Data privacy
Based on Article 13 of the Swiss Federal Constitution and the Federal Act on Data Protection (FADP), every person has the right to privacy and to protection against misuse of their personal data. We comply with these regulations and treat personal data with strict confidentiality. Personal data is neither sold nor passed on to third parties. In close cooperation with our hosting providers, we strive to protect the databases as far as possible from unauthorised access, loss, misuse or forgery. When users access our websites, the following data is stored in log files: IP address, date, time, browser request and generally transmitted information on the operating system or browser. This user data serves as the basis for statistical, anonymous evaluations which allow us to identify trends and improve our services accordingly.
Privacy policy
12 December 2025
Data protection is a high priority for the Hitachi Group Pension Fund and the Hitachi Group Supplementary Insurance Plan (hereinafter referred to as ‘Hitachi PF’, ‘Hitachi SIP’, ‘we’, ‘us’). In this privacy policy, we explain the manner and purpose of our collection and processing of your personal data (e.g. storage, use, transfer, etc.) in connection with the implementation of our employee benefits scheme and our related services and other activities, who we share your personal data with, and your rights in this regard under applicable data protection legislation.
Personal data refers to all data relating to personal or factual circumstances that relate to a specific or identifiable natural person (e.g. name, address, e-mail address, etc.). In this privacy policy, we also refer to this as ‘your data’ or ‘your personal data’.
We are committed to responsible handling of your personal data. Consequently, we fully comply with the Swiss Federal Law on Occupational Retirement, Survivors’ and Disability Pension Plans (BVG), the Swiss Federal Law on Vested Benefits in Occupational Old-Age, Survivors’ and Disability Benefit Plans (FZG), the Federal Act on Data Protection (Data Protection Act, FDPA) as well as the associated ordinances and other applicable Swiss data protection regulations.
This privacy policy covers both online and offline collection of personal data in connection with our business activities, including data we receive from various sources, e.g. your employer, public authorities and other third parties (e.g. medical consultants).
In the following, we will provide you with detailed information. We have divided this information into a general section on data processing and a specific insurance section.
Please note that this privacy policy does not contain an exhaustive description of our data processing activities and that individual matters may be governed in whole or in part by specific privacy policies, general terms and conditions, information leaflets or similar documents (regardless of whether or not they are referred to in this privacy policy).
1 Controller and data protection advisor
1.1 Controller
The controller responsible for data processing under data protection law is:
Hitachi Group Pension Fund / Supplementary Insurance Plan
c/o Avadis Vorsorge AG
Zollstrasse 42
8031 Zurich
If you have any privacy concerns or questions regarding the provision of our services or this privacy policy, please contact the data protection advisor listed in paragraph 1.2.
1.2 Data protection advisor
If you have any questions regarding the privacy policy or the processing of your personal data, please contact our external data protection advisor:
PwC Switzerland
Birchstrasse 160
8050 Zurich
Subject: Data protection/Hitachi PF
E-mail: ch_privacy@pwc.ch
2 Scope of application
This privacy policy applies to all individuals whose data we process, regardless of how they contact us, e.g. by telephone, mail, e-mail, on our website, at an event, etc.
As well as personal data that has already been collected, it also applies to personal data that will be collected in the future. Furthermore, it covers all personal data that we process in connection with the implementation of our employee benefits scheme and our related and other activities.
Our data processing may relate in particular to the following categories of individuals, to the extent that we process personal data in this context:
- members insured under mandatory, supplementary and voluntary employee benefits plans;
- relatives of members (e.g. current and former spouses, partners, parents and children) as well as other beneficiaries;
- authorised representatives (e.g. legally appointed representatives);
- claimants, parties liable and other interested parties;
- contact persons at social security and private insurance companies, other employee benefits institutions, vested benefits institutions and pillar 3a institutions;
- suppliers and partners;
- authorities and public offices;
- visitors to our websites;
- individuals who write to us or contact us in other ways.
3 Personal data processed by us
Depending on the nature of the relationship, we process the following personal data about you:
- Contact data, inventory data and identification data: including surname, first name, address, e-mail address, telephone number;
- Members’ master data: including marital status and, if applicable, date of marriage or divorce or dissolution of partnership, age, information derived from identification data (e.g. from your passport, ID card or other identification documents), your AHV number in accordance with legal provisions, contract, policy and insurance numbers, if applicable information on previous employee benefits or vested benefits institutions, date of joining and, if applicable, leaving the employer, personnel category, degree of working capacity, level of employment, fixed-term employment contract (if applicable), reported and insured annual salary and bonus and BVG annual salary. This data also includes information on relationships with third parties who are affected by the data processing, e.g. relatives and beneficiaries;
- Particularly sensitive personal data: We process data such as health data or biometric data to the extent necessary for the implementation of our employee benefits scheme, in particular for the processing of disability cases;
- Details in connection with the processing of benefit claims: Notification of a benefit claim, information on the cause of the benefit claim (e.g. accident, illness, date of the incident, etc.) and other information related to the verification and assessment of the benefit claim (e.g. highly sensitive personal data, information on persons involved and on third parties such as insurance companies, etc.), information on termination benefits and other benefit claims;
- Data relating to termination benefits: including their amount and any potential and completed buy-ins;
- Data relating to other claims: such as data relating to the payment of termination benefits (e.g. the reason for the payment, as well as data relating to accounts and vested benefits institutions and, where applicable, consent of the spouse) or relating to a change in marital status (e.g. date of divorce, acquired termination benefits, advance withdrawals or disability pensions drawn and associated court orders);
- Information on third parties, in particular information on family members;
- Contract data such as contract type, contract content, type of products and services, forecast data, applicable terms and conditions, contract start date, contract term, salary level, level of employment;
- Financial and employment data such as salary data, buy-in potential, level of employment, employment relationship, capacity for work;
- Marginal data from telecommunications traffic such as telephone number, value-added service codes, date, time and duration of connection, type of connection, location data, IP address, and device identification numbers such as MAC address;
- Interaction and usage data such as correspondence, preferences and target group information, type of device, device settings, operating system, software, and information from assertion of rights;
- Technical data: including your device’s IP address, identification numbers assigned to your device by cookies and similar technologies (e.g. pixel tags), data about your device and its configuration (e.g. operating system or language settings, data about the browser you use to access the service and its configuration), information about your movements and actions on our websites, data about your internet service provider, your approximate location and the time of use, system records of accesses and other processes (log data).
If you provide us with personal data on third parties (e.g. family members, colleagues), we assume that these data are correct and that you are authorised to do so. We ask you to inform these third parties accordingly and to hand over this data protection declaration to them.
4 How do we obtain personal data?
4.1 Personal data you disclose to us
We obtain personal data from you when you submit data to us or when you contact us. This may occur through various channels, such as the online portal for members, by which you communicate with us (e.g. e-mail, letters, phone, etc.) or through your use of our website (e.g. IP address, date and time stamp, the web browser and operating system you use, language and version of browser software, etc.) or other services which we offer as part of our business activities.
4.2 Personal data we collect from third parties
We collect personal data in connection with the employee benefits scheme in accordance with the relevant statutory provisions. In addition, we collect personal data from third parties with whom we collaborate to be able to carry out business activities within the scope of the provision of employee benefits and other services. We also collect personal data from public sources.
We collect personal data from the following third parties, for example:
- employers;
- persons associated with you (e.g. family members, legal representatives, etc.);
- medical experts, physicians and other service providers who make inquiries about your health;
- private insurance companies and social security institutions, other employee and vested benefits institutions;
- banks and other service providers involved in the provision of employee benefits (e.g. brokers, reinsurance companies, etc.);
- credit agencies;
- authorities, courts, political parties and other third parties, in connection with administrative and judicial proceedings;
- Swiss Post, for address updates;
- other service providers;
- public registers (commercial register, debt collection register, etc.).
5 Purposes for which we process personal data
5.1 Provision of employee benefits
For the purpose of providing employee benefits, we process the data of active members that are provided to us by the employer as part of the entry process to ensure that all active members are duly registered and insured in accordance with the employee benefits regulations. The data collected are processed to guarantee that contributions are calculated correctly and that active members receive the benefits to which they are entitled if a benefit claim arises or in the event of disability. In addition, the processing of personal data of Hitachi PF’s active members is necessary for the effective administration of insurance contracts, including the processing of payouts and communication with employees or your employer.
5.2 Other purposes
Moreover, we process your personal data and that of other persons, to the extent permitted and deemed appropriate, for the following purposes, in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:
- provision and optimisation of our services as well as our website and other platforms on which we have a presence;
- communication and processing of requests (e.g. via contact forms, e-mail, phone, media requests);
- events and information events, provided you have consented to the use of your data;
- market research, media monitoring;
- assertion of legal claims and defence in connection with legal disputes and official proceedings;
- any transactions under company law affecting the Hitachi PF and the associated transfer of personal data;
- prevention and investigation of criminal offences and other malpractice (e.g. conducting internal investigations, data analyses to combat fraud);
- compliance with legal and regulatory obligations as well as Hitachi PF’s internal regulations;
- warranties concerning our operations, in particular IT, our website and other platforms.
6 Legal basis of the processing
6.1 Mandatory employee benefits provision
In the context of mandatory employee benefits provision, we generally process your personal data based on compliance with applicable laws, in particular:
- the Swiss Federal Law on the Occupational Retirement, Survivors’ and Disability Benefit Plans (BVG);
- the Swiss Federal Law on Vested Benefits in Occupational Old-Age, Survivors’ and Disability Benefit Plans (FZG);
as well as the associated ordinances. As a federal body, we process your personal data in this context within the scope of our statutory processing powers (e.g. Art. 85a ff. BVG).
6.2 Supplementary employee benefits provision and other contexts
In the context of supplementary pension provision as well as other non-mandatory contexts, we process your data based on:
- consent, to the extent you have given it to us, to process your personal data for specific purposes. We process your personal data within the scope of and based on this consent where we require such a legal basis in the absence of any other legal basis. Consent given can be revoked at any time, however this has no effect on data processing that has already taken place. You can send us a revocation by e-mail or by post to the (e-mail) address indicated in section 1.2. In addition, you may revoke your consent at any time via the Hitachi PF online portal.
- the conclusion or performance of a contract with your employer (affiliation agreement for the provision of employee benefits),
- the conclusion or performance of a contract with you or your request to do so (in the case of home financing contracts, for example),
- an overriding interest (for example, to guarantee information security or data protection or to perform tasks in the public interest); however, in this case you may have the right to object,
- a legal obligation (for example, in the case of documents or information that must be retained for a specific period of time).
7 Disclosure and transfer of personal data to third parties
If your personal data are not processed by us but by processors, we ensure full compliance with the legal requirements. As a rule, data are disclosed to third parties only:
- if the disclosure is necessary for the provision of employee benefits or the provision of other services by us,
- if the disclosure is necessary to carry out the business transactions associated with our employee benefits provision,
- if the disclosure is permissible due to a balancing of interests,
- if the disclosure is necessary due to legal obligations, or
- with your explicit consent.
Within the scope of our business activities and for the above-mentioned purposes, we also disclose personal data to third parties, insofar as this is permitted and appropriate. This is the case either if such parties process the data for us (processing) or if they want to use it for their own purposes (data disclosure). This applies in particular to (all hereinafter referred to as “Recipients”):
- employers (affiliated companies; however, no information about your health, your retirement assets or individual transactions such as buy-ins or advance withdrawals will be disclosed);
- service providers who take over the management of the employee benefits institution as well as the technical administration and asset management on our behalf;
- other service providers, including processors (such as external administrators or IT providers) for the processing and storage of your data, sending and receiving e-mails, offering and developing certain functions in connection with our website, as well as for research, analysis, maintenance and security in connection with our website;
- our auditors;
- occupational benefits experts;
- medical experts, physicians and other service providers;
- guarantee fund;
- our advisors, such as lawyers;
- business partners (e.g. logistics partners);
- authorities (supervisory and tax authorities);
- other social security institutions (e.g. AHV or other employee benefits institutions);
- insurance companies (e.g. for the reinsurance of risks);
- government offices and courts.
8 Transmission of personal data abroad
Personal data are processed exclusively in Switzerland.
Should we, in individual cases, transmit personal data to a country without an adequate level of data protection, we safeguard the protection of these data in an adequate manner. One means of guaranteeing sufficient data protection is the conclusion of data transfer agreements with the recipients of your personal data in third countries that ensure the necessary data protection. This may include, for example, contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses, which are available here. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. from government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transmission is necessary for the performance of a contract.
9 Duration of data processing
We process personal data for as long as it is necessary for the fulfilment of our contractual obligations or for other purposes pursued with the processing, often for the duration of the entire business relationship (from the initiation, to the processing and termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against us or we are otherwise legally obligated to do so, or as long as is necessary due to legitimate interests (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will, as a principle, be deleted or anonymised.
10 Data security
To protect your personal data against unauthorised access, tampering, loss, destruction or disclosure by unauthorised persons, we have taken technical and organisational security measures that are state of the art.
Our security mechanisms include, among others, encryption of your personal data. All information that you enter online, for example, is transmitted via an encrypted transmission path, which means that this information cannot be viewed by unauthorised third parties at any time. Organisational security measures include, for example, directives to our bodies, confidentiality agreements and regular monitoring. In addition, we require our processors to take appropriate technical and organisational security measures.
With the support of external experts, we continuously improve our security measures in line with the latest technological developments.
Our governing bodies and external providers are subject to strict confidentiality and are obliged to comply with the provisions of data protection law. Furthermore, external providers are granted access to your personal data only to the extent necessary.
11 Your rights
You have the right
- to request information about the personal data we store about you;
- to have incorrect or incomplete personal data amended;
- to request the deletion or anonymisation of your personal data if it is not (or no longer) necessary for the implementation of our employee benefits provision or for other services provided by us;
- to request restricted processing of your personal data, insofar as processing is not (or no longer) necessary for the implementation of our employee benefits provision;
- to receive certain personal data in a structured, standard and machine-readable format;
- to withdraw consent with effect for the future, insofar as our processing is based on consent.
Please note that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke such overriding interest), or require certain data for the assertion of claims.
If you believe that the processing of your personal data breaches data protection law, or that your data protection rights have been breached in any other way, you may also complain to the competent supervisory authority. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/).
The exercise of your rights under data protection law generally requires that you prove your identity (e.g. by means of a copy of your ID card, if your identity is not otherwise ascertained or cannot be verified). To assert your rights, please contact us by e-mail at the e-mail address specified in section 1.2.
12 Amendments to this privacy policy
This Privacy Policy may be amended at any time, in particular to incorporate any changes to our data processing practices or any new legal requirements. In general, the version current at the start of the processing in question shall apply to the data processing in each case.