We use cookies to make its website more user-friendly, secure and effective. Cookies collect information about the use of websites. Further information: Information on data protection

Helvetia Privacy Policy

Reinsurance Privacy Policy

1. Basic rule and scope

This Privacy Policy applies to the data processing in connection with reinsurance contracts held by the companies of the Group listed under clause 2, “Data controllers and contact details”.

Insurance companies (primary insurers, reinsurers and recipients of retrocessions) often transfer part of their risks arising from insurance and/or reinsurance contracts to reinsurers such as Helvetia. Reinsurers typically do not receive data directly from data subjects.

In this Privacy Policy, we provide you with information about how we process your personal data or the personal data of other individuals. “Personal data” is data that relates to an identified or identifiable natural person. it is possible to infer their identity from the data itself or with the help of relevant supplementary data. When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.

“Sensitive personal data” is a category of personal data that is more strictly regulated under data protection law. Sensitive personal data includes, for example, health data, data revealing racial and ethnic origin, information on religious or ideological convictions, biometric data for identification purposes and information on trade union membership.

“Processing” means any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification (including pseudonymisation and anonymisation), disclosure, archiving, erasure or destruction of data.

When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this Privacy Policy. If we refer you to a new version of these documents, please also hand over this new version in each case.

2. Data controllers and contact details

The following companies are responsible under data protection law for the data processing described here:

Helvetia Baloise Holding Ltd, Aeschengraben 21, 4051 Basel
Helvetia Swiss Insurance Company Ltd, Dufourstrasse 40, 9000 St. Gallen
Helvetia Swiss Life Insurance Company Ltd, St. Alban-Anlage 26, 4052 Basel
Helvetia Global Solutions AG, Äulestrasse 60, 9490 Vaduz

(hereinafter referred to as “Helvetia” or “reinsurer”).

Details of third parties to whom data is transferred, and who may in turn be controllers responsible for processing it, can be found below and in Helvetia’s “List of recipients and countries” at www.helvetia.ch/privacy. If you have any questions regarding these third parties or the exercise of your legal rights in this regard, please contact them directly.

If data subjects have questions about data protection and the rights of data subjects, they can contact Helvetia citing “data protection” in the subject line. This will put you in touch with our relevant data protection department.

Helvetia Insurance
Data protection
St. Alban Anlage 26
4002 Basel

Tel.: +41 58 280 10 00
E-Mail: datenschutz@helvetia.ch

3. Legal basis

This Privacy Policy is based on the requirements of the Swiss Federal Act on Data Protection (“FADP”), the implementing ordinance (“DPO”), and, where applicable, the European Union’s General Data Protection Regulation (“GDPR”) and the United Kingdom’s General Data Protection Regulation (“UK GDPR”) (collectively referred to as “applicable data protection law”). Whether and to what extent these laws and other specific data protection statutory provisions apply depends on the circumstances of each individual case.

We process your data in accordance with the applicable data protection law and in compliance with the legal principles governing data processing. In appropriate cases, we rely on the following legal bases for data processing:

3.1 Consent

Where we ask for your consent for certain forms of processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us with effect for the future. You can generally withdraw your consent using the contact details provided in this data protection declaration; where consent is obtained in a specific context, we will inform you separately in that context about the specific options for withdrawing your consent. If consent is withdrawn, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its withdrawal.

3.2 Performance of the contract

3.3 Legitimate interests

We or third parties have a legitimate interest in processing your personal data, for example to pursue the purposes described in clause 4 and the associated objectives, and to implement the relevant measures. Our legitimate interests also include the marketing of our products and services, the protection of our legal rights (e.g. to enforce claims in court, in pre-litigation proceedings or out of court, and before authorities both in Switzerland and abroad, or to defend ourselves against claims), security purposes, and the evaluation and improvement of internal processes.

3.4 Legal obligations

4. Purposes of data processing

Your data will only be processed by us for the purposes we have indicated to you by referring to the Privacy Policy when collecting your data, or if we are legally obliged or entitled to process it. The categories of personal data processed for the purposes set out below are described in clause 6.

The processing of personal data is essential for the performance of insurance relationships in the reinsurance business.

If Helvetia is the reinsurer of the primary insurer with which you wish to take out or have taken out an insurance policy, or with which you have a claim under an insurance policy as the insured person, a beneficiary or an injured party, Helvetia processes data for the following purposes:

Carrying out the risk and compensation assessment
Billing purposes
Checking the obligation to pay benefits vis-à-vis your insurer
Supporting insurers in assessing risks and claims and in evaluating procedures
Determining the scope of reinsurance contracts and risk assessment of equity interests (cumulative control)
Billing purposes
Checking the obligation to pay benefits vis-à-vis your insurer
Control of the risk and compensation assessment by the primary insurer
Compliance with laws, directives and recommendations from regulatory authorities and internal regulations (Compliance)
Product and company development
Customer management, customer profiling and contact management including outside of contract processing
Risk management as part of prudent business management, including operational organisation and business development
Prevention and protection against insurance fraud
Ensuring the protection of data, confidential information, assets, people, systems and buildings (e.g. CCTV)
Exchange of information between group companies
Security purposes and system access control
Portfolio modelling
Other purposes

5. Profiling and automated individual decisions

For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance policy, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.

In the event that we base our decisions when concluding a contract or handling a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by a member of our staff if necessary. Such fully automated decisions are always based on rules we have established in advance for weighting the information.

6. Categories of personal data

We process the categories of data described below, although this list is not exhaustive.

In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.

Master data
Contract and claims data
Banking, financial and asset-related data
Communication data
Health data
Registration data
Technical data
Data regarding behaviour and preferences
Security, warranty and compliance data
Geocodes/geocoordinates
Other data

This category includes any data derived from the above.

7. Sharing data with third parties (recipients of personal data)

In connection with the purposes set out in clause 4 above, we may also disclose your personal data to third parties, in particular to the recipients categorised below, who are bound by us to treat your details as confidential.

A detailed list of recipients can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/privacy or request from our data protection office.

7.1 Group companies

If necessary for the conclusion of a contract or the processing of contracts and claims, data may also be shared with other companies belonging to the Group for the purposes of risk evaluation and assessment and the provision of reinsurance solutions.

In order to comply with statutory obligations (e.g. in connection with investigations to combat money laundering and terrorist financing), we also transmit some data to companies of the Group.

To ensure the accuracy and quality of data, we may share updated personal data (e.g. address details) within the Group.

In order to provide you with comprehensive advice on insurance, assets, occupational pensions and financial matters (e.g. financing, fund and other financial investments) and to provide you with offers for our own products and for the services of other Group companies or to advertise them to you, we may also pass on your master and contract data as well as the information provided during the consultation conducted with your financial partner within the Group (particularly with our bank) for the purposes of contacting you and providing you with individual offers.

Your social insurance data is shared for such purposes (e.g. compulsory accident insurance or occupational pension) only on the basis of your consent in individual cases.

All Group companies have been obligated by us to treat your data confidentially.

If you do not wish your data to be shared for the purposes set out above, or if you wish to withdraw your consent, you may object or inform us accordingly

7.2 Other insurers involved

In the interests of all policyholders, data may be shared, for the purpose of assessing and distributing risks, with reinsurers, co-insurers and previous insurers, both in Switzerland and abroad:

In order to check your information when concluding the insurance policy or in the event of a claim and to supplement it if necessary, your data (in particular the master data) may be shared to the extent required for this purpose with the previous insurer named by you in the application (the so-called previous insurer). We will obtain your consent separately in your insurance application or in your claims notification if such sharing of data requires your consent.

We insure risks assumed by us with special insurance companies (so-called reinsurers). If reinsurers make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. Such information includes, in particular, data relevant to the contract and claim, such as name, date of birth, gender, policy number, type of insurance cover and risk, as well as the extent of the claim. We transfer your data to the reinsurer only to the extent necessary to fulfil our insurance policy with you or to protect our legitimate interests.

We also jointly insure risks assumed by us with other insurers (so-called co-insurers). For this purpose, it may be necessary to provide these co-insurers with your contract and, if applicable, claims data so that they can form their own assessment of the risk or insured event. In addition, it is possible that co-insurers, due to their special expertise, support our company in the risk or benefit assessment as well as in the evaluation of procedures. We transmit your data to co-insurers only insofar as this is necessary for the performance of our insurance policy with you, or to the extent necessary to protect our legitimate interests.

For this purpose, it may be necessary to provide these co-insurers with your contract and, if applicable, claims data so that they can form their own assessment of the risk or insured event. If necessary, we may require separate consent for this (e.g. in the context of combating fraud).

7.3 Insurance intermediaries

If you are assisted by insurance intermediaries (e.g. agents, brokers) in relation to your insurance policies, or if they were involved in arranging your insurance policies, they may also receive your data from us for the purposes set out above. In particular, the information required for the provision of advisory consultation, insurance mediation and customer support (e.g. master data, contract details and claims data) will be shared with these contracting parties so that they can fulfil their obligations towards you. Insurance intermediaries may also provide us with personal data for the purposes set out in clause 4. Unless you consent to your data being passed on to insurance intermediaries for marketing purposes, your data will not be passed on for these purposes.

7.4 Official bodies and authorities

We may also share your data with official bodies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- and extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate. Data is also disclosed if we obtain information from public bodies, for example in connection with claims settlement or when checking an address.

7.5 Other third parties

Your data may also be disclosed to other recipients for the aforementioned purposes (e.g. experts, physicians, persons providing information and the information services pursuant to clause 4.7 in the event of a claim, parties involved in judicial proceedings or acquirers of assets or divisions of Baloise). Other persons are, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.

7.6 Service providers in Switzerland and abroad

Some of our services and business functions (e.g. in connection with the purchase of IT services or for marketing campaigns) are provided on our behalf by legally independent companies in Switzerland and abroad, which may process data about you if this is necessary for the performance of the contract. This also includes health data. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation. Where contractually or legally provided, such service providers may in turn engage third parties under the same conditions.

8. Disclosure abroad

When your personal data is processed by recipients in accordance with clause 7.6 above, your data may also be transmitted abroad, for example when personal data is forwarded to other Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. co-insurers and reinsurers, authorities and courts), as well as to other bodies such as foreign tax authorities.

Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the USA). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP.

Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation.

In doing so, we rely on the legally required guarantees, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exception clause. An exception may apply, in particular, in the case of legal proceedings abroad, but also in cases of overriding public interests, if contract processing requires such disclosure, if you have consented to it or if the data concerned has been made generally accessible by you and you have not objected to its processing.

A detailed list of the countries to which we may transfer data can be found in the separate list of recipients and countries, which you can access at www.helvetia.ch/datenschutz or request from our Data Protection Unit.

9. Storage period

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be erased as part of our standard erasure processes.

10. Data security

11. Data subject rights

In accordance with the applicable data protection law and under certain conditions, you have the following rights:

Right of access

You may request information as to whether we process your data and, if so, what data is being processed, and receive a copy of this personal data.

Right to rectification

You can request that we correct incorrect data or complete incomplete data.

Right to erasure

You can request the erasure of your data unless we are obliged or authorised to retain your data under applicable laws and regulations.

Right to restriction of processing

You have the right to object to the processing of your personal data at any time with future effect, provided that the processing is not strictly necessary for the performance of a contract and/or that we are not obliged or authorised to process the data under applicable laws and regulations.

Right to object to data processing and withdraw consent

Where applicable, you have the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling conducted for direct marketing and other legitimate interests in the processing.

In cases where data processing is based on your consent, you have the right to withdraw this consent at any time. If you withdraw your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation.

Right to data portability

You may request that the data provided by you be released or transmitted in a commonly used electronic form to another controller, provided that the processing is carried out by means of automated processing or you have consented to the processing.

Rights in the case of automated individual decision-making

You have the right to express your point of view in the case of exclusively automated individual decisions and to request that the decision be reviewed by a natural person.

Right to complain

You also have the right to lodge a complaint with our Data Protection Unit or the competent data protection supervisory authority if you do not agree with our handling of your rights.

Contact details of regulatory authority

You can contact the Swiss Supervisory authority here.
The contact details for the Liechtenstein Data Protection Office can be found here.
A list of authorities in the EEA can be found here.
The UK supervisory authority can be contacted here.

Please note that these rights are subject to legal requirements and that exceptions and restrictions apply. In particular, we may need to further process and store your data in order to safeguard our own legitimate interests, such as the establishment, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we must therefore also partially or wholly reject a data subject’s request (e.g. by redacting certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

For queries and to exercise your rights, you can contact any of the companies listed below in writing or by email:

Helvetia Insurance Ltd
Data protection
St. Alban Anlage 26
4002 Basel
E-mail: datenschutz@helvetia.ch

12. Communication

We would like to remind you that the Internet is an open, global network that is accessible to everyone. Communication via email is not usually encrypted and takes place only during regular office hours. It is possible that data may be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. We take technical and organisational security measures to prevent the risk within our systems. Nevertheless, the confidentiality of data transmitted by email cannot be guaranteed. This applies, in particular, to the transmission of sensitive personal data (such as health data). Emails may be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and us are located outside the security area under our control. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). We are not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the email system, for which we were not at fault. We reserve the right to claim compensation from you for any intentional damage we may suffer as a result of our business dealings with you via the electronic exchange of information. We reserve the right in individual cases not to reply by email or to additionally require a different form (e.g. a form with a signature) for the order or information received by email.

13. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time without prior notice. The version currently published or the version valid for the relevant period applies. This Privacy Policy has been translated into several languages. In the event of any discrepancies, the German version shall prevail.

Last updated in July 2026