Federal Act
on the Swiss Financial Market Supervisory Authority
(Financial Market Supervision Act, FINMASA)

¹ The em­ploy­ment of FINMA staff is gov­erned by pub­lic law.

² Art­icle 6a of the Fed­er­al Per­son­nel Act of 24 March 2000²⁹ ap­plies by ana­logy.

³ The oc­cu­pa­tion­al pen­sion scheme for the staff is gov­erned by the le­gis­la­tion on the Fed­er­al Pen­sion Fund.

⁴ The Board of Dir­ect­ors reg­u­lates in an or­din­ance:

a.

the em­ploy­ment of per­son­nel and in par­tic­u­lar salar­ies, ad­di­tion­al be­ne­fits, work­ing hours, duty of loy­alty and ter­min­a­tion of em­ploy­ment;

b.

the com­pos­i­tion, elec­tion and or­gan­isa­tion of the Joint Com­mit­tee for the FINMA Pen­sion Fund.

⁵ The Board of Dir­ect­ors shall sub­mit the or­din­ance to the Fed­er­al Coun­cil for ap­prov­al.

Art. 13a³⁰Data processing

¹ FINMA shall pro­cess, in hard copy or in one or more in­form­a­tion sys­tems, the data on its em­ploy­ees and on job ap­plic­ants ne­ces­sary for per­form­ing the tasks in ac­cord­ance with this Act. It may del­eg­ate the pro­cessing to a pro­cessor. The data pro­cessed re­late in par­tic­u­lar to:³¹

a.³²

the ap­plic­a­tion pro­cess;

a^bis.³³

cre­at­ing, ex­ecut­ing and ter­min­at­ing an em­ploy­ment re­la­tion­ship;

b.

per­son­nel and wage man­age­ment;

c.

per­son­nel de­vel­op­ment;

d.

per­form­ance ap­prais­al;

e.

re­in­teg­ra­tion meas­ures in the event of ill­ness and ac­ci­dent.

² It may pro­cess the fol­low­ing data per­tain­ing to its em­ploy­ees ne­ces­sary for per­form­ing the tasks set out in para­graph 1, in­clud­ing sens­it­ive per­son­al data:³⁴

a.

per­son­al de­tails;

b.

state of health de­tails with re­gard to work­ing abil­ity;

c.

per­form­ance and po­ten­tial in­form­a­tion, as well as data on per­son­al and pro­fes­sion­al de­vel­op­ment;

d.

data re­quired with­in the frame­work of par­ti­cip­a­tion in the im­ple­ment­a­tion of so­cial se­cur­ity law;

e.

case files and au­thor­it­ies' de­cisions as­so­ci­ated with work.

³ It shall is­sue im­ple­ment­ing reg­u­la­tions with re­gard to:

a.

the ar­chi­tec­ture, or­gan­isa­tion and op­er­a­tion of the in­form­a­tion sys­tem(s);

b.

the pro­cessing of data, par­tic­u­larly gath­er­ing, stor­age, archiv­ing and de­struc­tion;

c.

data pro­cessing au­thor­isa­tions;

d.

the data cat­egor­ies un­der para­graph 2;

e.

data pro­tec­tion and se­cur­ity.