Data Protection

At La Collective de Prévoyance – COPRE (we or COPRÉ), we recognize the need to protect your personal data and to ensure transparency in our processing activities.

The purpose of this document (the Statement) is to inform you about our practice regarding the collection and process of personal data relating to: 

• Employees of companies affiliated to COPRÉ and other beneficiaries of our benefits (our members and pensioners); 
• Broker partners, fiduciaries, experts, and other persons outside our organisation with whom we interact in the course of our business; 
• Persons applying for jobs with COPRÉ; 
• and Visitors to our websites, in particular www.copre.ch.

We may also have separate documents that describe how we process personal data in specific circumstances.

Although this summary does not replace the more comprehensive information contained herein, our statement can be summarised as follows:

• Our role. We, COPRÉ, act as the controller for the processing of your personal data (for our own activities, but not those of third-party providers) (see section 3).
• The data we collect. We collect personal data that you provide directly to us, that is provided by our affiliated companies and broker partners or others with whom we interact, or that we lawfully obtain in the course of our business (see section 4).
• How we use data. We process personal data in accordance with Swiss law for the purpose of providing our occupational benefits plans to our affiliated companies, members and pensioners, for the management and administration of our business and to comply with our legal obligations (see sections 5 and 6).
• Hosting and data transfers. We only host your personal data in Switzerland. We do not share your personal data nor transfer them abroad unless it is necessary for our business activities and permitted by Swiss law. This may be the case, for example, if we use service providers or need to interact with third parties in order to provide our services (see sections 8 and 9).
• Data storage and security. We store your personal data only for as long as it is necessary to perform the activities described herein. We take appropriate technical, organisational and legal measures to ensure the security of such data (see sections 10 and 11).
• Your rights. You may contact us (dpo@copre.ch) to exercise your rights in respect of your personal data (see section 12). Please note that, in accordance with data protection legislation, we may charge you a fair financial contribution. You will, of course, be informed in advance if this is the case.

COPRÉ, a foundation under Swiss law, is responsible for the processing of your personal data. You will find our contact information below in section 12. However, this only applies to our own activities and not to those of third parties, e.g. independent brokers, experts.

We collect personal data that you provide directly to us. 

In addition, we may obtain the following categories of data directly from the affiliated company for which you work (your Employer) or from an independent broker appointed by your Employer:

• Identity (name, gender, date of birth, age);
• Contact details (e-mail address, postal address, telephone number or other contact information);
• Official documents (passport, ID, driving licence, insurance card, AVS/AHV number);
• Pension-related data (e.g. accrual of vested termination benefits, vested benefits account, buy-ins, etc.);
• Occupational data (employers, positions held, income, pension entitlements);
• Family life (marital status, number of dependent children);
• Bank details (bank account, Postfinance, etc.); and
• In the event of disability or death, health information (such as medical certificates, medical examinations, death certificate, AI decision, etc.). These items are transferred to our reinsurer if necessary.

To the extent permitted, we may also collect the above data directly from public authorities or public sources, such as public or commercial registers (e.g. land registers, AI offices, the central compensation fund, offices involved in assisting in the recovery of maintenance claims, etc.).

Finally, if you visit our website or digital platform, we may automatically collect personal data, including through Cookies and other active elements, as described in our Cookie policy.

We process the personal data entrusted to us in accordance with Swiss data protection laws.

We do not make decisions based solely on automated processing that have legal effects on data subjects or significantly affect them (automated individual decisions), nor do we process your personal data to create a profile about you (profiling).

We process your personal data for specific purposes and only to the extent that it is relevant to achieving those purposes. In particular, we process your personal data for the following purposes:

• To provide our services: We process the personal data required for the provision of our occupational benefits plans in accordance with the statutory requirements, in particular the provisions of the Federal Law on Occupational Retirement, Survivors' and Disability Pension Plans (BVG/LPP) and its implementing ordinances.
• For the administrative management of our activities: We process personal data that is necessary for the administrative management of our business, in particular to answer enquiries from our affiliated companies, members and pensioners, for invoicing our services and for managing our archives and files.
• If you apply for a job with us: If you apply for a job with us, we will process your personal data exclusively for the purpose of evaluating your application for the potential forming of an employment relationship, including for purposes of assessing your abilities and qualifications and conducting reference checks, to the extent permitted by Swiss law. All information you provide to us must be accurate, complete and not misleading. Providing inaccurate, incomplete or misleading data may, to the extent permitted by law, result in your application being rejected or in disciplinary action, including your immediate dismissal if you have been hired. The personal details of candidates who have not been hired are deleted at the end of the recruitment process. If an employment relationship is formed as a result of your application, your personal data will be entered into your HR file and subsequently processed in accordance with our internal rules.
• If you visit our digital platforms: If you visit a website, web portal or other digital platform operated by COPRÉ, we process your data to provide you with the requested functionality, to establish a connection with your device over the Internet, to identify you when you use our websites, to manage the stability and security of those websites. In addition to the personal data you provide directly, we may automatically collect certain technical information about your interactions with our digital platforms by means of Cookies. To learn more about how we use Cookies, please see our Cookie policy.
• To comply with our legal obligations: We may also process your personal data if we are legally obliged to do so, or based on other legitimate interests. This may be the case, for example, if we have to retain this information for tax or accounting purposes or if the provisions of the BVG/LPP require us to carry out certain processing operations. (See Art. 85a BVG)
• If we have obtained your consent: In addition to the above, we may process your personal data if we have obtained your prior consent. The consent you have given may be withdrawn at any time, but this does not affect the data processed prior to the withdrawal.

If you are affiliated with us, or if we are otherwise processing your personal data on behalf of your Employer, please read the following:

• Your Employer is a controller independent of us. This Statement does not address how your Employer collects and uses your personal data. Please refer to your Employer’s privacy policy for information on its processing activities.
• Certain information about you may be provided to us directly by your Employer. If so, your Employer is responsible for ensuring that your personal data is collected and transferred to us in accordance with all applicable laws.
• If you have any questions or concerns about our processing of your personal data on behalf of your Employer, please contact your Employer directly. If your Employer asks us to change or delete your personal data, we will respond to such request diligently after verification and in accordance with applicable law. In certain circumstances, however, we will be able to respond directly to you, particularly when your request concerns information that is not available to your Employer.

We only disclose your personal data to third parties if there is a legal obligation or authorisation to do so, if you expressly consent to it, or if disclosure is in your interest. We may disclose your data to the following categories of recipients:

• Your Employer: an Employer has access to certain information concerning its employees affiliated with us, to the extent permitted by applicable law. Within the same limits of applicable law, the Employer may allow its auditors, experts or brokers access to certain information concerning employees. 
• Our service providers or partners: We may transfer personal data to selected service providers acting as subcontractors or to our partners for the purposes described in section 6, only to the extent necessary for the provision of their services or to carry out instructions given by us or under an agreement with them. Such service providers may include, in particular, our providers of IT tools and services, our auditors and experts, as well as providers of tax and legal services.
• To the authorities and entities specified by law: In some cases, we are required by legal provisions to provide information upon request to authorities (e.g. to the courts to resolve a family law or inheritance dispute).
• To other recipients: Finally, in rare cases, we may disclose your personal data to other third parties with your express consent or we may assume that it is in your interest to do so. We may also disclose data for the purpose of filing or defending legal claims or in the context of a total liquidation of COPRÉ.

We store your personal data on servers located exclusively in Switzerland and do not transfer it abroad, unless this is imperative for the performance of our Services. For example, we may exchange data directly with our pensioners or insured persons domiciled abroad. 

We destroy or anonymise personal data as soon as it is no longer required for the purposes set out in section 6. This period varies depending on the type of data concerned and the applicable legal requirements. We keep records of BVG/LPP benefits for the specified periods (see Art. 27 OPP).

We strive to ensure the security of your personal data and have put in place physical, technical and organisational measures to protect and prevent unauthorised access to your personal data. We limit access to your personal data to those who need to access it for the purposes described in this Statement. 

While we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that the data you provide to us is protected against unauthorised access or theft by third parties. 

If we have reasonable grounds to believe that your personal data has been acquired by an unauthorised person and applicable law requires you to be notified, we will promptly notify you of the breach by any appropriate means of communication (including by email or by posting a notice on our website) and inform you of any action to be taken.

If you believe that your personal data has been used in a way that does not comply with this Statement, or if you have any questions about the collection or processing of your personal data, you may contact us by email at dpo@copre.ch or by post at:

La Collective de Prévoyance - COPRÉ
Place de la Gare 12
PO Box 420
CH-1001 Lausanne

This Statement is subject to change. It is the most recent and authoritative version. It replaces all previous general data protection clauses.