We use cookies to make its website more user-friendly, secure and effective. Cookies collect information about the use of websites. Further information: Information on data protection
With this Privacy Policy, Helvetia is providing you, in your capacity as a prospective mortgage applicant, buyer, customer, mortgage borrower and/or other data subject (e.g. third-party mortgagor, property owner, joint and several debtor, usufructuary, correspondence recipient, family member (e.g. spouse, registered partner), premium payer, beneficiary, party to contracts, contact person) regarding the processing of your personal data.
“Personal data” is data that relates to an identified or identifiable natural person. It is possible to deduce their identity from the data itself or with the help of relevant supplementary data. When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.
“Sensitive personal data” is a category of personal data that is more strictly regulated under data protection law. Sensitive personal data includes, for example, health data, data revealing racial and ethnic origin, information on religious or ideological convictions, biometric data for identification purposes and information on trade union membership.
“Processing” means any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification (including pseudonymisation and anonymisation), disclosure, archiving, erasure or destruction of data.
When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.
In addition, the specific features of each insurance class are decisive. The supplementary privacy notice provided in connection with the relevant process (e.g. application, conclusion of a contract, processing of a benefit case) therefore always applies as well.
The following companies are responsible for data processing in the course of their activities:
(collectively referred to as “Helvetia” or “Lender”).
Details of third parties to whom data is transferred, and who may in turn be controllers responsible for processing it, can be found below and in Helvetia’s “List of recipients and countries” at www.helvetia.ch/privacy. If you have any questions or wish to exercise any rights against these third parties, you should contact them directly.
If data subjects have questions about data protection and the rights of data subjects, they can contact Helvetia citing “data protection” in the subject line. This will direct them to Helvetia’s Data Protection Officer or the company Data Protection Officer.
Helvetia Insurance
Privacy Policy
St. Alban Anlage 26
4002 Basel
Tel.: +41 58 280 10 00
E-Mail: datenschutz@helvetia.ch
This Privacy Policy is based on the requirements of the Swiss Federal Act on Data Protection (“FADP”), the implementing ordinance (“DPO”), and, where applicable, the European Union’s General Data Protection Regulation (“GDPR”) and the United Kingdom’s General Data Protection Regulation (“UK GDPR”) (collectively referred to as “applicable data protection law”). Whether and to what extent these laws and other specific data protection statutory provisions apply depends on the circumstances of each individual case.
We process your data in accordance with the applicable data protection law and in compliance with the legal principles governing data processing. In appropriate cases, we rely on the following justifications for data processing:
Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us with effect for the future. You can generally withdraw your consent using the contact details provided in this data protection declaration; where consent is obtained in a specific context, we will inform you separately in that context about the specific options for withdrawing your consent. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its withdrawal.
The processing of your data is necessary for the initiation, conclusion or performance of your contract.
We or third parties have a legitimate interest in processing your personal data, for example to pursue the purposes described in clause 4 and the associated objectives, and to implement the relevant measures. Our legitimate interests also include the marketing of our products and services, the protection of our legal rights (e.g. to enforce claims in court, in pre-litigation proceedings or out of court, and before authorities both in Switzerland and abroad, or to defend ourselves against claims), security purposes, and the evaluation and improvement of internal processes.
The processing of your data may also be based on a legal basis that entitles or obliges us to process it (e.g. to fulfil obligations relating to anti-money laundering checks and international tax information exchange).
Your data will only be processed by us for the purposes we have indicated to you by referring to the Privacy Policy when collecting your data, or if we are legally obliged or entitled to process it. The categories of personal data processed for the purposes set out below are described in clause 6.
Helvetia processes data in particular for the following purposes:
For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance policy, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.
In the event that we base our decisions when concluding a contract or processing a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by a member of our staff if necessary. Such fully automated decisions are always based on rules we have established in advance for weighting the information.
We process the categories of data described below, although this list is not exhaustive.
In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.
In connection with the purposes set out in clause 4 above, we may also disclose your personal data to third parties, in particular to the recipients categorised below, who are bound by us to treat your details as confidential.
A detailed list of recipients can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/datenschutz or request from our Data Protection Unit.
If necessary for the conclusion of a contract or the processing of contracts and claims, data may also be shared with other companies belonging to the Group for the purposes of risk evaluation and assessment and the provision of reinsurance solutions.
In order to comply with statutory obligations (e.g. in connection with investigations to combat money laundering and terrorist financing), we also transmit some data to companies of the Group.
To ensure the accuracy and quality of data, we may share updated personal data (e.g. address details) within the Group.
In order to provide you with comprehensive advice on insurance, assets, occupational pensions and financial matters (e.g. financing, fund and other financial investments) and to provide you with offers for our own products and for the services of other Group companies or to advertise them to you, we may also pass on your master and contract data as well as the information provided during the consultation conducted with your financial partner within the Group (particularly with our bank) for the purposes of contacting you and providing you with individual offers.
Your social insurance data is shared for such purposes (e.g. compulsory accident insurance or occupational pension) only on the basis of your consent in individual cases.
All Group companies have been obligated by us to treat your data confidentially.
If you do not wish your data to be shared for the purposes set out above, or if you wish to withdraw your consent, you may object or inform us accordingly.
In the interests of all policyholders, data may be shared, for the purpose of assessing and distributing risks, with reinsurers, co-insurers and previous insurers, both in Switzerland and abroad:
In order to check your information when concluding the insurance policy or in the event of a claim and to supplement it if necessary, your data (in particular the master data) may be shared to the extent required for this purpose with the previous insurer named by you in the application (the so-called previous insurer). We will obtain your consent separately in your insurance application or in your claims notification if such sharing of data requires your consent.
We insure risks assumed by us with special insurance companies (so-called reinsurers). If reinsurers make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. Such information includes, in particular, data relevant to the contract and claim, such as name, date of birth, gender, policy number, type of insurance cover and risk, as well as the extent of the claim. We transfer your data to the reinsurer only to the extent necessary to fulfil our insurance policy with you or to protect our legitimate interests.
We also jointly insure risks assumed by us with other insurers (so-called co-insurers). For this purpose, it may be necessary to provide these co-insurers with your contract and, if applicable, claims data so that they can form their own assessment of the risk or insured event. In addition, it is possible that co-insurers, due to their special expertise, support our company in the risk or benefit assessment as well as in the evaluation of procedures. We transmit your data to co-insurers only insofar as this is necessary for the performance of our insurance policy with you, or to the extent necessary to protect our legitimate interests.
In the event of damage or recourse, a mutual sharing of data with relevant liability insurers or co-insurers and social insurance providers can also take place in order to clarify the obligation to pay benefits. If necessary, we may require separate consent for this (e.g. in the context of combating fraud).
If you are assisted by insurance intermediaries (e.g. agents, brokers) in relation to your insurance policies, or if they were involved in arranging your insurance contracts, they may also receive your data from us for the purposes set out above. In particular, the information required for the provision of advisory consultation, insurance mediation and customer support (e.g. master data, contract details and claims data) will be shared with these contracting parties so that they can fulfil their obligations towards you.
Insurance intermediaries may also provide us with personal data for the purposes set out in clause 4. Unless you consent to your data being passed on to insurance intermediaries for marketing purposes, your data will not be passed on for these purposes.
We may also share your data with official bodies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- and extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate.
Data is also disclosed if we obtain information from public bodies, for example in connection with claims settlement or when checking an address.
When checking your creditworthiness with the help of credit agencies and when commissioning debt collection companies (e.g. to collect outstanding payments), we may share your data (concerning changes in payment behaviour occurring before and during the term of the contract) with these companies. In this respect, our legitimate interest is to ensure that the tariffs we set reflect the risks involved. These companies store your personal data and may disclose it to other contracting parties as part of their activities, provided such contracting parties have presented a credible legitimate interest in individual cases for having the data transferred to them.
In the event of a claim or benefit case, the data required for this purpose can be processed and transmitted in the event of recourse to a liable third party (or its liability insurer) or in the event of the deployment of claims adjusters in Switzerland and abroad.
If your motor vehicle is damaged, you have the option of choosing one of our partner garages to carry out the repairs. When you choose a partner garage (Baloise partner company, DESA), we will pass on your contact details and vehicle information to the partner garage for the purposes of claims settlement, and they will contact you in order to arrange an appointment.
Under the compulsory accident insurance scheme, we transmit data to the Central Office for Accident Insurance Statistics (SSUV) as part of our legal obligations; this data is then anonymised and compiled for the collective statistics of the AIA insurers.
In the event of an accident or illness, we may engage third parties to check and verify the validity of invoices from service providers (e.g. medical doctors, hospitals) and provide them with the necessary data (in particular invoices containing details of the treatment).
With regard to building insurance, the association “Earthquake Damage Organization (EDO)”, established by the cantons, private insurers and the cantonal building insurers, receives data on the insured property and, in the event of an incident, also on the insured person, in order to assess building damage in the event of an earthquake, to draw up an estimate of the repair or reconstruction costs, and finally to coordinate compensation and financial assistance for those affected throughout Switzerland.
Your data may also be disclosed to other recipients for the aforementioned purposes (e.g. experts, physicians, persons providing information and the information services pursuant to clause 4.7 in the event of a claim, parties involved in judicial proceedings or acquirers of assets or divisions of Baloise). Other persons are, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.
Some of our services and business functions (e.g. in connection with the purchase of IT services or for marketing campaigns) are provided on our behalf by legally independent companies in Switzerland and abroad, which may process data about you if this is necessary for the performance of the contract. This also includes health data. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation. Where contractually or legally provided, such service providers may in turn engage third parties under the same conditions.
When your personal data is processed by recipients in accordance with clause 7.6 above, your data may also be transmitted abroad, for example when personal data is forwarded to other Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. co-insurers and reinsurers, authorities and courts), as well as to other bodies such as foreign tax authorities.
Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP.
Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation.
We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
A detailed list of the countries to which we may transfer data can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/datenschutz or request from our Data Protection Officer.
Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be deleted as part of our standard deletion processes.
When processing personal data, we take appropriate technical and organisational measures to prevent unauthorised access and other instances of unauthorised processing. These measures are based on international standards and are regularly reviewed and adjusted if necessary.
In accordance with the applicable data protection law and under certain conditions, you have the following rights:
You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.
You can request that we correct incorrect data or complete incomplete data.
You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.
You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.
Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing
In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the withdrawal.
You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.
You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.
You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.
Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:
Helvetia Insurance
Data protection
St. Alban-Anlage 26
4002 Basel
E-Mail: datenschutz@helvetia.ch
We would like to you that the Internet is an open, global network that is accessible to everyone. Communication via email is not usually encrypted and takes place only during regular office hours. It is possible that data may be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. We take technical and organisational security measures to prevent the risk within our systems. Nevertheless, the confidentiality of data transmitted by email cannot be guaranteed. This applies, in particular, to the transmission of sensitive personal data (such as health data). Emails may be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and us are located outside the security area under our control. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). We are not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the email system, for which we were not at fault. We reserve the right to claim compensation from you for any intentional damage we may suffer as a result of our business dealings with you via the electronic exchange of information. We reserve the right in individual cases not to reply by email or to additionally require a different form (e.g. a form with a signature) for the order or information received by email.