We place great value on protecting your personal data (hereinafter also "data") and maintaining your privacy. Correspondingly, we view compliance with the Swiss Federal Data Protection Act (DSG); the Swiss Regulation concerning Data Protection (DSV) and any other applicable data protection regulations, such as the EU General Data Protection Regulation (GDPR), when processing your personal data as a matter of course.
Personal data is defined as all information which can be used to identify you or make you identifiable, such as your surname, first name, address and email address.
When this data protection declaration refers to the processing of your personal data, then this means any handling of your personal data. This includes, in particular, the storage, processing, use and erasure of this data.
We collect personal data in a transparent manner, taking the fundamental principles of proportionality and purpose into account when doing so. Data will only be processed to the extent, and for as long as, this processing is required to carry out our tasks and duties.
This data protection declaration provides you with information about the collecting of personal data on our website:
or when you purchase or use services; use our portal; have any other form of contact with us within the scope of a contract; communicate with us or have any other dealings with us. In addition to this, we may provide you with separate information regarding processing of your data, for example in declarations of consent; contractual terms and conditions; additional data protection declarations; on forms and in notes.
Ausgleichskasse Arbeitgeber Basel
Data Protection Coordination
Viaduktstrasse 42
4002 Basel / Switzerland
Tel.: +41 (0)61 285 2222
Email: datenschutz@ak40.ch
Should you have any questions regarding data protection or want information regarding your rights and how to assert them, please send an email to our Data Protection Office at: datenschutz@ak40.ch.
- Personal master data: This includes surname, first name, birth data, email address, postal address and telephone numbers,
- Data on online forms: This includes contact data and other information which is requested,
- Content data: Includes text input,
- Usage data: Includes websites visited, access time, clicking patterns, interest in content
- Payment data: Includes bank account details, payment history,
- Creditworthiness data: Includes contact data, payment experience and court, debt collection and insolvency data,
- Meta-/Communication data: Includes IP address, date, time, sites visited, device details
- Meeting metadata: Includes participant IP addresses, device/ hardware information,
- Server logfiles Includes browser type and browser version, the operating system used, referrer URL, host name of the accessing computer and time of the server request
- Marketing data: Includes lead (contact/ sales opportunities), newsletter subscription/ unsubscription, transmitted marketing notifications and opening rates,
- Job application data: In addition to your personal details, education/training, work experience, abilities, comments on previous jobs and availability and period of notice, this also includes standard correspondence details such as postal address, email address and telephone number.
- Customer data: Includes personal details, customer number, customer type, customer history, data on services or goods purchased, order data, payment data.
- Provide the information required for criminal prosecution to the law enforcement authorities in the event of a cyber-attack,
- Continuously improve our offering and our Internet presence,
- Collect statistical data.
We may also collect data from publicly accessible sources (e.g. debt collection register, land registers, commercial registers, the media or the Internet incl. social media) or receive data from (i) the authorities, (ii) your employer or client, who either has a business relationship with us or has other dealings with us, and (iii) from other third parties (e.g. clients, counterparties, legal protection insurance companies, credit agencies, address dealers, professional associations, contractual partners or Internet analysis service providers). This includes, in particular, data which we process within the scope of initiating, concluding and performing contracts as well as data arising from correspondence and meetings with third parties as well as also all other categories of data.
- Visit to our website,
- Establishing contact,
- Online forms,
- Job application processes,
- Sending newsletters,
- Communications,
- Payment of benefits,
- Product ratings and satisfaction surveys,
- Marketing measures,
- Security purposes and access controls,
- Risk management and corporate management.
- Conclusion or performance of a contract with you or your enquiry bout such a contract beforehand,
- Your consent, which you can withdraw at any time,
- Weighing up of interests, which you can, however, object to under certain circumstances
- A legal obligation which may also be taken into consideration within the scope of weighing up of interests
- The Swiss Federal Law on Old Age and Survivors' Insurance (AHVG),
- The Swiss Federal Law on Invalidity Insurance (IVG),
- The Swiss Federal Law on Allowances for Loss of Earnings (EOG),
- The Swiss Federal Law on Family Allowances and Financial Assistance to Family Organisations (FamZG),
- The Swiss Federal Law on the General Aspects of Social Security Law (ATSG).
- Our customer management and management of our business relationships (e.g. contact maintenance, communications with our business partners),
- Our advertising and marketing activities,
- The opportunity to better familiarise ourselves with the users of our website and online services,
- Improvement and further development of our products and services (e.g. IT security in connection with use of our website; improvement of our online services offering),
- Internal group management.
You have the option of using informal means to withdraw your consent at any time or to object to processing. Please send your withdrawal or objection to the point of contact stated under Item 1 above or to the following email address: datenschutz@ak40.ch.
6.1 Visit to our website
As a matter of principle, it is possible to visit our website without providing personal data. Access to our website is via transport encryption (TLS), however some microsites can also be accessed without transport encryption.When you visit our website, our servers will automatically temporarily store the following data in a server logfile:
- IP address,
- Date and time of access/ request,
- The name and URL of the data requested,
- Type of end device,
- The operating system and browser which you are using,
- The browser settings,
- The browser software language and version,
- The country from which the request was sent,
- The name of the Internet access provider,
- The time zone difference to Greenwich Mean Time (GMT),
- The access status/ HTTP status code,
- The data volume transmitted,
- The last website visited.
- Provide the information required for criminal prosecution to the law enforcement authorities in the event of a cyber-attack,
- Continuously improve our offering and our Internet presence,
- Collect statistical data.
6.2 Establishing contact
You have the option to establish contact with us by email, contact form or telephone. To enable us to process your enquiry by email, you must enter your email address and your message.
Our overriding interest in processing this data lies in corresponding with you as well as in processing and handling your enquiry.
You can object to such data processing at any time. If you object, then we will no longer process your personal data for this purpose. Please send your objection to the point of contact stated under Item 1 above or to the following email address: datenschutz@ak40.ch.
6.3 Online forms
Our website offers the option of using various online forms to establish contact with us (such as general administration forms; OASI/DI/IC/UI contribution forms; OASI benefit forms (OASI pensions); invalidity insurance benefit forms (DI pensions); maternity, paternity and carers' compensation forms). In addition to this, personal data will be collected if you register for a subscription to our newsletter or use our "Order registration code for Connect" and "Notify change of address" online forms.In order to use online forms and to enable us to process your enquiry, you must enter your contact data (first name, surname, street, building number, postcode, place, email address, telephone number, date of birth, OASI number). Depending on the type of form, we may also require further information, such as new owner, new address or customer number. Other information is voluntary.
Our overriding interest in processing this data lies in corresponding with you as well as in processing and handling your enquiry.
You can object to such data processing at any time. If you object, then we will no longer process your personal data for this purpose. Please send your objection to the point of contact stated under Item above or to the following email address: datenschutz@ak40.ch.
6.4 Communications
We use a variety of collaborative tools for telephone conferences, online meetings and video conferences (hereinafter together "online meetings"). When using these tools, various types of data are processed. The scope of the data depends, among other things, on what data is provided before or during participation in an online meeting. This includes, for example,- First and surname and, where applicable, participant name and business email address
- Meeting metadata: e.g. date, time, meeting ID, telephone numbers and place
- Audio, video or chat content,
- The meeting name and, where applicable, the password to take part,
- Where applicable, a profile picture,
- Where applicable, further personal details provided by the data subjects during the meeting.
6.5 Payment of benefits
We process personal data to the extent required to enable us to provide our contractual or pre-contractual services for you as well as to provide any additional services which you have requested. What data is processed when doing so and the type, extent, purpose and necessity of its processing is determined by the corresponding statutory performance mandate.Personal data which must be processed includes:
- Master data: This includes, for example, name and address,
- Contact data: This includes, for example, email address and telephone number,
- Contractual data: This includes, for example, benefits or claims which have been claimed, the object of the contract; contractual communications and the names of contact persons
- Payment data: This includes, for example, bank account details and payment history,
- Insurance data: This includes the OASI number and date of birth.
The data is processed in particular for the following purposes:
- Management of individual OASI accounts (documentation of the information required for orderly calculation of pensions and proof of OASI-liable income or assets which are definitive for OASI),
- Management of the members register (recording and documentation of master data in the subject management system in order to carry out all specialist processes for the first pillar),
- Handling of contributions (setting contributions),
- Debt collection (collection of contributions, legal collection of debts, credit ratings),
- Reviewing of claims and processing of OASI benefits (old-age pensions),
- Reviewing of claims and processing of OASI benefits (survivors' pensions),
- Reviewing of claims and processing of OASI benefits (helplessness allowances),
- Reviewing of claims and processing of DI benefits (disability pensions),
- Reviewing of claims and processing of DI benefits (DI daily allowances),
- Reviewing of claims and processing of DI benefits (helplessness allowances),
- Reviewing of claims and processing of IC benefits (daily allowances as per the IC law),
- Reviewing of claims and processing of IC benefits (maternity compensation),
- Reviewing of claims and processing of IC benefits (paternity compensation),
- Reviewing of claims and processing of IC benefits (carers' compensation),
- Reviewing of and processing of FamZ claims (family allowances),
- ALPS / International issues (review of compulsory affiliation),
- Employer checks (checking that contribution accounting is correct; compliance with legal regulations).
Data will be erased when it is no longer required to perform contractual or legal obligations, whereby the necessity of archiving data is reviewed at irregular intervals. For the rest, legal archiving obligations apply.
6.6 Job application processes
If you apply for a job with us, then we will process the personal data which we receive from you within the scope of the application process. This includes:
- Your personal data,
- Education/ training,
- Work experience,
- Abilities,
- Comments on previous jobs, Availability/ period of notice,
- Standard correspondence details such as postal address, email address and telephone number.
This data will be stored, evaluated, processed or transferred solely within the scope of your job application. Furthermore, we may process your personal data for statistical purposes (e.g. reporting). In such cases it will not, however, be possible to draw conclusions about an individual person.
Data collected within the scope of job applications will remain in the system for a period of 6 months subsequent to the application in case there are any queries. Following this, your application documents will be erased.
Your application details will be stored separately from the other user data and not be amalgamated with it.
Your job application data will be processed on the legal basis of our (pre-) contractual obligations within the scope of the application process and our legitimate interests in processing your application.
You can, however, object to such data processing at any time and withdraw your application. Please send your objection to the point of contact stated under Item 1 at the following email address: datenschutz@ak40.ch.
Should we conclude an employment contract with you, then the data submitted will be further processed for the purpose of carrying out the working relationship in line with legal regulations.
6.7 Sending newsletters
Our website offers the option of subscribing to a newsletter. This newsletter provides information about offers, relevant changes in the law and our company.Insofar as you have subscribed to our newsletter, then we will use your email address, surname, first names, salutation and your chosen language to provide you with information. Provision of additional data is voluntary.
We use a so-called double opt-in procedure for registrations to subscribe to our newsletter. In other words, after registering and clicking the relevant check box you will receive an email asking you to confirm your registration by following a link.
The newsletter includes images which are retrieved from the mailing service provider's server when you open the newsletter. The first step when retrieving such images is to collect technical information, such as details regarding your browser and system plus your IP address and the time of the request. This data is used to make technical improvements to the service based on the technical information or the target groups and their reading patterns or their request locations (which can be identified using the IP address) or access times. The information collected also includes determining whether newsletters are opened; when they are opened and which links are followed. Although technical functions make it possible to assign this information to specific newsletter recipients, it is neither our nor the mailing service provider's goal to monitor individual users. Rathermore, this evaluation enables us to identify our users' reading habits and to adjust our content accordingly or to provide different content in line with our users' interests.
You have the option of unsubscribing from the newsletter at any time and withdrawing the consent which you have given. To do so, follow the corresponding link in the newsletter which you have received. You will find the unsubscribe link at the end of each newsletter. Please send your withdrawal to the point of contact stated under Item 1 or to the following email address: datenschutz@ak40.ch.
6.8 Product ratings and satisfaction surveys
From time to time we carry out surveys regarding our products and services so that we can improve the customer experience and respond to customer needs. You do not need to provide your contact data when responding to a survey but may do so voluntarily.The legal basis for data processing relating to these activities is our overriding interest in optimising our offerings.
You can object to the use of data for the above-mentioned purposes at any time. Please send your withdrawal to the point of contact stated under Item 1 or to the following email address: datenschutz@ak40.ch.
6.9 Marketing measures
We also use your contact data for the following purposes:- To maintain our contact with you,
- To inform you about specific services,
- To recommend services which may be of interest to you,
- For statistical purposes.
You can object to such data processing at any time. If you object, then we will no longer process your personal data for the above-mentioned purposes. Please send your withdrawal to the point of contact stated under Item 1 or to the following email address: datenschutz@ak40.ch.
6.10 Security purposes and access controls
We collect and process personal data to ensure and continuously improve the adequate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and inspection of electronic access to our IT systems as well as of physical access to our premises (also using procedures which involve processing biometric data); analysis and testing of our IT infrastructures; system and error reviews and the creation of back-up files. For documentation and security purposes (preventive and to clarify incidents) we also keep access logs respectively visitor lists for our premises and use surveillance systems (such as security cameras). Notification signs are installed in locations where surveillance systems are in use.We have an overriding interest in processing your personal data.
6.11 Risk management and corporate management
We collect and process personal data within the scope of risk management (e.g. to protect us against criminal activities) and corporate management. This includes, among other things, our business organisation (such as resource planning) and corporate development.We have an overriding interest in processing your personal data.
The following types of cookies (this also includes comparable
- Necessary cookies:
Some cookies are necessary for the website or for specific features to
function. They ensure, for example, that users can move from one page to
another without losing information which they have entered in a form.
They also ensure that users remain logged on. These cookies are only
for a specific period of time ("session cookies"). If you block them,
then the website may not function. Other cookies are necessary to
enable the server to save decisions which you have made or information
which you have provided for longer than one session (i.e. one visit to
the website), assuming that you decide to use this option (such as
selected language, provision of consent, the function for automatic
logging on, etc.).
- Performance cookies: These cookies are used to collect information regarding the way in which a website is used – for example how visitors arrive at our website; which pages visitors view most frequently; how visitors navigate around our website during their visit and whether they receive any error messages. We may also use these cookies to collect certain statistical and analytical information, for example how many users visit our website. These cookies are used to monitor the extent of activities on the website and to improve its performance.
Most Internet browsers are configured to accept cookies as standard. If you do not agree with this, then you can change your browser settings to inform you when cookies are installed and to only allow them in specific cases or to block them as a general rule. You can also set your browser to automatically delete cookies when you close it. In addition to this, you can also delete any cookies which have already been installed at any time using an Internet browser or other software programme. The procedure for monitoring and deleting cookies depends on the browser which you are using.
You can refuse the use of cookies by selecting the corresponding settings in your browser. Please, however, note that doing so may influence your options regarding use of our website. For more information about cookies, including how to manage, block or delete them, visit https://allaboutcookies.org/.
Click the following links for information about how to handle cookies when using the most common browsers:
8.1 Google services
We use the following services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, respectively, if you are habitually resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (abbreviated to Google):- Google Analytics 4,
- Google Tag Manager,
- Google Maps.
According to statements made by Google, the company is able to process personal data for advertising products in any country in which Google or Google sub-contract processors maintain facilities. For information about the locations of Google data centres, visit www.google.com/about/datacenters/locations/.
For more information about Google's processing of personal data and privacy settings, see Google's privacy policy and/or its data privacy settings.
8.1.1 Google Analytics 4
Our website uses Google Analytics 4, a Google web analysis service which enables us to analyse how you use our website.
Google Analytics uses cookies which are stored on your end device (laptop, tablet, smartphone or similar) and enable us to analyse how you use our website. This in turn enables us to evaluate user behaviour on our website and to use the statistics/ reports which are generated to make our offering more interesting.
The anonymisation of IP addresses is activated as standard in Google Analytics 4. This means that Google will truncate your IP address within Switzerland or the EU/EEA before transferring the data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
We have concluded a contract processing agreement with Google which ensures that the data of our site users is protected and forbids the unauthorised transfer of this data to third parties. As regards the transferring of data to the USA, Google refers to the European Commission's standard contractual clauses, which are intended to ensure compliance with European data protection levels. For further legal information on Google Analytics 4, including a copy of the above-mentioned standard contractual clauses, click Privacy Policy – Privacy & Terms – Google.
Demographic characteristics: Google Analytics 4 uses a special "demographic characteristics" feature, which enables it to compile statistics on the age, gender and interests of website visitors. This is carried out by analysing third-party advertising and information, making it possible to identify target groups for marketing activities. The collected data cannot, however, be assigned to any specific person and will be deleted after a storage period of two months.
Google Signals: Google Signals may be used on the website as an add-on to Google Analytics 4 to generate cross-device reports. If you have activated personalised advertisements and linked your devices to your Google account, then Google may, when using Google Analytics 4, analyse your usage behaviour across your devices and create database models regarding, among other things, cross-device conversions. Google does not provide any personal data to us; we only receive statistics. If you wish to prevent cross-device analysis, then you can deactivate the "Personalised advertising" function in the settings for your Google account. To do so, follow the instructions provided at [UA] Google-Signale aktivieren - Google Analytics-Hilfe
User IDs: The "User IDs" feature can be used on websites as an add-on to Google Analytics 4. When users log onto an account from a variety of devices, then this enables Google to carry out cross-device analysis of their activities, also including conversions.
Google will use this information to evaluate your pseudonymised use of our website; to compile reports on website activities and to provide us with other services relating to website and Internet use. Google states that it does not link the IP address transmitted by your browser within the scope of Google Analytics to any other Google data. When visiting our website, data on your user behaviour will be collected. This data takes the form of events (such as page views; purchasing activities incl. turnover; interaction with the website or your "click path") as well as other data, such as your approximate location (country and place); technical information on your browser and the end devices you are using or the referrer URL, i.e. which website / advertising material you used to arrive at our website.
To block the collection and transferring of data generated by the cookie and relating to your use of the website (incl. your IP address) to Google and the processing of this data by Google, download and install the browser add-on which is available to deactivate Google Analytics. If you would like to object to interest-related advertising by Google, then use the setting and opt-out options provided by Google.
Insofar as you allow storage of cookies, then Google Analytics will archive your data for 48 months. At the end of this archiving period the relevant data will be automatically erased. For an overview of Google Analytics data usage and the measures implemented by Google to protect your data, visit the Google Analytics support page.
8.1.2 Google Tag Manager
We use Google Tag Manager to integrate Google analysis and marketing services into our website and to manage these services. Google Tag Manager is a tag management system which enables customers to create and monitor tags on a user interface without having to write new code each time. The Tag Manager tool, which implements the tag, is a cookie-less domain and does not collect personal data. It does, however, trigger other tags which can, in certain circumstances, collect data. Google Tag Manager does not, itself, access this data.
If domain- or cookie-level deactivation has been implemented, then this will apply to all tracking tags created by Google Tag Manager.
For more information regarding Google Tag Manager see Google's use guidelines.
8.1.3 Google Maps
We have integrated Google Maps into our website. This enables us to display interactive maps directly on the website, enabling you to use the map feature easily.
If you use Google Maps, then information regarding your use of our website (including your IP address) may be transmitted to a Google server in Ireland or the USA, where it will be stored. Google may, in certain circumstances, store this data as a usage profile for needs-based design of its services, advertising and marketing research. If you are logged on to Google, then your data will be directly assigned to your account. Should you not wish this, then you must log off your Google account before using Google Maps. If you do not agree to processing of your data, you have the option of deactivating Google Maps, thus preventing the transferring of data to Google. To do this, you must deactivate your browser's JavaScript function. Please, however, be aware that if you do this, then you may not be able to use Google Maps or only use it to a limited extent.
Processing of your data takes place on the grounds of our legitimate interests (i.e. interests in the analysis, optimising and economical operation of our offering).
This may include content such as images, videos or text and buttons which users can use to share content from this online offering with the LinkedIn community. Insofar as users are members of the LinkedIn platform, then LinkedIn can assign viewing of the above-mentioned content and functions to the corresponding LinkedIn user profile. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, parent company: LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA; privacy policy: LinkedIn privacy policy guidelines; cookie policy: de.linkedin.com/legal/cookie-policy.
These plugins have only been integrated into our website as an external link.
When you visit our website and one of the social plugins included on the site is activated, then your browser will establish a direct connection to the social media network's server. The social network transfers the plugin's content directly to the browser, which integrates it into the website. This provides the network with the information that you have visited our website. If you are logged onto the social network, then the relevant provider can assign this visit to your user account. If you interact with the plugins, then the browser will transfer the corresponding information directly to the social network, where it will be stored.
Even if you are not logged onto social networks when visiting our website, websites with active social plugins may send data to the networks. Active plugins install a cookie with an identifier each time the website is visited. Since your browser transmits this cookie unrequested to the relevant network server every time you connect to the server, the social networks could, in theory, use this information to create a profile which shows the websites visited by the user to whom the identifier applies. It could then be possible to subsequently assign the identifier – for example when the user later logs onto the social network – to an individual.
As an enforcing agent of the above-mentioned Swiss federal laws, we are, in particular, familiar with processing of individual insured persons' health data which is particularly worthy of protection. In each case we will only collect as much personal data as is absolutely necessary for the relevant processing purpose.
Over and above this, we will transfer your personal data to third parties insofar as we are entitled to do so and this is required or expedient within the scope of using the website or to perform any services.
We will disclose your personal data to the following categories of recipients:
- Service providers who process the personal data on our behalf and as per our instructions (so-called contract processors, such as IT providers),
- Industry organisations, professional associations and other bodies,
- Courts, arbitration bodies, law enforcement authorities, supervisory authorities, lawyers and other parties in potential or actual legal proceedings, if this is necessary to comply with laws or to establish, exercise or defend rights or legal claims,
- The Swiss Central Compensation Office (ZAS),
- Compensation funds in Switzerland,
- Family compensation funds,
- Unemployment insurance funds,
- Debt collection bodies,
- Foreign social security agencies,
- Auditing bodies.
We select our partners and contract processors with great care and only commission them if we receive sufficient guarantees that they have appropriate technical and organisational measures which are compliant with legal requirements at their disposal. Our contract processors may only process personal data after they have received documented instructions from us. All of them are subject to duties of confidentiality and may only use your personal data to the extent that this is necessary to fulfil the purpose for which your personal data was collected and insofar as the law does not specify anything else.
Should we disclose your personal data to third parties abroad (in other words, outside of Switzerland and/or the European Economic Area (EEA)), then the third parties will be obliged to comply with data protection regulations to the same extent as we ourselves are obliged to do so. If data protection levels in the relevant country are insufficient but we have no suitable alternative, then we will ensure that your data is protected at a sufficient level.
We will ensure this in particular by concluding so-called EU Commission standard data protection clauses (click here to view) with the relevant companies and/or by requesting the provision of other guarantees which are line with the applicable data protection regulations. Where this is not possible, disclosure of data will be based on the necessity of disclosure to perform a contract.
In addition to this, we will erase your data if you request us to do so and we are not subject to any legal or other archiving or preservation obligation concerning this personal data.
If we store the data because of a contractual relationship with you, then this data will be stored for at least as long as the contractual relationship exists and at most for as long as the statute of limitations for possible claims on our part applies or legal or contractual archiving obligations apply.
The implemented measures are intended to ensure the confidentiality and integrity of your data and to maintain the long-term availability and resilience of our systems and services for processing your data. The measures should, furthermore, ensure the speedy restoration of your data's availability and access to it in the event of a physical or technical incident.
Our security measures include the encryption of your data. All information which you enter online will be transferred via an encrypted transmission route. This means that the information cannot be viewed by third parties at any time during transfer.
Our data processing and security measures are continuously improved in line with technological developments.
We also take our own internal data protection very seriously. Our employees and service providers commissioned by us are subject to an obligation to maintain confidentiality and to comply with data protection law-related regulations. Over and above this, they are only given access to personal data to the extent which is necessary.
Data will be safely erased or destroyed after the purpose has been fulfilled or the statutory archiving period has ended, insofar as there is no legal obligation to archive it.