Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
India
New Zealand
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Israel
Morocco
UAE
Tanzania
Bahrain
Oman
Saudi Arabia
Privacy policy for employees
1. Introduction
The Howden Group (hereinafter also ‘Howden’, ‘we’, or ‘us’) processes personal data relating to you or to other individuals (‘third parties’).
Throughout this document, we use the term ‘data’ interchangeably with ‘personal data’ or ‘personal information’. ‘Personal data’ refers to any information relating to an identified or identifiable natural person. A ‘data subject’ is any individual whose personal data we process. ‘Processing’ means any operation performed on personal data, such as its collection, storage, use, modification, disclosure, or deletion. The terms ‘process’ and ‘processing’ are used synonymously in this policy.
This Privacy Policy applies to the following companies within the Howden Group: Howden Switzerland Holding Ltd., Howden Switzerland Ltd., Swibro Ltd., Vorsorge Partner AG, Howden Broker Service Switzerland Ltd., Howden Liechtenstein AG, Howden Sky AG.
Our data protection practices comply with the Swiss Federal Act on Data Protection (FADP), including the Ordinance on Data Protection (Data Protection Ordinance, DPO), as well as the EU General Data Protection Regulation (GDPR), with applicability depending on the specific circumstances of each case.
2. What does this Privacy Policy cover?
This Privacy Policy provides information about the personal data we process in connection with all current and former full-time and part-time employees. Please also refer to our general Privacy Policy at this link.
3. Who is the controller?
The controller and contact for data processing is the Howden company that carries out the respective processing (e.g. provides the service under your contract, maintains a business relationship with you, or operates the website you visit).
3.1 Howden Switzerland Holding Ltd.
The controller responsible for services provided by Howden Switzerland Holding Ltd. is:
Howden Switzerland Holding Ltd.
Industriestrasse 8
6300 Zug
[email protected]
3.2 Howden Switzerland Ltd.
The controller responsible for services provided by Howden Switzerland Ltd. is:
Howden Switzerland Ltd.
Industriestrasse 8
6300 Zug
[email protected]
3.3 Swibro Ltd.
The controller responsible for services provided by Swibro Ltd. is:
Swibro Ltd.
Rorschacher Strasse 294
9016 St. Gallen
[email protected]
3.4 Vorsorge Partner AG
The controller responsible for services provided by Vorsorge Partner AG is:
Vorsorge Partner AG
Pestalozzistrasse 2
9000 St. Gallen
[email protected]
3.5 Howden Broker Service Switzerland Ltd.
The controller responsible for services provided by Howden Broker Service Switzerland Ltd. is:
Howden Broker Service Switzerland Ltd.
Picardiestrasse 3A
5040 Schöftland
[email protected]
3.6 Howden Liechtenstein AG
The controller responsible for services provided by Howden Liechtenstein AG is:
Howden Liechtenstein AG
Im Bretscha 2
9494 Schaan (FL)
[email protected]
3.7 Howden Sky AG
The controller responsible for services provided by Howden Sky AG is:
Howden Sky AG
Im Bretscha 2
9494 Schaan (FL)
[email protected]
4. What personal data is processed?
The personal data we collect and process about our employees comes from various sources. On the one hand, this includes data provided to us during the recruitment process or at the time the employment contract was concluded.
On the other hand, data may be obtained during the course of the employment relationship directly from employees, from third parties (e.g. references from previous employers), or from publicly available sources. For the purpose of implementing and managing the employment relationship, we process, in particular, the following categories of personal data:
• identification and personal data: title, name, date of birth, gender, marital status, information about children and other family members, emergency contacts;
• contact details: private telephone numbers, email addresses, and home address;
• employment-related data: employment contract, position, reporting line and job classification, personnel number, start and end dates, remuneration, correspondence, working time and performance records, holiday and sick leave;
• working time and absence data: information on workload and working days, attendance records, absences (e.g. holidays, illness, further training);
• financial and payroll data: bank details, payslips (including bonuses, expenses, and allowances), travel and training costs, withholding-tax information, and details of child or education allowances;
• social security data: OASI number, BVG-related data, pension and social benefit plans, and, where applicable, social security numbers of partners or children;
• Performance and development data: qualifications, performance reviews, employee appraisals, target agreements, meeting notes, and assessment reports;
• Application and personnel records: application documents, certificates, diplomas, extracts from criminal or debt-collection registers, references, information on disciplinary measures or proceedings, and driving licences;
• IT and system data: usage data from IT and communication systems, including intranet and other internal applications.
5. For what purposes and on what basis do we process your personal data?
We process employee personal data for the following purposes:
• implementation of the employment relationship – maintaining personnel files, issuing employment and interim references, conducting performance appraisals, managing terminations, processing insurance matters, recording working hours and resource planning, access control, and submitting statutory reports to authorities. In this context, we process personal data for the purpose of initiating or performing a contract and to comply with our legal and regulatory obligations;
• internal management and personnel administration – managing child allowances, absences and holidays, accident and sickness reports, payroll, contact data, employee directories, and onboarding and offboarding processes. In this context, we process personal data for the purpose of initiating or performing a contract and to comply with our legal and regulatory obligations;
• security purposes: ensuring workplace and building security – including access controls, and protecting IT systems against misuse, disruption, or damage. In this context, we process personal data on the basis of our legitimate interests and to comply with our legal and regulatory obligations;
• investigations and legal proceedings – investigating misconduct, conducting internal investigations, participating in official proceedings, and asserting or defending legal claims. In this context, we process personal data on the basis of our legitimate interests and to comply with our legal and regulatory obligations;
• other purposes – organising company events, billing third-party services – e.g. mobile phone services – , ensuring business operations, internal communication, intranet or social media publications, and marketing or communication initiatives. In these cases, we process personal data on the basis of consent and our legitimate interests).
6. Whom do we disclose your personal data to?
We only disclose your personal data to third parties where this is necessary for the performance of the employment relationship, where such third parties provide services on our behalf, where we are legally or officially required to do so, where we have an overriding legitimate interest in the disclosure, or where you have given your consent or requested us to do so.
The following categories of recipients may receive personal data from us:
• companies within the Howden Group, insofar as they are involved in the application process;
• service providers in Switzerland and abroad, such as shared service centres within the Howden Group (e.g. legal, compliance and finance departments), IT service
providers, medical examiners, application management system providers, external recruiters, and consulting firms that support us in processing applications;
• Insurance market participants: We may exchange personal data with other participants in the insurance market. These include, for example, insurance and reinsurance companies, claims adjusters, underwriters, brokers or intermediaries, pension and vested benefits institutions.
• Co-brokers and their employees: We disclose to our co-brokers the personal data necessary for advising on, supporting and distributing our products and services and for calculating their remuneration. If you are an employee of a co-broker with whom we have concluded a contract, the execution of this contract may result in us disclosing personal data to the company.
• authorities and courts, where we are legally obliged or entitled to disclose personal data.
7. Is personal data transferred abroad?
As part of the recruitment process, we may also disclose your personal data to other entities. These recipients may be located not only in Switzerland, but also in Europe and worldwide. As a rule, personal data is transferred only to countries whose level of data protection has been recognised as adequate by the Swiss Federal Council or the European Commission.
If a recipient is located in a country that does not provide an adequate level of data protection, we will ensure appropriate protection of your personal data by means of contractual safeguards (e.g. the European Commission’s Standard Contractual Clauses) or other recognised mechanisms.
In exceptional cases, a transfer may also take place where a legal basis or an applicable derogation permits it (for example, in connection with legal proceedings, for reasons of overriding public interest, for the performance of a contract, on the basis of your consent, or where the data concerned has been made publicly accessible).
8. How long do we process your personal data?
We store and process employee personal data only for as long as necessary to achieve the purposes for which it was collected or as required by statutory retention obligations. As a general rule, we retain employee data for the duration of the employment relationship and for up to ten years after its termination. Exceptions apply where longer statutory retention periods exist (for example, under the Federal Act on Direct Federal Taxation [DBG] or the Federal Act on Occupational Retirement, Survivors’ and Disability Pension Plans [BVG]), where storage is required for evidentiary purposes, or where another valid exception applies under applicable law.
9. How do we protect your personal data?
We implement appropriate technical and organisational security measures to ensure the confidentiality, integrity, and availability of personal data, to protect it against unauthorised or unlawful processing, and to mitigate the risks of loss, accidental alteration, unintended disclosure, or unauthorised access.
10. Do we use automated individual decision-making?
In some cases, decisions affecting you may be made entirely through automated processing, meaning that such decisions are taken without human involvement. As a general rule, we do not engage in automated decision-making. If we plan to use automated decision-making in individual cases, we will inform you accordingly.
11. Do we use cookies and tracking pixels?
Please visit our cookie policy at this link to learn more about our use of cookies and tracking pixels.
12. What data do we process on our social media pages?
We maintain online presences on social media networks and third-party platforms (e.g. LinkedIn, Instagram; hereinafter referred to as ‘platforms’), such as fan pages, channels, or profiles. If you interact with us via such platforms – for example, by viewing our content, posting comments, or sending us messages – we process the personal data described in this Privacy Policy. We receive this data either directly from you or through the respective platform.
Please note that the operators of these platforms also collect and process personal data about your use of our online presences under their own data protection responsibility. This applies in particular to information about your usage behaviour and interests, which they may use for their own purposes, such as market research, audience measurement, or personalised advertising. The processing of your data by the platform operators is governed by their own privacy policies. We have no influence over the data processing carried out by these platforms.
13. What rights do you have?
To make it easier for you to exercise control over the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
• right of access – to request information about whether and which personal data we process about you, for what purposes, for how long, as well as the origin of the data and the categories of recipients to whom we disclose it;
• right to rectification – to request that we correct or complete inaccurate or incomplete data;
• right to restriction of processing;
• right to erasure (‘right to be forgotten’) – to request the deletion of personal data;
• right to data portability – to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
• right to object – to object to the processing of your data, particularly in connection with direct marketing;
• right to prevent future processing or disclosure to third parties;
• right to withdraw consent – where processing is based on your consent, to withdraw that consent at any time with effect for the future;
• right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If you wish to exercise any of these rights against us (or one of our group companies), please contact us by email at [email protected]. To prevent misuse, we must verify your identity (e.g. by requesting a copy of your ID, where necessary).
Please note that these rights may be subject to conditions, exceptions, or limitations under applicable data protection law (e.g. to protect the rights of third parties or trade secrets). Where applicable, we will inform you accordingly.
You also have the option of lodging a complaint with the competent data protection supervisory authority. A list of authorities in the European Economic Area (EEA) can be found here. The contact details of the Swiss supervisory authority – the Federal Data Protection and Information Commissioner (FDPIC) – can be found at this link. The contact details of the data protection authority in Liechtenstein can be found here.
14. Can this Privacy Policy be changed?
We may amend this Privacy Policy at any time. The version published on this website is the current version.
November 2025