Information on data protection

The following privacy statement is geared to the requirements of the Swiss Federal Act on Data Protection (FADP), the European Union's General Data Protection Regulation (GDPR) and the United Kingdom’s General Data Protection Regulation (UK GDPR). Whether and to what extent these laws are applicable depends on the specific individual case.

Helvetia may process your personal data in accordance with the applicable data protection law.

Data processing entails all handling of personal data regardless of the tools and procedures used, particularly the procurement, saving, storage, use, modification (incl. pseudonymization and anonymization), disclosure, archiving, deletion/erasure or destruction of data.

The processing must not unlawfully infringe the personality rights of data subjects, and any processing may be based on the following legal basis under data protection law:

• Existence of a contract with Helvetia
• Legitimate interests of Helvetia
• Law
• Consent
  

In order to optimize the discharge of business processes and the conclusion of contracts, or the processing of contracts and the provision of services, Helvetia or any parties engaged by Helvetia may collect relevant personal data from third parties if this is necessary. Based on the transmission of the insurance application or notification of a claim, the third parties are expressly released from their duty of confidentiality vis-à-vis Helvetia and any parties engaged by Helvetia. For details, please refer to Helvetia's "Information on data protection" in the section "Special information on data protection".

In addition to obtaining the relevant information, the processing of the conclusion of the contract or the provision of services may require the transmission of personal data to third parties involved in the contract (such as reinsurers, commissioned parties, service providers, authorities, etc.). Helvetia is therefore not subject to a duty of confidentiality pursuant to the FADP when disclosing data. Moreover, Helvetia places third parties under an obligation to handle the data appropriately according to their sensitivity and other circumstances. The data may be passed on to recipients in Switzerland and abroad if the circumstances of the data processing so require. For further details, please refer to Helvetia's "List of recipients and countries".

Profiling refers to any kind of automated processing of personal data to analyse specific personal aspects, such as economic situation, health, interests, reliability, behaviour, or relocation. Helvetia uses profiling to analyse certain personal aspects (interests and preferences) of data subjects to allow Helvetia to provide individualized adverts or offers, but also to identify risks of improper use and security risks. The use of data analysis processes enables Helvetia to compile additional statistical information. If a fully-automated individual decision is made which leads to a negative legal consequence or significantly affects the data subject, Helvetia will notify the data subject accordingly and they have the option of contacting Helvetia to request that the decisions in question are reviewed by a human being. Any fully-automated decisions are, however, always based on rules for weighing the information as laid down by Helvetia in advance. For further details, please refer to Helvetia's "Information on data protection" in the section "Special information on data protection".

With regard to the processing of personal data, Helvetia takes adequate technical and organizational measures to prevent unauthorized access and otherwise unauthorized processing. These are based on the international standards in this area and are checked regularly and adjusted when necessary.

Helvetia processes personal data for as long as this is necessary for the fulfilment of the processing purposes, the statutory retention periods, legitimate interests – such as for purposes of documentation or by way of evidence – or as long as claims can be asserted against Helvetia companies or the data must be stored for technical reasons, as is the case, for example, with backup copies.

For further details about the storage period, please refer to the "Special information on data protection" and the sections on "Data processing in connection with Helvetia's websites and online services". If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage period has expired as part of our usual procedures.

The right to request information as to whether and which data Helvetia processes and to receive a copy of this personal data.

The right to have inaccurate data rectified.

The right to request the erasure of personal data if Helvetia is no longer obliged or entitled to retain such personal data under the applicable laws and regulations.

The right to object to the processing of personal data at any time with effect for the future, unless the data processing is absolutely necessary for the performance of the contract and/or Helvetia is obliged or entitled to process the data under the applicable laws and regulations.

The right to object to the processing of personal data, in particular insofar as processing is based on legitimate interests or where data is processed for purposes of direct marketing, and the right to revoke consent insofar as data processing is based on consent.

The right to request that Helvetia transfer certain personal data.

The right of the data subject to express their point of view in the case of exclusively automated decisions and to request that the decision be reviewed by a human being.

Data subjects have the right to lodge a complaint to the competent data protection authority.

Contact details of supervisory authority

• Please click here for contact details of the Swiss supervisory authority.
• For the contact details of the data protection authority of Liechtenstein, please click here.
• Please click here for a list of authorities within the EEA.
• Please click here for the UK supervisory authority.
  

"Helvetia as the data controller" is responsible for the websites and online services as well as other the offers that are clearly recognisable as belonging to Helvetia and where nothing else is stated. In other cases, specific information on data protection (e.g. for mobile apps of companies affiliated with Helvetia that are not explicitly listed as controllers on this website) may take precedence over the general information on data protection below and may define other controllers.

Helvetia's websites and online services may contain links to the websites and online services of other providers (e.g. in the form of social plugins) to which this information on data protection does not apply. The respective data protection notices of the other providers apply.

Data Subjects can visit Helvetia's websites anonymously; metadata such as the browser, type of terminal device, duration of interaction, type of interaction, the Helvetia website visited or the IP address are collected. This metadata may be combined with other data from Helvetia (e.g. regarding newsletter subscribers or distribution lists). Service providers and other third parties in Switzerland or abroad that are contractually bound to Helvetia are used to process the data received. For further information on this, please refer to the "List of recipients and countries" and the "Cookie settings". Individual "Cookie settings" and the desired browser configurations can also be made there.

Personal data will be processed if it is provided when using online services (e.g. via a contact form, a request for an offer, a premium calculator, taking out a policy online, a claims notification, live chats, a competition, etc.).

Data exchanged over the Internet is often transmitted via third countries. Website content can be transmitted via servers around the world in order to optimize the performance and security of the websites. Data may therefore be transferred abroad even if the sender and recipient are located in the same country.

Data transmitted to Helvetia via the Helvetia websites are transferred in an encrypted format. However, Helvetia will not be held liable for any damage suffered due to loss or manipulation of data. Visitors to the websites must ensure that their own system is secured at all times by an appropriate means of protection (e.g. virus protection) and that their own systems and browsers are up to date.

Contractually bound service providers and other third parties in Switzerland or abroad are used for the operation of internet pages and online services. For further information on this, please refer to the "List of recipients and countries".

Helvetia would like to remind data subjects that the Internet is an open, global network that is accessible to everyone. Communication via e-mail is not usually encrypted and only takes place during regular office hours. It is possible that data can be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. Helvetia takes appropriate technical and organizational security measures to prevent this from happening within the Helvetia system. Nevertheless, the confidentiality of data transmitted by e-mail cannot be guaranteed. This applies, in particular, with regard to the transmission of particularly sensitive personal data (such as health data). E-mails can be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (end users' PC, smartphone, etc.) and parts of the infrastructure used for transmission between the sender and Helvetia are located outside of the security area under the control of Helvetia. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). Helvetia is not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the e-mail system, which it did not cause itself. Helvetia reserves the right to seek redress from the data subject for any intentional damage it suffers as a result of business transactions with the data subject via the electronic exchange of information. Helvetia reserves the right in individual cases not to reply by e-mail or to additionally require a different form (e.g. a form with a signature) for the order or information received by e-mail.

The "Helvetia Chatbot Service" on the website may be used to communicate with Helvetia. The chatbot interprets and answers chat messages autonomously and round the clock. For some claims and services, the chatbot might ask for personal or contractual details for the purpose of identification, such as first name, last name, date of birth or policy number. If it is possible to clearly identify the data subject in these cases, the communication with the Helvetia chatbot can continue. In the event of claims, in particular, an authorized employee of the Helvetia Claims Centre will handle and check the payment process. These employees can also view the chat. For certain claims and services, the chatbot will ask for files to be uploaded, such as pictures in the event of a claim. Communication takes place solely in encrypted format. Data will be transmitted via a secure HTTPS connection, stored by Helvetia and protected against unauthorized access using state-of-the-art technology.

If visitors of websites contact Helvetia using the online contact form, the data entered into this form is transmitted to Helvetia in an encrypted format in accordance with internationally recognized security standards in order to protect them from being misused by third-parties. The data used is evident from the circumstances of the form. The data will not be disclosed to any unauthorized third parties without this being separately stated and those third parties thereby becoming authorized. The storage duration of the data is based on the purpose and is limited to the absolute necessary. Data will be deleted within the corresponding time.

Helvetia is accessible via the metaverse and social media.

The metaverse and social media providers usually require a registered profile or an e-mail address and/or mobile phone number. However, as there is no general obligation to create profiles with real names, Helvetia reserves the right, in certain circumstances and if necessary, to correctly identify persons who have made contact before the conversation begins. It is therefore not possible to guarantee an anonymous contact with Helvetia via the metaverse or social media messages.

As there is also usually no end-to-end encryption in interactions in certain areas of the metaverse and in the various messenger services of the social media providers or because this has not always been set in advance, Helvetia recommends conducting sensitive interactions via the conventional communication channels and reverts to these when necessary. Helvetia cannot guarantee the confidentiality of communication via the metaverse and social media and does not bear any liability.

According to the information from the social media providers, messages can be scanned automatically for keywords by a software program in order to discover or prevent possible criminal acts; they can also be checked by employees of the social media providers after report of a suspected breach of the conditions of use of the social media provider(s). Suspicious activity reports can also be made in the event of encrypted messages. There is also the possibility that intelligence services can filter interactions or message trails. Social media providers usually state in their data protection notices that “content, communications and other information” may be captured. This also includes exchanging messages and communicating with others. According to their own information, social media providers use this information inter alia in order to select adverts that are geared to users' interests. Even if encryption is activated in a direct conversation, metadata is generated that can also be used for purposes of personalization by social media providers (e.g. when, how often and how long people chat). Helvetia cannot exert any influence here.

The data protection provisions and other information of the metaverse and social media providers are available here:

• Instagram Privacy Policy
• WhatsApp Privacy Policy
• Facebook Privacy Policy
• LinkedIn Privacy Policy
• Twitter Privacy Policy
• TikTok Privacy Policy
• Youtube Privacy Policy

By contacting Helvetia via the metaverse or other social media providers, prospective and existing customers consent to Helvetia interacting with them via the selected channel.

Helvetia also uses third-party services to make the metaverse available and to send messages.

Helvetia occasionally records telephone calls for the purposes of preserving evidence, documentation, quality control and training. Before Data Subjects are connected to an agent, they will always be advised that the telephone conversation may be recorded and be made aware of Helvetia's privacy policy. The storage duration of the data is based on the purpose and is limited to the absolute necessary. The recordings in connection with the aforementioned purposes will be automatically deleted within a corresponding time (120 days).

Helvetia uses an automated system for responding to telephone calls. The processing of personal data depends on the circumstances of the call, e.g. data may be processed to make contact by e-mail after the telephone call. Personal data such as name, telephone number, e-mail address or policy number are required for the automated and efficient forwarding and routing of telephone enquiries. Helvetia transfers the data to service providers contractually bound to Helvetia. For further details, please refer to the "List of recipients and countries". The storage period of the data is limited to the necessary minimum. Data in connection with the call routing will be deleted within the corresponding period.

The Helvetia Service Centre can be contacted by SMS for advice on services provided by Hevetia. Third-party service providers are used in order to offer this service. This involves the transmission to the provider of the telephone number provided and the information contained in the text of the SMS. The provider uses binding corporate rules and EU standard data protection clauses for any transfer of data to the USA and complies with the current data protection legislation. The data processed for SMS dispatch will be deleted 90 days after notification. SMS messages are sent via the mobile network of one or more network providers. There are usually no end-to-end encryption or other additional security measures. It is possible that data may be lost or intercepted and/or manipulated by third parties. Helvetia therefore recommends that no sensitive information (e.g. health data) is sent via SMS and accepts no liability for any risks or damage. If Helvetia is contacted via SMS, Helvetia assumes that Helvetia may reply via SMS. However, certain information cannot be provided via SMS. In such cases, it will use traditional communication channels (e.g. the postal service).

In order to provide advice on Helvetia services, Helvetia can establish a connection between the insurance advisor and the prospective customer via live chat or video. This enables Helvetia to provide you with flexible advice, without having to visit you at home. Prospective customers are informed about any recording at the start of the live chat or video call. When using applications, data is processed in pseudonymized form for purposes of optimization. Cookies are used for this purpose. The data collected as part of the live chat is not used to personally identify visitors to the website, unless users voluntarily provide personal data to Helvetia while using the live chat. The storage duration of the data is based on the purpose and is limited to the absolute necessary. Data will be deleted within the corresponding time.

With co-browsing the user shares the content of their browser window with a customer support officer to enable them to provide the required advice. In order to use the service the user must first be connected by telephone with a customer support officer. The customer support officer will provide a personal ID to establish the connection, which must be entered in the co-browsing window. After clicking on "accept & start", the browser content will be shared with the staff member with whom you are connected by telephone. The customer support officer has read-only rights, i.e. they can see and read the content of the browser window. If this content includes sensitive information (e.g. details of exclusions of cover or risk surcharges on account of illness), these will be shown to the person in the browser window too while the information is being displayed. By clicking on accept & start, Helvetia assumes that the user has consented to this information being shared during the co-browsing session. The data communication takes place exclusively in encrypted form. A status bar at the top of the window can be used to determine whether browser content is still being shared. The "cancel" button can be used to stop sharing at any time. The shared screen content is not recorded or saved beyond the duration of the co-browsing session. For statistical purposes, the topic (e.g. type of malfunction or assistance), time and duration of the communication are saved. No information is forwarded to third parties. Co-browsing requires a session cookie to be placed on your computer.

Helvetia offers various mobile apps. For information on data processing by the mobile apps, please refer to the specific information on data protection of the apps, which can be found in the Apple App Store or Google Play Store or at the start of or in the app.

Newsletters are used to provide interested parties and customers with up-to-date information about Helvetia's products and services and, where applicable, its cooperation partners. Helvetia assumes that there is an interest in receiving the promotional content. In addition, newsletters provide information about current developments and other useful information. When registering for newsletters from Helvetia, the pseudonymized IP address of the receiving end device, as well as the date and time of registration are collected in addition to the personal data entered in the dialog box. When the newsletter is sent, anonymized link tracking is performed for statistical purposes. This data is not passed on to third-parties for any other purposes in connection with sending the newsletter, except in the event that competitions are entered and in the event that subscribers are explicitly notified. Subscribers can unsubscribe from the newsletters at any time via specially provided links in the newsletters.

Helvetia processes data from customer surveys on products and services for purposes of market research, to improve Helvetia's services and operations and product development. Participation in customer surveys is voluntary and is carried out anonymously, unless indicated otherwise or expressly stated. Personal data is required if, for example, Helvetia is asked to get in touch in response to a particular praise or criticism. Within Helvetia's dialogue panel, customers can gain access to an access-restricted portal. An e-mail address is required for registration. Additional personal profile information is used to more accurately assign and evaluate participants in the expert panel and the survey information they provide. Customer surveys can be conducted online, on-site, by e-mail or by telephone. Participation in customer surveys or the expert panel via the portal can be revoked at any time with effect for the future. This involves the deletion of the profile and related data within the corresponding period. Moreover, the storage duration of the data depends on the purpose and is limited to the necessary minimum.

For acquisition purposes, Helvetia provides information about Helvetia products and services to individuals within Switzerland who have been referred to Helvetia. For this purpose, Helvetia customers can refer their friends, acquaintances or family members via the corresponding chatbot service as part of the "Recommend Helvetia" initiative. Following a referral they will be notified of the recommendation and the name of the person who recommended them. The recommendation and acceptance of the recommendation is voluntary. In the event of a successful recommendation, Helvetia customers are rewarded with a gift. Personal data such as first name, surname, postcode, e-mail address, telephone number and date of birth are required for purposes of direct contact and the targeted offer of a consultation. The data will not be disclosed to third parties. The persons referred can unsubscribe from the referral programme at the beginning or at any later time via the opt-out link in the welcome e-mail or later when the Helvetia employee contacts them. As a result, the data will no longer be processed by Helvetia and the recorded data will be deleted within the corresponding period. The storage duration of the data is based on the purpose of acquisition and referral initiative and is limited to the necessary minimum.

Helvetia uses the technological services of third-party providers to stage webinars, brownbags and other online live events. When participating in online events, the names and e-mail addresses of the participants, as provided during registration, enrolment or upon joining, are usually communicated to the third-party providers for purposes of technical implementation of the event. As a rule, the data will be hosted within Switzerland. It cannot be ruled out that this data will be stored outside Switzerland, is subject to other legal systems and/or will be passed on to other third parties by the third-party providers. The respective privacy policy of the service provider(s) applies. Helvetia itself does not pass on any other customer information in connection with the staging of events and the use of third-party providers. When registering for events, Helvetia will usually ask for details of the persons participating. This may involve information about persons other than those completing the registration. By completing the registration, Helvetia places the person registering under an obligation to inform all persons registered by name about Helvetia's information on data protection, and by completing the registration Helvetia assumes that the persons registered by name have been sufficiently informed about Helvetia's data processing. All data entered will be used exclusively in connection with the organization and implementation of the event and deleted within a reasonable and/or statutory period. Data may be passed on to third parties if, for example, lists of names have to be disclosed for the organization of events. For further details, please refer to Helvetia's "List of recipients and countries". The disclosure is usually evident from the circumstances of the registration (e.g. registration for a trip, hotel or restaurant stay), otherwise Helvetia reserves the right to provide separate information in the registration mask. The storage duration of the data is based on the purpose and is limited to the absolute necessary. Data will be deleted within the corresponding time.

In order to carry out sponsorship, Helvetia requires details of the beneficiary or beneficiaries of the sponsorship; these may be details of persons other than those making the registration. By completing the registration, Helvetia places the person registering under an obligation to inform all persons registered by name about Helvetia's information on data protection, and by completing the registration Helvetia assumes that the persons registered by name have been sufficiently informed about Helvetia's data processing. In the context of raffles and prize draws, personal data may be required in order to administer the allocation of prizes. Helvetia reserves the right to use information about sponsorship, raffles and prize draws for internal or public advertising. In such cases, the persons concerned will be notified separately. All data will be used in connection with the requested sponsorship and deleted within a corresponding period.

In order to process enquiries about the protection forest or tree certificate, Helvetia requires details of persons other than those making the payment. Upon conclusion of the tree certificate order, Helvetia places the person registering under an obligation to inform all persons registered by name about Helvetia's information on data protection, and Helvetia assumes by concluding the order that the persons registered by name have been adequately informed about Helvetia's data processing. All data will be used in connection with the requested tree certificate and will be deleted within a corresponding period.