Data protection
Privacy Policy of Livica Collective Foundation
Version of August 31, 2023
In this privacy policy, we, the Livica Collective Foundation (hereinafter Livica, we or us), explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation conditions, and similar documents may regulate specific matters. Personal data is understood to mean all information that relates to an identified or identifiable person.
If you provide us with personal data of other persons (e.g. family members, data from colleagues), please ensure that these persons are aware of this privacy policy and only share their personal data with us if you are permitted to do so and when such personal data is accurate.
This privacy policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Federal Data Protection Act (“DPA”), and the revised Swiss Data Protection Act (“revDPA”). However, whether and to what extent these laws are applicable depends on the individual case.
1. Responsible Party
Responsible for the data processing described here is Livica Collective Foundation, Aarbergergasse 30, 3011 Bern, unless otherwise specified in the individual case. If you have data protection concerns, you can send them to us at the following contact address: Livica Collective Foundation, Aarbergergasse 30, 3011 Bern, or by email to info@livica.ch.
2. Collection and Processing of Personal Data
We primarily process personal data that we receive from our clients and other business partners during our business relationship with them and other involved persons, or that we collect from their users while operating our websites, apps, and other applications.
As far as permitted, we also obtain certain data from publicly available sources (e.g. debt enforcement registers, land registers, commercial registers, press, Internet) or receive such from other companies, authorities, and other third parties (e.g. credit agencies, address dealers, etc.). In addition to the data you directly provide us, the categories of personal data we obtain from third parties about you particularly include information from public registers, information related to legal and judicial proceedings, information related to your professional functions and activities (so that we can, for example, conclude and execute business with your employer with your help), information about you in correspondence and meetings with third parties, credit information (as far as we handle transactions with you personally), information about you that is provided to us by people from your surroundings (family, advisors, legal representatives, etc.), so that we can conclude or execute contracts with you or involving you (e.g. references, your address for deliveries, powers of attorney, information on compliance with legal requirements such as money laundering prevention and export restrictions, information from banks, insurance companies, and sales and other contracting partners of ours about your utilization or provision of services (e.g. payments made), information from media and the Internet about you (as far as indicated in the specific case, e.g. in the context of an application, press overview, marketing/sales, etc.), your addresses and possibly interests and further sociodemographic data (for marketing), data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, accessed pages and content, used functions, referring websites, location data).
3. Purpose of Data Processing and Legal Bases
We primarily use the personal data we collect to conclude and execute our contracts with our clients and business partners, especially in the context of pension benefits with our clients and the purchase of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad. If you are employed by such a client or business partner, you may naturally also be affected in this capacity with your personal data.
Furthermore, we process personal data of you and other persons, as permitted and deemed appropriate, also for the following purposes, for which we (and sometimes third parties) have a legitimate interest that corresponds to the purpose:
Offering and further developing our offerings, services, and websites, apps, and other platforms on which we are present;
Communication with third parties and processing their inquiries (e.g. applications, media inquiries);
Reviewing and optimizing procedures for needs analysis for direct customer outreach and collecting personal data from publicly available sources for customer acquisition;
Advertising and marketing (including organizing events), as long as you have not objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time, and we will then place you on a block list against further advertising);
Market and opinion research, media monitoring;
Enforcement of legal claims and defense in connection with legal disputes and administrative procedures;
Prevention and investigation of crimes and other misconduct (e.g., conducting internal investigations, data analyses for fraud prevention);
Ensuring our operations, particularly IT, our websites, apps, and other platforms;
Video surveillance to uphold house rights and other measures for IT, building, and facilities security and protection of our employees and other persons and our owned or entrusted assets (e.g. access controls, visitor lists, network and mail scanners, phone recordings);
Purchase and sale of business divisions, companies, or parts of companies, and other corporate transactions and related the transfer of personal data as well as measures for corporate governance and as required to comply with legal and regulatory obligations and internal rules.
As far as you have granted us consent to process your personal data for specific purposes, we process your personal data in accordance with this consent, unless we have another legal basis and need one. A granted consent can be revoked at any time, but this does not affect any data processing that has already occurred.
4. Cookies / Tracking and Other Technologies Related to the Use of Our Website
We typically use “cookies” and similar techniques on our websites and apps, which can identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser used when you visit our website or install the app. When you revisit this website or use our app, we can recognize you, even if we do not know who you are. In addition to cookies that are only used for a session and deleted after your website visit (“session cookies”), cookies can also be used to store user settings and other information over a certain period (e.g. two years) (“permanent cookies”). However, you can set your browser to refuse cookies, store only for a session, or otherwise delete them prematurely. Most browsers are pre-set to accept cookies. We use permanent cookies so that you can save user settings (e.g. language, auto-login), so that we can better understand how you use our offerings and content, and so that we can show you tailored offers and advertisements (which can also happen on websites of other companies; these companies then do not learn from us who you are, if we even know this ourselves, as they only see that the same user was on their website who was also on a specific page on our site). Some of the cookies are set by us, others by partners we work with. If you block cookies, some functionalities (like language selection, ordering processes) may no longer work.
We also include visible and invisible image elements in our newsletters and other marketing emails, through which we can determine whether and when you have opened the email by retrieving it from our servers so that we can measure and better understand how you use our offerings and tailor them to you. You can block this in your email program; most are pre-set to do so.
By using our websites, apps, and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not want this, you need to set your browser or email program accordingly, or uninstall the app if this cannot be adjusted through settings.
We may use Google Analytics or similar services on our websites. This is a service provided by third parties that may be located in any country in the world (in the case of Google Analytics, it is Google Ireland (headquartered in Ireland), which relies on Google LLC (headquartered in the USA) as a processor (both “Google”), www.google.com), with which we can measure and evaluate the use of the website (non-personalized). Permanent cookies are also used by the service provider. As far as you have registered with the service provider, the service provider knows you too. The processing of your personal data by the service provider is then the responsibility of the service provider according to their privacy regulations. The service provider only informs us about how our respective website is used (no information about you personally).
We may also use so-called plug-ins from social networks on our websites. This is typically visible to you (usually via corresponding icons). We have configured these elements so that they are disabled by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and can use this information for their purposes. The processing of your personal data then occurs under the responsibility of this operator according to their privacy regulations. We do not receive any information about you from them.
5. Data Transfer and Data Transmission Abroad
As part of our business activities and the purposes according to Section 3, as permitted and deemed appropriate, we will also disclose personal data to third parties, either because they process such data for us or because they want to use it for their own purposes. The recipients particularly include:
Service providers (internal and external, such as banks, insurance companies), including processors (such as IT providers);
Merchants, suppliers, subcontractors, and other business partners;
Customers;
Domestic and foreign authorities, governmental agencies, or courts;
Media;
The public, including visitors to websites and social media;
Competitors, industry organizations, associations, organizations, and other bodies;
Purchasers or interested parties in the acquisition of business areas or companies;
Other parties in potential or actual legal proceedings.
These recipients are partially located within the country but can be anywhere in the world. You must particularly expect the transfer of your data to all countries where the data recipients are located as well as to other countries in Europe and the USA, where the service providers we use are located (such as Microsoft).
If a recipient is in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless they are already subject to a legally recognized framework for ensuring data protection and we cannot rely on an exception. An exception may apply, in particular, in legal proceedings abroad, but also in cases of overriding public interest or when a contract execution requires such disclosure, if you have consented or if they involve data you have made publicly available, which you have not objected to processing.
6. Duration of Retention of Personal Data
We process and store your personal data as long as necessary to fulfill our contractual and legal obligations or otherwise pursue the purposes for which the data is processed, which means, for example, for the duration of the entire business relationship (from initiation, execution to termination of a contract) and beyond according to the statutory retention and documentation obligations. It is possible that personal data will be retained for the period in which claims against our company can be asserted and to the extent that we are also otherwise legally obligated to do so or if justified business interests require this (e.g. for proof and documentation purposes). Once your personal data is no longer needed for the purposes mentioned above, it will usually be deleted or anonymized as far as possible. For operational data (e.g. system logs, logs), generally shorter retention periods of twelve months or less apply.
7. Data Security
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization, and controls.
8. Obligation to Provide Personal Data
As part of our business relationship, you must provide those personal data that are necessary for the initiation and execution of a business relationship and to meet the associated contractual obligations (you do not generally have a legal obligation to provide us with data). Without this data, we will usually not be able to conclude a contract with you (or the entity or person you represent) or execute it. The website cannot be used if certain information necessary to ensure data traffic (such as IP address) is not disclosed.
9. Profiling and Automated Decision Making
We process your personal data partly in an automated manner with the aim of evaluating certain personal aspects (profiling). We use profiling particularly to inform and advise you specifically about products. We employ evaluative tools that enable us to communicate and advertise according to needs, including market and opinion research.
For the justification and execution of the business relationship and otherwise, we generally do not use fully automated decision-making (as regulated in Art. 22 GDPR). Should we employ such procedures in individual cases, we will inform you separately about this, as required by law, and clarify your related rights.
10. Rights of the Data Subject
You have rights under applicable data protection law to which you are subject (such as under the GDPR), including the right to access, rectification, deletion, the right to restrict processing, and to object to our data processing, particularly that for the purposes of direct marketing, profiling conducted for direct advertising, and other legitimate interests in processing, as well as the right to request certain personal data for transfer to another entity (so-called data portability). Please note that we reserve the right to assert the legal limitations on our part, such as if we are required to retain or process certain data, have a legitimate interest in this (as long as we can invoke this), or need it for asserting claims. If costs arise for you, we will inform you in advance. We have already informed you about the option to revoke your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as early termination of the agreement or cost implications. In such cases, we will inform you beforehand, unless this is already regulated in the contract.
Each affected person also has the right to enforce their claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
11. Changes
We can adapt this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any updates via email or another suitable means.