In accordance with Art. 13 General Data Protection Regulation (GDPR), Swisscare Europe Ltd. (hereinafter Swisscare) is informing the Customer about how personal data will be processed within the scope of the services provided by Swisscare.
Who is responsible for processing your personal data
Swisscare Europe Ltd.
Alte Landstrasse 6
6496 Balzers (LI)
The data protection officer can be contacted via the above-mentioned address with the addition to the Data Protection Officer” or via email at email@example.com
Rights of the data subject
Every data subject has the right to request information about any personal data being processed by Swisscare. In particular, information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with personal data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, transmission of data, the source of the personal data if not collected through Swisscare and if automatic decision-making technologies including profiling are being used.
Additionally, every data subject has the right to revoke a previously granted consent to use personal data at any time.
The Customer has the right to object to the processing of personal data for marketing purposes. Swisscare enables Clients to unsubscribe from the newsletter independently. If Swisscare processes personal data in order to protect legitimate interests, the Client has the possibility to object to this based on the particular situation.
Should the processing of personal data be inconsistent or contradicts the applicable data protection laws there is the possibility to lodge a complaint with the data protection officer.
Why does Swisscare process personal data? What is the legal basis?
Swisscare processes personal data in compliance with the GDPR, and the local data protection regulations applicable in the Principality of Liechtenstein, namely the Data Protection Act and the Data Protection Ordinance.
Within the scope of the services offered, Swisscare requires certain information in order to be able to conclude a contract with a Customer. If the potential Customer decides to conclude an insurance contract with Swisscare, personal data is processed in order to apply for an offer, as well as to conclude and maintain a contractual relationship, for example for invoicing purposes or to verify eligibility.
Swisscare is unable to conclude a contractual relationship with a Customer without this personal data. For this reason, the information required is based on Art. 6 paras. 1 letter b (necessary for the performance of a contract) and c (compliance with a legal obligation) of the GDPR, for example, due to tax law regulations, social security and health insurance law regulations, corporate regulations and compliance obligations. Due to these regulations and statutory retention periods, Swisscare is unable to delete certain personal data until these statutory retention periods have passed.
Data we process due to Art. 6 para. 1 letter f GDPR (legitimate interests) are due to the following:
IT Security and Operations
Insurance Fraud Prevention
Marketing of Swisscare products and services
Third parties who receive personal data
Relevant personal data will be communicated to the Insurer based on the concluded contract. Swisscare may be obliged to disclose personal data to governing authorities concerning the insurance validity and concerning exemption from mandatory health insurance, as well as to other insurers and reinsurers. Swisscare may also have to give access to third-party providers of the IT Services in order to maintain IT Security and Operations who may be accessing Swisscare’s data from the EU/EFTA area or from a third country.
It is also possible that Swisscare will also have to communicate personal data to governing authorities for the fulfillment of statutory duties of notifications (finance authorities, criminal investigation agencies).
Swisscare will store personal data until the statute of limitations for claims against Swisscare has ended (retention period is between 5 and 30 years), and if Swisscare has a legal obligation to do so.
Description of data processing
Visitor and usage data:
Swisscare’s system records data and information about the computer used by the User automatically and with every visit on our website.
The following data are collected:
Information regarding the type and version of internet browser used to access the website
Internet service provider
Date, time and country of each access
Web page from which the user was redirected to our page
The data mentioned above are saved for a maximum time period of [specify] days. This storing is done due to security reasons to ensure the stability and integrity of our systems.
Swisscare does analyze the usage of our web presence with the following tool(s) [to be completed and insert link of privacy statement of third party application].This analysis is exclusively for the purpose of optimizing the website with regards to usability and the provision of useful information about Swisscare services. A merger of data with other personal data sources or disclosure to third parties is precluded.
Legal basis for the temporary storage of data and log files is Article 6 (1) lett. f GDPR.
No evaluation of personal data takes place. All analyses are based on anonymized datasets.
The statistical evaluations will be stored for [xxx days/weeks/months].
Additionally, we ensure that your IP address is anonymised before it is transmitted to Google. […to be completed]
Legal basis for the usage of Google Analytics is Article 6 (1) lett. f GDPR.
Legal basis for the processing of data through cookies is Article 6 (1) lett. f GDPR.
Cookies are valid for [… define timeframe] and will subsequently be deleted by your browser.
If a User fills out a contact form, sends us an email or another form of electronic message, the data will only be used to process the inquiry and possible further questions.
Legal basis for the processing of your inquiry is Article 6 (1) lett. b GDPR.
If subscribing to our newsletter the User will receive an email containing a hyperlink immediately after signing up. By clicking on the said link the User confirms the subscription (double opt-in method). If the User does not click on the link within [define timeframe] the email address will be deleted from Swisscare’s temporary list and no subscription will be made.
If the User confirms the subscription and has given Swisscare the permission to save the email address including the date and time of signing up, your IP address as well as the selected newsletters. Swisscare only uses the email address and personal data [such as…] to manage and send the selected newsletter.
Swisscare newsletters do not contain visible or hidden counters, third party ads or links to external websites that are not directly connected to the content in the newsletter.
Each newsletter contains a reference on how to unsubscribe from the newsletter.
To purchase an insurance policy online the User has to sign up and chose an email address and define a password. The password is encrypted and cannot be viewed by us.
When signing up the Customer must provide name, passport number, residence and destination, address, email address, and payment information. During the insurance application, further information will be provided about the reason and scope of the data processing. The Customer can agree to the terms by checking a box. This process will be recorded.
Therefore, we store the following data [specify. E.g. user name, date and time etc.].
The data from the purchased insurance policies are also stored on the user account.
Swisscare only uses the personal data collected at the initial sign up to properly process the insurance application.
If the Customer requests to update any information Swisscare keeps a copy of the prior details for questions that might come up.
The Customer can revoke your consent to process the above-mentioned data at any time. If the request can be processed, the User will be required to sign up for any future orders. The revocation of consent is to be directed at the DPO, whose details are mentioned above.
All personal data will be deleted after completion of the order if there is no legal obligation to keep them (e.g. for accounting purposes).
The Customer has the possibility to delete your user account when you have no pending orders.
Social plugins (e.g. Facebook, Twitter etc.)
All embedded social plugins use the two-click process. This means that the recording of your surfing patterns via a plugin will only start if you activate it. If you are logged in to a social media account while using our website this plugin will register the visit on our website on the first click and can match it to your account.
We use a common encryption technology “[specify]” in connection with the highest encryption levels that are supported by your browser. If a page on our website was/is being transmitted encrypted it is shown by the lock symbol in the address bar of your browser.
Additionally, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments. [Specify]