Menu

Annual Report 2025
Annual Report 2025
Open more reports

Download Center

Home

Data Protection

Swiss Life has put in place robust standards to protect personal data. These standards implement the applicable legal and regulatory requirements, on a Group-wide basis where necessary, and govern the basic requirements for Swiss Life’s processing of personal data and for data processing carried out by contracted service providers. They contain provisions on data security and the handling of data subjects’ rights, such as the right to information and to the rectification and deletion of data. They also define the basic requirements for governance and the documentation obligations applicable to data processing. Furthermore, all divisions have a data protection advisor.

An Intra-Group Data Transfer Agreement (updated in 2023), which meets the requirements of the Swiss Federal Act on Data Protection, the European General Data Protection Regulation and the other legal systems applicable to Swiss Life’s business, provides the framework for the internal transfer of personal data between the companies of the Swiss Life Group. Swiss Life transmits personal data to third parties only in compliance with the data protection obligations, for example for processing on behalf of another party or on the basis of legal obligations.

As part of the Compliance framework, all Swiss Life divisions have defined processes for dealing with data protection breaches. Amongst other things, these processes regulate notification of the data subjects and the supervisory authorities. There were no significant data protection breaches during the year under review.

Employees undergo data protection training within six months of joining, with repeat sessions every two years. Participation in the training is compulsory and is verified.

The Compliance team regularly assesses the implementation and observance of the applicable provisions. The Board of Directors’ Audit Committee and the Corporate Executive Board’s Risk Committee are kept informed on an ongoing basis about data protection matters as part of compliance reporting and thereby fulfil their respective responsibilities in the area of data protection. Corporate Internal Audit regularly reviews data protection in a risk-oriented manner as part of its internal auditing activities and counters any deficiencies with appropriate measures.

Data security is part of information security. More information can be found in the “Cybersecurity” section.