INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA BY CPIC  

Concerns: Active beneficiaries (Art. 2 and 6 of the By-Laws), potential beneficiaries and CPIC employees and members of the CPIC Foundation Board  

 

 

I.  INTRODUCTION 

1. Presentation of CPIC

 

The Conference Interpreters’ Pension Fund “Caisse de prévoyance des interprètes de conférence – CPIC” (hereinafter referred to as “CPIC” or “the Fund”) is a private, non-profit, mutual foundation. Its primary mission is to provide its active beneficiaries and their rightful claimants with protection against the economic consequences of old age and death. It is subject to the supervision of the Supervisory Authority for Foundations and Provident Institutions of Geneva (ASFIP). 

 

CPIC gives interpreters the key advantage of having a single, stable point of contact for their pension provision over the full course of their career. Each time an interpreter works, regardless of the terms, their pension contributions accumulate and can prosper with CPIC.

2. Purpose of this information notice

 

In the course of its activities, CPIC is required to process personal data as defined in the Federal Act on Data Protection of 25 September 2020 (FADP) relating primarily to its beneficiaries, rightful claimants and employees. 

 

From time to time, it may gain knowledge of sensitive data as defined in the FADP. 

 

The present information notice sets out to explain who is the data controller for processing personal data (cf. Chap. II.1), what types of personal data are processed by CPIC (cf. Chap. II.2), for what purposes (cf. Chap. II.3), with whom the data can be shared (cf. Chap. II.4), where it can be sent (cf. Chap. II.5), how it is secured (cf. Chap. II.6), how long it is retained (cf. Chap. II.7), what rights the beneficiaries and rightful claimants have with regard to their personal data (cf. Chap. II.8) and when this information notice may be amended (cf. Chap.

II.9). 

 

This information notice applies to the processing of personal data that has already been collected and to the processing of personal data collected in the future. 

3. Applicable law 

 

As a Swiss occupational pension scheme, CPIC is subject to the Federal Act on Data Protection of 25 September 2020 (FADP).

 

 

II.  PROCESSING OF PERSONAL DATA BY CPIC 

4. Who is the data controller?  

 

The data controller is the person who, acting alone or jointly with others, determines the purposes and means of processing personal data. 

 

The processing of personal data in compliance with this information notice is the responsibility of the “Fondation Privée Caisse de prévoyance des interprètes de conference – CPIC”. 

 

For enquiries relating to the use of your personal data by CPIC, the Fund may be contacted at the following address:

 

Caisse de prévoyance des interprètes de conférence – CPIC

Rue du Stand 51

1204 Genève Switzerland

 

E-mail: cpic@cpic.ch

5. What types of personal information can CPIC process?  

 

Personal data is any information that relates to an identified or identifiable individual.

 

Some personal data is considered to be sensitive.

For active beneficiaries, this is solely the data necessary for granting and/or providing the voluntary accident insurance benefits, the granting of benefits to rightful claimants following a death or the granting of a pension.

No data of this type is collected for potential beneficiaries.

For CPIC employees and members of the CPIC Foundation Board, this covers exclusively the data required for granting insurance benefits in the event of incapacity to work and the granting of benefits to rightful claimants following a death.

 

Data processing means any operation performed on personal data, whatever the means and procedures employed, in particular the collection, recording, storage, use, modification, communication, archiving, deletion or destruction of data.

 

 

CPIC will only have access to your personal data when you provide it yourself by completing and submitting:  

 

–           a membership form, a beneficiary clause or a subscription form for one of the services provided by CPIC, by post or e-mail

 

–           a contact form or a registration form for an information meeting about the Fund on the CPIC website, by e-mail

 

CPIC collects and processes personal data relating to you for purposes of successfully carrying out its activities. This primarily involves the following data categories: 

a) Basic data 

 

The basic data is the data that CPIC needs to process contractual relationships. 

 

In the case of active beneficiaries, CPIC employees and members of Foundation Board, the basic data includes, among other things, first name, surname, gender, date of birth, postal address, e-mail address, telephone number, nationality, place of origin, language spoken, data derived from identification data (e.g. passport, identity card or other identification documents), a specimen signature, bank details, marital status and, where appropriate, the date of marriage, the date of birth of the spouse, the date of divorce, the date of registration or dissolution of the partnership, the date of death and the date of retirement. 

 

For potential beneficiaries, the basic data includes only the first name, surname, age, code of country of domicile, e-mail address, social network used, telephone number and professional status.

 

b) Data relating to contracts and services 

 

In the case of active beneficiaries, this data is derived from the beneficiary’s membership of CPIC and from the processing of benefits. It includes, among other things, the contributions received from international organisations or employers on the private interpreting market, voluntary personal contributions, the number of children, their dates of birth, the identity of heirs, correspondence, private or professional e-mails, the content of telephone notes, files, forms or correspondence (letters/e-mails, notification of the occurrence of an insured event and all information associated with the examination of this event).

 

No data of this type is collected for potential beneficiaries.

 

For CPIC employees and members of the CPIC Foundation Board, this also includes their annual salary and annual allowances respectively.

 

c)      Financial data 

 

CPIC processes financial data relating to active beneficiaries which appears on their individual quarterly statements (contributions received from employers and personal payments) and, at the time they leave CPIC, the personal bank details specified on the individual letter of resignation.

 

No data of this type is collected for potential beneficiaries.

 

The personal data relating to CPIC employees and Foundation Board members covers their earnings and allowances respectively as well as their bank details. 

 

d) Technical data:  

 

When you use the Fund’s website, CPIC collects certain items of technical data:

–       to enable navigation on the website and the management and traceability of the information sought (connection and website usage data, topics of interest, etc.);

–       to prevent and combat IT fraud (spamming, hacking…): IT equipment used for navigation, IP address

–       to improve navigation on the site: connection and usage data

–       to conduct voluntary satisfaction surveys at https://www.cpic.ch/ and e-mail addresses 

–       to conduct communication campaigns (mail): telephone number, address, email 

All in all, CPIC collects a varied range of technical data in connection with your use of its website. For more information, please consult the legal notices posted on the CPIC website regarding its confidentiality and data protection policy:

https://www.cpic.ch/mentions-legales or https://www.cpic.ch/en/legal-mentions/

 

Taken in isolation, this technical data does not, in most cases, permit conclusions to be drawn about your identity, and is not intended to do so. It may, however, be associated with other categories of data and possibly with your person in the context of your user accounts or registrations.

 

6. For what purposes does CPIC process personal data?  

 

CPIC processes personal data in order to successfully carry out its mission of providing an occupational pension fund for conference interpreters. It processes this data in order to: 

 

–          inform you, communicate with you or advise you

 

–          keep statistics

 

–          process admissions to and departures from CPIC and pay the benefits due to beneficiaries or rightful claimants 

 

–          recruit potential beneficiaries

 

 

–          perform support activities or administrative management activities, such as accounting, IT system management or logistical tasks 

 

–          manage job applications, recruitment and human resources

 

–          monitor compliance with legal provisions and other regulations and manage any disputes while safeguarding the rights of CPIC

 

CPIC does not use your data for commercial purposes and does not share it for advertising purposes.

 

7. With whom does CPIC share personal data?  

 

CPIC may share information containing its beneficiaries’ personal data with third parties when this is necessary for carrying out its activity or if it has a legitimate interest in so doing. 

 

The categories of recipients with whom personal data is shared are as follows:   

 

–          active beneficiaries and rightful claimants: CPIC shares information with its active beneficiaries or rightful claimants concerning them which is necessary to provide them with benefits and information

 

–          agents and service providers: all entities to whom CPIC delegates the management of tasks relating to occupational pensions and the maintenance of its infrastructure

 

Banking agents are responsible for registering beneficiaries, opening individual accounts and making the related accounting entries (professional contributions and personal payments), sending out the quarterly bank statements by post and paying allowances and salaries as instructed by CPIC. 

 

The service providers (insurers, reinsurers,  occupational pension or private insurance institutions included on the list of third parties approved by CPIC, and a genealogy company) are responsible respectively for opening optional accident insurance contracts and optional annuity contracts and for receiving employer contributions in the event of withdrawal prior to pension age or receiving the total capital in the event of withdrawal at pension age, and for finding the rightful claimants following a death.

 

The IT agents are responsible for maintaining the IT infrastructure and database and website management applications as well as for matters relating to data backup and security.

 

The agents and service providers of CPIC are contractually obliged to respect the current legislation on data protection and the secrecy and confidentiality of information. They may only process data for predefined purposes and not to satisfy their own needs. 

 

8. Does CPIC send personal data outside Switzerland?  

 

CPIC does not transfer personal data outside Switzerland.

 

CPIC does, however, host personal data which it holds on servers located in Switzerland or the European Union (EU). 

 

CPIC may, however, make use of standard IT services which inevitably involve certain flows of data outside Switzerland. If personal data is transferred or becomes accessible outside Switzerland or the EU, CPIC ensures that this access is in compliance with Swiss data protection laws and puts the appropriate safeguards in place (based on the standard clauses adopted by the European Commission, for example) or on the basis of legal exceptions, such as consent, the performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interest or published personal data.

 

The European Union recognises Swiss data protection legislation.

 

9. How does CPIC ensure the security of personal data? 

 

CPIC keeps appropriate physical, technical and organisational measures in place to ensure the confidentiality, integrity and availability of personal data as well as to protect this data against any unauthorised or illegal processing and to minimise the risk of loss, accidental alteration and unauthorised communication or access.

 

CPIC does, however, point out that no system is completely secure. CPIC cannot therefore guarantee the security, integrity or confidentiality of electronic communication or any other electronic processing of data even if this is encrypted or otherwise secured in an appropriate manner.

10. Where and for how long does CPIC retain personal data?

 

All the personal data retained by CPIC at its head office in Geneva is stored in Switzerland and with Swiss agents whose contracts make provision for data to be stored and archived exclusively in Switzerland.

 

Data relating to the CPIC website is stored by two separate agents in two locations in Switzerland and Germany.  

CPIC retains the personal data of active beneficiaries for the entire duration of their membership. After a beneficiary has left CPIC, their personal data is kept on paper and archived electronically for a period of ten years. In cases where the termination benefit is in the form of an annuity, personal data is kept for ten years after the death of the active beneficiary or their rightful claimants.

Data of potential beneficiaries is retained until they either join CPIC or decide not to become a member.

11.  What rights are associated with the processing of personal data? 

 

Anyone whose personal data is processed by CPIC may request:

 

–          access to the personal data relating to them that is held by CPIC

 

–          rectification of personal data relating to them that is inaccurate or incomplete

 

–          deletion or anonymisation of personal data concerning them if the data is not necessary or no longer necessary for CPIC to carry out its tasks

 

–          restriction of the processing of personal data relating to them if the processing of the data is not necessary or no longer necessary for CPIC to carry out its tasks

 

–          to be given the personal data that he or she has provided to CPIC, in a structured format commonly used in information technology

 

–          in cases where the processing of personal data is based on his or her consent, withdrawal of this consent to the processing of his or her personal data for the future;

 

–          subject to the submission of a power of attorney, the transfer by CPIC of his or her personal data to a third party of his or her choice 

 

In certain specific cases defined by law, CPIC may refuse, restrict or defer communication of the information requested. Requests will, in principle, be processed within a period of 30 days except for complex requests where processing may take up to two months. 

 

The requests set out above may be sent to CPIC by post, to the address of its head office in Geneva or by e-mail to: cpic@cpic.ch. 

 

In the event of doubt regarding the lawfulness of the processing of their personal data, the person concerned may refer the matter to the competent supervisory authority, i.e. the Federal Data Protection and Information Commissioner (FDPIC). 

12.  When can this information notice about the processing of personal data be amended?  

 

This information notice may be amended at any time, especially if CPIC changes the way it processes data or if new legal provisions come into force. 

 

As a general rule, the version of the information notice in force at the time a data processing operation commences will be the version that applies to the operation concerned.

 

CPIC recommends consulting the information notice on the processing of personal information on a regular basis.