In accordance with Art. 13 General Data Protection Regulation (GDPR), Swisscare Europe Ltd. (hereinafter Swisscare) is informing the Customer about how personal data will be processed within the scope of the services provided by Swisscare.
Who is responsible for processing your personal data
SWISSCARE Europe Ltd.
The data protection officer can be contacted via the above-mentioned address with the addition to the Data Protection Officer” or via email at [email protected]
Rights of the data subject
Every data subject has the right to request information about any personal data being processed by Swisscare. In particular, information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with personal data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, transmission of data, the source of the personal data if not collected through Swisscare and if automatic decision-making technologies including profiling are being used.
Additionally, every data subject has the right to revoke a previously granted consent to use personal data at any time.
The Customer has the right to object to the processing of personal data for marketing purposes. Swisscare enables Clients to unsubscribe from the newsletter independently. If Swisscare processes personal data in order to protect legitimate interests, the Client has the possibility to object to this based on the particular situation.
Should the processing of personal data be inconsistent or contradicts the applicable data protection laws there is the possibility to lodge a complaint with the data protection officer.
Why does Swisscare process personal data? What is the legal basis?
Swisscare processes personal data in compliance with the GDPR, and the local data protection regulations applicable in the Principality of Liechtenstein, namely the Data Protection Act and the Data Protection Ordinance.
Within the scope of the services offered, Swisscare requires certain information in order to be able to conclude a contract with a Customer. If the potential Customer decides to conclude an insurance contract with Swisscare, personal data is processed in order to apply for an offer, as well as to conclude and maintain a contractual relationship, for example for invoicing purposes or to verify eligibility.
Swisscare is unable to conclude a contractual relationship with a Customer without this personal data. For this reason, the information required is based on Art. 6 paras. 1 letter b (necessary for the performance of a contract) and c (compliance with a legal obligation) of the GDPR, for example, due to tax law regulations, social security and health insurance law regulations, corporate regulations and compliance obligations. Due to these regulations and statutory retention periods, Swisscare is unable to delete certain personal data until these statutory retention periods have passed.
Data we process due to Art. 6 para. 1 letter f GDPR (legitimate interests) are due to the following:
IT Security and Operations
Insurance Fraud Prevention
Marketing of Swisscare products and services
Third parties who receive personal data
Relevant personal data will be communicated to the Insurer based on the concluded contract. Swisscare may be obliged to disclose personal data to governing authorities concerning the insurance validity and concerning exemption from mandatory health insurance, as well as to other insurers and reinsurers. Swisscare may also have to give access to third-party providers of the IT Services in order to maintain IT Security and Operations who may be accessing Swisscare’s data from the EU/EFTA area or from a third country. Standard contractual clauses are applied if any transfers take place to non EU/EFTA areas, or areas that are deemed to not been recognised as equivalent.
It is also possible that Swisscare will also have to communicate personal data to governing authorities for the fulfillment of statutory duties of notifications (finance authorities, criminal investigation agencies).
Swisscare will store personal data until the statute of limitations for claims against Swisscare has ended (retention period is between 5 and 30 years), and if Swisscare has a legal obligation to do so.
Description of data processing
Swisscare uses Plausible Analytics, a privacy-focused analytics service. Plausible Analytics does not use so-called "cookies", and they do not collect or store any personal data.
Plausible Analytics only collects the following data:
Legal basis for the processing of data through cookies is Article 6 (1) lett. f GDPR.
Cookies are valid for 14 days and will subsequently be deleted by your browser.
If a User fills out a contact form, sends us an email or another form of electronic message, the data will only be used to process the inquiry and possible further questions.
Legal basis for the processing of your inquiry is Article 6 (1) lett. b GDPR.
Swisscare newsletters do not contain visible or hidden counters, third party ads or links to external websites that are not directly connected to the content in the newsletter.
Each newsletter contains a reference on how to unsubscribe from the newsletter.
To purchase an insurance policy online the User has to sign up and chose an email address and define a password. The password is encrypted and cannot be viewed by us.
When signing up the Customer must provide name, passport number, residence and destination, address, email address, and payment information. During the insurance application, further information will be provided about the reason and scope of the data processing. The Customer can agree to the terms by checking a box.
The data from the purchased insurance policies are also stored on the user account.
Swisscare only uses the personal data collected at the initial sign up to properly process the insurance application.
If the Customer requests to update any information Swisscare keeps a copy of the prior details for questions that might come up.
Claims can be submitted via the customer care account, however, these are deleted immediately after having been submitted to the concerned claim service.
The Customer can revoke your consent to process the above-mentioned data at any time. If the request can be processed, the User will be required to sign up for any future orders. The revocation of consent is to be directed at the DPO, whose details are mentioned above.
All personal data will be deleted after completion of the order if there is no legal obligation to keep them (e.g. for accounting purposes).
The Customer has the possibility to delete your user account when you have no pending orders.
We use a common encryption technology SSL in connection with the highest encryption levels that are supported by your browser. If a page on our website was/is being transmitted encrypted it is shown by the lock symbol in the address bar of your browser.
Additionally, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments.