CH customers (Switzerland)
FL customers (Liechtenstein)
Website users
The bodies responsible for the data processing described here are:
- Baloise Insurance Ltd, Aeschengraben 21, 4002 Basel
(all classes of insurance with the exception of life insurance and legal expenses insurance) - Baloise Life Ltd, Aeschengraben 21, 4002 Basel (Life insurance)
(hereinafter "Baloise or "we")
If you have any questions, the Data Protection Officer can be contacted at: Baloise Insurance Ltd, Data Protection Officer, Aeschengraben 21, P.O. Box, CH-4002 Basel
datenschutz@baloise.ch
You will find this information about data processing on our website under "data protection information for insurance contracts".
The processing of your personal data (hereinafter “data”) is essential and indispensable for the purpose of concluding a contract with Baloise. We greatly value the trust you place in Baloise, which is why protecting your privacy is our highest priority. Our employees therefore receive regular training on data protection and are obliged to comply with special confidentiality obligations. In addition, compliance with data protection is continuously monitored by us.
“Processing” refers to any handling of your data, regardless of the means and procedures used, including, in particular, the acquisition, retention, use, alteration, disclosure, archiving or destruction of the data. In order to inform you in a transparent manner about how your data is processed and to enable you to better understand the individual data processing steps, we are pleased to describe below the way in which Baloise processes your data in the context of insurance relationships (e.g. for the purposes of concluding, executing and acquiring or terminating insurance contracts).
1.1. Data obtained from you
We process personal data provided by you, including the following:
- Your personal details and contact information: In particular name, date of birth, address, telephone number, e-mail address, age, gender, tax status, health data;
- Information on third parties: In motor vehicle insurance, in particular information on the person of the owner and the most frequent driver (e.g. name, date of birth, nationality) and in life insurance information on possible beneficiaries and other parties of the contract;
- Financial and debt collection data: In particular, bank details for processing subsequent payments (e.g. account number, credit card data, PayPal data), AHV income data, premium payments, outstanding payments and reminders;
- Further identification data: In particular, identification details for products reserved for a specific group of customers (e.g. membership number of the Touring Club Switzerland (TCS) for taking out a TCS car insurance);
- General data from applications and contracts (e.g. insured risks, contract duration, information on previous or other insurance policies including claims burden) as well as information specific to the insurance product for calculating the insurance premium:
- in the motor vehicle insurance, e.g. registration number, information on your vehicle, on your mileage, on no-claims classes (bonus/malus) and on the financing of the vehicle, e.g. leasing;
- in property insurance e.g. brand and model, sum insured, value and age of the insured object, photo of the insured object or proof of purchase;
- in household insurance, e.g. living and housing situation such as number of rooms, canton of residence, value of household contents, ownership, number of persons in the same household;
- in building insurance, e.g. ownership of land and residential property, type of building, type of house, purchase price;
- in liability insurance, e.g. living and housing situation, number of persons in joint household, ownership, canton of residence;
- in life insurance: information on your family and financial situation (e.g. number of persons in the same household) and data on the various parties to the contract.
- in property, liability and technical insurance, e.g. operating mode, NOGA code, legal form, annual turnover, business inventory, main place of insurance, secondary place of insurance, AHV annual total wages, total fees, extinguishing circumstances, design class, safety equipment for fire and theft, insured sum;
- in transport insurance, e.g. transported annual turnover, means of transport, transport routes.
- Information in connection with any damages or claims settlement: In particular information from claims reports, doctor's reports, invoice data, data relating to injured parties.
1.2. Data obtained from third parties
For the purposes of the contract conclusion and the contract processing, we may based on you consent in your insurance request obtain the necessary relevant information from third parties (e.g. public authorities, previous insurers and reinsurers, financing companies or banks for externally financed vehicles, buildings or property) in accordance with clause 1.5(1) below.
In order to offer you our best possible service and advise you in an optimum way, as well as ensuring data accuracy, we also process data (personal and financial details about you, such as size of household, income class and spending power, purchasing behaviour and contact details of family members) that we obtain from data suppliers and address dealers or from third-party website operators and online networks.
1.3. Purposes of the data processing
1.3.1. Limitation to specific purposes
Your data will be used by us for purposes which we pointed out to you on their collection or if we are obliged to do so by law.
1.3.2. Processing for the performance of contracts and the settlement of claims and for carrying out pre-contractual measures (incl. the creation of customer profiles and automated data processing)
Baloise collects, stores and processes your data to the extent that this is required for customer acquisition, risk measurement and assessment prior to contract conclusion, management of the customer relationship, performance of the contract and the provision of contractual services, assessment of the obligation to pay indemnity and settlement of claims, invoicing, responding to questions and enquiries and provision of support in the event of technical issues.
We may also create customer profiles about you for the purpose of conducting individualised, targeted risk measurement sand assessment as the basis for decisions and calculations relating to the insurance contract. This risk assessment is necessary in order to be able to offer you a suitable insurance contract.
If, when concluding a contract, decisions are made, on the basis of fully or partially automated processing of personal data, that have a legal impact on you (such as conclusion of contract, termination, risk exclusions, premium amount) or significantly affect you in a similar manner, we will inform you at that time in an appropriate manner. If necessary, you can then have us review the relevant decision.
1.3.3. Processing for marketing purposes (including creation of customer profiles), for product optimisation and market research
We can also use your data in order to offer you products and services individually tailored to you. In order to provide you with individually targeted advertising and offers, and to be better able to address your needs, we may also create customer profiles of you and categorize you in advertising groups(no special categories of personal data such as health data). In this respect, our legitimate interest is that you are quickly and effectively informed about our products and services that may be of interest to them.
Baloise also offers its products in cooperation with selected partners, who, as tied agents, offer Baloise insurances under their own brands (e.g. TCS Car Insurance, Ford Car Insurance, Mazda Car Insurance, RCI Assurance, PSA Assurance and Hyundai Insurance). When you conclude such an insurance contract, your data may based on your consent also be shared between us and the business partner for marketing purposes.
In addition, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. For our survey on customer satisfaction, we ask you about your experiences with Baloise. In some cases, we also use the results of this survey to personally contact you, actively process your concerns, and improve our internal processes. We also collect, store and process your data for the evaluation, improvement and redevelopment of services and functions.
In this respect, our legitimate interest is that our products and services are continually developed and thus meet the requirements of our customers.
If the processing of your data in this context takes place on the basis of a legitimate interest on our part, we will weight up the interests internally in advance according to the nature of your data affected in individual cases. In particular, we also take into account the standard industry practices regarding the processing. In these cases, you have the right to object at any time to the processing of your personal data and the creation of customer profiles for marketing purposes.
1.3.4 Processing for fulfilling legal obligations
In order to comply with legal obligations (e.g. anti-money laundering clarifications and international exchange of tax information), we may in some cases have to subject your data to more detailed clarifications (such as verification of identity, clarification of beneficial ownership of funds and ownership of companies), based on the applicable laws.
1.3.5 Insurance fraud
To combat fraud in the field of motor vehicle insurance, we – like most other insurance companies – provide SVV Solution AG, a subsidiary of the Swiss Insurance Association (SVV), with vehicle-related claims data that are recorded in the “CarClaims-Info” database. By using CarClaims-Info, it is possible to check whether a registered vehicle claim has already been paid out by another insurance company. If there are grounds for suspecting fraud, the companies may share the relevant data (e.g. vehicle expertise, indemnification agreement).
1.4. Transfer of your data to other Group companies
In order to provide you with the best-possible insurance coverage and individualized financial solutions, we may share your information with other Baloise Group companies for risk measurement and assessment and based on your consent for the offer of individually targeted products and services and the provision of reinsurance solutions (no special categories of personal data).
You can request a list of our Group companies via the postal address or email address stated under clause 1.8.
1.5. Sharing of data with relevant insurers, public authorities and intermediaries
If required for the conclusion and the processing of the contract, we will based on your consent obtain relevant information and details from files held by the authorities, private and social insurers or third parties that are party to or involved in the initiation of the contract or a claims settlement (e.g. previous insurers regarding the previous claim experience). This relevant information includes, for example, personal information, contact details, the details that are provided in the case of specific insurance products, previous insurer information, and family and financial information.
In the interests of all policyholders, data may be shared based on your consent, for the purpose of distributing risks, with reinsurers, co-insurers and previous insurers, both in Switzerland and abroad. If reinsurers also make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. These are, in particular, contract-relevant data such as name, date of birth, gender, contract number, type of insurance cover and risk.
Intermediaries receive the information they need to support and advise customers based on the data about you that we have stored (e.g. contract duration, contract termination, sum insured and coverage). In doing so, we comply with the authorisation issued to the intermediary by you. Intermediaries are bound by law and contract to observe their special duty of secrecy as well as the provisions of the Data Protection Act. Intermediaries also include Baloise business partners (Touring Club Schweiz, Ford Car Insurance, Mazda Car Insurance, RCI Assurance, PSA Assurance and Hyundai Insurance) who, as tied agents. offer Baloise motor vehicle insurance via their sales networks (including brand dealers and authorised workshops). Independent brokers may only access this data if they have been authorised to do so by you.
1.6. Data transfers to other third parties
In order to fulfil statutory requirements, we may be obliged to process your data and transfer it to other third parties (e.g. at the request of the authorities).
In the case of credit checks and the commissioning of debt-collection companies, we may make your data (changes in the payment behaviour during the contract term) available to such companies. In this respect, our legitimate interest is to ensure that the tariffs we set reflect the risks involved. These companies store your personal data and may disclose them to other business partners as part of their activities, provided such partners have presented a credible legitimate interest in individual cases for having the data transferred to them.
Jointly with other companies, we participate in a network for the updating of addresses. As part of this, we transmit your updated address details to a service provider for address updating purposes. This service provider only transfers the updated address to other companies within the network that also have a customer relationship with you. There is no sale or trading of addresses involved in this process. In this respect, our legitimate interest is that we and other affiliated companies with whom you have a customer relationship can reach you at any time and thereby ensure more efficient communication with you.
Your data may also be shared for the aforementioned purposes with other recipients (e.g. experts and appraisers, Baloise business partners, parties involved in legal proceedings or acquirers of business units of Baloise). These recipients will always be required to comply with the applicable data protection provisions.
1.7. Third parties commissioned at home and abroad
In order to offer you cost-effective and comprehensive insurance coverage, some of our services and business functions are carried out on our behalf by legally independent companies at home and abroad.
These service providers (processors) are also contractually obliged to adhere to the defined purposes of the data processing. We conclude a contract with these service providers that meets the requirements of the applicable data protection law.
In the case of service providers located in a country whose data protection legislation is assessed to be unsuitable by the supervisory authorities, we impose obligations on such providers, by means of the standard EU contractual clauses introduced by the European Commission and recognized by the Federal Data Protection Commissioner (FDPIC) prior to transferring any data, in order to guarantee appropriate protection for you.
1.8. Your rights in relation to your data
If you wish to receive information about your personal data that is processed by us, you can do so by submitting to us your written request for information with an enclosed copy of your identity card or passport.
You may demand that we rectify inaccurate data or complete data that are incomplete, or you can rectify or complete this yourself, to a certain extent, in the customer portal at any time.
You may also demand the deletion of your data, provided we are not required or authorised by applicable law or regulations to retain your data.
In all cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent, this does not affect the legality of the processing undertaken on the basis of your consent up until the revocation.
You can submit the relevant requests to the following address:
Baloise Insurance Ltd, Data Protection Officer, Aeschengraben 21, P.O. Box, CH-4002 Basel
1.9. Retention period
In accordance with our erasure policies, your data will only be stored for as long as this is necessary for the aforementioned purposes or for as long as we are authorised to store it for longer period.
1.10. Changes to this information on data processing
We reserve the right to amend or supplement this information on data processing at any time. We will inform you of any amendment to this information on data processing in an appropriate manner (e.g. on our website) when the change comes into effect.
In life, passenger accident and liability insurance, we are additionally dependent on the processing of your particularly sensitive data (e.g. health data) in the event of a claim based on your consent obtained at that time. The consent clauses in such cases are supplemented by declarations of release from the duties of confidentiality in order to allow service providers (e.g. physicians, chiropractors, psychologists, persons delivering services on behalf or on instruction of a physician, laboratories, hospitals, inpatient and outpatient medical facilities and nursing homes). The relevant information will be used with your consent at the time of the benefit cases.
We do not always carry out certain (sub-)tasks ourselves, such as the processing of benefit cases in which your health data may be collected, processed or used, but sometimes assign the performance of such tasks to legally independent companies at home and abroad or other Baloise Group companies. This can result in the transfer of health and/or other data protected by law (e.g. the fact that you hold a passenger accident or liability insurance policy with our company). The service providers used by us are contractually obliged to comply with data protection requirements, the duty of confidentiality and data security.
If you are listed as a beneficiary under a pillar 3a or 3b life insurance policy in the event of an insured event, regardless of whether you are also the policyholder or insured person in the contract, we collect and process the following data in particular when you pay out insurance benefits (endowment, death and annuity benefits):
- Your personal details (e.g. name, date of birth)
- Contact data (e.g. address, telephone number, e-mail address)
- Bank details for processing subsequent payments (e.g. account number)
- Information on your family and financial situation (e.g. relationship with policyholder or insured person, tax number)
4.1. Confidentiality
We treat your data (e.g. contract details, claims details and IP address) as confidential and comply with the applicable data protection provisions. In addition, we adhere to recognised security standards, such as ISO 27001.
4.2. Internet risks
In transferring data via the internet, you are acting at your own risk. We protect the data you transmit via our webpages during transit by means of appropriate encryption mechanisms.
In addition, we take appropriate technical and organisational security measures to reduce the risks within our websites. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.
4.3. Email encryption
We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer).
If you use our customer contact form, your data will be sent to us in encrypted form.
4.4. Blocking of access
In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our webpages until the security risks have been eliminated. We do not accept any liability for any loss or consequential losses arising from the suspension or blocking of access.
If you have any further questions, please contact our Data Protection Officer, who is available to you in the case of information requests, suggestions or complaints.
Baloise Insurance Ltd
Data Protection Officer
Aeschengraben 21, P.O. Box
CH-4002 Basel
datenschutz@baloise.ch
www.baloise.ch
The body responsible for the data processing described here is:
- Baloise Insurance Ltd, Aeschengraben 21, P.O. Box, 4002 Basel, Switzerland (hereinafter “Baloise”).
If you have any questions, our data protection officer can be contacted at:
- Baloise Insurance Ltd, Data Protection Officer, Aeschengraben 21, P.O. Box, 4002 Basel, Switzerland
datenschutz@baloise.ch
In addition, Baloise Life (Liechtenstein) AG, Alte Landstrasse 6, 9496 Balzers, Liechtenstein, dataprotection@baloise-life.com is also available if you have any questions.
The processing of your personal data (hereinafter “data”) is essential and indispensable for the purpose of concluding a contract with Baloise. We greatly value the trust you place in Baloise, which is why protecting your privacy is our highest priority. Our employees therefore receive regular training on data protection and are obliged to comply with special confidentiality obligations. In addition, compliance with data protection is continuously monitored by us.
“Processing” refers to any handling of your data, regardless of the means and procedures used, including, in particular, the acquisition, retention, use, alteration, disclosure, archiving or destruction of the data. In order to inform you in a transparent manner about how your data is processed and to enable you to better understand the individual data processing steps, we are pleased to describe below the way in which Baloise processes your data (e.g. for the purposes of concluding, executing and acquiring or terminating insurance contracts as well as in relation to the use of Baloise websites).
1.1. Data obtained from you
We process personal data provided by you, including the following:
- Your personal details (e.g. name and date of birth) and, in the case of motor vehicle insurance, additional details about the registered keeper and main driver of the vehicle (e.g. name, date of birth and nationality)
- Contact details (e.g. address, telephone number and email address)
- Bank details for processing subsequent payments (e.g. account number, credit card details and PayPal details)
- Identification details used in the case of products reserved for a specific group of customers (e.g. membership number of the Touring Club Schweiz for the concluding of a TCS car insurance contract)
- Details that are provided in the case of specific insurance products to calculate the insurance premium:
- in the case of motor vehicle insurance, for example, licence number, details about your vehicle, your mileage, your no-claims category [bonus/penalty] and vehicle financing, e.g. leasing;
- in the case of property insurance, for example, make and model, sum insured, value and age of the insured property, photograph of the insured property or proof of purchase;
- in the case of household insurance, for example, living and housing situation, such as number of rooms, canton of residence, value of home contents, ownership situation;
- in the case of building insurance, for example, nature of ownership of land and residential property, type of building, type of construction of the building, purchase price;
- in case of liability insurance, for example, living and housing situation, number of people in the joint household, ownership situation, canton of residence.
- Details of your previous insurance policies (e.g. previous insurance, incl. claims burden)
- Details about your family and financial situation (e.g. number of people in the same household)
- Information about your health, subject to your consent
- Additional information from applications, contracts and any claims notifications
1.2. Data obtained from third parties
For the purposes of the contract conclusion and the contract processing, we may obtain the necessary relevant information from third parties (e.g. public authorities, previous insurers and reinsurers, financing companies or banks for externally financed vehicles, buildings or property) in accordance with clause 1.5(1) below.
In order to offer you our best possible service and advise you in an optimum way, as well as ensuring data accuracy, we also process data (personal and financial details about you, such as size of household, income class and spending power, purchasing behaviour and contact details of family members) that we obtain from data suppliers and address dealers or from third-party website operators and online networks.
1.3. Purposes of the data processing
1.3.1. Limitation to specific purposes
Your data will be used by us for purposes which we pointed out to you on their collection or if we are obliged to do so by law.
1.3.2. Processing for the performance of contracts and the settlement of claims and for carrying out pre-contractual measures (incl. the creation of customer profiles and automated data processing) (Art. 6(1)(b) GDPR)
Baloise collects, stores and processes your data to the extent that this is required for customer acquisition, risk measurement and assessment prior to contract conclusion, management of the customer relationship, performance of the contract and the provision of contractual services, assessment of the obligation to pay indemnity and settlement of claims, invoicing, responding to questions and enquiries and provision of support in the event of technical issues.
We may also create customer profiles about you for the purpose of conducting individualised, targeted risk measurements and assessment as the basis for decisions and calculations relating to the insurance contract. This risk assessment is necessary in order to be able to offer you a suitable insurance contract.
If, when concluding a contract, decisions are made, on the basis of fully or partially automated processing of personal data, that have a legal impact on you (such as conclusion of contract, termination, risk exclusions, premium amount) or significantly affect you in a similar manner, we will inform you at that time in an appropriate manner. If necessary, you can then have us review the relevant decision.
1.3.3. Processing for marketing purposes (incl. creation of customer profiles), for product optimisation and market research (Art. 6(1)(f) GDPR)
We can also use your data in order to offer you products and services individually tailored to you. In this respect, our legitimate interest is that our customers and potential customers are quickly and effectively informed about our products and services that may be of interest to them.
In order to provide you with individually targeted advertising and offers, and to be better able to address your needs, we may also create customer profiles of you (no special categories of personal data such as health data). Baloise also offers its products in cooperation with selected partners, who, as tied agents, offer Baloise motor vehicle insurance under their own brands (TCS Car Insurance, Ford Car Insurance, Mazda Car Insurance, RCI Assurance, PSA Assurance and Hyundai Insurance). When you conclude such an insurance contract, your data may also be shared between us and the business partner for marketing purposes.
We also collect, store and process your data for the evaluation, improvement and redevelopment of services and functions.
In addition, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. For our survey on customer satisfaction, we ask you about your specific experiences with Baloise. In some cases, we also use the results of this survey to personally contact you, actively process your concerns, and improve our internal processes.
In this respect, our legitimate interest is that our products and services are continually developed and thus meet the requirements of our customers.
If the processing of your data takes place on the basis of a legitimate interest on our part, we will weight up the interests internally in advance according to the nature of your data affected in individual cases. In particular, we also take into account the standard industry practices regarding the processing. In these cases, you also have the right to object at any time to the processing of your personal data and the creation of customer profiles. We will then no longer process your personal data for these purposes.
1.3.4 Processing for fulfilling legal obligations (Art. 6(1)(c) GDPR)
In order to comply with legal obligations (e.g. anti-money laundering clarifications and international exchange of tax information), we may in some cases have to subject your data to more detailed clarifications (such as verification of identity, clarification of beneficial ownership of funds and ownership of companies), based on the applicable laws.
1.3.5 Insurance fraud
To combat fraud in the field of motor vehicle insurance, we – like most other insurance companies – provide SVV Solution AG, a subsidiary of the Swiss Insurance Association (SIA), with vehicle-related claims data that are recorded in the “CarClaims-Info” database. Through the use of “CarClaims-Info” it is possible to check whether a registered vehicle claim has already been paid out by another insurance company. If there are grounds for suspecting fraud, the companies may share the relevant data (e.g. vehicle expertise, indemnification agreement).
1.4. Transfer of your data to other Group companies (Art. 6(1)(f) GDPR)
In order to provide you with the best-possible insurance coverage, we may share your information with other Baloise Group companies for risk measurement and assessment and the provision of reinsurance solutions (no special categories of personal data). In this respect, our legitimate interest is to ensure an effective internal administration of the Baloise Group and to provide you with the best-possible insurance coverage.
You can request a list of our Group companies via the postal address or email address stated under clause 1.8.
1.5. Sharing of data with relevant insurers, public authorities and intermediaries (Art. 6(1)(b) GDPR)
If required for the conclusion and the processing of the contract, we will obtain relevant information and details from files held by the authorities, private and social insurers or third parties that are party to or involved in the initiation of the contract or a claims settlement (e.g. previous insurers regarding the previous claim experience). This relevant information includes, for example, personal information, contact details, the details that are provided in the case of specific insurance products, previous insurer information, and family and financial information.
In the interests of all policyholders, data may be shared, for the purpose of distributing risks, with reinsurers, co-insurers and previous insurers, both in Switzerland and abroad. If reinsurers also make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. These are, in particular, contract-relevant data such as name, date of birth, gender, contract number, type of insurance cover and risk.
Intermediaries receive the information they need to support and advise customers based on the data about you that we have stored (e.g. contract duration, contract termination, sum insured and coverage). In doing so, we comply with the authorisation issued to the intermediary by you. Intermediaries are bound by law and contract to observe their special duty of secrecy as well as the provisions of the Data Protection Act. Intermediaries also include Baloise business partners (Touring Club Schweiz, Ford Car Insurance, Mazda Car Insurance, RCI Assurance, PSA Assurance and Hyundai Insurance) who, as tied agents, offer Baloise motor vehicle insurance via their sales networks (including brand dealers and authorised workshops). Independent brokers may only access this data if they have been authorised to do so by you.
1.6. Data transfers to other third parties
In order to fulfil statutory requirements, we may be obliged to process your data and transfer it to other third parties (e.g. at the request of the authorities). In this case, the transfer of data is conducted on the basis of Art. 6(1)(c) GDPR.
In the case of credit checks and the commissioning of debt-collection companies, we may make your data (changes in the payment behaviour during the contract term) available to such companies. In this case, the transfer of data is conducted on the basis of Art. 6(1)(f) GDPR. In this respect, our legitimate interest is to ensure that the tariffs we set reflect the risks involved. These companies store your personal data and may disclose them to other business partners as part of their activities, provided such partners have presented a credible legitimate interest in individual cases for having the data transferred to them.
Jointly with other companies, we participate in a network for the updating of addresses. As part of this, we transmit your updated address details to a service provider for address updating purposes. This service provider only transfers the updated address to other companies within the network that also have a customer relationship with you. There is no sale or trading of addresses involved in this process. In this case, the transfer of data is conducted on the basis of Art. 6(1)(f) GDPR. In this respect, our legitimate interest is that we and other affiliated companies with whom you have a customer relationship can reach you at any time and thereby ensure more efficient communication with you.
Your data may also be shared for the aforementioned purposes with other recipients (e.g. experts and appraisers, Baloise business partners, parties involved in legal proceedings or acquirers of business units of Baloise). These recipients will always be required to comply with the applicable data protection provisions.
1.7. Third parties commissioned at home and abroad
In order to offer you cost-effective and comprehensive insurance coverage, some of our services and business functions are carried out on our behalf by legally independent companies at home and, in some cases, abroad (e.g. support companies from abroad can access our systems and process data from their location abroad in order to provide IT maintenance).
These service providers (processors) are also contractually obliged to adhere to the defined purposes of the data processing. We conclude a contract with these service providers that meets the requirements of the applicable data protection law.
In the case of service providers located in a country whose data protection legislation is assessed to be unsuitable by the supervisory authorities, we impose obligations on such providers, by means of the standard EU contractual clauses introduced by the European Commission (Art. 46(2)(c) GDPR) prior to transferring any data, in order to guarantee appropriate protection for you.
1.8. Your rights in relation to your data
If you wish to receive information about your personal data that is processed by us, you can do so by submitting to us your written request for information with an enclosed copy of your identity card or passport.
You may demand that we rectify inaccurate data or complete data that are incomplete, or you can rectify or complete this yourself, to a certain extent, in the customer portal at any time.
You may also demand the deletion of your data, provided we are not required or authorised by applicable law or regulations to retain your data.
You have the right to request the restriction of the processing of your data, pursuant to the statutory requirements. In this case, apart from storage thereof and subject to the assertion of legal rights, we will not process your data further.
In all cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent, this does not affect the legality of the processing undertaken on the basis of your consent up until the revocation.
In addition, you have the right to make a complaint to the responsible data protection supervisory authority in the case of a violation of your rights.
You have the right to receive your data from Baloise in a structured, commonly used and machine-readable format, provided your data is processed using automated procedures and this processing is based on your consent or a contract.
You may object to the future processing of your data if this is not strictly necessary for the execution of the contract and if we have no legal basis for carrying out such processing.
You can submit the relevant requests to the following address:
Baloise Insurance Ltd, Data Protection Officer, Aeschengraben 21, P.O. Box, 4002 Basel, Switzerland
datenschutz@baloise.ch
1.9. Retention period
In accordance with our erasure policies, your data will only be stored for as long as this is necessary for the aforementioned purposes or for as long as we are authorised to store it for longer period.
1.10. Changes to this information on data processing
We reserve the right to amend or supplement this information on data processing at any time. We will inform you of any amendment to this information on data processing in an appropriate manner when the change comes into effect. If we process your data for a purpose other than that for which the data was collected, we will inform you in advance about this other purpose in an appropriate manner.
With regard to passenger accident and liability insurance, in the event of a claim we also rely on the processing of special categories of personal data about you, such as health information, based on your consent obtained at that time. The consent clauses in such cases are supplemented by declarations of release from the duties of confidentiality in order to allow service providers (e.g. physicians, chiropractors, psychologists, persons delivering services on behalf or on instruction of a physician, laboratories, hospitals, inpatient and outpatient medical facilities and nursing homes). The relevant information will be used with your consent at the time of the benefit cases.
We do not always carry out certain (sub-)tasks ourselves, such as the processing of benefit cases in which your health data may be collected, processed or used, but sometimes assign the performance of such tasks to legally independent companies at home and abroad or other Baloise Group companies. This can result in the transfer of health and/or other data protected by law (e.g. the fact that you hold a passenger accident or liability insurance policy with our company). The service providers used by us are contractually obliged to comply with data protection requirements, the duty of confidentiality and data security. A transfer of your health data is only undertaken with your explicit consent (Art. 9(2)(a) GDPR).
3.1. Confidentiality
We treat your data (e.g. contract details, claims details and IP address) as confidential and comply with the applicable data protection provisions. In addition, we adhere to recognised security standards, such as ISO 27001.
3.2. Internet risks
In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our web pages during transit by means of appropriate encryption mechanisms.
In addition, we take appropriate technical and organisational security measures to reduce the risks within our websites. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.
3.3. Email encryption
We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer).
If you use our customer contact form, your data will be sent to us in encrypted form.
3.4. Blocking of access
In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our web pages until the security risks have been eliminated. We do not accept any liability for any loss or consequential losses arising from the suspension or blocking of access.
If you have any further questions, please contact our data protection officer, who is available to you in the case of information requests, suggestions or complaints
Baloise Insurance Ltd
Data Protection Officer
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
The Baloise Group takes great care to protect your privacy when processing your personal data. The Baloise Group processes your personal data in compliance with the Swiss Federal Act on Data Protectio and the European General Data Protection Regulation (EU-GDPR) and in accordance with the following principles:
1. Protection
Data privacy is an important issue for Baloise in the light of the rapid progress of digitalisation in the world today. Your personal information is processed with strict confidentiality and in compliance with the latest laws on data protection. Protecting your privacy and your data against unauthorised third-party access, loss and misuse is a top priority for us.
2. Body responsible and contact details
The body responsible for the data processing described herein:
Baloise Insurance Ltd, Aeschengraben 21, 4002 Basel, datenschutz@baloise.com (hereinafter “Baloise” or “we”).
If you have any questions please contact our data protection officer at datenschutz@baloise.com. He is also at your disposal if you have an information request, suggestion or complaint.
3. Use and transmission of personal data limited to specific purposes
Your data is used only for the purpose that is specified when it is collected, for which you have given your consent or that is provided for by law. We oblige our employees to maintain confidentiality, observe the data protection law and – in the case of banking services – to maintain banking secrecy.
4. Handling personal data
Personal data means any information relating to an identified or identifiable natural person. A natural person is deemed to be identifiable if they can be identified directly or indirectly, particularly by means of assignment to a characteristic, e.g. their name, email address or telephone number. Data on an individual’s predilections such as hobbies or club memberships, or on their preferred websites, also counts as personal data. Data that is anonymised or aggregated and can no longer be used to identify a particular person is not deemed to be personal data. “Processing” refers to any handling of personal data, regardless of the means and procedures used, including, in particular, the acquisition, retention, use, alteration, disclosure, archiving or destruction of data.
5. Server logfiles
Baloise uses server logfiles to capture data about your visit to the website. This access data includes:
- name of the website you accessed,
- file name,
- the date and time of your visit,
- the volume of data transferred,
- notification of successful access,
- your browser type and version,
- your operating system,
- the referrer URL (the previous page visited),
- the IP address and the requesting provider.
Baloise uses this logged data for analytical purposes only to ensure the operation and security of our IT systems, and to optimise the website within the meaning of Art. 6 (1) (f) GDPR in order to provide you with a secure and trouble-free user experience at all times. Baloise does, however, reserve the right to verify logged data subsequently, should it have concrete grounds to suspect that the website has been used unlawfully. The server logfiles are deleted after a period of 30 days.
6. Contact form and email
When you contact us using the online form, we capture your contact details transmitted to us so that we can process your enquiry and follow up on any queries that may arise. During the sending procedure your consent is obtained to process the data and you are referred to this privacy policy. The legal basis for this processing of your data is Art. 6 (1) (a) GDPR. You have the right to revoke your consent at any time. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent.
The legal basis for the processing of your data when you contact us by email is Art. 6 (1) (f) GDPR. We only process your personal data in order to process your enquiry. This is where our required legitimate interest in processing the data lies.
If the aim of the email contact is to enter into a contract, Art. 6 (1) (b) GDPR provides an additional legal basis for processing the data.
7. Newsletter
On the Baloise web pages you have the option to subscribe to our newsletter. If you do so, the data you provide (title, last name, first name and email address) is transmitted to us from the data entry screen. We then send you a confirmation email to verify your consent (double opt-in process). The legal basis for this processing of data is Art. 6 (1) (a) GDPR. For the purpose of customised and targeted advertising, the data you transferred when registering for the newsletter may be passed on within the Group companies.
You have the right to revoke your consent at any time. If you no longer wish to receive our newsletter you may unsubscribe via the link provided in each issue of the newsletter. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent.
8. Cookies
Cookies are small text files that are stored locally on your device (PC, smartphone, etc.) and allow data specific to that device to be captured. We use cookies on our web pages. You can learn more about our cookies in our cookie policy and can amend your cookie settings as required in the Cookie Preference Center at any time.
We would also like to make you aware that you can adjust cookies on an individual basis in your browser settings. However, blocking all cookies there may result in this and other websites no longer being displayed correctly. If you want a comprehensive and up-to-date overview of all third-party access to your internet browser, we recommend that you install a browser plugin created for this purpose. You can also configure your computer to issue a warning whenever a cookie is sent. Alternatively, you may elect to disable all cookies. To do this, you can change the browser settings in any browser you use and on any device you use. Each browser is slightly different in its handling of these settings. You can consult the Help menu in your browser to find out how to change your cookie settings. If you disable cookies, the result may be that you do not have access to numerous applications that make the pages and apps more efficient, and some of our services may no longer work for you.
9. Integration of third-party services and content
Our website content consists, to some extent, of third party content such as YouTube videos, maps from Google Maps, RSS feeds or images from other websites. This always requires that the providers of such content (hereinafter referred to as “Third-Party Providers”) identify your IP address. Without this IP address, the third-party providers cannot send the content to your browser. We only integrate this content into our web page to provide you with useful information, or to make a process easier for you without additional data processing. The legal basis for this data processing can thus be found in Art. 6 (1) (f) GDPR. Our legitimate interest lies in the fact that we are able to offer you this content as a service. In addition, certain services are only activated as described above when you actively select them. In these cases data processing is based on Art. 6 (1) (a) GDPR. If you do not want this content, you can select the appropriate settings in your browser settings. We make every effort to use content from providers that use the IP address only for the delivery of such content. However, we cannot influence whether or not third-party providers use the IP address for statistical purposes, for example. We notify users if we become aware of any such usage.
10. Analysis of use behaviour and other services
10.1. Google Analytics and Tag Manager
On our website we use Google Analytics and Tag Manager, a web analytics service and an associated support tool provided by Google Inc. (“Google”). Google Analytics and Tag Manager use cookies to facilitate these services. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. IP anonymization is standard on the Baloise website, which means that your IP address is abbreviated before being transmitted to Google. In exceptional cases only, your full IP address will be transmitted to a Google server in the USA and abbreviated there. The IP address transmitted from your browser in the context of Google Analytics will not be matched with other data held by Google. On our behalf, Google will use this information in order to evaluate your use of the website within the scope of your consent or for technical reasons, to prepare reports on website activity and to provide other services to us in connection with website and internet usage. The legal basis in the case of strictly necessary cookies is Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring as best we can that the web page functions correctly. For all other cookies our processing is based on your consent in the Cookie Preference Center in accordance with Art. 6 (1) (a) GDPR.
The following data may be stored and analysed anonymously and exclusively for statistical purposes:
- the pages visited and the sequence in which they are accessed,
- the operating system and browser used,
- the date and time of the page views,
- the address of the website visited directly beforehand, if your visit has been made via a direct link to us from there, and
- information about the origin.
10.2. Google Places API
On certain websites we use Google Places API to make it easier for our users to perform place-related searches and to fill in address details automatically. The data that is collected through a search using Google Places API is subject to Google’s terms of use. Google processes data on the user’s use of Places. For further information, please visit: https://developers.google.com/maps/terms?hl=de#section_9.
10.3. Google AdWords Conversion Tracking and Google Remarketing
We use Google AdWords Conversion Tracking and Google Remarketing for advertising purposes.
With Google Conversion Tracking, Google AdWords will place a cookie on your computer, provided you have reached one of our web pages via a Google ad. These cookies expire after 30 days and cannot be used for personal identification. If you visit certain pages on our websites and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and then been forwarded to this page. Every AdWords customer, which includes us, is given a unique cookie. Cookies cannot, therefore, be traced beyond the websites of the AdWords customer. The information acquired by means of the conversion cookie helps produce conversion statistics for AdWords customers. AdWords customers find out the total number of users who have clicked on their adverts and who have been forwarded to a page with a conversion tracking tag. However, we do not receive any information with which to identify users personally. If you do not wish to take part in the tracking process, you can reject the setting of a cookie that is required – such as by deactivating the “Targeting Cookies” category in our Cookie Preference Center. The legal basis for our use of Adwords is your consent in accordance with Art. 6 (1) (a) GDPR. With Google Remarketing, cookies are used to record your browsing behaviour in an anonymous manner for marketing purposes and to adapt advertising offers to your interests. These technologies never record or store personal data that allows your identity to be determined. DoubleClick by Google (Pixel TAG) also uses cookies to enable remarketing for products like AdWords in the Google Display Network. The cookies store information such as the time of your visit, whether or not it is your first visit, and information about the website from which you were referred. These cookies can also be set individually in the Cookie Preference Center.
10.4. DoubleClick by Google
DoubleClick by Google is a service provided by Google Inc. that uses cookies to present relevant advertising to you. To this end, a pseudonym identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads were accessed. The cookies do not contain any personal information. The use of Facebook “like” buttons for DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the internet. The information generated by the cookies is transmitted by Google for evaluation to a server in the USA and stored there. Transfer of the data by Google to third parties takes place only subject to legal regulations or in the context of contracted data processing. Under no circumstances will Google combine your data with other data collected by Google. By using our websites, you agree to the processing of the data collected about you by Google and the above-described manner of data processing as well as the stated purpose. You can adjust the way cookies are stored by selecting the appropriate setting in our Cookie Preference Center. Your consent provides us with the legal basis here too in accordance with Art. 6 (1) (a) GDPR.
10.5. Web analysis service by Hotjar Ltd.
On our website, we use the functions of the web analysis service provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, to obtain a better understanding of your needs and help us tailor our services and your experience on this website. Hotjar’s technology allows us to gain a better understanding of how you experience the site (such as how muchtime you spend on which pages, which links you click, what you like and don’t like, etc.), enabling us – incombination with user feedback – to continue offering our services and adapt them to your needs. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices (including the IP address of the device, collected and stored only in anonymous form), screen size of the device, device type (unique device identifiers), browser data, geographic location (country only) and preferred language for viewing our site. Hotjar stores this information in a pseudonymous user profile. More information on data security and processing by Hotjar Ltd. is available at www.hotjar.com/privacy. You can download and install a browser plugin that prevents the information collected by the cookies from being transmitted to and used by Hotjar Ltd. The following link will direct you to the plugin: www.hotjar.com/legal/compliance/opt-out.
10.6. SAS Customer Intelligence
Our website uses functions of the SAS Customer Intelligence 360 service. The provider is SAS Institute Inc., 100 SAS Campus Drive, Cary, NC 27513-2414, USA.
SAS complies with the Swiss–U.S. Privacy Shield Framework privacy policy and is registered for the Swiss–U.S. Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnvOAAS&status=Active) with the U.S. Department of Commerce.
The functions provided by SAS are enabled by the placement of cookies. By giving your consent to the use of cookies on our website, you allow us to store information about your use of our website. This allows us to offer you interest-based advertising material and messages regarding products and services which can be tailored to your requirements. We can place this personalised advertising material and these messages regarding products and services on any end device with which you access MyBaloise using your account details.
You may refuse the use of cookies by selecting the appropriate settings on your browser or adapt them to your requirements at any time in our Cookie Preference Centre. However, please note that, if you choose to do this, you may not be able to use the full functionality of this website.
Further information is available in the SAS Privacy Statement at: www.sas.com/de_ch/legal/privacy.html
10.7. Siteimprove Analytics
This website uses Siteimprove Analytics, a web analysis service provided by Siteimprove. Siteimprove Analytics uses “cookies” – text files that are stored on your computer or smartphone to help us analyse the way in which visitors use the site. The information generated by cookies about users’ website usage is stored and processed by Siteimprove on servers in Denmark.
IP addresses are completely anonymised before the data collected via the Siteimprove suite are made accessible to us. It is not possible to reverse the anonymisation of IP addresses and assign them to the data collected.
We will use this information to evaluate the user behaviour of our website visitors, compile reports about this behaviour and ultimately improve the website experience of our visitors. Siteimprove will not pass this information on to third parties or use it for marketing or advertising purposes of any kind.
The following cookies from Siteimprove are used on this website:
Name of cookie: nmstat
Type: persistent, expires after 1,000 days
About the cookie: This cookie is used to help record the visitor’s use of the website. It is used to collect statistics about site usage such as when the visitor last visited the site. The cookie contains no personal information and is used for web analytics only.
Name of cookie: siteimproveses
Type: session cookie
About the cookie: This cookie is used to track the sequence of pages viewed by a visitor during their visit to the website. The cookie contains no personal information and is used for web analytics only.
10.8. Kameleoon
This website uses the test and web analysis service Kameleoon. The software tool enables an analysis of user behavior based on user segmentation. By evaluating the logfile data, Kameleoon can determine how individual user segments are visiting the website, which landing pages are visited and how click rates can be increased.
As described above, cookies and or the local storage of the browser are used for the analyses, which are linked to a pseudonymised ID. Your IP address is completely anonymized and not stored. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server in Germany and stored there in aggregated and pseudonymised form. The IP address transmitted by your browser within the framework of Kameleoon is not merged with any other Kameleoon data.
The use of Kameleoon serves the purpose of evaluating your use of the website and compiling reports on website activity so that we can regularly improve our services. The legal basis for the storage of cookies is the consent given (Art. 6 Para. 1 S. 1 lit. a DS-GVO). The further evaluation of the collected data takes place over a period of max. 365 days on the base of Art. 6 Para. 1 S. 1 lit. f DS-GVO.
You may refuse the use of cookies/local storage by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also deactivate Kameleoon’s tracking at any time (and thus prevent Kameleoon from collecting data generated by the cookie and related to your use of the website and Kameleoon from processing this data) by clicking on the following link.
11. Social media and advertising
Social media cookies give us the opportunity to connect to your social networks and share content from our sites via social networking channels. Further information can be found in the Cookie Preference Center and in the cookie policy.
11.1. Facebook remarketing / retargeting
Our pages have remarketing tags from the social media network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, integrated into them. When you visit our pages, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook is thereby informed that you, and your IP address, have visited our website and/or made a purchase. This allows Facebook to associate the visit to our pages and any purchase with your Facebook user account. The information obtained in this way can be used by us to display Facebook Ads and further used for marketing analyses and/or other targeting measures. We would like to point out here that we do not receive any details of the content of the data that is transmitted, or its use by Facebook. Further information about this is available in Facebook's data policy at https://www.facebook.com/about/privacy/. If you do not want to have data collected via Custom Audience, you can deactivate this feature here.
11.2. Twitter
Our pages have remarketing tags from the service Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, integrated into them. Twitter uses cookie/tracking technologies that are saved on your device to enable an analysis of your use of this website and to display advertisements of our content and offers that might interest you. The information generated by the cookie/tracking technologies about your use of this website is transferred to a Twitter server in the USA and stored there. If you are registered with and logged into a Twitter service, Twitter can match your visit to our website to your account. Even if you are not registered with Twitter, there is the possibility that Twitter will find out and store your IP address. You can adjust the settings for cookies storage by applying the relevant settings in our Cookie Preference Centre. Your consent within the meaning of Art. 6(1)(a) GDPR serves as a legal basis here too.
You can find out more about interest-based advertising and Twitter’s privacy terms at business.twitter.com/de/resources/global-audience.html and twitter.com/en/privacy.
Furhermore, buttons for the Twitter service are integrated into the pages of our website. The buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognisable by the use of terms such as “Twitter” or “Follow”, accompanied by the “blue bird” icon. These buttons can be used to share a post or page on Twitter, or to follow us on Twitter.
Pressing these buttons results in your browser establishing a direct connection with the Twitter servers. The content of the Twitter buttons is sent directly from Twitter to your browser. We would like to point out here that we do not receive any details of the content of the data that is transmitted, or its use by Twitter.
Further information about this is set out in Twitter's privacy policy at http://twitter.com/privacy.
11.3. YouTube
YouTube, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States is integrated into our web pages (“YouTube”). The link to YouTube’s privacy policy is here: Privacy policy of YouTube
12. Consent / revocation of consent regarding data collection and storage
By using this website, you agree to the processing of the data collected about you in the manner described and for the stated purposes.
With regard to revoking consent to the collection and storage of data, we refer you to your rights pursuant to Section 15 below and to the deactivation options listed under the individual services or in general with regard to browser settings in Section 8 above.
13. Data security
Please note that the internet is a global, open network. When you transmit data over the internet, you always do so at your own risk.
Any personal data transmitted by you is protected by means of state-of-the-art encryption mechanisms using the latest security standards (Secure Socket Layer). Despite comprehensive technical and organisational security measures being taken, data may be lost, intercepted by unauthorised persons and/or manipulated. Baloise has implemented appropriate technical and organisational security measures to prevent such occurrences within the Baloise systems. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures. Baloise is under no circumstances liable for any damage that may result from loss or manipulation of data.
14. Secure Socket Layer (SSL)
Secure Socket Layer (SSL) is a protocol for enabling secure data transmission via the internet. Most browsers support this procedure. SSL uses the public key method, in which data encrypted using a publicly accessible key can only be decrypted using a specific private key. Most browsers use a key or padlock symbol at the top of the screen to indicate whether the current connection is secure or not.
15. Your rights
If you wish to receive information about your personal data that is processed by us, you can do so by submitting to us your written request for information with an enclosed copy of your identity card or passport.
You may demand that we rectify inaccurate data or complete incomplete data, or to a certain extent you can rectify or complete this yourself in the customer portal at any time.
You may also demand the deletion of your data, provided we are not required or authorised by applicable law or regulation to retain your data.
You have the right to demand that the processing of your data is restricted under statutory requirements. In this case we shall not process your data further with the exception of storing it and subject to the assertion of legal claims.
In all cases where data processing is based on your consent you have the right to revoke this consent at any time. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent. In our Cookie Preference Center you can amend your cookie settings at any time
In addition, you have the right to complain to the competent data protection supervisory authority.
You have the right to receive your data from Baloise in a structured, commonly used and machine-readable format provided your data is processed using automated procedures and this processing is based on your consent or a contract.
You may inform us of your objection to the processing of your data, which we carry out on the basis of Art. 6 (1) (f) GDPR for legitimate interest.
You can submit your relevant requests to our data protection officer at datenschutz@baloise.com.
16. Scope of application of the data privacy policy
This data privacy policy applies to all Baloise websites, services and applications unless they have their own policy. Our websites may contain links to other providers that do not fall under the scope of this data protection declaration.
17. Amendments to this privacy policy
We reserve the right to amend or supplement these data protection provisions at any time.
If we process your data for any purpose other than that for which your data was collected, we will inform you beforehand in an appropriate manner about this other purpose.