We use cookies to make its website more user-friendly, secure and effective. Cookies collect information about the use of websites. Further information: Information on data protection
This Privacy Policy applies to the processing of data in connection with the services provided by Helvetia Insurance Ltd’s Bal4kids day nursery (hereinafter also referred to collectively as the “nursery” or “we”; see clause 2). We process your personal data (hereinafter also referred to as “data”) or the personal data of other persons insofar as this is necessary for the conclusion or servicing of this contractual relationship.
Personal data is data that relates to an identified or identifiable natural person. Sensitive personal data is personal data that is specially protected by law due to its sensitivity, for example health data. Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or erasure. We comply with the Federal Data Protection Act (FADP), the implementing ordinance (DPO) and any other data protection legislation applicable in specific cases In the following, we explain what data we collect, what we use it for and what your rights are in this regard.
We process not only your data (e.g. parents, contracting parties), but also data relating to third parties, in particular the following persons (hereinafter referred to as “they”):
When you transmit data to us about third parties (e.g. family members), we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.
Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our Data Protection Unit monitors compliance with data protection regulations.
The data controller for the data processing described here is:
For questions regarding data protection and the rights of data subjects, individuals can contact Helvetia using the keyword "Data Protection". This will connect them with Helvetia's data protection advisor or data protection officer.
Helvetia Insurance Ltd
Data Protection Unit
St. Alban Anlage 26
4002 Basel
Tel.: +41 58 280 10 00
E-Mail: datenschutz@helvetia.ch
As part of the care we provide for your child or children, we process the categories of data described below; please note that the examples listed are not exhaustive.
In the event of changes to data over time (e.g. due to a change of address or a change in civil status), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.
Master data includes, in particular, contact information (e.g. name, address, telephone number, email address, photographs, care and customer history) as well as information about third parties (e.g. contact persons, details of family members). We receive master data from you directly or from third parties (e.g. from public authorities such as municipalities).
This includes data generated in connection with the conclusion or performance of a contract, such as contractual benefits, data relating to the provision of benefits, data from the period prior to the conclusion of the contract, details regarding the performance of the contract and financial data (e.g. information on financial circumstances for the purposes of tariff classification), as well as declarations of consent. We generally collect contractual data directly from you or receive it from third parties involved in the processing of the contract (e.g. employers), but also from third-party sources (e.g. providers of creditworthiness data) and from people closely associated with you (e.g. family members).
This refers to data relating to the care relationship that is generated during the course of care provision, such as health information (e.g. allergies) or preferences (e.g. dietary requirements). This usually involves information about the person in care, but may also relate to information about their parents or other third parties (e.g. other key persons). We receive the care details either from you directly or from third parties.
When you contact us by email, telephone, post or via other means of communication (e.g. the nursery app), we collect the data exchanged between you and us, including your contact details and metadata relating to the communication.
We will specifically point out to you if we record telephone conversations, such as for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.
When communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents, answers to security questions) in order to prevent us releasing information to unauthorised third parties.
This is data that we collect as part of the registration process (e.g. login areas) or that you provide to us (e.g. email address).
In order to provide you with the best possible service, we would like to find out about your preferences and assess your needs. To this end, we collect and use data about your behaviour when interacting with us and about the preferences you share with us (e.g. responses to electronic communications, participation in events), supplemented where necessary with information from third parties.
Behavioural data is comprised of details of certain actions, such as the use of electronic means of communication (e.g. whether and when you opened an email) or the way in which you obtain services, as well as your participation in prize draws, competitions and events. Preference data tells us about your requirements and which services might be of interest to you. We obtain this information from analysis of existing data, such as behavioural data, so that we can tailor our offers more precisely to you. In order to improve the quality of our analyses, we may link this data with other data that we obtain from third parties such as address brokers, public offices and publicly accessible sources.
We may also collect data from you in other situations. In connection with official or judicial proceedings, for instance, data accumulates (e.g. files, evidence) that may relate to you. We may also collect data for health protection reasons (e.g. within the framework of protection concepts).
We may receive or produce photographs, video or audio recordings in which you may be recognisable, which we produce or receive from third parties and in which you are recognisable (e.g. at events, via security cameras, etc.) or in relation to participation in events.
We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities).
Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or if we are legally obliged or entitled to process it.
We process your communication data in order to communicate with you (e.g. to respond to enquiries, process contracts and provide customer support).
We process master and contract data in connection with the conclusion and performance of contracts with you as a parent or guardian, with suppliers and service providers, or with other contracting parties. This also includes the enforcement of legal claims arising in relation to policies (e.g. debt collection, legal proceedings, etc.), bookkeeping, the termination of contracts and public communications.
As part of our care services and to arrange care placements, we process personal and care-related data relating to you, the persons in care and third parties.
We may use your data to send you marketing communications about our services, for example in the form of newsletters or other regular communications (by email or post, by telephone, or as part of other marketing campaigns such as competitions or events). In particular, we use your communication data for this purpose.
In order to make our offers more relevant to your requirements and interests, we personalise some of our communications to allow for an individual approach. The individual approach can be made in writing or by telephone. To do this, we link data that we process about you – in particular master data, contract data, behavioural data and communication data – and determine preference data as a further basis for personalisation. We can also create interest profiles about you and divide you into advertising groups.
Please let us know if you do not wish your data to be processed for the above purposes (see contact address in clause 8).
In order to comply with the law and fulfil any legal obligations, we may process your personal and contractual data (e.g. maintaining records in accordance with the Ordinance on the Placement of Children in Foster Care (FCAO), tax law obligations or for health and safety policies). In addition, data processing may take place in the context of internal investigations as well as external investigations (for example by law enforcement or supervisory authorities or an appointed private body).
We may also process your data for other purposes, for instance, as part of our internal processes and administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims, such as by preserving evidence, legal clarifications and participation in judicial or official proceedings), security purposes (e.g. access controls, monitoring of buildings), statistical purposes and the evaluation and improvement of internal processes. As part of the development of the company, we may also sell or acquire businesses, parts of businesses or companies to other companies or enter into partnerships, which may also lead to the exchange and processing of data.
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing.
For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance policy, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.
In the event that we base our decisions when concluding a contract or handling a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by a member of our staff if necessary. Such fully automated decisions are always based on rules we have established in advance for weighting the information.
In connection with the purposes set out in clause 4 above, we may also disclose your personal data to third parties, in particular to the recipients categorised below:
6.1. Contracting parties, including parents and persons in care This refers to our customers (parents and legal guardians), the persons in our care, and other contracting parties, where the transfer of your data arises from the contract (e.g. because we have entered into a care agreement). This may also include health data.
We may share your data with official bodies, courts and other authorities (e.g. the Child and Adult Protection Authority, local authorities, supervisory bodies) in Switzerland and abroad if we are legally obliged or entitled to do so, or if this appears necessary to protect our interests. This may also include health data.
Other third parties include, for example, third parties acting on your behalf (such as your solicitor or other representatives appointed by you) or persons involved in administrative or legal proceedings. As part of our business development activities, we may sell or acquire businesses, business units, assets or companies, or enter into partnerships, which may result in data (including your own data, for example as a parent, a person in our care, a supplier or their representative) being disclosed to the parties involved in these transactions. When communicating with our competitors, industry organisations, associations and other bodies, we may also exchange data that may relate to you.
Some of our services and business functions (e.g. in connection with the purchase of IT services or for marketing campaigns) are provided on our behalf by legally independent companies in Switzerland and abroad (see clause 7 below), which may process data about you if this is necessary for the performance of the contract. This may also include health data. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation. Where contractually or legally provided, such service providers may in turn engage third parties under the same conditions.
When your personal data is processed by recipients in accordance with clause 7.6 above, your data may also be transmitted abroad, for example when personal data is forwarded to other Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. co-insurers and reinsurers, authorities and courts), as well as to other bodies such as foreign tax authorities.
Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the USA). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP.
Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation.
We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
A detailed list of the countries to which we may transfer data can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/privacy or request from our Data Protection Unit.
In accordance with the applicable data protection law and under certain conditions, you have the following rights:
You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.
You can request that we correct incorrect data or complete incomplete data.
You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.
You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.
Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing.
In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.
You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.
You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.
You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.
Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:
Helvetia Insurance
Datenschutz
St. Alban-Anlage 26
4002 Basel
E-Mail: datenschutz@helvetia.ch
Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be erased as part of our standard erasure processes.
When processing personal data, we take appropriate technical and organisational measures to prevent unauthorised access and other instances of unauthorised processing. These measures are based on international standards and are regularly reviewed and adjusted if necessary.
We would like to remind you that the Internet is an open, global network that is accessible to everyone. Communication via email is not usually encrypted and takes place only during regular office hours. It is possible that data may be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. We take technical and organisational security measures to prevent the risk within our systems. Nevertheless, the confidentiality of data transmitted by email cannot be guaranteed. This applies, in particular, to the transmission of sensitive personal data (such as health data). Emails may be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and us are located outside the security area under our control. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). We are not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the email system, for which we were not at fault. We reserve the right to claim compensation from you for any intentional damage we may suffer as a result of our business dealings with you via the electronic exchange of information. We reserve the right in individual cases not to reply by email or to additionally require a different form (e.g. a form with a signature) for the order or information received by email.