Privacy policy

Privacy policy for using the ePlix platform
(Version 3.0 dated 01.02.2024)

1. Scope

The following privacy policy applies to the acquisition and processing of personal data relating to the ePlix platform by the platform operator enovetic ag (hereinafter known as “enovetic”, “we” and “us”).

The privacy policy will show you which personal data we use, for what purpose they are processed or with whom they are shared when you register with ePlix, use ePlix services and visit the www.eplix.ch/en website.

ePlix is a central web app, which in particular provides you with a full summary of the personal care that you can expect in the event of your ordinary, early or postponed retirement, capital drawdown, etc. and can also show you the purchasing potential in your pension plan. Furthermore, the web app provides access to important documents at any time, such as wage slips, tax returns and the facility to open and manage a “3a pillar” or a vested benefits account.

Multiple providers, e.g. care companies, banks, insurance companies and employers, are included on the ePlix platform and provide the data and services from their own spheres required for using ePlix, which also means that they can use ePlix for their own purposes.

enovetic is not responsible for the data protection or security practices of providers who supply data to ePlix or use ePlix for their own purposes if these practices differ from this privacy policy. The providers act as independent “Data controllers” relating to the processing of personal data and are themselves responsible for observing data protection regulations and for meeting the requirements of the permitted forwarding of personal data from data subjects, which providers have received from them and transferred to enovetic. Please contact the providers directly for more information about data protection (see the list of providers under “Partners” at www.eplix.ch/en).

This is where you can authorise all providers whose information and offerings you wish to access within ePlix to provide the data required for this purpose to enovetic, even if the data is subject to a duty of professional confidentiality on the part of the provider. You acknowledge that enovetic is an independent provider and is not an agent of the other providers and therefore also not subject to the duty of professional confidentiality on the part of the relevant provider. You also authorise us to supply the relevant provider with all your data it requires relating to the use of information and the offering of the provider on ePlix. This may also include personal data particularly worthy of protection.

If you include personal data of people other than yourself on ePlix, you are responsible for ensuring that you are authorised do so and that these people are fully informed of this privacy policy.

In the sense of this privacy policy, the term “personal data” describes all information relating to a specific or identifiable private individual.

enovetic guarantees that all personal data will be used on a strictly confidential basis and exclusively for the agreed purpose set out in number 5 or if a different legal basis applies, as set out in the relevant data protection laws. enovetic implements a wide range of technical and organisational measures to guarantee this.

2.   Competent body

The competent body for data processing by ePlix is enovetic ag, whose registered office is in Rotkreuz (CHE-108.015.359). It may be contacted for data protection concerns using the address enovetic ag, Datenschutz, Blegi 5, 6346 Rotkreuz, or using the email address [email protected].

3.   Applicability of Swiss data protection laws and the General Data Protection Regulation “GDPR”

This privacy policy has been worded to meet the requirements of the EU General Data Protection Regulation 2016/679 (“GDPR”), the Swiss Data Protection Act (“DSG”) and the revised Swiss Data Protection Act (“revDSG”). Whether and to what extent these laws are applicable, however, depends on the individual case.

4.   What types of personal data are collected?

When you register with ePlix and use services from ePlix, enovetic obtains the following personal data from you directly via ePlix:

  • Surname and forename
  • Date of birth
  • Gender
  • Marital status (including date of marriage or date of civil partnership)
  • Residential address
  • Social security number
  • Copy of an ID document (passport, ID, driving licence, residence permit)
  • Details of nationality (US national)
  • Pension fund membership
  • Employment status (employed, unemployed, freelance)
  • Name of employer
  • Details of salary
  • Password
  • Telephone number
  • E-mail address
  • Technical data generated by accessing the platform, such as IP addresses, browser details and data about the use of ePlix
  • Protocol data of users relating to the use of the ePlix platform

ePlix receives data from the contract between you and the relevant provider (e.g. your employer) which they supply to display and process in ePlix from the providers included in ePlix:

  • Wage data
  • Account data
  • Data relating to insurance and care services
  • Data to verify identity

ePlix may use these data to calculate additional data about you, for example details of your care situation. We also receive from you the orders, instructions and information which you place on ePlix for the attention of the providers and which we forward to them and the notifications that you send us on the various channels or which you exchange with us.

You agree that we may use the data for statistical and marketing purposes, for example so that, using the addresses supplied to us, we can send you personalised marketing tailored to the situation we are aware of from us (including affiliated companies), the providers and their sales partners. You can revoke this consent for enovetic for the future relating to your own and external marketing purposes at any time by contacting enovetic, in particular using our contact details (number 2). You must send your revocation to the providers concerned relating to the use of the data you have already supplied to them. Their privacy policies apply to their data processing practices.


5.   Purposes of data processing

enovetic collects your personal data provided on ePlix for the following purposes:

  • Conclusion and administration of the contract for the use of ePlix, in particular for displaying the information supplied by the providers, generating calculations with you if necessary, saving the data for you on the platform, processing and returning them, issuing orders to the providers or monitoring their completion;
  • Administration of our contracts with the providers, in particular so that they can identify you as their customer, supply details about their information and offerings can be used on ePlix or for billing the charges owed by the providers;
  • Statistics on the way in which the platform is used which enable us to understand the market, the needs and other aspects which are important to use relating to ePlix;
  • Optimising, improving and developing the platform, our offerings and services, for example on the basis of feedback from you, error messages or the use of the platform;
  • Advertising and marketing both in our own interests and for the purposes of the providers and their sales partners, including the personalisation and profiling required for this purpose unless you have revoked your consent for this type of use (see number 12 below and the terms and conditions of use at www.eplix.ch/en/service/terms-of-use number 7.2.1);
  • Guaranteeing correct operation, particularly of the IT systems, the ePlix web app and our website;
  • Communication with third parties and processing their inquiries (for example media inquiries);
  • Preventing and investigating criminal acts, abuse and other inappropriate behaviour (for example conducting internal investments, data analyses for fighting fraud);
  • Responding to inquiries from a court or official body, lodging/exercising and defending contractual or statutory legal claims;
  • Complying with current laws.

6.   Legal basis of processing

We process the personal data we collect to conclude and administer our contracts with you and our business partners/providers (under the GDPR: Art. 6 paragraph 1 letter b of the GDPR),

  • for example to enter into a usage agreement with you for ePlix so that you can access ePlix and use ePlix services via the platform;
  • to identify you as our customer, contract partner, etc.;
  • to conduct the necessary correspondence with you;
  • to offer you bespoke services or to develop such services.

The personal data are processed “for compliance with a legal obligation” (under the GDPR: Art. 6 paragraph 1 letter c of the GDPR),

  • to comply with any statutory archiving duties, for example the 10-year archiving period for business records (Art. 958f of the Swiss Law of Obligations).

The personal data are processed on the basis of “consent” (under the GDPR: Art. 6 paragraph 1 letter a of the GDPR),

  • as long as you have granted us consent to process the data and have not revoked this consent.

If you have given us your consent for processing your personal data for specific purposes (for example when you registered your consent to receive newsletters or have a background check conducted), we will process your personal data on the basis of and supported by this consent unless we have another legal basis and we need an additional basis.

Consent that has been granted can be revoked at any time, but this will not affect data processing routines which have already been completed (see number 12).

Personal data are generally processed on the basis of the “purposes of legitimate interests of the controller or a third party” (under the GDPR: Art. 6 paragraph 1 letter f of the GDPR);

  • to optimise, improve and develop the platform, our offerings and services;
  • to respond to inquiries from a court or an authority and to lodge, exercise or defend legal claims;
  • to provide you with tailored advertising or marketing measures, including the creation of personalisation and profiling unless you have objected to this type of use;
  • to evaluate website statistics and continuously improve the functionality of our website.

7.   Recipients of personal data

Within our company, employees may only process your data if they require them to fulfil our contractual and statutory duties or maintain our legitimate interests (see also number 5).

Under the same conditions, the data may also be forwarded to third parties if this is required for the provision of our services. This may particularly include the following:

  • Group companies,
  • Providers with which we have concluded a platform usage contract for the purposes listed in number 5,
  • Service companies, for example banks and asset management companies,
  • Professional advisers, for example tax consultants, solicitors and auditors,
  • Authorities, state bodies, national and international courts,
  • Your agents and representatives,
  • Service providers, suppliers, agents, including contract data processors, with which we have concluded a data processing agreement (for example hosting providers, IT service providers, cloud services, etc.).

Any forwarding of data is based either on contract fulfilment (for example ePlix usage agreement), the fulfilment of a legal duty by the competent body, your consent or a legitimate interest on our part unless this is outweighed by your interests or basic rights and basic freedoms relating to the protection of your personal data.

8. Use of third party provider tools

Datadog

We use the “Datadog” application in ePlix, provided by Datadog, Inc., 620 8th Avenue, Floor 45, New York, NY 10018. Datadog is a software company for cloud applications, which allows servers, databases, tools and services to be monitored using a software-as-a-service-based data analysis platform.

The following data are recorded:

  • Your use of Datadog products. Datadog records information on how you use Datadog products, such as the date, time and duration of your session, the pages you view and the page that you visited before you navigated to the products or website.
  • Device information. Datadog records information about your computer or your device when you access a Datadog product, for example the browser type you use, your IP address and the location of your device.
  • Cookies and similar technologies. Cookies and similar technologies (such as web beacons and pixels) are used by Datadog to collect information about your interactions with Datadog products, including identifiers, usage data, session information, clicked links, visited pages and mouse movements. For further information about the cookies and technologies we use, please go to the Datadog cookies guideline: www.datadog­hq.com/legal/cookies/.

If you do not agree with the Datadog application, unfortunately you will be unable to use ePlix. We need Datadog to maintain the functionality of the ePlix platform and to help you if you have any problems when you register with ePlix.

We have concluded a data processing agreement with Datadog and agreed organisational and technical measures in it to protect your data contractually.

As part of the processing work carried out by Datadog, the data are only processed and saved within the EU.

For further information about Datadog, please look at the Datadog privacy policy: www.datadog­hq.com/legal/privacy/

9. Cookies / tracking and other technologies relating to the use of our website

When you visit the ePlix website at www.eplix.ch/en, data are processed by the cookies and tracking technologies we use.

What are cookies?

Cookies are small files which your browser automatically creates and which are saved on your device (laptop, tablet, smartphone, etc.) when you visit our site.

Why do we use cookies?

We use cookies on our website to make our offering more user-friendly. Cookies enable us to recognise your device next time you visit our website and to adjust and improve the website to suit your needs.

We use required cookies which help us to make a website usable by them enabling basic functions such as site navigation and access to secure areas of the website. The website cannot function correctly without these cookies. We also use statistics cookies which help the website owners to understand how visitors interact with websites by anonymously collecting and supplying information.

Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your visit. Some cookies remain on your device until you delete them.

You can set your browser so that you are informed about cookie placement and only allow cookies in individual cases, can prohibit the acceptance of cookies for particular cases or in general, as well as activating the automatic deletion of cookies when you close the browser. Deactivating cookies can restrict the functions of this website.

To find out more about how you can control cookie settings using your browser, look at the subjects of “Private browsing”, “Incognito” or “InPrivate” in the Firefox, Chrome, Microsoft Edge or Safari settings, depending on which browser you use.

The data processing which takes place using cookies is also based either on a legitimate interest or on consent (see number 6).

We include visible and invisible image elements in some of our newsletters and other marketing emails where allowed and when they are retrieved by our servers, they enable us to establish whether and when you opened the email so that we can measure and better understand how you use our offerings and how we can tailor them to your needs.

You can block this in your email program, in most of which the setting is a default one.

When you use our website and grant your consent to receive newsletters and other marketing emails, you agree to the use of these technologies. If you do not wish to do so, you must adjust the settings in your browser and email program accordingly.

Google Analytics

We also use Google Analytics or equivalent services on our website. This is a service provided by third parties which may be in any country in the world (in the case of Google Analytics it is Google Ireland (based in Ireland), whilst Google Ireland is supported by Google LLC (based in the USA) which is the contract processor (both referred to hereinafter as “Google” or www.google.com), using which we can measure and evaluate the use of this website (on an anonymous basis). Permanent cookies, which are set by the service provider, are also used for this purpose. We have configured the service so that the visitors’ IP addresses are abbreviated by Google in Europe before they are forwarded to the USA, so that they cannot be traced. We have disabled the “Data forwarding” and “Signals” settings.

Although we can assume that the information that we share with Google does not include personal data, it is possible that Google can draw conclusions about the identity of the visitors, create personal profiles and link these data to the Google accounts of these persons from these data for its own purposes. If you have registered with the service provider, the service provider will also recognise you. Your personal data will then be processed by the service provider at the responsibility of the service provider and on the basis of its data protection provisions. The service provider only informs us how our website is being used (it does not provide any information about you personally).

10. Cross-border processing

The recipients of personal data may be in Switzerland or elsewhere. We would like to point out that we exchange personal data within our group of companies and we may transfer them to countries in which the service companies, which provide us with services (for example software suppliers, IT service providers, legal advisers/solicitors as well as authorities, official bodies or national and international courts) are located.

If we send personal data to third party countries without reasonable statutory data protection, we ensure in compliance with the statutory regulations that a reasonable level of protection is provided by carrying out a risk assessment in each case of the national legal principles of the country to which your personal data are to be transferred. If we identify any such risks, we will agree the revised standard data protection clauses of the European Commission with the recipient of the data. These can be viewed here: www.eur-lex.europa.eu/eli/dec­impl/2021/914/oj?locale=en. Furthermore, any additional technical measures will be used to prevent possible official access to the data to effectively guarantee that the data are protected in the destination country.

11. Profiling [and automated decision-making]

We process some of your personal data automatically with the aim of evaluating specific personal aspects (profiling). We particularly use profiling to inform and advise you about products in which you may be interested. We use evaluation tools which enable us to provide communication and marketing which meet your requirements, including market and opinion research.

We do not use fully automated decision-making to justify and manage our business relationship or for any other reason (as described in Art. 22 of the GDPR). If we use such methods in individual cases, we will notify you separately of this if this is required by law and we will also explain the relevant laws to you.

12. Rights of the data subject

As part of the data protection law relevant to you and where provided therein (for example in the case of the GDPR), you have the right to information, rectification and erasure, the right to restrict data processing and also to object to our data processing operations, particularly operations for the purpose of direct marketing, profiling undertaken for direct marketing and other legitimate interests in processing and for access to certain personal data for the purpose of transferring it to another body (known as data portability).

Please note, however, that we reserve the right to claim the restrictions provided by the law, for example if we have a duty to archive or process certain data, we have an overriding interest in this (if we are able to claim this) or require them for lodging legal claims. If you incur any costs for this purpose, we will notify you in advance.

We have already informed you of the facility to revoke your consent in number 6. You can do this at any time by writing to us by mail to enovetic ag, Datenschutz, Blegi 5, 6343 Rotkreuz or by email to [email protected] to notify us of your revocation.

Please note that exercising your rights may conflict with contractual agreements and this may have consequences such as the premature dissolution of the contract or costs. We will notify you of this in advance if this has not already been agreed in the contract.

Exercising these rights generally requires that you can clearly verify your identity (for example through a copy of your ID if your identity is otherwise unclear or cannot be verified otherwise). To claim your rights, you can contact us at the address provided in number 2.

Every data subject also has the right to enforce its claims in a court of law or to submit a complaint to the relevant data protection authority. The relevant data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en).

13. Data security

enovetic uses suitable technical and organisational security measures to protect your data from accidental or malicious manipulation, partial or complete loss, destruction and to prevent unauthorised access by third parties. Our security measures are improved on an ongoing basis as technological development advances.

Notwithstanding this, we must point out that data transmission on the internet (for example when communicating by e-mail) may have security vulnerabilities. It is not possible to guarantee complete protection from access by third parties.

During your website visit, we use the widespread SSL/TLS method together with the highest encryption level supported by your browser. Whether an individual page on our website is encrypted or not can be identified by whether the key or lock icon in the address bar of your browser is closed.

14. Changes

We may change this privacy policy at any time. Any new version shall apply to registered users of ePlix from the next time they log in after the changes have been made on ePlix or notification has been given, for all others they shall apply when the changes have been made on the ePlix in www.eplix.ch/en/service/privacy-policy

This privacy policy was last updated on 1 February 2024.