Helvetia Privacy Policy

The following companies are responsible for data processing in the course of their activities:

• Helvetia Baloise Holding AG, Aeschengraben 21, 4051 Basel
  
• Helvetia Swiss Insurance Company Ltd, Dufourstrasse 40, 9000 St. Gallen
• Helvetia Swiss Life Insurance Company Ltd., St. Alban Anlage 26, 4052 Basel
• Helvetia Investment Foundation, St. Alban Anlage 26, 4052 Basel
• Helvetia Insurance Pension Fund, Dufourstrasse 40, 9001 St. Gallen, Switzerland
• Vorsorgestiftung der Baloise Versicherung AG, c/o Helvetia Schweizerische Versicherungsgesellschaft AG, Dufourstrasse 40, 9000 St. Gallen   
• Drei Linden Immobilien AG, c/o Helvetia Compagnie Suisse d’Assurances SA, Dufourstrasse 40, 9000 St. Gall 
• Baloise Swiss Property Fund, c/o Baloise Asset Management SA, Aeschengraben 21, 4051 Basel 

(collectively referred to as “Helvetia” or “Lender”).

Details of third parties to whom data is transferred, and who may in turn be controllers responsible for processing it, can be found below and in Helvetia’s “List of recipients and countries” at www.helvetia.ch/privacy. If you have any questions or wish to exercise any rights against these third parties, you should contact them directly.

If data subjects have questions about data protection and the rights of data subjects, they can contact Helvetia citing “data protection” in the subject line. This will direct them to Helvetia’s Data Protection Officer or the company Data Protection Officer.

Helvetia Insurance
Privacy Policy
St. Alban Anlage 26
4002 Basel

Tel.: +41 58 280 10 00
E-Mail: datenschutz@helvetia.ch

Your data will only be processed by us for the purposes we have indicated to you by referring to the Privacy Policy when collecting your data, or if we are legally obliged or entitled to process it. The categories of personal data processed for the purposes set out below are described in clause 6.

Helvetia processes data in particular for the following purposes:

• Acquisition
• Proposal and application processes
• Assessment of risks in relation to applications
• Real estate consultancy, marketing and brokerage services (e.g. search mandates, commissioning external real estate valuations, and advice on real estate financing and insurance products)
• Combating misconduct, abuse, misdemeanours and crimes
• Conduct of legal proceedings or cooperation
• Cooperation with authorities
• Establishment, management and administration of contractual relationships
• For marketing purposes and to provide tailored advisory services, support and relationship management
• Compliance with laws, directives and recommendations of authorities and internal rules
• Market research, to improve services, operations and products, and to understand behaviour, activities, preferences and needs, including the analysis and evaluation of the use of Helvetia’s websites
• Product and company development
• Customer management, customer profiling and contact management including outside of contract processing
• Risk management and as part of prudent corporate governance, including operational organisation and corporate development
• Prevention and protection against insurance fraud
• Ensuring the protection of data, confidential information, assets, people, systems and buildings (e.g. CCTV)
• Exchange of information between group companies
• Security purposes and system access control
• Other purposes
  

For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance policy, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.

In the event that we base our decisions when concluding a contract or processing a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by a member of our staff if necessary. Such fully automated decisions are always based on rules we have established in advance for weighting the information.

We process the categories of data described below, although this list is not exhaustive.

In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.

• Communication data
• Contract details
• Master data
• Banking, financial and asset-related data
• Claims data
• Health data
• Registration data
• Technical data
• Data regarding behaviour and preferences
• Security, warranty and compliance data
• Data from applications
• Data from contracts
• Data from reference requests
• Data on assets (e.g. real estate, insurance policies, other collateral)
• Data concerning beneficial owners
• Other data

When your personal data is processed by recipients in accordance with clause 7.6 above, your data may also be transmitted abroad, for example when personal data is forwarded to other Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. co-insurers and reinsurers, authorities and courts), as well as to other bodies such as foreign tax authorities.

Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP.

Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation.

We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

A detailed list of the countries to which we may transfer data can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/datenschutz or request from our Data Protection Officer.

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be deleted as part of our standard deletion processes.

When processing personal data, we take appropriate technical and organisational measures to prevent unauthorised access and other instances of unauthorised processing. These measures are based on international standards and are regularly reviewed and adjusted if necessary.

In accordance with the applicable data protection law and under certain conditions, you have the following rights:

Right of access

You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.

Right to rectification

You can request that we correct incorrect data or complete incomplete data.

Right to erasure

You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.

Right to restriction of processing

You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.

Right to object to data processing and withdraw consent

Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing

In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the withdrawal.

Right to data portability

You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.

Rights in the case of automated individual decision-making

You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.

Right to complain

You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.

Contact details of regulatory authority

• You can contact the Swiss supervisory authority here.
• The contact details for the Liechtenstein Data Protection Office can be found here.
• A list of authorities in the EEA can be found here.
• The UK supervisory authority can be contacted here.

Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:

Helvetia Insurance
Data protection
St. Alban-Anlage 26
4002 Basel
E-Mail: datenschutz@helvetia.ch

We would like to you that the Internet is an open, global network that is accessible to everyone. Communication via email is not usually encrypted and takes place only during regular office hours. It is possible that data may be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. We take technical and organisational security measures to prevent the risk within our systems. Nevertheless, the confidentiality of data transmitted by email cannot be guaranteed. This applies, in particular, to the transmission of sensitive personal data (such as health data). Emails may be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and us are located outside the security area under our control. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). We are not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the email system, for which we were not at fault. We reserve the right to claim compensation from you for any intentional damage we may suffer as a result of our business dealings with you via the electronic exchange of information. We reserve the right in individual cases not to reply by email or to additionally require a different form (e.g. a form with a signature) for the order or information received by email.