or requested and related behavioral and transaction data, financial data for payment purposes such as bank account details, assets, origin of funds); communication data (e.g. name and contact details such as postal address, email address, telephone number, contents of emails, correspondence, chat messages, social media posts, comments on websites and mobile apps,  telephone conversations, videoconferences, proof of identity, marginal data); preferences and marketing data (information about the use of our websites, apps or other digital offerings, data related to the marketing of products and services such as newsletter subscriptions and cancellations, documentation received and specific activities, personal preferences and interests); image and sound recordings (e.g. photos, videos and sound recordings of client events, recordings of video surveillance systems, photos, videos and sound recordings of courses, lectures, training sessions and recordings of phone and video conference calls) and technical data (e.g. IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies, e.g. pixel tags).

4. Processing purposes and legal bases
4.1 In general, as part of our business activities
We process your personal data primarily for the necessary purposes in connection with our business activities and the provision of our services. In this context, your personal data is processed notably for the following purposes:

- to communicate with you and, in particular to provide you with information or to process your requests, for authentication and identification purposes, for client services and assistance;

- for contract processing, namely in connection with the initiation, conclusion and processing of contractual relationships. This includes all data processing that is necessary or appropriate to enter into, perform and, if necessary, enforce a contract, such as processing for the purpose of determining whether and how (e.g. with which payment options) we enter into a contract with you (including credit checks), to provide contractually agreed services, e.g. for the delivery of services and functionalities (including customized service components), for the invoicing of our services and general accounting purposes, processing of job applications (e.g. the administration and assessment of job applications, conducting interviews and creating personal profiles, obtaining references), to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);

- to provide you with our products and services as well as digital offerings (e.g. website, mobile apps),to evaluate and improve them, including market research, quality assurance and training of our staff members;

- for customer care and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. These may be our own offers or those of our partners. In this connection, we may process your personal data in part automatically in order to evaluate certain personal aspects (profiling) or to make a preliminary selection when you enquire about a product or service. In particular, we may apply profiling to provide you with targeted information about products and services;

- in connection with accounting, the archiving of data and management of our archives;

- for security measures, namely IT and building security (e.g. access controls, visitor lists, preventing, combating and investigating cyber and malware attacks, network and mail scanners, video surveillance, telephone recordings), as well as for the prevention and investigation of criminal offenses and other misconduct, or for the purposes of internal investigations, protection against misuse, evidentiary purposes, data analyses to combat fraud, evaluation of system-side records concerning the use of our systems (log data);

- in connection with corporate transactions or other corporate actions (e.g. due diligence, sale of companies, keeping of shareholder registers, etc.);

- for the purpose of enforcing legal claims and defense in judicial or administrative proceedings at home or abroad, including the clarification of litigation prospects and other legal, economic and miscellaneous issues;

- to comply with our legal, regulatory (incl. self-regulation and industry standards) and internal rules and requirements, both domestically and abroad, including compliance with judicial and administrative orders and for the purpose of inquiries about business partners.

Depending on the circumstances, we process your personal data for the abovementioned purposes based on the following legal bases:
- the processing of personal data is necessary for the fulfillment of a contract to which you are party or for pre-contractual measures;
- you have given your consent to the processing of your personal data;
- the processing of personal data is necessary for compliance with a legal obligation;
- the processing is necessary to protect the vital interests of the data subject or another natural person; or
- we have a legitimate interest in processing the personal data. Our legitimate interests may include, notably, an interest in: providing quality client service, maintaining contact and communicating with clients and policyholders, including outside a contractual scope; promotional and marketing activities; improving and developing new products and services; combating fraud and preventing and investigating criminal offences; protecting account- and policy-holders, employees, other persons as well as our data, trade secrets and assets; ensuring adequate security (both physical and electronic); ensuring and organizing business operations, including the operation and further development of websites and other systems; corporate governance and development; the sale and acquisition of companies, parts of companies and other assets; the enforcement or defense of legal claims; compliance with Swiss and foreign law and other applicable rules.

4.2 For the provision of pension services
We may process your personal data in connection with the provision of our pension services for all purposes that are necessary in connection with occupational benefits and private pension plans, in particular for:
- the verification, administration and payment of pension and vested pension benefits;
- the assessment and payment of lump-sum withdrawals (e.g. promotion of home ownership, retirement, partial retirement);
- the preparation and mailing of pension certificates and pension tax certificates;
- divorce-related pension-sharing settlements;
- voluntary purchases and repayments;
- the reporting of pension accounts to the 2nd Pillar Central Office;
- anonymized statistical evaluations;
- the exchange of personal data with the Central Compensation Office (CCO);
- the exchange of exit data with the BVG/LPP Substitute Occupational Benefit Institution.

4.3 When visiting our website
Our website collects a series of user information with each call, which is stored in the server's log files. The information collected includes, among other things, your IP address, date and time of access, the time zone difference from the GMT time zone, name and URL of the file accessed, the website from which access is made, the browser and operating system used. This collection of this information and data is technically necessary for the purpose of displaying our website to you and ensuring its stability and security. This information and data is also collected to improve the website and analyzing its use.

4.4 Emails, telephone calls and video conferences
You may contact us at the indicated email addresses and telephone numbers. The personal data you provide to us will be stored and processed for the purpose of responding to your request.

By contacting us by email, you automatically authorize us to reply to you via the same channel.  You should be aware that unencrypted emails are transmitted via the open internet and that it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. Within the limits of the law, we decline all liability for any damages which you may incur, as a result of faulty transmission, fake content or network disruptions (interruptions, overloads, unlawful interferences, blocking).

Telephone and video conference calls with us may be recorded; in which case you will be informed accordingly at the beginning of the conversation. If you do not wish that these conversations are recorded, you may terminate the call and contact us through another channel (e.g. by email).

4.5 Cookies
Our website may use so-called cookies. Cookies are text files that are stored in the browser or by the browser on the user’s computer system or on a mobile device. Cookies contain a characteristic string of characters, which serves as a unique identifier for the browser or mobile device the next time the website is called up.
The purpose of using cookies is to enable and facilitate your use of our website. Some cookies are essential for the proper functioning of our website (known as technical or required cookies). In addition, we also use cookies/tools for the analysis of user behavior on our website, in particular to measure reach.

4.5.1 Technical or required cookies
Technical cookies are required to enable core site functionalities. As a result, they cannot be disabled in our systems. As a rule, required cookies record important actions such as the number of requests made, the processing of your privacy settings or the completion of forms. You may block these cookies in your browser; this will, however, impede the functioning of parts of our website.

4.5.2 Analytical and marketing cookies
Analytical cookies allow us to analyze user behavior and traffic sources, to measure the performance of our website and improve the user experience. They help us determine how popular which pages are and show us how users navigate the website.

Marketing cookies allow us to deliver advertising that is relevant to your interests. These cookies recall that you have visited our website and may forward this information to other companies and advertisers.

In practice, we use the following analytical and marketing cookies:
-  Google Analytics of Google Ireland Ltd., Ireland (hereafter «Google»). See the privacy policy of Google Analytics here: https://policies.google.com/privacy?hl=en;
-  Google Remarketing. See the privacy policy of Google Remarketing here: https://policies.google.com/privacy?hl=en;
-  Google Optimize. See the privacy policy of Google Optimize here: https://policies.google.com/privacy?hl=en;
-  Google Tag Manager. See the privacy policy of Google Tag Manager here: https://policies.google.com/privacy?hl=en;
-  Google Ads Conversion Tracking. See the privacy policy of Google Ads Conversion Tracking here: https://policies.google.com/privacy?hl=en;
-  Google AdSense. See the privacy policy of Google AdSense here: https://policies.google.com/privacy?hl=en;
-  PageSense of Zoho Corporation, India (hereafter «Zoho»). See the privacy policy of Pag-eSense here: https://www.zoho.com/privacy.html;
-  SalesIQ by Zoho. See the privacy policy of SalesIQ here: https://www.zoho.com/privacy.html;
-  ZOHO Marketing Automation. See the privacy policy of ZOHO Marketing Automation here: https://www.zoho.com/privacy.html;

You may object to the use of cookies by (i) activating the relevant settings in your browser; (ii) using cookie-blocking software (e.g. ghostery); or (iii) downloading and installing the browser plug-in available at the following link: the http://tools.google.com/dlpage/gaoptout?hl=en.

4.6 News(letter)
If you subscribe to our news, we will use your email address and other contact data to send you our news. By subscribing to our news, you consent to the associated processing of your per-sonal data. To receive news, you must provide your name, email address and the desired lan-guage, which we store upon registration. The legal basis for the processing your personal data in connection with the delivery of news is your consent when you subscribe to news. You may revoke your consent at any time by clicking on the link provided at the bottom of every news email, by sending an email to info@liberty.ch or by sending a message to the above postal address.

4.7 Social media plug-ins
Our website may use the social media plug-ins listed below. In this context, we use the «two-click solution» so that no personal data is initially passed on to the plug-in providers when you visit our website.  For the provider to receive the information you access on our website, you must first activate the plug-in by clicking on the marked plug-in field. In addition, the data referred to in point 4.3 of this privacy policy will be transmitted.
We have no influence on the collected data and data processing procedures of the plug-in providers. These are subject to the respective privacy policies of the relevant third-party providers. For further information on the purpose and scope of data collection and its processing by plug-in providers, please refer to the privacy policies of the relevant providers:

4.8 Job applications
You may submit your job application to us by post, email or using the application form made available on our website. The application documents and all personal data disclosed to us will be treated as strictly confidential; they will not be disclosed to third parties and will only be processed by us for the purpose of your job application. Unless you instruct us otherwise, your application file will either be returned to you after completion of the application process or deleted/destroyed unless it is subject to a statutory retention requirement.

5. Disclosure of personal data to recipients and abroad
5.1 Disclosure of personal data to recipients
In addition to data transmissions to recipients explicitly mentioned in this privacy policy, we may disclose personal data, to the extent such disclosure is permitted, to the following categories of recipients:
- other entitles of Liberty Pension;
- providers to whom we have outsourced certain services (e.g. IT and hosting providers, advertising and marketing services, business administration including accounting and/or asset management, debt collection services, photographers, payment service providers, banks and insurance companies, etc.) as well as other suppliers and sub-contractors;
- consultancies, e.g. tax advisors, lawyers, business consultants;
- business partners of Liberty Pension, e.g. banks, asset managers, consultants and brokers;
- authorized representatives, employers;
- former occupational benefits institutions, insurers, reinsurers, the LOB Guarantee Fund, the 2nd Pillar Central Office, custodian banks, other social insurances (e.g. AHV/IV//AVS/AI, UV/LAA);
- third-party providers of software applications and mobile apps used by accountholders and clients in connection with our pension services;
- third parties that collect data relating to you via website or mobile apps;
- prospective buyers or investors in the case of corporate transactions or other corporate actions;
- auditors, supervisory institutions, occupational benefits experts;
- domestic and foreign authorities, official agencies or courts.

5.2 Disclosure of personal data abroad
In principle we process your personal data in Switzerland. However, in certain cases (e.g. when using certain service providers or software applications) your personal data may also be transferred abroad, primarily to member states of the EU and EFTA, but sometimes also to other countries worldwide, notably the USA (especially in connection with cookies, social media plug-ins and other third-party provider software applications).
If we transfer data to a country that does not offer an adequate level of statutory data protection, we ensure an adequate level of protection as required by law through contracts (based on the standard contractual clauses of the European Commission), or we rely on the statutory exceptions of: consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interest, published personal data, or if necessary to protect the integrity of the data subjects. Nevertheless, you should be aware that data transmitted abroad is beyond the protection of Swiss law, and that -foreign laws or administrative orders may require the disclosure of this data to authorities and other third parties.

6. Retention period
We process and store your personal data as long as is necessary to meet our contractual and legal obligations or otherwise for the purposes pursued by processing or for as long as we are required to do so pursuant to another legal provision (e.g. statutory retention periods, in particular pursuant to Art. 41(8) BVG/LPP in conjunction with Art. 27j BVV2/OPP2). We retain personal data held in connection with our contractual relationship at least for the duration of the contractual relationship and the limitation periods for the assertion of possible claims, or for the duration of the contractual retention obligations. As soon as your personal data is no longer required for the above-mentioned purposes, it will as far as possible be rendered passive, deleted or anonymized.

7. Your rights
In the context of the applicable data protection legislation and insofar as provided therein, you have the right to information, rectification, deletion, the right to restrict data processing and to object to our data processing, as well as the release of certain personal data for the purpose of transfer to another entity. Please note however, that we reserve the right to assert the restrictions provided for by law, for example if we are required to retain or process certain data, have an overriding interest in doing so (to the extent we may rely on such interest), or if we require the data for the purpose of assert claims. If any costs are applicable, you will be informed in advance.
Where data is processed based on your consent, you may revoke such consent at any time after it is given with effect for the future. The revocation does not affect the lawfulness of any data processing carried out prior to the revocation on the basis of consent.
To exercise such rights, you are required to provide unequivocal proof of identity (e.g. a copy of your identity card if your identity is not otherwise clear or cannot be verified). To exercise your rights, contact us at the address indicated in section 2 of this privacy policy.
Data subjects are also entitled to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

8. Data security
We take the appropriate technical and organizational security measures to safeguard your personal data against unauthorized and unlawful processing, and to prevent the risk of loss, unintentional modification, unauthorized disclosure or access. Like all companies, however, we cannot exclude breaches of data security with absolute certainty, because a residual level of risk is always unavoidable. As part of our security measures, we use firewalls, logging and encryption; and have developed authorization concepts and implemented further protective measures to ensure the most comprehensive possible protection of your personal data.

9. Amendments to Privacy Policy
We expressly reserve the right to amend this privacy policy at any time. If such adjustments are made, the amended privacy policy is published on our website. The privacy policy published on our website is valid in each case.

December 2023