Online Portals of the Swiss Federal Pension Fund PUBLICA
I. GENERAL PROVISIONS
1. Scope of application
- Active member portal
- Pension recipient portal
They apply to all registered users using the services of those portals.
2. General considerations
- Points 2–10 contain the provisions that apply to all the portals listed above.
- Points 11+12 contain the provisions that apply to specific portals only.
- Use of the portals is free of charge.
- The servers on which the portals are operated and the data are stored are located in Switzerland.
- In the event of any dispute, the German version of this document takes precedence.
3. Duties and responsibilities of PUBLICA
How secure are the portals?
- The portals comply with state-of-the-art security standards.
- Communication is via an encrypted internet connection using two-factor user authentication.
What about data protection?
- PUBLICA takes all reasonable technical and organisational measures to protect the data made available in the portals against unauthorised access or other forms of data processing not permitted by law.
- Except where otherwise provided for, PUBLICA treats as confidential any information made available to it via the portals that is not in the public domain. Data are protected in accordance with the provisions on data protection contained in the Federal Act on Occupational Old Age, Survivors’ and Disability Pension Provision (OPA, SR 831.40) and the Federal Act on Data Protection (FADP, SR 235.1).
Which browsers and operating systems can the portals be used with?
PUBLICA tests performance using the latest versions of the most commonly used browsers and operating systems. PUBLICA cannot guarantee that the portals will work with all browsers and operating systems.
Are the portals available 24 hours a day?
- PUBLICA makes every effort to ensure that the portals are available to users at all times, but cannot guarantee that this will be the case. Users will be notified of upcoming maintenance work or planned system downtimes.
- PUBLICA will rectify any interruptions and problems, especially those for which it is responsible, as quickly as possible. PUBLICA will decide when errors are to be rectified without consulting users. Depending on the duration of an interruption or the complexity of the problem, PUBLICA may notify users on the website publica.ch.
What data are retained, and for how long?
- The requirement to retain the data contained in the portals is governed by the legislation covering the data concerned, specifically:
- the provisions of federal law on processing personal data when using electronic infrastructure (Government and Administration Organisation Act GAOA, Art. 57i – 57q [SR 172.010] and the Marginal Data Ordinance [SR 172.010.442]
- the Federal Act on Occupational Old Age, Survivors’ and Disability Pensions (OPA, SR 831.40) and the Ordinance on Occupational Old Age, Survivors’ and Disability Pension Provision (OPO 2, SR 831.441.1, Art. 27j). PUBLICA is not required to retain any content not covered by that legislation.
PUBLICA will define how long documents are available in the portals irrespective of the statutory retention requirement.
What lies outside PUBLICA’s responsibility?
- Risks in connection with the authorisation conducted via the FOITT when registering or logging in.
- Loss or damage
- attributable to using the portals in ways that are improper or contrary to the regulations, in particular to a violation of duties of due diligence by users or third parties;
- incurred by users as a result of transmission errors, technical defects, interruptions, disruptions or incorrect data;
- resulting from transmission errors, technical defects, overloading, interruptions (including system maintenance work), disruptions and illegal interference or deliberate blocking of telecommunications equipment and networks or other shortcomings on the part of the operators of the telecommunication equipment or networks;
- resulting from blocking of access or of portals in accordance with point 7.
- Despite having put in place appropriate protection, responding rapidly to relevant notifications, conducting regular inspections and taking action, PUBLICA
- cannot exclude the possibility of the portals and the associated web applications being misused;
- cannot guarantee that the portals are secure against attacks by hackers, viruses, etc.;
- cannot guarantee that data will not be captured or published by third parties during transmission, and that consequently, the confidentiality of that data is assured;
- cannot guarantee that e-mails with PUBLICA as the sender address were in fact sent by PUBLICA, or that e-mails sent by PUBLICA will reach the correct recipient unaltered and in good time. The same applies to the content and operations of third-party sites accessible via a hyperlink.
When is PUBLICA liable?
In the event of claims, and regardless of their legal basis, PUBLICA will only be liable for loss or damage caused by grossly negligent or deliberate actions by staff acting on behalf of PUBLICA.
To the extent permitted by law, PUBLICA excludes liability for auxiliary staff and agents as well as for indirect and consequential loss or damage.
4. Duties and responsibilities of users
What are the duties of users?
- Users must provide complete and truthful information when registering for and using the portal.
- All information must be kept correct and up to date.
- For this reason, changes that affect the right to access the portal such as
- leaving PUBLICA,
- standing down from a governing body,
- switching to a different pension plan or
- transferring access authorisation to a different person
must be communicated to PUBLICA promptly by means of a written document bearing a legally binding signature. Details of the procedure for doing so can be found on the website (publica.ch).
- Users may only use the portal for the intended purpose.
- Users must
- respect the rights of third parties;
- check their data for correctness before sending them;
- protect their IT infrastructure and the devices on which they use the portal against unauthorised access and misuse by third parties;
- keep their means of authentication secret, manage them securely and protect them against misuse by third parties.
- If there are doubts as to whether an e-mail was in fact sent by PUBLICA, it must not be opened, and/or instructions contained in it acted upon, before consulting PUBLICA to confirm that PUBLICA is indeed the sender.
- If users detect an error (e.g. unauthorised access by third parties), they must inform PUBLICA without delay. If, as the result of an error, users gain access to confidential information protected by law, they must not disseminate, copy or otherwise use that information in any way.
What lies within the user’s responsibility?
- Users are responsible for
- every use of the access within their sphere of responsibility, as well as the content of the information sent.
Useful information about data security and data protection
- Users are expressly advised that
- user names, passwords and means of authentication for the portal must be kept secret and stored in a safe place, must not be shared, and must be protected against misuse by third parties;
- information accessed and read from the portals is stored by the browser in a cache on the device used to access them.
- Data stored in this way can be read by anyone using the device until the cache is cleared.
- The method of clearing the cache differs from browser to browser; consult the documentation for the browser concerned for details.
- Inadequate security precautions on the device(s) used may enable or facilitate unauthorised access to data belonging to the user or held by PUBLICA.
5. Authentication and access data
How do I gain acces tos one or more portals? Requirements:
- Authentication for the portals is carried out on behalf of PUBLICA by the Federal Office of Information Technology, Systems and Telecommunication (FOITT), which acts as identity provider (IdP) and manages the means of authentication.
- PUBLICA reserves the right to change the IdP or assume the function of IdP itself, without consulting users.
- Users require an access identity issued by the IdP.
6. Access and access activation
How do I gain access to one or more portals? Access:
- Access to the portals is granted to persons who are authorised to use one or more portals.
- Access is activated by means of an invitation process. The activation data are contained in the invitation letter.
- Access authorisation is personal and non-transferable. The provisions applicable to specific portals (points 11 et seqq.) may provide for access rights to be granted to additional persons.
7. Exclusion from use
Who can order a block?
Blocking at the user’s request
- If a user has reasons to believe that unauthorised persons have obtained or could obtain access to the portal, they must notify PUBLICA without delay. Until a block requested by a user from PUBLICA has been put in place, the user bears full responsibility for any loss or damage resulting from unauthorised access to the portal.
- Contact for requesting a block
Details of who to contact to request a block by PUBLICA can be found on the portal or the public website publica.ch.
Blocking by PUBLICA
- If PUBLICA or the system operators acting on its behalf detect security risks or other irregularities in the use of one or more portals, PUBLICA may at any time, temporarily and without prior notice, block individual access as well as individual portals or all portals, either wholly or in part.
- In particular, a block may be put in place if
- access authentication is misused or shared, or
- a risk from malware is identified.
- No access to the portals will be granted without this acceptance.
- The confirmation will also be valid for activation in respect of other portals and their use.
- If they refuse to do so, this will automatically result in the immediate cancellation of access authorisation in respect of all portals.
- The amendment notification will make reference to this fact.
9. Data gathering
PUBLICA collects only the data that are necessary in order to offer users properly functioning portals and user-friendly content and services.
- Log files
The following data are stored in log files when users access PUBLICA’s website and portals: IP address, date, time, browser request and general information on the device used, including operating system and browser. These data are evaluated using analytics tools. PUBLICA’s aims in so doing are to continually improve communication and to monitor operations.
- Web analytics
If storage of session cookies has been blocked in the user’s browser, it will not be possible to use the portals.
10. Place of jurisdiction
The place of jurisdiction is Bern.
PROVISIONS APPLICABLE TO SPECIFIC PORTALS
11. Active member portal
What information is available on the active member portal?
- The active member portal offers active members insured with PUBLICA information about their insurance relationship.
- Once registered and for as long as they remain registered, active members will receive the information due to them each year under Article 86b OPA only via the online channel. This information includes
- the pension certificate,
- information about the organisation and financing
- (key figures on PUBLICA, the member’s pension plan, investments),
- the members of the Board of Directors.
Does the active member portal offer any other services?
- The portal also offers the following services:
- pension account data updated daily
- (balance of retirement assets, termination benefits, amount of possible buy-ins);
- simulations (buy-in, early withdrawal to finance home ownership, divorce) presented at the level of benefits (termination benefits, retirement, survivor’s or disability pension);
- provision of offers for a buy-in and, once the decision to make a buy-in has been made, the invoice and confirmation that payment has been received.
- PUBLICA reserves the right to further develop the offerings in the active member portal in accordance with the needs of users.
12. Pension recipient portal
What information is available on the pension recipient portal?
- The pension recipient portal offers persons receiving a retirement or disability pension the following services:
- statements to download:
- pension statement
- tax statement
- uploading a confirmed life certificate to PUBLICA
- online notifications regarding
- payment details (account into which the pension is paid)
- contact information
- changes of marital status
- PUBLICA reserves the right to further develop the offerings in the pension recipient portal in accordance with the needs of users.