Data protection declaration for the use of the Pando mobile app and website

This data protection declaration provides information about the processing of personal data (hereinafter referred to as “personal data” or “data”) by Swiss Life Ltd, General-Guisan Quai 40, 8002 Zurich (hereinafter referred to as “Swiss Life”) when using the Pando mobile app and the associated website ( (hereinafter collectively referred to as “the app” or “Pando”). Pando is a pension product from Swiss Life 3a Employee Benefits Foundation, General-Guisan Quai 40, 8002 Zurich (hereinafter referred to as the “Foundation”).

With regard to processing as part of procurement (purchase, download, installation) of the app, the data protection provisions of the app provider (e.g. App Store, Google Play) selected by the user of the app (hereinafter also referred to as the “Policyholder”) apply.

1. Introduction

Swiss Life takes the protection of your privacy and personal data very seriously. Please find below an overview of the processing activities of personal data carried out by Swiss Life pursuant to this data protection declaration.

This data protection declaration is primarily addressed at the Policyholder. However, it may also be the case that we process the personal data of other persons if we receive this information from the Policyholder (see section 3 [Data subjects] and section 10 [Representation and beneficiaries]), whereby it is the Policyholder’s responsibility in these cases to inform these persons of the processing of data pursuant to this data protection declaration.

When we refer to “you” or “your” in this data protection declaration, we are thus primarily referring to the Policyholder but may also include the other persons mentioned.

Further information on use of the app can be found in the Pando Terms and Conditions of Use, the Foundation’s pension fund regulations and the pension plan agreement with the Foundation.

2. Controller

The Foundation and Swiss Life (collectively referred to as “we” or “us”) are responsible for the data processing described in this data protection declaration.

For queries concerning data protection law, you can contact us at the following address:

Swiss Life Ltd

General-Guisan-Quai 40

P.O. Box

8022 Zurich

If you have any questions on data protection pursuant to this data protection declaration, please contact directly.

3. Data subjects

The personal data that we process in accordance with this data protection declaration are primarily collected directly from you as the Policyholder when you make them available to us in the app.

However, we may also process the personal data of third parties if you provide information about such persons (e.g. when uploading documents) in the app, such as

  1. beneficiaries,
  2. family members of the Policyholder (including spouse/registered partner),
  3. contracting partners of the Policyholder (e.g. for building permits, contracts), or
  4. information from other third parties who are or were in a (legal) relationship with the Policyholder (e.g. former employee benefits institutions, employers).

The policyholder is responsible for deciding whether and which third-party data are entered in the app.

4. Categories of personal data processed

We may process the following categories of data, including highly sensitive personal data, for the purposes set out in section 5.

  • Technical data: e.g.IP address, browser settings, operating system, engagement metrics, location data, session times, hardware system;
  • Master data: name, address, age, e-mail address, telephone number, nationality;
  • Contract data: e.g.information you provide to us as part of the registration process, such as details of your risk profile, investment preferences, investment horizon, details in identification documents such as passport/ID, type of contract, date of conclusion of contract, details about the type / status of your employment, details of your pension situation, details of documents you upload to the app;
  • Financial data: e.g. income data, account data, details of vested benefits solutions, selected investment products and strategies,details of incoming and outgoing payments, transaction data, fee information, asset situation and performance, details of any beneficiaries, savings behaviour, savings opportunities, details you provide to us when using the pension calculator;
  • Behavioural, usage and preference data: e.g.details of app usage and usage behaviour, payment history, usage frequency, preferred settings and functions, selection and adjustment of investment preferences;
  • Communication data: e.g.communication by e-mail, telephone, form, our blog, the chat function or when we send you notifications for promotional purposes, details you provide to us as part of support, other details when you communicate with us, type of communication, any content of communication required to handle your request and support you, call and video recordings if you consent to such;
  • Information on relationships with third parties: e.g. details you provide to us about beneficiaries, family members, employee and vested benefits institutions, employers, bank accounts, recipients of correspondence and other third parties involved.
  • Information on your professional situation: details of income, mandatory OASI contributions and pension fund contributions as well as self-employment versus employment relationship.

If a call is recorded, you will be informed of this beforehand.

5. Type of processing, processing purposes

We process personal data for the following purposes.

You are not obliged to provide us with your personal data for the purposes listed below. Please note, however, that if we are not permitted to process certain personal data about you that are required for provision of the app or contract processing, the app may potentially not or only partially be used.

If you do not wish us to process your data for the purposes mentioned (especially for marketing or advertising purposes, profiling and other purposes), you have the opportunity to object to the corresponding processing activity. Please notify us of this at the following e-mail address:

5.1. Contract processing

As part of the registration process (sign-up and onboarding):

  • Review of the legal requirements and other prerequisites for entering into the contractual relationship (e.g. identification, place of residence, age, requirements for a 3a product, tax requirements, social insurance requirements, financial and capital market requirements);
  • Conducting of initial risk profiling and customer qualification (e.g. risk appetite, investment preferences, preferred investment strategy, income data, investment horizon);
  • Conclusion of the contract in accordance with the applicable terms and conditions of use;

For the purposes of contract execution:

  • Optimum provision of the app, our offers and services and for the purpose of reviewing, improving and further developing them;
  • Contract and business relationship management (e.g. general account management, management of the documents you upload, fee processing, payment and transaction processing, settlement of any business cases);
  • Details of investment activities, risk profiling etc.;
  • Communication (e.g. if you contact us, if you have a concern and wish to communicate with us through a communication channel provided by us [including call and video recordings], to safeguard, operate and further develop customer support, if we send you messages via our “Messages” function, if we send you in-app messages).

5.2. Advertising and marketing activities, data analyses and evaluations

Swiss Life wishes to provide you with individual and customer-friendly information to meet your needs. We may therefore process your personal data through the following advertising and marketing activities:

  • to provide you with adequate information about our company’s products and services;
  • to ensure efficient and effective customer care and maintain contact with customers outside contract processing;
  • to further develop and optimise our products and services.

We may send you both general notifications and personalised messages with content and information that may interest you based on your usage and preferences.

Swiss Life also performs data analyses and evaluations as part of this process so that we can provide you with individualised support tailored to your needs, together with better coordinated information, advertising and offers. We may make use of profiling measures, i.e. automated processing operations, in order to evaluate, analyse and predict certain personal aspects relating to an individual. We use such measures, for example, when, based on your information about your investment preferences, investment horizon and savings behaviour, we analyse or evaluate your risk appetite in order to determine which of our products and services might interest you.

Within the Swiss Life Group, we may also use your personal data for statistical evaluations on an aggregate level.

We analyse and evaluate your customer behaviour in the app, your satisfaction and your communication with us. For example, we determine what is known as a customer value, carry out segmentations or use calculations to determine the probability of certain behaviours. Furthermore, by using industry-standard tracking methods of visits to our websites, we obtain information in order to provide you with a reasonable range of offers tailored to your situation and needs. To do so we deploy common evaluation tools that facilitate corresponding communication and advertising, including market and opinion research.

Within the scope of the above-mentioned purposes, we may wish to communicate with you directly and provide you with information relating to offers, products, new investment opportunities and other services that may be of interest to you. To do so, we use the “Messages” function in the app, your e-mail address or telephone number, push notifications and other contact details provided to us by you when concluding the contract (i.e. as part of the registration process).

5.3. Tracking for web statistics and server log files

In order to keep improving our Internet presence and the functionality of our website, we need to know how our website is used. For this purpose, we use web analytics tools such as Adobe Analytics and Google Analytics. Web statistic tools also use “cookies” saved on your computer for analysis and to analyse how you use the website.

Swiss Life collects data about access to its website via so-called server logfiles. The access data collected include:

  • Name and title of the website retrieved;
  • Definition of retrieved file;
  • Date and time of retrieval;
  • Transferred data volume;
  • Notification of successful retrieval and any previously visited site;
  • Browser type including version;
  • Operating system of the user;
  • Referrer URL (previously visited site);
  • IP address (address on computer networks) and the requesting provider, whereby the IP addresses are anonymised;
  • User name (user ID) for using the Pando app.

Swiss Life uses the log data only for statistical evaluations for the purpose of safeguarding the operation, security and enhancement of its website. However, Swiss Life reserves the right to review the log data subsequently if there is a justified suspicion based on specific grounds of unlawful use.

These data are deleted as soon as they are no longer required for the purpose for which they were collected and there is no legal basis for their retention.

5.4. Adobe Analytics

This website uses the web analytics service Adobe Analytics to evaluate user access to this website. For the evaluation, cookies are stored on your device and information is collected about this. This information is also stored on servers of our order processor Adobe Systems Software Ireland Limited (“Adobe”). Access to the information via Adobe Systems Incorporated based in the US cannot be ruled out, so corresponding EU standard data protection clauses have been concluded as adequate guarantees for data processing in non-European countries.

A direct personal reference of the information stored on the Adobe servers should be excluded, since Adobe Analytics is used with the settings “Before Geo-Lookup: Replace visitor’s last IP octet with 0” and “Obfuscate IP-Removed”. The setting “Before Geo-Lookup: Replace visitor’s last IP octet with 0” ensures that the IP address is anonymised before geolocation by replacing the last octet of the IP address with zeros. The approximate location of the user is added to the tracking package, which contains the complete IP address, for statistical analysis. Before storing the tracking package, the IP address is then replaced by a single fixed IP address – this is called a generic IP address – if the setting “Obfuscate IP-Removed” is configured. This means that the IP address is no longer contained in a stored data record.

5.5. Google Analytics

In addition to Adobe Analytics, this website also uses the web analytics service Google Analytics to evaluate user access to this website. The information concerning your use of our websites collected using cookies may be transmitted by Google in countries outside the EU in particular also to servers in the US and stored there (see below for information on data protection during data transfer to the US). Google may make this information available to third parties as well if provided for by law or if third parties are commissioned by Google to process such data.

You can also prevent data generated by a cookie with regard to your use of the website (including your IP address) from being registered with Google and Google’s processing of such data by downloading and installing the browser plug-in available at this link:

5.6. Facebook pixel, Facebook custom audiences and Facebook conversion

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, US, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used.

With the help of the Facebook pixel, Facebook can identify you as a visitor to our online offer as a target group for the display of ads (“Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we have placed only to those Facebook users who have also shown an interest in our online offering or who have certain features (e.g. interest in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (“custom audiences”). We also use the Facebook pixel to ensure that our Facebook ads correspond to the potential interest of the users and do not harass them. The Facebook pixel also helps us to understand the effectiveness of Facebook advertisements for statistical and market research purposes, as we see whether users have been forwarded to our website after clicking on a Facebook advertisement (“conversion”). You can find further information on the protection of your privacy in Facebook’s privacy policy: You can also deactivate the “Custom audiences” remarketing function in the Ad Settings section at To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance:

5.7. Google ads, Google conversion tracking  

This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

As part of Google AdWords, we use conversion tracking to draw attention to our attractive offers with the help of advertising media (Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. We can thus show you advertisements that are of interest to you, make our website more interesting for you and achieve a fair calculation of advertising costs. Further information on conversion tracking and in particular how you can prevent the collection of data by the cookie set by Google can be found under the following link: You can deactivate all or part of cookie setting by our website in your browser at any time. If cookies are deactivated, you may no longer have access to all the functions of our website. More information about Google AdWords and Google conversion tracking can be found in the data protection provisions of Google:; You can set your browser so that you are informed about the cookie setting and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally as well as activate the automatic deletion of cookies when closing the browser.

If you do not agree with this, please let us know at the following e-mail address: If necessary, we will ask for your consent separately in advance. In the case of electronic communications, you will usually be able to unsubscribe from the corresponding service via a link in the corresponding message.

5.8. Market research purposes and investigations

We collect, store and process your data for the evaluation, improvement and new development of products, services and functions. In some cases, the findings are used in anonymised form for various questions within the company.

We may also contact you within the scope of customer satisfaction surveys. The answers are consolidated, evaluated anonymously and used for statistical purposes. We use these results to actively address your concerns and continuously improve our internal processes. In specific instances, we may contact you in person to gain a better understanding of your needs, such as when we discover that a registration process has been aborted, in order to detect and resolve technical malfunctions or errors in the registration process as early as possible.

5.9. Legal obligations

To comply with existing legal requirements (e.g. retention obligations, financial and capital market requirements, regulatory requirements etc.) including the assertion, enforcement and defence of our legal claims.

If there is a suspicion of insurance fraud or other use of the app in breach of contract or the law, we process the personal data for the purpose of uncovering or preventing insurance fraud or use in breach of contract or the law and may forward such data to third parties for this purpose.

5.10. Further processing purposes

  • Protection of data, secrets and assets;
  • Optimisation and safeguarding of the functionality and security of the app, landing page and IT systems within our area of control (e.g. functions within the app);
  • Data processing within the scope of exercise of your data protection rights;
  • Data processing activities when we involve further third parties in the provision of the app;
  • Data administration and archiving, data anonymisation and deletion.

6. Cookies

We also use cookies within the scope of provision of the app. Cookies are small text files that are stored in your browser or on your device and transmitted to us each time you access the app again. This is the only way we can make our app available and continuously improve our digital offerings, offer you time-saving and enjoyable features for the best possible use and customer experience and provide you with personalised content. If you do not agree to this, you can configure your browser so that it does not accept cookies. As a rule, our digital offerings will remain usable for you, but some functions may not be available to you or may only be available to a limited extent.

The cookies we use specifically serve to facilitate and provide various functions of the app. Cookies can also help, for example, to store your country and language preferences or the duration of your stay in the app. Through the use of cookies, we can also record and analyse the user behaviour of visitors to our websites. This allows us to make the app more user-friendly and effective and to make your visit to our websites as pleasant as possible. Our goal is to make our digital offering as attractive as possible for you and to show you contents that best correspond to your interests.

7. Data security

We take appropriate technical and organisational measures in accordance with standard practice for the sector to uphold the confidentiality, integrity and availability of your personal data and protect your personal data from unauthorised, unlawful and unintentional processing, including in particular unauthorised access, manipulation, loss or theft, change or deletion or other unauthorised use.

Our security measures include encryption techniques, pseudonymisation, access controls and authentication procedures. We also protect your personal data when it is transmitted.

These measures enable us to achieve the required protection of your personal data. However, contractual and technical measures can never completely eliminate all risks. It should be noted, for example, that absolute data security cannot be guaranteed and that data could also come into the possession of unauthorised persons due to hacker attacks or data theft. Likewise, we can only implement security in areas that we also control. For example, your device as such is located outside the security area controlled by us. You should therefore proactively inform yourself about the necessary security precautions and take the appropriate measures in this regard.

8. Data recipients

Within the scope of your use of the app, we may also pass on your personal data and details to third parties involved in providing the app or individual functions or associated products and services for the purposes stated in this data protection declaration.

We may share your information with other Group companies.

For certain activities, such as IT services, marketing and within the scope of our identification processes, we engage service providers who, as part of the provision of their services, also process personal data for our purposes and on our behalf.

We may also disclose your personal data to our and your contracting partners (e.g. within the scope of account and custody account management of the pension contract). We may also disclose your personal data to third parties if we are legally obliged to do so, you grant us your consent, or we do so to assert, enforce and/or defend our legitimate interests (e.g. lawyers, consulting firms, debt collection service providers, public bodies, offices, authorities, cooperation partners).

The transmission, exchange or disclosure to the aforementioned recipients takes place in each case to the extent required for use of the app, its provision or the provision of our products and services to you in this connection, if this is necessary for our legitimate interests, permitted within the scope of your consent or necessary or permissible for the fulfilment of legal obligations.

We may transfer your data, including highly sensitive personal data, to the following categories of data recipient. We undertake to ensure when doing so that such exchanges are based on the need-to-know principle and in compliance with the applicable data protection provisions:

  • Group companies (e.g. Swiss Life Asset Managers within the scope of the Foundation’s investment and asset management in accordance with the pension plan agreement);
  • Authorities, offices and other public bodies when we are required to do so;
  • Service providers (e.g. IT service providers, hosting/cloud providers, marketing companies, CRM service providers, identification service providers, messaging providers);
  • Other contracting partners in connection with the provision of the app (e.g. within the scope of investment and asset management, account maintenance, payment services);
  • Other third parties (e.g. employee benefits institutions with which you have a legal relationship, other data subjects whose details you make available to us, lawyers, consulting and auditing companies, fraud prevention service providers).

The aforementioned categories of data recipient may also be located abroad, i.e. your personal data that we process about you or that you provide to us may be transferred abroad. Your personal data may therefore be processed and stored anywhere in the world – including outside the EU / EEA. Many third countries (e.g. the US) do not currently have laws with an adequate level of data protection such as those in Switzerland. We therefore make contractual provisions tocompensate for the weaker legal protection, whereby we generally conclude the standard contractual clauses issued and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC), unless the recipient has provided other security guarantees. If further measures are required as a result of a specific instance of data transmission, we will also take this into account appropriately. Please note that while such contractual provisions may partially compensate for weaker or missing legal protection, they cannot fully exclude all risks (e.g. of government interventions abroad). In exceptional cases, transmissions to countries without adequate protection may also be permitted in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transmission is necessary for the performance of a contract. Please also note that in the case of electronic transmission or communication, data may unintentionally go abroad, as such procedures are often routed via third countries.

9. Automation of individual decisions

For the purposes set out in section 5, we may conduct automated processing of your personal data (i.e. computer-assisted and possibly with profiling). As explained above, this takes place mainly, for example, for analysis and evaluation purposes in order to send you personalised notifications and ads that may interest you based on your use of the website or app and actions taken, to identify abuse or security risks or to review your risk and investment preferences.

We may also make automated individual decisions, i.e. automated decision-making processes that are carried out according to specified, automated rules and without review and intervention by an employee, and which entail legal consequences for the data subject. We may use such procedures for contractual processes as part of the registration process when we review your details with regard to the desired use of the app (e.g. identification, verification of US status).

You may at any time call on the point of contact specified in section 2 (Controller) in order to have the completed process reviewed manually.

10. Representation and beneficiaries

If you conclude a contract for one or more other persons (e.g. spouse, minor children) or designate third parties as beneficiaries, we will consider you to be the representative of the other persons you have specified and attribute to them the data protection declaration made known to you.

Based on your nomination of these persons, we assume that you will inform the beneficiaries or family members of the data processing carried out by us and ensure that they have no objection to the processing of such data. Should the persons specified by you object to data processing by us, this may affect the contract concluded with you.

11. Duration of processing, storage and deletion of personal data

We process your personal data as long as this is necessary for our processing purposes, our specific legitimate interests and obligations (e.g. proof and documentation purposes, safeguarding IT security, archiving, detection and monitoring of technical or operational inconsistencies) or for other reasons (e.g. technical reasons for backups, document management systems, statutory retention obligations, official orders, regulatory requirements). It is therefore possible that we may continue to process and store your personal data even after termination of the contract with you or despite the exercise of your rights as a data subject in order to protect our interests, fulfil further processing objectives and requirements and/or comply with legal obligations.

As soon as your personal data are no longer required for any of the aforementioned purposes and there are no other reasons precluding deletion, they are generally automatically deleted or anonymised in compliance with data protection regulations.

12. Your rights (rights of data subjects)

You have the following data protection rights:

  • Right to be informed as to whether and, if so, which personal data about you are processed and in what manner;
  • Right to correction and/or deletion of your personal data and to restrict processing;
  • Right to object to a processing activity;
  • Right to revoke previously granted consent. This does not affect the legality of any data processing carried out up to this point;
  • Right to receive your personal data in a conventional electronic format;
  • Right to submit your concerns to the Federal Data Protection and Information Commissioner (FDPIC) if you believe that your personal data are being processed unlawfully.

Please note that we may refuse, restrict or postpone the upholding of your rights under certain circumstances, e.g. if your requests are manifestly unfounded, of a querulous nature or specifically pursue an objective that violates data protection due to a formal law, overriding interests of third parties or for other reasons. We may also need to further process and store your personal data, e.g. for the duration of the contract with you, in order to protect our interests or meet legal obligations.

The exercise of your rights generally requires you to provide clear evidence of your identity (e.g. with a copy of your ID card). You can contact us at to assert your rights.

13. Right of modification

This data protection declaration may be amended at any time without prior notice, in particular to take account of current statutory provisions and changed business procedures. In the event of any significant changes to the purpose of the processing of your personal data, we will inform you of this in an appropriate manner.

The version published here applies in every case.

May 2022

Scan the QR code and download the Pando app directly to your smartphone.