Helvetia Privacy Policy

In the context of financial planning, we process the categories of data described below, although this list is not exhaustive.

In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.

We refer to the basic data that we require in addition to the contract data (see below) for the processing of our contractual relationships or for marketing and advertising purposes as master data. Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, data from identification documents), other identification data (e.g. AHV number, customer number, tax identification number) or information about your relationship with us (e.g. partner/customer status, customer history). Account details are also collected, including bank account details (e.g. account numbers).

We receive master data from you or from third parties, for example from public registers. We also receive data in connection with address changes, as we are involved in an address update network which sends us and the other companies involved in the network updated address data (e.g. the new address after a move).

This is data that is collected in connection with the conclusion or processing of a contract in the context of financial planning. Contract data includes data from planning contracts and information from pre-contractual relationships (e.g. information from previous consultation sessions, further information on the contract concerned, term of the contract and invoicing information as well as further contractual relationships in connection with financial planning).

Contract data also includes financial data, i.e. information on income (e.g. earned income, pension income and income from investments) and information on companies (e.g. annual financial statements, etc.), current account and deposit account statements, information on pension funds and pension assets, pension fund regulations, information on assets (e.g. real estate, credit balances, securities) and information on liabilities (e.g. current mortgages). 

For the purposes of preparing financial plans, we also process data on documents presented, e.g. marital agreements and contracts of succession, wills, divorce agreements, tax returns incl. supplementary sheets, information on advance care directives, extracts from the Land Register and advance healthcare directives.

We generally collect contract data directly from you, from contracting parties and from third parties involved in the processing of the contract, but also from third-party sources and from publicly accessible registers. If necessary, we will obtain separate consent from you.

When you contact us via the contact form, our Customer Service, by email, telephone or chat, by letter or via other means of communication, we collect the data exchanged between you and us, including your contact details and metadata relating to the communication.

We will specifically point out to you if we record telephone conversations, such as for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.

When communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents, answers to security questions) in order to prevent us releasing information to unauthorised third parties.

In order to provide you with the best possible service and advise you on our products and services, we would like to find out your preferences and determine your requirements. To do this, we collect and use data about your behaviour when you interact with us and about the preferences you tell us or that we identify.

Behavioural data is comprised of details of certain actions, for example the use of electronic means of communication (e.g. whether and when you opened an email), the use of our websites (for more information, see helvetia.ch/privacy) or customer portals, the way in which you obtain products and services, your interaction with our social media profiles and your participation in prize draws, competitions and events. Preference data tells us about your requirements and which products or services might be of interest to you. We obtain this information from the analysis of existing data, such as behavioural data, so that we can tailor our consultation and our offers more precisely to you. To improve the quality of our analyses, we may combine such data with other data that we obtain from third parties such as address brokers, government agencies and publicly available sources, for example, information on your household size, income bracket and purchasing power, socio-demographic data, shopping behaviour and contact details of relatives.

We may also collect data from you in other situations. In connection with official or judicial proceedings, for instance, data accumulates (e.g. files, evidence) that may also relate to you.

We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events, by security cameras, etc.). You will always be asked for your consent or informed accordingly in advance. For security purposes, we may also collect data on who enters certain buildings and when, or who has corresponding access rights (e.g. in the case of access controls or based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems.

We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities) and in some cases also from our Helvetia Baloise Group companies.

Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us with effect for the future. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its withdrawal.

Unless we ask you for your consent to processing, we base the processing of your personal data  on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in doing so, for example in order to pursue the purposes described above under clause 4 and the associated objectives as well as to take appropriate measures. Our legitimate interests also include the marketing of our products and services.

In addition, we may also base some of our data processing on a legal basis that entitles us to process personal data.

For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance policy, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.

In the event that we base our decisions when concluding a contract or handling a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by a member of our staff if necessary. Such fully automated decisions are always based on rules we have established in advance for weighting the information. 

When your personal data is processed by recipients in accordance with clause 7.3 above, your data may also be transmitted abroad, for example when personal data is forwarded to other companies of the Helvetia Baloise Group or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. authorities and courts), as well as to other bodies.

Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP. Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

In accordance with the applicable
data protection law and under certain conditions, you have the followingrights:

Right of access

You may request information as to
whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.

Right to rectification

You can request that we correct incorrect data or complete incomplete data.

Right to erasure

You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.

Right to restriction of processing

You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.

Right to object to data processing and withdraw consent

Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing

In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the withdrawal.

Right to data portability

You may request that the data provided by you be released or transmitted in a commonly used electronic form to another data controller, provided that the processing is carried out by means of automated processing or you have consented to the processing. Rights in the case of automated individual decision-making

You have the right to express your
point of view in the case of exclusively automated individual decisions and to
request that the decision be reviewed by a natural person.

Right to complain
You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.

Contact details of supervisory authority

You can contact the Swiss Supervisory authority here.

The contact details for the Liechtenstein Data Protection Office can be found here.

A list of authorities in the EEA can be found here.

The UK supervisory authority can be contacted here.

Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:

COMPANY
Data Protection
Street, No.
4002 Basel
Email:  Address

Baloise Bank Ltd
Data Protection Unit
Amtshausplatz 4
4502 Solothurn
Email: datenschutz-bank@baloise.ch

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.

When processing personal data, we take appropriate technical and organisational measures to prevent unauthorised access and other instances of unauthorised processing. These measures are based on international standards and are regularly reviewed and adjusted if necessary.