We use cookies to make its website more user-friendly, secure and effective. Cookies collect information about the use of websites. Further information: Information on data protection
This Privacy Policy provides you with an overview of the processing of your personal data and your rights under the Federal Act on Data Protection in connection with the processing, implementation and termination of the business relationship with the Portable Benefits Foundation and the Invest Savings 3 Pension Foundation of Baloise Bank (hereinafter also referred to as the “Foundations” or “we”; see clause 2). The two Foundations have entrusted Baloise Bank Ltd with account management. In addition to this Privacy Policy, the GTC of Baloise Bank, the applicable regulations and the pension provision agreements of the two Foundations, as well as product and service-specific information and conditions (e.g. the Terms of Use and the Privacy Policy for the Mobile Banking and e-banking applications) must be observed accordingly.
Personal data is information that relates to an identified or identifiable natural person. Sensitive personal data is personal data that is specially protected by law due to its sensitivity (see clause 3.10). Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or erasure. We comply with the Federal Data Protection Act (FADP), the Data Protection Ordinance (DPO) and any other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation, GDPR).
In the following, we will show what personal data (hereinafter also referred to as “data”) we collect, what we use it for and what your rights are in this regard. We not only process data of our customers, but also data of third parties, in particular of the following persons:
When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.
The following unit is responsible under data protection law for the forms of data processing described here:
Portable Benefits Foundation and the Invest Savings 3 Pension Foundation of Baloise Bank Ltd
c/o Baloise Bank Ltd
Amtshausplatz 4
4502 Solothurn, Switzerland
Email address: vorsorge@baloise.ch
Depending on which products and services you purchase from us, we process different categories of personal data, although this list provided in this document is not exhaustive.
In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we will modify the data accordingly. The previous data will be stored if necessary in the context of the statutory retention periods and will then be erased.
We refer to the basic data that we require in addition to the insured person data (see below) for the processing of our pension relationships or for relationship management. Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, data from identification documents), other identification data (e.g. AHV number, customer number, UID number or Tax Identification Number) or information about your relationship with us. Account details are also collected, including bank account details (e.g. account numbers).
Information on the persons affected by the data processing is also part of the master data, for example correspondence recipients, contact persons, family members or other beneficiaries.
We receive master data from you or from third parties, other pension funds or social insurance institutions, authorities or the persons you have appointed as beneficiaries, as well as from public registers (e.g. the Commercial Register).
Contract data is data that is collected in connection with the conclusion or processing of a contract, for example data concerning the products and services used by the customer or concerning third parties such as life partners, representatives, authorised representatives and beneficiaries who are also affected by data processing, information about the account, securities custody account or contracts concluded, as well as data in connection with services provided by or for customers.
Insured person data: Insured person data includes data from information provided by previous pension or vested benefits institutions, information on modifications (e.g. divorce), information in connection with the processing of claims to pension benefits (e.g. notification of the occurrence of the claim to pension benefits, reason for the occurrence of the claim to pension benefits, such as age, disability or death, and the event date), information about other benefit cases (e.g. withdrawal, divorce, advance withdrawal to finance home ownership), as well as information on your family situation (e.g. marital status, beneficiaries).
Contract data also includes financial data, i.e. information relating to payments and bank account details, information on assets and their origins, income, turnover and investments, as well as information on income from employment, pensions and, occasionally, payment behaviour (e.g. subsequent claims for withholding tax contributions).
We generally collect data related to contracts and insured person data directly from you, from contracting parties and from third parties involved in the processing of the insurance relationship (e.g. employers, other social insurance institutions or pension funds, authorities, courts), but also from third-party sources (e.g. pension funds, insurance companies, Land Register, Commercial Register or Debt Collection Offices), from people closely associated with you (e.g. family members, legal representatives, employers) and from publicly accessible registers (e.g. to review excerpts from the Register of Criminal Convictions when admitting new members to the supreme governing body), such as in the media or on the Internet. In doing so, we collect this data, and in some cases health data, for example from other pension funds and social insurance providers (e.g. previous insurers regarding previous pension relationships). If you enter into a pension relationship with us, you thereby release these bodies from any duty of confidentiality. If necessary, we will obtain separate consent from you.
Transaction data includes payment transaction data, payment order data, data on the payment recipient or on the beneficiary and on the reason for payment; ATM deposit and withdrawal data, as well as credit card numbers, expiry date and card verification data, data on acceptance points (e.g. merchant name or company name); payment and transaction data, including cash withdrawal data (e.g. transaction amount, date and time of transactions, currency, etc.); transaction type data or data on incorrect PIN entries; data on investigations at acceptance points in connection with a complaint or possible card misuse; information on use of the card for online payments, e.g. about the IP address of the device used or information related to additional authentication; information about your use of electronic communications (e.g. opening an email or clicking on a link).
This includes data required for compliance with legal obligations incumbent on us and the related clarification and reporting in the context of combating fraud, money laundering and terrorism. We obtain such data from publicly available sources and registers (e.g. sanctions lists) or from public authorities (e.g. information on US citizens / double citizens, economic background, beneficial owners, on the origins and beneficial ownership of assets, on controllers, politically exposed persons or for matching with sanctions lists).
When you contact us via the contact form, our Customer Service or by email, telephone, e-banking messenger or chat, by letter or via other means of communication (e.g. customer portal), we collect the data exchanged between you and us (text messages as well as audio and/or video data), including your contact details and metadata relating to the communication.
We will specifically point out to you if we record communication (e.g. telephone calls, video, chats), for example for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.
If you wish to communicate via Microsoft Teams, separate Terms of Use apply. We enlist the help of the Microsoft Group for the technical provision of Microsoft Teams. This may also involve your data being transferred to countries outside of Switzerland, in particular to France, the Netherlands and the US. Microsoft undertakes to ensure appropriate data protection by means of standard contractual clauses and supplementary contractual, technical and organisational measures. Microsoft can also use the data to optimise or improve its own services (e.g. for the technical optimisation of the conference system) and to fight cybercrime and attacks. Microsoft’s Privacy Policy can be found at privacy.microsoft.com/en/privacystatement.
In addition, when communicating with you (for example when you submit a request for information), we sometimes also collect data to establish your identity (e.g. information from official identification documents, replies to security questions) in order to prevent us providing information to unauthorised third parties.
In order to provide you with the best possible service and advice on our products and services, we would like to find out your preferences and determine your requirements. To do this, we collect and use data about your interactions with us and about the preferences you tell us or that we identify.
Behavioural data is comprised of details of certain actions, such as the use of electronic means of communication (e.g. whether and when you opened an email), your use of our web pages or customer portals, the way in which you obtain products and services, your interaction with our social media profiles and your participation in prize draws, competitions and events. Preference data tells us about your requirements and which products or services might be of interest to you. We obtain this information from the analysis of existing data, such as behavioural data, so that we can tailor our consultation and our offers more precisely to you.
Technical data includes information collected when you access our websites, apps and social media channels, i.e. data transmitted to us by your browser or end device (smartphone) and automatically collected by our server. This includes IP addresses, MAC addresses of electronic devices, information about these devices (e.g. brand, type, screen, memory) and their settings (e.g. language, keyboard), cookies, functions used, date, time and duration of access, name of the files accessed and content visited, web browser, domain requested, orders placed or attempted, referring web pages and location information, client ID and version of the app installed.
We may also collect data from you in other situations. In connection with official or judicial proceedings, for instance, data accumulates (e.g. files or evidence) that may also relate to you.
We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events, by security cameras, etc.). You will either be asked for your consent or informed accordingly in advance (e.g. when opening a digital account). For security purposes, we may also collect data on who enters certain buildings at what point in time, or who has corresponding access rights (e.g. in the case of access controls or based on registration data or visitor lists, etc.), or who participates in events or campaigns (e.g. competitions) or uses our infrastructure and systems and at what point in time.
Details on video surveillance can be found in the separate Privacy Policy on video surveillance.
We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities).
In some cases, we may collect sensitive personal data. Sensitive personal data, as defined by law, includes data on religious, ideological, political or trade union-related views or activities; data on health, private life or ethnicity; genetic data; biometric data for the unambiguous identification of a natural person; data on administrative and criminal proceedings or sanctions; and data on social security measures.
We only collect sensitive personal data, such as information on previous accidents/illnesses or disability, as well as information from relevant physicians, if we require this information for the processing of the pension relationship. This is namely the case in the event of a disbursement due to disability, although, in such cases, we only process the data from the Federal Disability Insurance (IV) ruling or if the exit statement of a pension fund contains information on the state of health or on provisos imposed for health reasons.
In some cases, we collect data directly from you, for example when you provide it to us (e.g. opening or terminating a business relationship, conclusion of a contract, consultation sessions or use of digital services).
This is data that is disclosed to us by third parties (e.g. the debt collection register, the Swiss Consumer Credit Information Office (IKO), from the Swiss Central Credit Information Bureau (ZEK), from credit bureaus, credit agencies, third-party banks, fraud prevention agencies (e.g. World-Check), pension funds or pension foundations) for the purpose of executing orders or reviewing and processing contracts or with your consent, as well as data from our contractual partners, intermediaries, Group companies, or from domestic and foreign authorities, offices or courts.
This data becomes known to us as a result of your use of products or services or is transmitted via the technical infrastructure, e.g. when you visit our web pages, access our apps or through processes requiring the division of labour (e.g. in payment transactions, securities trading or cooperation with other financial or IT service providers, marketplaces or exchanges).
We also receive data in connection with address changes, as we are involved in an address update network which sends us and the other companies involved in the network updated address data (e.g. the new address after a move).
Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or for which we are legally obliged or entitled to process it. For further details on the basis of our processing, please refer to clause 6.
Prior to the establishment of a pension relationship, we process your data in order to offer you the desired consultation and to contact you in this regard. Personal details – in particular master data, insured person data and communication data – are collected from you or are derived from communication.
If a pension relationship is established, we process your data to implement the pension relationship, in particular to provide regulatory benefits and to manage the insurance relationship, for example to process modifications and to communicate with you. This also includes consultation and insured person support, the enforcement of legal claims arising from contracts (court proceedings, etc.) as well as accounting and termination of the pension relationship. In this context, we process in particular master data and insured person data (including sensitive data) as well as communication data.
In certain cases, we may be obliged to submit notifications to authorities and courts (e.g. tax notifications to the Swiss Federal Tax Administration in the case of lump-sum withdrawals or, as part of the examination of an application for lump-sum withdrawals, to the Office for Debt Collection Assistance in the event of the failure to comply with an obligation to pay maintenance, FINMA orders or orders issued by public prosecutor’s offices in connection with money laundering and terrorist financing) or disclose documents. Your personal data may also be processed in the course of internal or external investigations, for example by law enforcement or supervisory authorities or an appointed private body. In doing so, we process your master data, contract data and communication data in particular.
Data that we require for statistical evaluations and data analyses is anonymised and aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of statistics (e.g. for the development of new, and adjustments to existing, products) or for topic-specific evaluations and data analyses, as well as for sales reporting. We also use data concerning all existing contracts – likewise without the possibility of drawing conclusions about you personally – to analyse the entire customer base and for the fulfilment of our contractual obligations, for example for general consultation regarding a contract adjustment or contract amendment or for the provision of comprehensive information, i.e. we perform anonymised evaluation which makes use in the individual contractual relationship possible.
We may use your data to send you advertising for our products and services as well as for our Group companies and business partners, for example in the form of newsletters or other regular contacts (by email or messenger, by post, by telephone or as part of other marketing campaigns such as competitions or events). In particular, we use your communication data for this purpose.
In order to make our offers more relevant to your requirements and interests, we personalise some of our communications to allow for an individual approach. The individual approach can be made in writing or by telephone. To do this, we link data concerning you that we process – in particular master data, contract data, behavioural data, transaction data and communication data – and determine preference data as a further basis for personalisation. We can also create interest profiles about you and divide you into advertising groups (without including sensitive personal data).
In order to provide you with comprehensive advice on insurance, assets, pension and financial matters (e.g. financing, fund and other financial investments) and to make you offers for further products and services or to advertise them to you, we may process your master and contract data as well as the information disclosed on the occasion of the consultation conducted with your customer adviser.
To manage our relationships with customers and third parties, we may also invite you to our customer events and inform you about our products and services before, during or after the event.
Data can be processed for the purposes of market segment analysis. The main purpose of market segmentation is to identify differences between customers and to use this information to draw conclusions for segment-specific marketing programmes (customer structure analysis). This information is used, in particular to:
You can inform us at any time if you do not wish your data to be processed for the above purposes or if you wish to withdraw your consent in this regard (see contact address in clause 10). Likewise, you can unsubscribe from newsletters and prize draws at any time using the unsubscribe button in the message concerned.
We are committed to continuously developing our products and services to meet your needs. Therefore, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. To determine customer satisfaction, we can ask you about your experience with us. We also use your responses to contact you personally, to actively address your concerns and to improve our internal processes. We also collect, store and process your data for the evaluation, improvement and redevelopment of our products and services. In doing so, we analyse which products are used by which groups of people and which adjustments would be necessary in the future. The results of these analyses are – as far as possible – listed in pseudonymised or anonymised form (in accordance with privacy by design principles, we use anonymisation wherever possible in principle). For this purpose, we process the previously described master data, behavioural data, preference data and transaction data as well as communication data.
We may also process your data for other purposes, for instance, as part of our internal processes and administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims – such as by preserving evidence, legal clarifications and participation in judicial or official proceedings), security purposes (e.g. access controls, monitoring of buildings), statistical purposes and the evaluation and improvement of internal processes. As part of the development of the company, we may also sell or acquire businesses, parts of businesses or companies to other companies or enter into partnerships, which may also lead to the exchange and processing of data. In the course of preparing, carrying out or finalising mergers, acquisitions, demergers, transfers of assets or similar transactions, we may also sell businesses, parts of operations or companies to other companies, or acquire them from such companies, which may also result in the exchange and processing of data.
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing.
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us in writing with effect for the future. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of withdrawal.
Unless we ask you for your consent to processing, we base the processing of your personal data on the fact that it is necessary for the initiation or execution of a pension relationship with you or that we or third parties have a legitimate interest in doing so, for example in order to pursue the purposes described above under clause 5 and the associated objectives as well as to take appropriate measures.
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with effect for the future by notifying us in writing or, in the case of newsletters, by pressing the unsubscribe button. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its withdrawal.
Unless we ask you for your consent to processing, we base the processing of your personal data on the fact that this is necessary for the fulfilment of our contractual obligations (e.g. to carry out pre-contractual measures for the provision of financial services), is a statutory or regulatory requirement (see clause 5.2) or is necessary in the context of weighing up interests (e.g. to ensure IT security and IT operations, or as part of business and risk management measures). Our legitimate interests also include the marketing of our products and services.
For the purposes mentioned in clause 5, we may also process, analyse and evaluate your data (including data concerning third parties that are also affected) automatically in order to assess certain personal characteristics or behaviour (so-called “profiling”). This automated data processing serves to combat money laundering and terrorist financing, to perform credit checks, to identify different interests and personal requirements for individual consultation and to provide offers and information, as well as being used for marketing purposes and other product and service offerings, and services that we or our Group companies may provide to you.
In the event that we base our decisions when concluding or processing a contract exclusively on automated data processing (so-called “automated individual decisions”) or if the decision is based to a significant degree on artificial intelligence, we will inform you of this in an appropriate manner, give you an opportunity to express your view and separately inform you that you can have the relevant decision reviewed by us if necessary, unless the automated individual decision is directly related to the conclusion or processing of a contract between the bank and you, your request is granted, or you have explicitly consented to the automated decision.
Within the Foundations or Baloise Bank, which is entrusted with account management for the Foundations, only those persons who need to access your personal data in order to initiate, conclude or execute a contract or business relationship, to fulfil statutory or regulatory obligations or to perform tasks in the public interest will have access to your personal data.
Certain products and services are provided in processes requiring the division of labour. In certain scenarios, divisions and services are outsourced to Group companies or third parties (e.g. service providers, business partners). Risk management requires clarifications with third parties and the transmission of corresponding data. Your data may also be disclosed in the context of statutory requirements. The data recipients are bound by statutory and contractual requirements when processing your personal data. In connection with the purposes set out in clause 5 above, we may also disclose your personal data to third parties, in particular to the categories of recipients below, who are bound to treat your details as confidential:
For the conclusion or processing of the contract, sharing of data may also be necessary with other Group companies. If your contract was concluded by employees of other group companies, the data will be disclosed in particular for the purpose of allocating commission.
In order to provide comprehensive and efficient customer support and advisory services, and to contact you regarding the Group’s products and services, we may share your master data and contract data, as well as other information provided in the course of our customer relationship, within the Group. This includes, in particular, master data, financial data, transaction data, communication data and information on usage and payment behaviour.
Your data may also be automatically evaluated and analysed within the Group. The aim of such analyses may be to identify customer preferences, behavioural patterns or future needs, on the basis of which personalised customer profiles may be created. These profiles are used, amongst other things, to optimise customer relations, provide individual advice and furnish information tailored to individual needs, and also to enable the bank or other Group companies to develop, optimise and present bespoke offers.
We may make data available to the Group in anonymised and aggregated form for the purpose of preparing Group-wide statistical evaluations and data analyses (see clause 5.3).
For the purposes of comparing customer bases, customer master data may be compared for statistical purposes within the Group. The comparison analyses how many joint customers there are, how this proportion develops over time and how the joint customers are distributed geographically.
We may also share data within the Group in accordance with statutory, regulatory or internal compliance requirements (e.g. anti-money laundering checks), for the purposes of risk management and internal control, and for the purposes of carrying out statistical analyses, marketing activities as well as analyses of market segments and customer structures.
To conduct joint campaigns and for market segment analyses, customer structure analyses, market research and for product optimisation purposes (see clauses 5.4 and 5.5), we may disclose data to Group companies in order to improve our product and service offering in the process, manage the use of and desired access to the applications, products and information, maintain the business relationship with customers and monitor the performance of the offerings.
In order to achieve the Group-wide purposes mentioned in this clause, your data may also be processed in the future by the bank or the parent company in an automated manner or using artificial intelligence with the aim of evaluating certain personal aspects (see clause 8).
To ensure consistent and tailored support, the list of active bank customers is cross-referenced with the insurance company’s customer database once per day. This involves the use of identification data and contact details, as well as information regarding the customer relationship, in order to ensure that customers can be correctly identified and supported.
Additional information relevant to customer support may only be made available to the insurance unit that originally referred the customer in question to the bank. These notifications consist of selected event information, such as the occurrence of a significant cash transfer or the repayment in full of a mortgage. In the case of hybrid customers, the insurance company’s designated customer advisers may, where necessary for the performance of a specific service task, access further data relating to banking activities, in particular account information such as account balances, account movements, transaction data including payments, payees and transaction descriptions, and custody account information such as portfolio holdings and valuations. This information is used exclusively for the purposes set out in clause 17 of the General Terms and Conditions, in particular to provide personalised advice, tailored support, prepare for consultations, and also develop and present suitable offers within the Group.
Access to personal data is strictly governed by the need-to-know principle: Your data is only accessible to those departments that actually need it to perform their respective duties. Access is technically role-based and restricted to customers assigned to the relevant account manager. Each access is logged and regularly checked. Employees of the Group companies are obliged to treat your data as confidential and receive training in data protection and banking secrecy.
You can inform us if you do not wish your data to be shared for the above purposes or if you wish to withdraw your consent in this regard (see contact address in clause 10).
You can request a list of the Group companies via the postal address or email address stated under clause 10 below.
We may also share your data with official bodies, courts and other government authorities and supervisory authorities (e.g. child and adult protection authorities) in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes, in particular, compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- or extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate.
Data is also disclosed if we obtain information from public bodies, for example in connection with claims settlement or when checking an address.
Some of our services and business functions (e.g. in connection with the purchase of IT services) are provided on our behalf by legally independent companies in Switzerland and, in rare cases, abroad (see clause 10). They may process data about you if this is necessary for the performance of the contract. These service providers and vicarious agents work on our behalf in particular in the areas of information technology systems and software, customer service, marketing, advertising, newsletter, distribution, printing and real estate services, securities management, payment transactions, telecommunications, fraud prevention, information security, logistics, consultation, debt collection and credit risk management. They are involved in accordance with the provisions of banking and data protection law. Service providers are, for example, obliged to protect banking secrecy and to comply with our defined data processing purposes and the applicable data protection legislation. The bank verifies that data security is guaranteed by the service providers throughout the entire processing period by performing regular checks and audits. To the extent provided for by contract or law, such service providers may, in turn, engage third parties under the same terms and conditions with the prior approval of, and subject to a prior review by, the bank.
When commissioning debt collection companies (e.g. to collect outstanding payments), we may share your data (concerning changes in payment behaviour occurring before and during the term of the contract) with these companies. These companies store your personal data and may disclose it to other contracting parties as part of their activities, provided such contracting parties have presented a credible legitimate interest in individual cases for having the data transferred to them.
Your data may also be shared for the aforementioned purposes with other recipients (e.g. parties to judicial proceedings, purchasers of assets or divisions of the bank, auditing firms, Land Registry Offices and other public registers, notaries, pension funds, independent property appraisers and banks). Other persons to whom your data may be disclosed include, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.
As part of the processing of your personal data, your data may also be transmitted abroad (e.g. in cases involving payment and securities orders), insofar as this is necessary to fulfil the business relationship, is provided for by law or you have given us your consent.
In the event that personal data is transferred abroad, we take contractual precautions, following a risk assessment, to contractually compensate for the weaker statutory protection in countries outside of Switzerland, as well as further measures (e.g. pseudonymisation) to reduce the risk of government access abroad authorised under the foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest, if the fulfilment of the business relationship requires such disclosure (e.g. in cases involving payment or securities orders), if it is required by law (e.g. in cases involving reporting obligations under tax law), if you have given your consent (e.g. by using the digital account opening service) or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
In accordance with the applicable data protection law and under certain conditions, you have the following rights:
You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.
You can request that we correct incorrect data or complete incomplete data.
You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.
You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.
Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing.
In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.
You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.
You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.
You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.
Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:
Helvetita Insurance
Data protection
St. Alban-Anlage 26
4002 Basel
E-Mail: datenschutz@helvetia.ch
Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.
When processing personal data, we take appropriate technical and organisational measures to prevent unauthorised access and other instances of unauthorised processing. These measures are based on international standards and are regularly reviewed and adjusted if necessary.
We would like to remind you that the Internet is an open, global network that is accessible to everyone. Communication via email is not usually encrypted and takes place only during regular office hours. It is possible that data may be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. We take technical and organisational security measures to prevent the risk within our systems. Nevertheless, the confidentiality of data transmitted by email cannot be guaranteed. This applies, in particular, to the transmission of sensitive personal data (such as health data). Emails may be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and us are located outside the security area under our control. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). We are not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the e-mail system, for which we were not at fault. We reserve the right to seek redress from the data subject for any intentional damage it suffers as a result of business transactions with the data subject via the electronic exchange of information. We reserve the right in individual cases not to reply by email or to additionally require a different form (e.g. a form with a signature) for the order or information received by email.