“Personal details” are data that relate to an identified or identifiable natural person. “Sensitive personal data” are personal details that are specially protected by law due to their sensitivity, for example health data. “Processing” means any handling of your data, in particular obtaining, storing, using, disclosing, archiving or deleting such data. We comply with the Federal Data Protection Act (FADP), the implementing ordinance (VDSG) and any other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR]).
In the following, we will show what data we collect, what we use it for and what your rights are in this regard.
Our data processing operations may in particular concern the following categories of persons:
- Business partners;
- Buyers and sellers;
- Authorised representatives;
We not only process data of our contracting parties, but also data of third parties, in particular of the following persons (each referred to as “they”):
- Authorised representatives and agents;
- Interested parties and providers;
- Visitors to our offices;
- Contact persons of corporate clients, partners, counterparties, buyers and sellers, contractors as well as official bodies and authorities.
Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.
- Baloise Asset Management Ltd
- Baloise Asset Management International Ltd
- Baloise Insurance Ltd
- Baloise Life Ltd
- Pension Foundation of Baloise Insurance Ltd
c/o Baloise Insurance Ltd
- Baloise Wohnbauten AG
- Drei Linden Immobilien AG
c/o Baloise Insurance Ltd
- Baloise Swiss Property Fund
c/o Baloise Asset Management Ltd
(hereinafter referred to as “Baloise” or “we”)
If you have any data protection concerns or wish to exercise your rights under clause 9, you can contact our data protection unit as follows:
- Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
3.1 General information
In particular, we process the categories of data described below, although this list is not exhaustive.
In the event of changes to data over time (e.g. due to a change of address or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.
3.2 Master data
We refer to the basic data that we require in addition to the contract data (clause 3.3 below) for the processing of our contractual relationships or for marketing and advertising purposes as master data. Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, data from identification documents), other identification data (e.g. UID number, tax identification number) or information about your relationship with us. Account information is also collected, including bank account details (e.g. account numbers, or credit card details).
Information on the persons affected by the data processing, such as recipients of correspondence, contact persons, family members or other persons living in the same household, is also part of the master data.
If you are a contact person of a company with which we are in contact, we also process data about you (e.g. name and address, titles, function in the company, qualifications and, where applicable, details of line managers and employees).
We obtain master data from you yourself or from third parties, such as our contracting parties, Baloise Group companies and from public registers (e.g. the Commercial Register, the debt collection register and land registers).
3.3 Contract data
This is data that is collected in connection with the conclusion or processing of a contract. Contract data includes data from offers, contracts and information from pre-contractual relationships, such as, in particular, information from previous consultations, information from invitations to tender, information from other existing contracts (e.g. type and date of conclusion of the contract and further information about the contract in question, term of the contract and invoicing information).
Contract data also includes financial data, that is, information on income from employment, your creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood of receivables being settled) and your payment history (i.e. information regarding payment demands and debt collection).
We generally collect contract data directly from you, from contracting parties and from third parties involved in the processing of the contract, but also from third-party sources (e.g. Baloise Group companies) and from publicly accessible registers (e.g. checking of an extract from the Debt Enforcement Register). In doing so, we collect such data – to the extent necessary for the initiation, conclusion and performance of a contract – in particular also from the references provided by you as well as from financial services providers or credit agencies.
Contract data also includes data that we obtain from publicly available sources and registers or from authorities in the context of combating fraud, money laundering and terrorism (e.g. from sanctions lists).
3.4 Communication data
When you contact us by email, telephone or chat, by letter or via other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication.
Where we record telephone conversations (e.g. in securities trading), we will specifically draw your attention to this fact, stating the purpose. If you do not wish to be recorded, please let us know or end your call.
When communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents) in order to prevent us from providing information to unauthorised third parties.
3.5 Behavioural and preference data
In order to provide you with the best possible service and advise you on our services, we would like to find out your preferences and determine your requirements. To do this, we collect and use data about your behaviour when you interact with us and about the preferences you tell us or that we identify.
Behavioural data are details of certain actions, such as the use of electronic means of communication (e.g. whether and when you opened an email), the use of our websites (for more information, see baloise.ch/en/about-us/information/privacy-policy.html), the way in which you obtain products and services, your interaction with our social media profiles and your participation in prize draws, competitions and events. Preference data tells us about your requirements and which products or services might be of interest to you. We obtain this information from analysis of existing data, such as behavioural data, so that we can tailor our consultation and our offers more precisely to you. To improve the quality of our analyses, we may combine such data with other data that we obtain from third parties such as government agencies and publicly available sources, for example, information on your household size, income bracket and purchasing power, socio-demographic data, shopping behaviour and contact details of relatives.
3.6 Other data
We may also collect data from you in other situations. In connection with official or judicial proceedings, for instance, data accumulates (e.g. files, evidence) that may also relate to you. We may also collect data for health protection reasons (e.g. within the framework of protection concepts).
We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events by security cameras, etc.). You will always be asked for your consent or informed accordingly in advance. For security purposes, we may also collect data on who enters certain buildings and when, or who has corresponding access rights (e.g. in the case of access controls or based on registration data or visitor lists, etc.), who participates when in events or campaigns (e.g. competitions) and who uses when our infrastructure and systems.
We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities) and in some cases also from our Baloise Group companies.
Your data will only be used by us for purposes which we pointed out to you on their collection or if we are obligated or entitled to do so by law. For further details on the basis of our processing, please refer to clause 5.
4.1 Pre-contractual measures, conclusion of contract, contract settlement
We use your data primarily to conclude and process contracts, in particular in the context of the management of real estate and the Group’s own assets as well as customer investment funds.
Prior to the conclusion of a contract, we process your data in order to carry out pre-contractual procedures, to offer you relevant consultation and to contact you in this context.
In the course of initiating a contract, your data – in particular master data, contract data and communication data – is collected by us or results from communication. In order to conclude a contract, we may collect and process, among other things, information about you (e.g. information about identity and nationality), information about your financial circumstances and solvency (e.g. information about occupation, income and pending debt enforcement proceedings), information about your professional situation (e.g. information about business address, employment data) and information about your identification (e.g. contract details, telephone number, identity card). Credit and financial information may also be obtained in connection with the conclusion of the contract.
If the contractual relationship is established, we process your data to implement the contractual relationship, in particular to provide and claim contractual services or to issue invoices, as well as to communicate with you. This also includes customer adviser support, the enforcement of legal claims arising from contracts (debt collection, court proceedings, etc.) as well as accounting or termination of contracts. In this context, we process primarily master data, contract data and communication data.
In the case of collaboration with other companies, such as in relation to contractors or service providers, we also process master and contract data in particular for the purpose of initiating and processing contracts.
4.2 Real estate management
- Property management: We may process your data for the management of our real estate and its technical equipment and facilities. We need such data in particular for planning and performing repairs, property accounting, repair, maintenance and modernisation work, as well as for claims notifications and rectifying and settling claims. In individual cases, it may be necessary for us to share your data with third parties (e.g. tenants, caretakers) for these purposes. In particular, we process your master data, contract data and communication data as well as data from accounts and records.
- Asset and portfolio management in the Real Estate division: In order to ensure the smooth management of our real estate, we may process your data as part of the asset and portfolio management in the Real Estate division. The specific purposes of the data processing are derived from the relevant service (e.g. preparation of needs analyses, valuations and evaluations, property management and support). In order to optimise our investment, portfolio and risk management strategy, we may share your personal and contact information with property assessors who are contractually bound to confidentiality. In doing so, we process your master data, contract data and communication data in particular.
- Property trade: In the process of buying and selling our real estate, we use your data, among other things, for the initiation, preparation, conclusion and execution of the purchase contract, for the public notarisation and handover or takeover of the property as well as for securing and collecting the payment obligation. Prior to real estate transactions, we conduct a due diligence review of the potential property to be purchased. We may process your data to record and assess the operational, legal, construction and procedural risks as well as to conduct the purchase price negotiation. In particular, we process master and contract data (e.g. data from purchase contracts, data from private law agreements and regulations of a condominium owners’ association) as well as information from publicly accessible registers (e.g. an extract from the Land Register) and plans.
- Construction and development: As part of the planning and realisation of construction projects and, among other things, in supporting and representing the building owner, rectifying defects, analysing the condition of buildings, construction administration, tendering and awarding contracts, we and commissioned third parties (e.g. planners, contractors) process, in particular, information about you (e.g. address, name) and information about your bank account (e.g. bank account number). We may process your data and disclose it to third parties (e.g. appraisers) for the purpose of examining and asserting claims for defects and for the implementation of warranty measures. In particular, we process your master data, contract data and communication data as well as data from plans, appraisals and records.
4.3 Securities management
We may process your data in order to perform and fulfil our asset management mandate. We require such data in particular in the context of acquisition, contract management, securities portfolio management as well as securities and foreign exchange trading, risk and cash management, transaction processing, portfolio and financial instrument management, monitoring and improving our investment performance, investment and fund accounting, performance analysis of our counterparties and brokers in transaction processing as well as reporting and notification. In order to optimise our management activities, we may share your data (e.g. name and business address, details of titles and function in the company) with other investment managers who are contractually obliged to maintain confidentiality. In doing so, we process your master data, contract data and communication data in particular.
4.4 Protection of property and persons
To prevent damage to property and to protect people, we can use video cameras and other surveillance systems and view and analyse the relevant recordings. Where appropriate, these systems will be installed in such a way that only the images necessary for this purpose are recorded. Individuals involved will be made aware of the video surveillance by means of a sign.
4.5 Statistical evaluation and data analysis
Data that we require for statistical evaluations and data analyses are aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of customer-specific statistics or for topic-specific evaluations and data analyses as well as for the portfolio report. We also use the data of all existing contracts – also without the possibility of conclusions drawn about your person – for the fulfilment of our rental contract obligations, a consideration of the entire tenant base as well as for the reporting of energy data (e.g. in the context of CO2 reduction).
4.6 Marketing and relationship management
We may use your data to send you advertising about our products and services as well as those of Baloise Group companies and business partners, for example in the form of newsletters or other regular contacts (by email or post, by telephone or as part of other marketing campaigns e.g. competitions, events). In particular, we use your communication data for this purpose.
As part of customer relationship management and to ensure smooth and efficient interaction with our customers, we may document and manage the relationship (e.g. name, function, addresses of contact persons of current and potential investors, intermediaries and other business partners). In doing so, we process your master data, contract data and communication data in particular.
In order to make our offers more relevant to your requirements and interests, we personalise some of our communications to allow for an individual approach. To do this, we link in particular master data, contract data, behavioural data and communication data and determine preference data as a further basis for personalisation. We can also create interest profiles about you and divide you into advertising groups.
Please let us know if you do not wish your data to be processed for marketing purposes (see contact address in clause 9).
4.7 Market research
We are committed to continuously developing our services to meet your needs. Therefore, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. To determine customer satisfaction, we can ask you about your experience with us. We also use your responses to contact you personally, to actively address your concerns and to improve our internal processes. We also collect, store and process your data for the evaluation, improvement and new development of our products and services. In doing so, we analyse which products are used by which groups of people and which adjustments would be necessary in the future. The results of these analyses are largely pseudonymised and anonymised. For this purpose, we process the previously described master data, behavioural data and preference data as well as communication data.
4.8 Statutory and regulatory obligations
In order to comply with laws and regulatory obligations (e.g. Financial Services Act and the relevant ordinance, ordinances and circulars of the Swiss Financial Market Supervisory Authority [FINMA], money laundering investigations and tax laws), we must subject your data to more detailed investigations (e.g. with regard to identity, beneficial owners of funds or shareholdings in companies as well as for automated comparison with external watch lists) and in some cases share this data within the Baloise Group. We may be required to report to authorities or disclose records in certain cases. Personal details about you may be processed in the course of internal and external investigations, for example by law enforcement or supervisory authorities or an appointed private body.
Based on FINMA requirements, Baloise is obligated to record the external and internal telephone calls of all employees working in securities trading and to retain the electronic correspondence and evidence of the connections made by these employees via a business telephone for two years and to make these available to the FINMA if required. If you are in appropriate contact with our securities trading employees, your communications may be affected by such recording.
4.9 Other purposes
We may also process your data for other purposes, for instance, as part of our internal processes and administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims, such as by preserving evidence, legal clarifications and participation in judicial or official proceedings) and the evaluation and improvement of internal processes. As part of the development of the company, we may also sell or acquire businesses, parts of businesses or companies to or from other companies or enter into partnerships, which may also lead to the exchange and processing of data necessary to do so.
Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us in writing with effect for the future. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.
Unless we ask you for your consent to processing, we base the processing of your data on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in doing so, for example in order to pursue the purposes described above under clause 4 and the associated objectives as well as to take appropriate measures. Our legitimate interests also include the marketing of our products and services.
In addition, we may also base some of our data processing on a legal basis that entitles us to process personal details (e.g. obligation to record telephone conversations).
For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes, for example, automated data processing to combat money laundering and terrorist financing as well as credit checks.
In the event that we base our decisions exclusively on automated data processing (so-called automated individual decisions) and if such decisions have negative legal effects or significant disadvantages for you (e.g. conclusion of contract, termination, conclusions drawn about credit risk) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by us if necessary.
In connection with the purposes set out in clause 4 above, we may also disclose your personal details to third parties, in particular to the recipients categorised below:
7.1 Baloise Group companies
For the conclusion or processing of the contract, sharing of data may also be necessary with other companies belonging to the Baloise Group (“Baloise Group companies”).
In order to comply with statutory obligations (e.g. in connection with investigations to combat money laundering), we also transmit some data to companies of the Baloise Group (see clause 4.8).
We also use your contact details and basic contract data for offers tailored to you regarding products and services of the Baloise Group companies and other companies belonging to the Baloise Group in Switzerland. You acknowledge that we may make the aforementioned data available to these companies for such purpose.
In order to provide you with offers for products and services or to advertise them, we may also share your master and contract data as well as behavioural and preference data within the Baloise Group (e.g. Baloise Bank) for the purpose of contacting you and sending you individual offers.
If you do not wish your data to be used or shared for such purposes, you can inform us of this or refuse or revoke your consent (see contact address clause 9).
You can request a list of the Baloise Group companies via the postal address or email address stated under clause 9 below.
7.2 Service providers
In order to ensure efficient and careful asset and real estate management, we may delegate tasks, in particular in the context of administrative, technical and financial management, to legally independent companies in Switzerland and abroad – including service providers who process data on our behalf (“data processors”) – (e.g. asset managers, intermediaries, fiduciaries, asset and portfolio managers as well as IT hardware, software and consultancy service providers). In doing so, the data we have stored about you may be passed on for the purposes mentioned in clause 4. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation.
When we transmit your data to data processors, we take measures to ensure that our regulatory standards are met and that your data is adequately protected. Our service providers are required to comply with a number of technical and organisational security measures (e.g. measures regarding information security management, information security risk assessment and information security). Where contractually or legally provided, such service providers may in turn engage third parties under the same conditions.
7.3 Prospective buyers and purchasers
In the event of a potential or actual sale of assets, we may disclose your information to prospective buyers or purchasers if it is necessary to complete the transaction or provides information about a factor affecting the value and the value of the asset needs to be reviewed in detail by the prospective buyer or buyers in order to make a binding offer. In particular, we may share information from contracts, property and tenant documentation with prospective buyers or purchasers.
If you are advised by a broker with regard to your purchase contract, such broker will receive the information necessary for your support and consultation as well as the marketing of our properties (e.g. total purchase price, contract fulfilment and termination) from the data created about you with us. In doing so, we comply with the power of attorney issued to the broker by you. Brokers are also obligated to observe the provisions of the FADP.
7.5 Planners, contractors and subcontractors
For the planning and realisation of construction projects, we may share your data with third parties, in particular with planners, contractors and subcontractors, provided that the disclosure is necessary for the provision of the agreed work or planning service. Such third parties are also obligated to observe the provisions of the FADP.
7.6 Official bodies and authorities
We may also share your data with official bodies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this is necessary to protect our interests. This includes compliance with statutory notification obligations, the exercise of rights (e.g. registration of a property transaction in the Land Register), the defence against claims and compliance with legal requirements (e.g. within the framework of official, judicial and pre- and extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate).
Data is also disclosed if we obtain information from public bodies (e.g. when checking an address).
7.7 Other third parties
When checking your creditworthiness with the help of credit agencies and when commissioning debt collection companies (e.g. to collect outstanding payments), we may share your data (concerning changes in payment behaviour occurring before and during the term of the contract) with these companies. Our legitimate interest here is to avoid payment delays and defaults. These companies store your personal data and may disclose them to other business partners as part of their activities, provided such partners have presented a credible legitimate interest in individual cases for having the data transferred to them.
Your data may also be disclosed to other recipients for the aforementioned purposes (e.g. insurers, caretakers, managers, suppliers, tenants, telecommunications providers, property assessors, appraisers, investment managers, parties to judicial proceedings or purchasers of assets or divisions of Baloise). Other persons are, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other bodies involved in a legal transaction.
When your data is processed in accordance with clause 7 above, your data may also be transmitted abroad, for example when personal details are forwarded to other Baloise Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. authorities and courts), as well as to other bodies such as foreign tax authorities.
Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable FADP. Therefore, we take contractual precautions, as required by law, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation.
You have the following rights in accordance with the applicable data protection law:
- You can request information about whether we process your personal details and, if so, what these details are;
- You can demand that we correct incorrect information or supplement incomplete information;
- You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations;
- You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out using automated processing, you have consented to the processing, or your data is processed for the conclusion or settlement of the contract;
- In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation;
- Where applicable, you have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing;
- You have the right to express your point of view in the case of automated individual decisions (see clause 6 above) and to request that the decision be reviewed by a natural person;
- You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss supervisory authority at edoeb.admin.ch. Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). Of course, we always comply with the applicable data protection law when making these decisions. In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
If you wish to exercise your rights, you can contact us in writing or by email at the address below.
Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
In individual cases, it is possible to retain personal details for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate business interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.
11.2 Internet risks
In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our websites during transit by means of appropriate encryption mechanisms. In addition, we take appropriate technical and organisational security measures to reduce the risks on our websites. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.
11.3 Email encryption
We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. Baloise Secure Transfer). If you use our customer contact form, your data will be sent to us in encrypted form.
11.4 Blocking of access
In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our websites. We do not accept any liability for any loss or consequential damage arising from the suspension or blocking of access.
Last updated in March 2023.