This privacy policy applies to data processing in connection with insurance contracts of Baloise Insurance Ltd and Baloise Life Ltd as well as the execution of the occupational pension by Baloise Collective Foundation BVG, Baloise Collective Foundation Supplementary Pension Provision and Baloise Perspectiva Collective Foundation BVG (together hereinafter also referred to as “Baloise” or “we”; see clause 2). We process your personal details (hereinafter also referred to as “data”) or the personal details of other persons insofar as this is necessary for the conclusion or servicing of these contractual relationships.

Personal details are data that relate to an identified or identifiable natural person. Sensitive personal data are personal details that are specially protected by law due to their sensitivity, e.g. health data. Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or deletion. We comply with the Federal Data Protection Act (FADP), the implementing ordinance (DSGV) and other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR], provisions of the Federal Law on Insurance Contracts relevant to data protection or other sector-specific provisions, including the special provisions regarding occupational pension and accident insurance).

In the following, we will show what data we collect, what we use it for and what your rights are in this regard. Additional information can be found in further documents, for example in declarations of consent, product information, regulations or General Terms and Conditions (GTC) as well as in further product-specific privacy policies.

We not only process data of our insured persons, but also data of third parties, in particular of the following persons (each referred to as “they”):

• Interested parties, policyholders and insured persons (e.g. insured employees in the collective insurance of persons);
• Dependants of insured persons (e.g. current and former spouses, life partners, parents and children), beneficiaries (e.g. under an occupational pension insurance policy or a Pillar 3a or 3b life insurance policy) and premium payers;
• Authorised representatives and agents;
• Claimants, injured parties and other persons involved;
• Contact persons of corporate clients, social and private insurers, pension funds and portable benefits institutions, co-insurers and reinsurers, suppliers and partners (e.g. intermediaries and brokers) as well as official bodies and authorities.

When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this privacy policy. If we refer you to a new version of these documents, please also hand over this new version in each case.

Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.

The following companies are responsible under data protection law for the forms of data processing described here:

• Baloise Insurance Ltd
  Aeschengraben 21
  4002 Basel
  Switzerland
  (all classes of insurance except life insurance)

• Baloise Life Ltd
  Aeschengraben 21
  4002 Basel
  Switzerland
  (life insurance)

• Baloise Collective Foundation BVG
  Aeschengraben 21
  4002 Basel
  (collective life insurance contracts and occupational pension schemes)
   

• Baloise Collective Foundation Supplementary Pension Provision
  Aeschengraben 21
  4002 Basel
  (collective life insurance contracts and occupational pension schemes)
   

• Baloise Perspectiva Collective Foundation BVG
  Aeschengraben 21
  4002 Basel
  (collective life insurance contracts and occupational pension schemes)

(together hereinafter referred to as “Baloise” or “we”)

If you have any data protection concerns or wish to exercise your rights under clause 10, you can contact our data protection unit as follows:

• Baloise Insurance Ltd
  Data protection unit
  Aeschengraben 21, P.O. Box
  4002 Basel, Switzerland
  Email: datenschutz@baloise.ch

Data subjects from the Principality of Liechtenstein can also contact our Data Protection Officer in accordance with Art. 27 GDPR if they have any questions:

• Baloise Life (Liechtenstein) AG
  Alte Landstrasse 6
  9496 Balzers
  Liechtenstein
  Email: dataprotection@baloise-life.com

3.1 General information

We process the categories of data described below within the scope of insurance contracts and the implementation of occupational pension plans. The examples listed are not exhaustive.

In the event of changes to data over time (e.g. due to a change of address, a change in civil status or another modification), we may continue to store the previous status of such data in addition to the current status within the framework of the statutory storage periods.

3.2 Master data

Master data includes, in particular, contact information (e.g. name, address, telephone number and email address), personal details (e.g. date of birth, age, gender, nationality, data from identification documents), other identification data (e.g. AHV number, customer number, UID number and tax identification number) or information about your relationship with us (e.g. partner/customer status, customer history). Account information is also collected, including bank account details (e.g. account numbers) or credit card details.

We receive master data from you yourself or from third parties, for example the policyholder who appoints you as beneficiary or premium payer, our contracting parties, intermediaries, Baloise Group companies and from public registers (e.g. the Commercial Register). We also receive data in connection with address changes, as we are involved in an address update network which sends us and the other companies involved in the network updated address data (e.g. the new address after a move).

3.3 Data related to contracts and claims

This is data that is collected in connection with the conclusion or processing of a contract. Contract data includes data from non-binding offers (offers), applications, contracts and information from pre-contractual relationships, for example information from previous consultations and information from other existing contracts.

This includes for example type and date of contract conclusion, information on insured risks and facts of risk, term of the contract, information on previous insurers or further insurers including claims burden or information on further contractual relationships in connection with insurance contracts (e.g. with intermediaries).

Depending on the product, we also collect particularly sensitive personal data, for example health data as part of a health examination, if we require this information.

Contractual data also includes financial data, i.e. information on income from employment, pensions and income from investments, wealth, your creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood of receivables being settled) and your payment history (i.e. information regarding payment demands and debt collection).

Depending on the insurance product, we process further insurance product-specific information for the calculation of the insurance premium. This includes:

• In the case of motor vehicle insurance, for example registration number, vehicle information, kilometres driven, information on the premium level system (bonus/penalty) and on the financing of the vehicle (leasing information), in claims data recorded by the insured vehicle, e.g. on speed, acceleration, deceleration, date and time;
• In the case of property and single-item insurance, for example make and model, value and age of the insured property, photograph of the insured property or proof of purchase;
• In the case of household insurance, for example living and housing situation,  value of home contents, ownership structure, number of persons in the same household;
• In the case of building insurance, for example pledge documents regarding ownership of land and residential property, location, type of building, type of construction;
• In the case of liability insurance, for example living and housing situation, number of people in the joint household, ownership situation, canton of residence;
• In the case of life insurance, for example information on the family and financial situation (incl. number of persons in the same household,  employment status), data on the various persons involved in the contract and health data;
• In the case of Non-Life Insurance Corporate Clients (property, liability and engineering insurance), for example type of business, NOGA code, legal form, annual turnover, gross technical profit, business inventory, main and secondary place of insurance, AHV annual payroll total, total fees, construction class, safety equipment for fire and theft, sum insured;
• In the case of marine insurance, for example annual turnover, means and routes of transport;
• In the case of construction and contractor’s liability insurance, for example information on the construction object, activity concerned, contracts of surety, turnover, payroll total, association memberships as well as information on contact persons, correspondence recipients, surety and guarantee beneficiaries, consortium partners and brokers;
• In the case of accident and daily sickness allowance insurance and in the case of occupational pension insurance, for example information on the company, the location, the persons to be insured and their employment conditions, workloads, payroll totals, information on the state of health and on previous accidents or illnesses, information on previous insurers, co-insurers and reinsurers, recipients of correspondence, physicians and brokers involved;
• In the case of factory warranty insurance, for example the type of property, year of construction, age of the individual components, as well as other real estate information, the factory payroll totals and guaranteed sums as well as information on new real estate owners.

We generally collect contract data directly from you, from contracting parties and from third parties involved in the processing of the contract (e.g. employers), but also from third-party sources (e.g. providers of creditworthiness data or the Central Compensation Office [CCO]), from persons in your environment (e.g. family members, legal representatives) and from publicly accessible registers (e.g. Register of Criminal Convictions when admitting intermediaries).

In doing so, we collect this data and in some cases – insofar as necessary for the respective product – also health data, for example from  other private and social insurance providers (e.g. previous insurers, concerning previous pension relationships and the previous claims experience), medical treatment providers and experts. When you submit an insurance application to us or file a claim or benefit claim, you release these offices from any obligation to maintain confidentiality. Where necessary, we will obtain separate consent from you in your insurance application, health declaration or claim or benefit claim.

Claims data primarily includes information on the specific claim, such as the claims notification, the course and extent of the claim, the number of claims and injured or involved persons or, in the insured event of death or disability, in particular also the death certificate or clarification and coordination of benefits. In the case of motor vehicle damage, Baloise may read out data recorded by the insured vehicle in order to determine the cause of the damage and to clarify the obligation to pay benefits. This data will be used by Baloise exclusively for the purposes described in the event of a claim and will not be passed on to unauthorized third parties.

For this purpose, we work with third parties, for example social insurance providers, experts or external claims adjusters in Switzerland and abroad, from whom we also receive data. With regard to life, accident, passenger accident, daily sickness allowance and liability insurance, we also process particularly sensitive personal data in the event of a claim (e.g. health data or data on criminal proceedings in the event of a claim). Based on your declaration of release from confidentiality, we obtain relevant information from service providers (e.g. physicians, psychologists, persons who provide services on the orders of or on behalf of a physician, laboratories, hospitals, facilities for [partially] inpatient or outpatient care, nursing homes). In order to clarify entitlement to benefits, for example in the event of recourse, we may also receive and process information on the claim from other private and social insurance providers, Baloise Group companies or other third parties involved.

In addition, in order to combat insurance fraud, we participate in the insurance industry’s information system (HIS), which is operated by SVV Solution AG (a subsidiary of the Swiss Insurance Association [SIA]), and process information on certain anomalies in connection with claims checks in motor vehicle, liability, building, home contents, technical and other property insurance, which we can report to HIS or request from it in the event of a claim. We also process claims data in connection with CarClaims-Info, a system also operated by SVV Solution AG for the sharing of data in connection with motor vehicle insurance. For more information on the HIS and CarClaims-Info, please refer to clause 4.6.

3.4 Data relating to compliance with legal obligations

This includes data relating to the compliance with legal obligations incumbent on us and the related clarification and reporting, for example in the context of combating fraud, money laundering and terrorism. We obtain such data from publicly available sources and registers (e.g. sanctions lists) or from public authorities (e.g. information on US citizens/double citizens, economic background, beneficial owners, controllers, politically exposed persons, matching with sanctions lists).

3.5 Communication data

When you contact us via the contact form, via our Customer Service, by email, telephone or chat, by letter or via other means of communication (e.g. customer portal), we collect the data exchanged between you and us, including your contact details and the marginal data of the communication.

We will specifically point out to you if we record telephone conversations, such as for evidence or training purposes. If you do not wish to be recorded, please let us know or end your call.

When communicating with you, for example when you submit a request for information, we sometimes also collect data to establish your identity (e.g. information from official identification documents, answers to security questions) in order to prevent us providing information to unauthorised third parties.

3.6 Behavioural and preference data

In order to provide you with the best possible service and advise you on our products and services, we would like to find out your preferences and determine your requirements. To do this, we collect and use data about your behaviour when you interact with us and about the preferences you tell us or that we identify.

Behavioural data are details of certain actions, such as the use of electronic means of communication (e.g. whether and when you opened an email), the use of our websites (for more information, see baloise.ch/en/about-us/information/privacy-policy.html) or customer portals, the way in which you obtain products and services, your interaction with our social media profiles and your participation in prize draws, competitions and events. Preference data tells us about your requirements and which products or services might be of interest to you. We obtain this information from the analysis of existing data, such as behavioural data, so that we can tailor our consultation and our offers more precisely to you. In order to improve the quality of our analyses, we may link this data with other data that we obtain from third parties such as address brokers, public offices and publicly accessible sources. This includes, for example, information on your household size, income bracket and purchasing power, socio-demographic data, shopping behaviour and contact details of relatives.

3.7 Other data

We may also collect data from you in other situations. In connection with official or judicial proceedings, for instance, data accumulates (e.g. files, evidence) that may also relate to you. We may also collect data for health protection reasons (e.g. within the framework of protection concepts).

We may receive or produce photographs, videos and audio recordings in which you may be identifiable (e.g. at events, by security cameras, etc.). You will always be asked for your consent or informed accordingly in advance. For security purposes, we may also collect data on who and when enters certain buildings or has corresponding access rights (e.g. in the case of access controls or based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems.

We obtain the data mentioned here primarily from you, but also from third parties (e.g. authorities) and in some cases also from our Baloise Group companies.

Your data will only be used by us for purposes which we pointed out to you on their collection or if we are obligated or entitled to do so by law. For further details on the basis of our processing, please refer to clause 5.

4.1 Pre-contractual measures, conclusion of contract, contract and claims settlement

Prior to the conclusion of a contract, we process your data in order to offer you the desired consultation and relevant products as well as to contact you in this regard. 

In the course of initiating business, personal details – in particular master data, contract data and communication data – of potential customers and other contracting parties are collected or they result from a communication. We also process data in connection with the conclusion of the contract to check creditworthiness and to initiate the customer or supplier relationship. In some cases, this information is checked for compliance with legal requirements. If you apply to us for insurance cover, we also need your information to assess and evaluate the risk to be assumed by us (if necessary also with the assistance of third parties, e.g. companies of the Baloise Group or reinsurers). For the purpose of individualised, targeted risk assessment and evaluation and as a necessary basis for decision-making and calculation in connection with the insurance contract and for the calculation of premiums, we may also carry out automated data processing and create customer profiles (see clause 7 below).

If the contractual relationship is established, we process your data to implement the contractual relationship, in particular to provide and claim contractual services, to manage the customer relationship, for example to draw up the insurance policy or to issue invoices, and to communicate with you. This also includes consultation and customer support, the enforcement of legal claims arising from contracts (debt collection, court proceedings, etc.) as well as accounting or termination of contracts. In the event of a claim, we process your data (if necessary with the involvement of third parties [e.g. experts, physicians and other service providers]) to assess the amount of the claim and to settle the benefit claim. In this context, we process in particular master data, contract data and claims data (incl. sensitive data) as well as communication data.

In the case of collaboration with other companies, such as within the framework of corporate partnerships or in relation to intermediaries and brokers, we also process master and contract data in particular for the purpose of initiating and processing contracts.

4.2 Statistical evaluations and data analyses

Data that we require for statistical evaluations and data analyses are aggregated and no longer allow any conclusions to be drawn about your person. The aggregated data is required for the creation of insurance-specific statistics (e.g. for the development of new insurance rates) or for topic-specific evaluations and data analyses (e.g. with respect to road safety or fire protection measures) as well as for sales reporting. We also use the data of all existing contracts – likewise without the possibility of drawing conclusions about you personally – to analyse the entire customer base and for the fulfilment of our insurance contractual obligations, for example for consultation regarding a contract adjustment or contract amendment or for goodwill decisions or the provision of comprehensive information.

4.3 Marketing and offers for further products and services

We may use your data to send you advertising about our products and services as well as those of our group companies and business partners (within and outside the insurance sector), for example in the form of newsletters or other regular contacts (by email or post, by telephone or as part of other marketing campaigns such as competitions, events). In particular, we use your communication data for this purpose.

In order to make our offers more relevant to your requirements and interests, we personalise some of our communications to allow for an individual approach. The individual approach can be made in writing or by telephone. To do this, we link data that we process about you – in particular master data, contract data, behavioural data and communication data – and determine preference data as a further basis for personalisation. We can also create interest profiles about you and divide you into advertising groups (without including particularly sensitive personal data such as health data).

In order to provide you with comprehensive advice on insurance, assets, pension and financial matters (e.g. financing, fund and other financial investments) and to make you offers for further products and services or to advertise them to you, we may process your master and contract data as well as the information disclosed on the occasion of the consultation conducted with your insurance adviser.

Processing of your social insurance data (e.g. compulsory accident insurance or occupational pension) for these purposes is only carried out on the basis of your consent in individual cases.

To manage our relationships with customers and third parties, we may also invite you to our customer events and inform you about our products and services before, during or after the event.

You can inform us if you do not wish your data to be processed for the above purposes or if you wish to revoke your consent in this regard (see contact address in clause 10).

4.4 Market research and product optimisation

We are committed to continuously developing our products and services to meet your needs. Therefore, we also sometimes contact you for market research purposes and use the results in anonymised form for addressing various questions within the company. To determine customer satisfaction, we can ask you about your experience with us. We also use your responses to contact you personally, to actively address your concerns and to improve our internal processes. We also collect, store and process your data for the evaluation, improvement and new development of our products and services. In doing so, we analyse which products are used by which groups of people and which adjustments would be necessary in the future. The results of these analyses are – as far as possible – carried out in pseudonymised or anonymised form. For this purpose, we process the previously described master data, behavioural data and preference data as well as communication data.

4.5 Statutory and regulatory obligations

In order to comply with laws and regulatory obligations (e.g. money laundering investigations, international tax exchange), we must subject your data to more detailed investigations (e.g. with regard to identity, beneficial owners of funds or shareholdings in companies as well as for automated comparison with external watch lists) and in some cases share this data within the Baloise Group. We may be required to report to authorities or disclose records in certain cases. Personal details about you may be processed in the course of internal and external investigations, for example by law enforcement or supervisory authorities or an appointed private body.

The legal obligations may be subject to Swiss law, but also to foreign regulations to which we are subject. For these purposes, we process in particular your master data, contract data, claims data and communication data, but also behavioural data under certain circumstances.

4.6 Combating insurance fraud

In order to prevent insurance fraud, we also check claims if there are any suspicions in your interest. To do this, we may process data for your and our protection against criminal or fraudulent activity. We also use automated data analysis to identify indications of insurance fraud. This includes clarifications in the event of a claim or benefit case, also with third parties such as co-insurers and social insurance providers, service providers, authorities, physicians and experts, as well as queries in the information systems HIS and – in the case of motor vehicle insurance – CarClaims-Info.

• CarClaims-Info
  To combat insurance fraud in the field of motor vehicle insurance, we – like most other insurance companies – provide SVV Solution AG, a subsidiary of the Swiss Insurance Association (SIA), with vehicle-related claims data that are recorded in the CarClaims-Info database. Through the use of such data, it is possible to check whether for example a registered vehicle claim has already been settled by another insurance company. If there are reasonable grounds for suspicion, the companies may share relevant data (e.g. vehicle expertise, indemnification agreement).
   
• Reference and information system (HIS)
  In order to prevent and detect cases of insurance fraud, we are connected to the reference and information system (HIS) provided by SVV Solution AG. The insurance companies participating in this system register in the HIS Persons who have fulfilled a specifically defined reason under the HIS regulations for filing a report (e.g. fraudulent substantiation of a claim pursuant to Art. 40 VVG). Each individual will be informed in writing of the entry of their name. We can query the HIS in connection with claims settlement and use the data transmitted to check whether information concerning the natural person has been saved as part of a report in the past. In case of relevant information, we can conduct a more in-depth review before settling the claim. With your separate consent, the relevant data can also be shared among the participating insurers in the event of a positive query result. Information from the HIS is only used in connection with the claims investigation. The operation of the HIS is subject to regulations, meets the legal requirements with regard to data protection and is registered with the Federal Data Protection and Information Commissioner (FDPIC).
  
  You can find detailed information on this HIS, the list of reasons justifying a report and on your rights at svv.ch/his.

4.7 Other purposes

We may also process your data for other purposes, for instance, as part of our internal processes and administration. This includes training, educational and administrative purposes (such as the management of master data, accounting, data archiving and the management and ongoing improvement of the IT infrastructure), the protection of our rights (e.g. to enforce claims in and out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims, such as by preserving evidence, legal clarifications and participation in judicial or official proceedings), security purposes (e.g. access controls, monitoring of buildings), statistical purposes and the evaluation and improvement of internal processes. As part of the development of the company, we may also sell or acquire businesses, parts of businesses or companies to other companies or enter into partnerships, which may also lead to the exchange and processing of data.

Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing.

Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us with effect for the future. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the legality of the processing carried out based on the consent previously given, up until the date of its revocation.

Unless we ask you for your consent to processing, we base the processing of your personal details on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in doing so, for example in order to pursue the purposes described above under clause 4 and the associated objectives as well as to take appropriate measures. Our legitimate interests also include the marketing of our products and services.

In addition, we may also base some of our data processing on a legal basis that entitles us to process personal details (e.g. within the framework of occupational pension schemes or compulsory accident insurance).

Baloise Life Ltd processes occupational pension and collective life insurance data as a management office on behalf of the data controllers Baloise Collective Foundation BVG, Baloise Collective Foundation Supplementary Pension Provision, Baloise Perspectiva Collective Foundation BVG and as a collective life insurance provider and portable benefits institution. Baloise Life Ltd processes such data for the purpose of the tasks assigned to it in connection with occupational pensions.

Data processing, inspection of files, duty of confidentiality and disclosure of data are governed by Art. 85a et seqq. of the Federal Law on Occupational Retirement, Survivors’ and Disability Pension Plans (BVG) in the context of compulsory and more extensive occupational pension schemes, and by Art. 25 of the Federal Law on Vesting in Pension Plans (FZG) as well as the associated ordinances in respect of the scope of application of the FZG. The provisions of the FADP are supplementary and applicable to the non-compulsory scheme of occupational pension. Unless express written consent is required by law and the disclosure of data is permitted, Baloise Life Ltd may disclose your data to, among others, your employer, other pension, social insurance and insurance institutions, namely co-insurers and reinsurers, or authorities. The disclosure and sharing of your data with third parties is governed by the privacy policy of the BVG. Health data is treated in strict confidence. Such data can only be viewed by a restricted group of people.

In particular, this concerns data from information on employment conditions with an affiliated employer or an insured pension fund as well as other income data (e.g. entry date, degree of employment and salary component), in connection with the admission of insured persons to the pension fund or insurance (e.g. information on the previous pension fund or portable benefits institution), information on modifications (e.g. salary or benefit adjustments, divorce, purchases), information in connection with the processing of claims to pension benefits (e.g. notification of the occurrence of the claim to pension benefits, reason for the occurrence of the claim to pension benefits such as age, death or disability and the event date), information about other benefit cases (e.g. withdrawal, divorce, advance withdrawal to finance home ownership), as well as information on your family situation (e.g. marital status, beneficiaries).

We also collect sensitive personal data, such as health data within the scope of a health examination upon admission to the pension fund or insurance or the review of risk benefits (e.g. information on the state of health and on previous accidents or illnesses, as well as information from relevant physicians), insofar as we require this information for the processing of the insurance relationship.

The retention of your data is governed by the general explanations on the storage period (see clause 11 below).

For the purposes mentioned in clause 4, we may also process and evaluate your data automatically, i.e. electronically, in order to assess certain personal characteristics or behaviour (so-called profiling). This includes automated data processing, for example for combating money laundering and terrorist financing, for combating insurance fraud, for credit checks or individual risk evaluation and assessment as a necessary calculation basis for the insurance contract, as well as for identifying different interests and personal requirements for marketing purposes, product and service offers and services.

In the event that we base our decisions when concluding a contract or processing a claim exclusively on automated data processing (so-called automated individual decisions) and if such decisions cause negative legal effects or significant disadvantages for you (e.g. termination, risk exclusions, premium amount, denial of benefits) or if they affect you significantly in a similar way, we will inform you of this in an appropriate manner and separately inform you that you can have the relevant decision reviewed by us if necessary.

In connection with the purposes set out in clause 4 above, we may also disclose your personal details to third parties, in particular to the recipients categorised below, who are bound by us to treat your details as confidential:

8.1 Baloise Group companies (group companies)

If necessary for the conclusion of a contract or the processing of contracts and claims, data may also be shared with other companies belonging to the Baloise Group for the purposes of risk evaluation and assessment and the provision of reinsurance solutions.

In order to comply with statutory obligations (e.g. in connection with investigations to combat money laundering and terrorist financing), we also transmit some data to companies of the Baloise Group (see clause 4.5).

In order to provide you with comprehensive advice on insurance, assets, occupational pensions and financial matters (e.g. financing, fund or other financial investments) and to provide you with offers for our own products and for the services of other group companies or to advertise them to you, we may also pass on your master and contract data as well as the information provided during the consultation conducted with your financial partner within the Baloise Group (e.g. Baloise Bank Ltd) for the purposes of contacting you and providing you with individual offers.

Your social insurance data are shared for such purposes (e.g. compulsory accident insurance or occupational pension) only on the basis of your consent in individual cases.

All group companies have been obligated by us to treat your data confidentially.

You can inform us if you do not wish your data to be shared for the above purposes or if you wish to revoke your consent in this regard (see contact address in clause 10).

You can request a list of the Baloise Group companies via the postal address or email address stated under clause 10 below.

8.2 Other insurers involved

In the interests of all policyholders, data may be shared, for the purpose of assessing and distributing risks, with reinsurers, co-insurers and previous insurers, both in Switzerland and abroad:

In order to check your information when concluding the insurance contract or in the event of a claim and to supplement it if necessary, your data (in particular the master data) may be shared to the extent required for this purpose with the previous insurer named by you in the application (the so-called previous insurer). We will obtain your consent separately in your insurance application or in your claims notification if such sharing of data requires your consent.

We insure risks assumed by us with special insurance companies (so-called reinsurers). If reinsurers make a contribution to the risk and loss assessment, the information required for this purpose is made available to them. Such information, in particular, is data relevant to the contract and claim, such as name, date of birth, gender, policy number, type of insurance cover and risk, as well as the extent of the claim. We transfer your data to the reinsurer only to the extent necessary to fulfil our insurance contract with you or to protect our legitimate interests.

We also jointly insure risks assumed by us with other insurers (so-called co-insurers). For this purpose, it may be necessary to provide these co-insurers with your contract and, if applicable, claims data so that they can form their own assessment of the risk or insured event. In addition, it is possible that co-insurers, due to their special expertise, support our company in the risk or benefit assessment as well as in the evaluation of procedures. We transmit your data to co-insurers only insofar as this is necessary for the performance of our insurance contract with you, or to the extent necessary to protect our legitimate interests.

In the event of damage or recourse, a mutual sharing of data with relevant liability insurers or co-insurers and social insurance providers can also take place in order to clarify the obligation to pay benefits. If necessary, we may require separate consent for this (e.g. in the context of combating fraud).

8.3 Insurance intermediaries

If you are advised by an intermediary with regard to your insurance contracts, this intermediary will receive the information necessary for your support and consultation as well as the marketing of our products (e.g. contract term, contract fulfilment and termination, insured amount, cover) from the data created about you with us. In doing so, we comply with the power of attorney issued to the intermediary by you. Intermediaries are bound by law and contract to observe the provisions of the Data Protection Act.

Baloise’s business partners (e.g. Touring Club Schweiz), who act as tied intermediaries and arrange insurance for Baloise through their sales network, are also considered intermediaries. Independent intermediaries (or brokers) may only consult this data if they have been specifically authorised to do so by you.

When you conclude such an insurance contract, your data may also be shared between us and the business partner for marketing purposes based on your consent.

Please let us know if you do not wish your data to be shared for marketing purposes (see contact address in clause 10 below).

8.4 Official bodies and authorities

We may also share your data with official bodies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This includes compliance with statutory notification obligations, the exercise of rights, the defence against claims and compliance with legal requirements, for example within the framework of official, judicial and pre- and extra-judicial proceedings as well as within the framework of statutory duties to inform and cooperate.

Data is also disclosed if we obtain information from public bodies, for example in connection with claims settlement or when checking an address.

8.5 Other third parties

When checking your creditworthiness with the help of credit agencies and when commissioning debt collection companies (e.g. to collect outstanding payments), we may share your data (concerning changes in payment behaviour occurring before and during the term of the contract) with these companies. In this respect, our legitimate interest is to ensure that the tariffs we set reflect the risks involved. These companies store your personal data and may disclose them to other business partners as part of their activities, provided such partners have presented a credible legitimate interest in individual cases for having the data transferred to them.

In the event of a claim or benefit case, the data required for this purpose can be processed and transmitted in the event of recourse to a liable third party (or its liability insurer) or in the event of the deployment of claims adjusters in Switzerland and abroad. In the case of compulsory accident insurance, we transmit data to the Accident Insurance Statistics Office as part of our legal obligations, which is then processed anonymously for the joint statistics of the UVG insurers. In buildings insurance, the "Earthquake Damage Organization (EDO)" founded by the cantons, private insurers and cantonal buildings insurers receives data on the insured property and, in the event of an incident, also on the insured person, in order to assess the damage to buildings in the event of an earthquake, prepare an estimate of the repair or reconstruction costs and finally coordinate compensation and financial assistance to those affected throughout Switzerland.

Your data may also be disclosed to other recipients for the aforementioned purposes (e.g. experts, physicians, persons providing information and the information services pursuant to clause 4.7 in the event of a claim, parties involved in judicial proceedings or acquirers of assets or divisions of Baloise). Other persons are, in particular, recipients of a payment, authorised representatives, correspondent banks, other financial institutions and other entities involved in a legal transaction.

8.6 Service providers in Switzerland and abroad

Some of our services and business functions (e.g. in connection with the purchase of IT services or for marketing campaigns) are provided on our behalf by legally independent companies in Switzerland and abroad (see clause 9 below), which may process data about you if this is necessary for the performance of the contract. This also includes health data. These service providers are contractually obliged to adhere to our standards for data processing, as well as to the applicable data protection legislation. Where contractually or legally provided, such service providers may in turn engage third parties under the same conditions.

When your personal details are processed by recipients in accordance with clause 8 above, your data may also be transmitted abroad, for example when personal details are forwarded to other Baloise Group companies or to service providers. Under certain circumstances, we may also transmit data to third parties abroad who are involved in the processing of the contract (e.g. co-insurers and reinsurers, authorities and courts), as well as to other bodies such as foreign tax authorities.

Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable Data Protection Act. Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

You have the following rights in accordance with the applicable data protection law and if the conditions are met:

• You can request information about whether we process your personal details and, if so, what these details are;
• You can request us to correct incorrect data or complete incomplete data or correct or complete such data yourself to a limited extent via the customer portal at any time;
• You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations;
• You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out using automated processing, you have consented to the processing, or your data is processed for the conclusion or settlement of the pension relationship;
• In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the legality of the data processing undertaken on the basis of your consent up until the revocation;
• Where applicable, you have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing;
• You have the right to express your point of view in the case of automated individual decisions (see clause 7) and to request that the decision be reviewed by a natural person;
• You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss supervisory authority at edoeb.admin.ch and the Liechtenstein supervisory authority at datenschutzstelle.li.

Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

If you wish to exercise your rights, you can contact us in writing or by email at the address below.

Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Email: datenschutz@baloise.ch

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal details for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate (business) interests, documentation and evidence purposes require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.

12.1 Confidentiality

We treat your data as confidential and comply with the applicable privacy policy. We also follow recognised security standards, for example ISO 27001, and continuously adapt our security measures to maintain the confidentiality, integrity and availability of your personal details.

12.2 Internet risks

In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our web pages during transit by means of appropriate encryption mechanisms.

In addition, we take appropriate technical and organisational security measures to reduce the risks on our websites. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.

12.3 Email encryption

We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer). If you use our customer contact form, your data will be sent to us in encrypted form.

12.4 Blocking of access

In the event of security risks being identified, we explicitly reserve the right to temporarily suspend or, in severe cases, to block access to our websites and customer portals. We do not accept any liability for any loss or consequential damage arising from the suspension or blocking of access.

This privacy policy is not part of the contract and can be amended by us at any time. In each case, the version published here applies.

Last updated in February 2024.