Privacy policy (FADP)

We at Swisscare take the protection of your personal data seriously. Hereafter, we will inform you about the processing of your personal data as well as your related rights. When processing your personal data, we comply with the applicable data protection law. Please contact the responsible body if you have any questions or concerns in this context. We are happy to help!

Table of Contents

Responsible body
Data Subjects
Personal data collected
Processing of personal data
Purpose of the data processing
Recipients of personal data
Storage of personal data
Confidentiality/security
Your rights
Duty to provide personal data
Cookies and social media
Google Maps
Changes to the privacy policy

1. Responsible body

The responsible body for the collection, processing, and use of your personal data, in the sense of data protection law, is Swisscare. Please direct any enquiries about this Policy or concerns relating to data protection to the following address:

Swisscare Switzerland Ltd.

Morgenstrasse 129

3018 Bern

[email protected]

For questions or concerns regarding data protection from European customers, please contact our representative for Europe at the following address:

BATLINER WANGER BATLINER Rechtsanwälte AG

Pflugstrasse 20

9490 Vaduz

Liechtenstein

[email protected]

2. Data Subjects

We process personal data about the following categories of natural persons:

Our clients or their contacts;
All other persons who have direct or indirect contact with us, such as visitors to our website, interested parties, service providers, intermediaries, trustees, accountants, suppliers, representatives and employees of legal entities and job applicants, or their respective contacts;
All other persons who are connected to the aforementioned persons (e.g. family members, representatives, employees).

If you disclose data to us about persons related to you as well as third parties, we will assume that you are authorised to do so and that this data is correct and that you have ensured that these persons have been informed about this privacy policy, insofar as a legal duty to inform applies (e.g. by bringing this privacy policy to the attention of these persons in advance).

3. Personal Data collected

The subject of data protection is personal data. This includes any data that relates to an identified or identifiable natural person. Depending on your role and your relationship with us as a data subject, we particularly process the following categories of personal data:

Contact data (e.g. surname, first name, address, e-mail, telephone number);
Identification data (e.g. personal details, date of birth, place of birth, nationality, address, civil status, occupation, gender, OASO number, ID and passport data);
Communication data (data arising in the course of written, telephone or electronic communication with you);
Documentation data (e.g. minutes of consultations and conversations);
Contract data;
Insurance data (e.g. information on existing and former insurances, policies, pension and daily allowance payments, information on claims or insurance cases);
Health data (e.g. information on current and past physical or mental illnesses, injuries, disabilities, allergies, accidents, planned and past medical treatments);
Physical data (e.g. height, weight, existing pregnancies);
Financial data (e.g. bank account data, billing data, credit rating data);
Data from public registers (e.g. debt enforcement register, cadasters, commercial register);
Application details (e.g. details in the curriculum vitae, qualifications, proof of performance);
Behavioural and preference data (e.g. visits to our website, interest in services);
Technical data related to the website (e.g. cookies, IP address).

4. Processing of personal data

We process your personal data in the following cases, i.a.:

When you use our services as a customer;
When you use our app as a customer;
When you engage or have a contractual relationship with us as a potential client, service provider, intermediary, trustee, accountant supplier, prospective client, website user or in any other role;
When you apply for a job with us;
When you have contact with us in the course of our other business;
If we permissibly obtain it from publicly available sources when providing our services (e.g., debt enforcement registers, cadastres, commercial registers, media, internet);
When you visit and/or use our website and when you use our app.

5. Purpose of the data Processing

Your personal data is processed for the following processing purposes:

a. For communication purposes

We process your personal data for the provision, administration and execution of written, telephone and electronic contact and communication with you (e.g., for processing enquiries, providing information).

b. To fulfill our contractual and pre-contractual obligations/provision of our services

We process your personal data in order to fulfil our contractual obligations towards our customers and other contractual partners (e.g., suppliers, service providers, insurance companies, intermediaries, brokers, accountants, trustees), i.e. in particular for services in the area of insurance brokerage and in the context of offering services for the conclusion of an insurance policy. In addition, data processing takes place for the implementation of pre-contractual measures and for the conclusion of contracts (e.g., clarifications prior to the order, processing of incoming applications).

c. To comply with legal and regulatory requirements

We process your personal data to comply with legal requirements and regulatory requirements, including disclosure, information or notification obligations, as well as to comply with the orders of a court or authority (e.g. notification obligations to regulatory authorities).

d. In order to protect our legitimate interests

Where necessary, we process your data beyond the actual provision of our services to protect our legitimate interests or those of third parties. Examples of this are:

Assertion of legal claims and defence in legal disputes;
Ensuring IT security and IT operations;
Developing and managing services;
Quality assurance (e.g., internal training and education);
Business and risk management measures;
Advertising and marketing;
Analysis of internet traffic on our website to improve the functionality of our website;
Prevention and investigation of criminal offences or other misconduct.

e. Based on your consent

As far as you have given us consent to process personal data for certain purposes, the legality of these processing operations is given based on your consent - besides other possible reasons for a lawful processing. A given consent may be revoked at any time. The revocation of consent does not affect the legality of the data processing until the time of revocation.

6. Recipients of personal data

Personal data will only be disclosed to third parties if this is in accordance with the legal provisions or if a sufficient legal basis for this (e.g., contract fulfilling purposes, a legitimate interest, or your consent) exists. Furthermore, data may be transferred to other responsible parties if we are bound to do so by legal provisions or by an enforceable official or judicial order. In the context of our business activities personal data may, in compliance with the legal requirements on data transfer, also be transferred to recipients who have their registered office outside Switzerland, the EU or the EEA, in so-called third countries.

Service providers we use also may receive data, in compliance with the legal requirements on data transfer, if they maintain the appropriate level of confidentiality. We have carefully selected these service providers and oblige them to handle and secure the respective data with care. At the same time, we take appropriate safeguards, such as encrypting data with a key only known to us.

Your personal data may be disclosed to the following categories of recipients:

Insurance companies;
Authorities, courts and other state institutions (e.g., regulatory authorities);
Experts and surveyors;
Loss adjusters;
Affiliated companies;
Providers to whom we have outsourced certain services (e.g., IT service providers, payment service providers, external accountants, collection service providers, marketing service providers);
Other business partners and auxiliary persons (e.g., lawyers, tax experts, auditors).

7. Storage of personal data

We process and store your personal data, as long as it is necessary for the fulfilment of our contractual and legal obligations or other purposes pursued with the processing, and as long as we have a legitimate interest in retaining the respective personal data.

Moreover, we store personal data that is subject to legal storage periods, or that is still required for criminal prosecution, or for securing, asserting, or enforcing legal claims.

The (temporary) further processing of personal data is necessary for the following purposes, among others:

Fulfilment of retention obligations under commercial and tax law, e.g., under the Swiss Code of Obligations (OR) and tax laws. The periods specified there for retention or documentation are usually ten years.
Preservation of evidence within the framework of the legal prescription provisions under Art. 127 et seq. of the Swiss Code of Obligations (CO).

8. Confidentiality/security

All personal data collected, processed, and stored by us will be treated confidentially. To adequately protect this data from unauthorised access and misuse, we have implemented technical and organisational measures (e.g., controlled access and access restrictions to data, IT security applications and measures, etc.). In addition, electronic data is retained with all due care and stored on servers in Switzerland.

We would like to point out that in the event of data being sent by e-mail, data is transmitted unencrypted. Therefore, it cannot be ruled out that data may be lost during transmission or may be viewed by third parties. Such online transmission of personal data is therefore at your own risk.

9. Your rights

You are entitled to assert the right to information, the right to rectification, the right to erasure and the right to restriction of data processing as well as the right to data portability. You can assert your rights with the responsible body under point 1.

Furthermore, you can revoke any consent you have given us to process your personal data. Please note that the revocation is only effective for the future. Data processing that took place before the revocation is thereby not affected.

Any data subject shall have the right to file a complaint with the competent data protection authority, without prejudice to any other administrative or judicial remedy. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

10. Duty to provide personal data

In the context of our business and customer relationship, you must provide the personal data that is required for the establishment, execution and fulfilment of the business and customer relationship, so that we can fulfil our contractual obligations and collect or process the data that we are legally obliged to. Without this data, we will generally not be able to enter a business and customer relationship with you or execute a relevant contract.

11. Cookies and social media

a. Cookies

We use so-called cookies on our website. This is a technology with which your browser or device can be identified. These are small text files that are filed and stored on the computer system via an internet browser. When a user visits a website, a cookie may be stored on the user's operating system. A cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is visited again.

As a data subject, you can prevent the storage of cookies by our website at any time through an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, you can delete cookies that have already been set at any time via an internet browser or other software programs.

The respective browser can be set in such a way that information is provided about the setting of cookies and thus it can be decided individually whether the respective cookie is desired, or not desired. The corresponding cookie setting differs depending on the browser used. An explanation on how to change the respective cookie setting can usually be found in the browser's help menu. For the following browsers, the help menu can be found under the following links:

Internet Explorer: https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies

Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/12.0/mac/10.14

Opera: https://help.opera.com/en/latest/web-preferences/

If the user does not accept a cookie for application, the presentation of the usability of our website may be restricted for the respective user.

b. Facebook

We operate a page in the form of a Facebook presence on which we regularly publish current posts concerning our offers and services in the insurance sector. Facebook is therefore used for the purpose of providing information about our offers and services as well as for marketing purposes. In addition to the positioning of our products and services, an exchange with customers, users and interested parties takes place via this Facebook page. The Facebook network is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (formerly Facebook Ireland Ltd.), a subsidiary of Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA. The receiving state of the personal data concerned is therefore the USA. To ensure an appropriate level of data protection, the standard contractual clauses of the European Commission recognised by the FDPIC are used in addition to the contractual regulation on data processing. In addition, appropriate technical and organisational measures are taken to maintain the required level of protection in accordance with applicable data protection law.

When you access our Facebook page, your data is processed by Meta Platforms Ireland Ltd (formerly Facebook Ireland Ltd). This involves a statistical evaluation of the user data of our company page on Facebook. On the part of the operator, the data is used for market research purposes as well as for advertising, and user profiles are also created. If you, as a Facebook user, are also logged into Facebook at the time of accessing our Facebook page, Meta Platforms Ireland Ltd. can link the data with your respective user account.

If you visit or like our Facebook page as a Facebook user, Facebook collects personal data from you. If you are not registered with Facebook and visit the Facebook page, Facebook may collect pseudonymous usage data from you.

Please note that in this context there is the possibility that Meta Platforms Ireland Ltd. may also set cookies when using Facebook. If you do not agree to this, you have the option of preventing the use of cookies by setting your browser accordingly or, in the case of Flash cookies, by setting your Flash player appropriately. Existing cookies can also be deleted at any time. If you prevent or restrict the use of cookies, this can lead to not all Facebook functions being fully usable.

If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your end device. This enables Facebook to track that you visited this page and how you used it. If you would like to avoid this, you can log out of Facebook or deactivate the "stay logged in" function, delete the cookies on your device and close your browser then restart it. This way, the Facebook information through which you can be directly identified is deleted. When you access interactive functions on Facebook ("Like", "Comment", "Share", "Message", etc.), a Facebook login screen appears. If you log in again to Facebook with your login data, you will be recognizable to Facebook anew as an identifiable user.

For details on the way information is processed and how you can manage or delete existing information, please refer to Facebook's Privacy Policy:

https://www.facebook.com/privacy/policy/

If you contact us via our Facebook page, the data you enter will be used by us to process the contact. After processing your contact, we will delete the corresponding data, unless there is a legal retention obligation.

The collection and processing of your personal data is based on a legitimate interest in processing this data. The legitimate interest on our side, is the evaluation of the collected data and the corresponding communication with customers, potential customers, and users, as well as the advertising, offer and distribution of our services in the marketing area.

Facebook's data protection officer can be reached via the contact form below:

https://www.facebook.com/help/contact/540977946302970

Further information in connection data processing by Facebook can be found in the Facebook Privacy Policy:

https://www.facebook.com/privacy/explanation

Finally, we would like to point out that you use our Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

We would like to point out the concerns of the data protection authorities in connection with the transfer of data by Meta/Facebook, as Meta/Facebook does not exhaustively and clearly state how long Facebook stores data and whether data from a visit to a Facebook page or Instagram page is passed on to third parties within the group. Therefore, we must point out to you that visiting Facebook or Instagram pages and using the interactive functions (e.g., commenting, sharing, rating, etc.) is completely your own responsibility.

c. LinkedIn

Our website operates a presence page on the LinkedIn network. The LinkedIn network is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. Maude Avenue, Sunnyvale, CA 94085 USA. The receiving state of the personal data concerned is therefore the USA. To ensure an appropriate level of data protection, the standard contractual clauses of the European Commission recognised by the FDPIC are used in addition to the contractual regulation on data processing. In addition, appropriate technical and organisational measures are taken to maintain the required level of protection in accordance with applicable data protection law.

If you, as a LinkedIn user, are also logged into LinkedIn at the time of accessing our LinkedIn page, LinkedIn can associate the data with your user account. If you as a user click the "Like" button or the "Share" button or use other functions for interaction in the LinkedIn network, this information is stored in the respective user account and, depending on the form of interaction, also published. If you would like to prevent a corresponding collection and assignment of information, it is necessary that you log out of your LinkedIn user account before clicking on the LinkedIn graphic on our website. Furthermore, there is the possibility to configure settings regarding the collection, use and sharing of data in the respective user account, see LinkedIn Privacy Policy:

https://www.linkedin.com/legal/privacy-policy#choices

If you contact us via our LinkedIn page, the data you enter will be used to process the contact. After processing your contact, we will delete the corresponding data, unless there is a legal retention obligation. The collection and processing of your personal data is based on a legitimate interest in processing this data. The legitimate interest on our side, is the evaluation of the collected data and the corresponding communication with customers, potential customers, and users, as well as the advertising, offer and distribution of our services in the marketing area. Further information in connection with data processing by LinkedIn can be found in the LinkedIn privacy policy:

https://www.linkedin.com/legal/privacy-policy

d. Youtube

We operate a presence on the video platform YouTube to present Youselect and our services. YouTube is a platform that enables the replay of audio and video files. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. The receiving state of the personal data concerned is therefore the USA. To ensure an appropriate level of data protection, the standard contractual clauses of the European Commission recognised by the FDPIC are used in addition to the contractual regulation on data processing. In addition, appropriate technical and organisational measures are taken to maintain the required level of protection in accordance with applicable data protection law.

If you contact us via our Youtube Presence, the data you enter will be used to process the contact. After processing your contact, we will delete the corresponding data, unless there is a legal retention obligation.

Beyond the contact data, we do not process any personal data via the YouTube presence.

Whether and to what extent a data processing takes place outside the aforementioned use of the contact data by YouTube as a result of your account is beyond our knowledge. Any corresponding use of the account is exclusively your responsibility and outside our area of responsibility.

We would like to point out that the use of the YouTube account and service is at your own responsibility. We would also like to draw your attention to the fact that you use our YouTube site and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

We would like to point out that there is a possibility that user data may be processed outside of Switzerland or the European Union, especially in the USA. This may result in increased risks for users. We have no access to this user data. The possibility of access lies exclusively with YouTube.

If you, as a YouTube user or Google user, are also logged in to YouTube or Google when you access our YouTube presence, the data generated can be assigned to your user account by Google. If you wish to prevent the respective collection and allocation of information, you must log out of your YouTube or Google user account before accessing our YouTube presence.

You can find YouTube's data protection information at:

https://policies.google.com/privacy?hl=en

12. Google Maps

In addition, in the context of using our app, we use the Google Maps service to display your location and map information for the purpose of using the "Doctors nearby" functionality. Google Maps is a mapping service provided by Google LLC, for the display of an interactive map and for the creation of directions. This is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

The receiving state of the personal data concerned is therefore Ireland. To ensure an appropriate level of data protection, the standard contractual clauses of the European Commission recognised by the FDPIC are used in addition to the contractual regulation on data processing. In addition, appropriate technical and organisational measures are taken to maintain the required level of protection in accordance with applicable data protection law.

If you call up the app, the integrated Google Maps component is also activated, and Google activates a cookie on your end device. To display your location and create directions, your user settings and data are processed. Through the connection to Google established this way, Google can determine to which IP address the directions are to be transmitted.

The Google privacy policy and additional terms of use for Google Maps can be found at:

https://policies.google.com/privacy?hl=en-GB

In addition, for our insurance offer for Spain ("International student health insurance Spain"), a check is made by means of the Google Maps Platform whether the address specified in the insurance application exists.

The use of the functions and content of Google Maps is subject to the current terms of use and privacy policy:
https://maps.google.com/help/terms_maps/
https://policies.google.com/privacy

13. Changes to the privacy policy

We reserve the right to change this privacy policy at any time. The current version that we publish on our website applies. The date of the last update can be found at the end of this privacy policy.

Status: August 2023