Data Privacy Statement

This data privacy statement is intended for natural persons whose personal data is processed by the “Sulzer Vorsorgeeinrichtung” (Sulzer Pension Fund, “SVE”, “we” or “us”), (e.g. persons insured with the Sulzer Pension Fund and the Johann Jakob Sulzer Foundation, beneficiaries and other persons submitting funding applications to the Sulzer Welfare Fund or the Sulzer Foundation, as well as visitors to the SVE website).

SVE attaches great importance to appropriate data protection and the handling of personal data in accordance with the law. This data privacy statement informs you about the most important aspects of data processing in connection with our occupational benefits services and when you visit our website. The following data privacy statement presents an overview of how we collect and process your personal data and provides information about:

• why and how SVE processes your personal data;

• the legal basis for processing your personal data; and

• your rights with regard to your personal data being processed.

The body responsible for matters pertaining to data protection legislation is SVE. Should you have any questions or wish to provide feedback regarding data protection or the processing of your personal data, you may contact SVE’s independent data protection advisers at the following addresses:

Sulzer Vorsorgeeinrichtung (SVE)
Data Protection
P.O. Box
8401 Winterthur
datenschutz@sve.ch

4.1 Purposes of data processing

In principle, SVE processes personal data to implement both the compulsory and non-compulsory aspects of the occupational benefits scheme. These processing activities may differ depending on the group of people concerned. Specifically, we collect identification data (surname, first name, title, date of birth, nationality, gender, marital status), contact data (address, telephone number, e-mail address, etc.), as well as data relating to the calculation and provision of benefits (such as salary data, bank details and beneficiary details, as well as social security and health data). Personal data is processed for the following purposes in particular:

• Identifying insured persons and pensioners

• Corresponding with insured persons and pensioners (including despatching certificates and invoices)

• Fulfilling the tasks specified in the Occupational Pensions Act (BVG) and the Vested Benefits Act (FZG), notably:

  • Ensuring compliance with mandatory insurance requirements

  • Calculating and collecting contributions from insured persons

  • Assessing benefit claims as well as calculating and granting benefits, and coordinating them with other social insurers

  • Asserting the right of recourse against liable third parties

  • Supervising the implementation of the law

  • Recording statistics

• Offering and refining our range of products and services, websites or IT solutions

• Providing information and simulation options through the online portal

• Strategic development

• Combating abuse (e.g. preventing fraud and optimising the security of the website)

• Fulfilling legal requirements as well as our obligations towards the supervisory authority

• Safeguarding SVE’s prevailing interests, particularly with regard to defending and enforcing its legal claims

• Use for marketing and advertising measures (including despatching product information
  and newsletters, and organising events).

We reserve the right to continue processing personal data collected for one of the above purposes for other reasons if these are compatible with the original purpose, or are permitted or required by law (e.g. any reporting obligations).

4.2 Legal basis for data processing

In principle, data is processed upon notification from your previous or current employer, and is necessary for the purposes stated (fulfilment of a legal obligation), for the adequate processing of the contract, and for the mutual fulfilment of obligations arising from the contract or for the fulfilment of a legal obligation. Data may also derive from other third parties or publicly accessible sources.

Your data will also be processed in order to fulfil legal obligations or if it is in the public interest, specifically in order to comply with legal and supervisory requirements (e.g. BVG, Law on Old Age and Survivors’ Insurance [AHVG], Swiss Civil Code [ZGB]).

Personal data requiring special protection, in particular health data, is processed for the purpose of providing occupational benefits services, insofar as this is necessary.

In addition, your data will be processed to protect the legitimate interests of SVE or third parties for specifically defined purposes, in particular to safeguard IT security and IT operations.

4.3 Necessity of providing your personal data

Without the personal data listed in section 4.1, we are unable to provide or maintain our occupational benefits services as a rule.

As the responsible body, we primarily process personal data that has been provided by you as an insured person or by your current or former employers.

Furthermore, in order to provide our services, we process personal data that we permissibly obtain from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial and association registers, press, internet) or that we receive from authorities, medical services, clinics, banks and other financial service providers, private and social insurance companies, as well as pension funds and vested benefits institutions. In addition to the data about you that you give us directly, the categories of personal data that we receive about you from third parties include, specifically, information from your previous pension scheme, from public registers, information that we gain in connection with official and legal proceedings, information related to your professional functions and activities, credit information, information about you that people close to you (family, advisers, legal representatives, doctors, etc.) give us so that we can conclude or process contracts with you or involving you.

In addition, we process connection data when you visit our website. Our web servers automatically register your visits in temporary log files. User-specific data (e.g. the user’s computer IP address, data identifying the browser used, the user’s computer operating system, volume of transferred data, name of the internet provider, date and time of access) as well as technical data (e.g. name and URL of the referring website if the website was accessed via a link, and additionally the search term if the website was accessed via a search engine) is collected and recorded by our servers and/or via cookies (see below).

The personal data we process relates not only to insured persons or pensioners, but often also to third parties. If you provide us with personal data about third parties (e.g. family members, work colleagues), we assume that this data is correct and that you are authorised to do so. We kindly ask you to inform these third parties accordingly and provide them with this data protection statement.

6.1 Recipients of your personal data

SVE works with external service providers (order processors) to fulfil its legal and contractual obligations. For this reason, we may disclose your personal data to the following possible categories of recipients in accordance with the purposes described above, insofar as this is necessary or appropriate for the fulfilment of the processing purposes pursuant to section 3.1:

• Experts and other external service providers in the course of an enquiry

• Order processors, service providers and other business partners

• Third parties who provide us with legal or insurance services

• Auditors

• Authorities, official agencies, courts or other state institutions

• Other parties in potential or actual legal proceedings.

6.2 Transmitting your personal data abroad

As a matter of principle, we process personal data in Switzerland. In the case of persons living abroad (active and insured persons or pensioners), any documents including their personal data will be sent to them in accordance with their address instructions.

Personal data will be stored on servers in Switzerland.

Should we transfer your personal data – on a case-by-case basis – to a country without an adequate level of data protection, we undertake to ensure that your personal data will be protected in an appropriate manner. We ensure adequate data protection by adopting appropriate safeguards, such as contractual guarantees based on the EU’s standard contractual clauses, which have been recognised by the Federal Data Protection and Information Commissioner (FDPIC) and adapted or supplemented as necessary.

SVE processes and stores your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations. Personal data may be retained for the duration of any claims made against our company and to the extent that we are otherwise required to do so by law or legitimate business interests so require (e.g. for evidence and documentation purposes).

If your personal data is no longer required for the above-mentioned purposes, it will be deleted as a matter of principle and to the extent that this is possible.

We will be pleased to inform you at any time about which personal data we process. Furthermore, under certain circumstances, you have the right to have the personal data you have provided released to you electronically in a standard format.

Under certain conditions, you may object to your data being processed and request that it be restricted or that your personal data be corrected or deleted.

If you are dissatisfied with the processing of your personal data, you have the option of contacting the data protection adviser mentioned under section 3. You also have the option of lodging a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

We make every effort to adopt appropriate technical and organisational security measures to ensure that your personal data is protected against unauthorised access, misuse or loss and destruction in accordance with applicable legal and regulatory requirements.

Security measures of a technical nature include, for example, access restrictions, encryption and pseudonymisation of personal data and logging. Organisational measures include internal data protection policies and controlling. All our order processors are equally obliged to adopt appropriate technical and organisational security measures.

10.1 Cookies

10.1.1 What are cookies?

Cookies are small files that are stored on your electronic device (e.g. computer or smartphone) when you access a website. They document your visit to our website and allow us to track and implement your preferences and settings. Cookies collected through websites or mobile apps can help us compile statistics about visits to certain areas of the website or mobile app in order to make them more useful and user-friendly.

10.1.2 Which cookies do we use?

We use the following types of cookies:

• Necessary cookies: necessary cookies are required for a website and its functions to be used. These cookies ensure, for example, that you can switch between pages without losing the information entered in a form.

• Functional cookies: functional cookies allow us to provide advanced functionality and show you personalised content. These cookies allow us, for example, to save information already entered (e.g. language selection).

10.1.3 How can cookies be deactivated?

Please note that most internet browsers automatically accept cookies. If you do not wish to receive cookies, you can configure your browser so that no cookies or only certain cookies are stored on your electronic device or so that a notice is always displayed before you receive a new cookie. However, deactivating cookies may mean that you cannot use all the functions offered by our electronic services.

10.2 Web technology and data processing

Our website uses the headless CMS Storyblok. The front end is hosted by Microsoft Azure. Technical information is automatically collected from visitors to our website – for example, the user’s IP address, browser, operating system, time of access and page visited. This data is necessary to ensure the operation of the website remains secure and stable.

Storyblok is a service provided by Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria. For further information on data protection at Storyblok, please see: https://www.storyblok.com/privacy-policy

Microsoft Azure is a cloud service provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This may involve the transfer of personal data to countries outside Switzerland or the EU. Microsoft undertakes to comply with the Standard Contractual Clauses (SCC) of the EU Commission, which have been recognised by the FDPIC as a valid instrument for the transfer of personal data from Switzerland. For further information on data protection at Microsoft, please see: https://www.microsoft.com/de-de/privacy/privacystatement

Please familiarise yourself with the privacy policies of these third-party providers, as SVE is not responsible for their content or privacy practices and has no influence over them.

10.3 Newsletter

Personal data collected in connection with our newsletter distribution may also be stored by external providers based in Switzerland. Anyone can unsubscribe from this electronic newsletter distribution independently.

10.4 Forms

If you submit a contact form on our website, fill out a registration form for an event, or send us an e-mail, your details will be stored for the purpose of processing your enquiry and any further questions that may arise in connection with it, and will be used within the context of the enquiry.

10.5 Links to social media on our website

Our website contains links to our social media channels (e.g. LinkedIn and YouTube). These links do not include plugins that automatically transfer data. A connection to the respective provider will only be established if you click on the link:

• LinkedIn operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

• YouTube operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, or Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA

This lets the social media provider see you have visited our website. If you are logged into your social media account, your visit will be assigned to your profile. To avoid this, please log out beforehand.

SVE reserves the right to adapt, supplement or otherwise change this data privacy statement at any time and without specific justification. The current personal data privacy statement as published on this website shall apply.

This data privacy statement shall be effective as of 30 October 2025.