Data Protection Statement

The purpose of this information is to give you an understanding of how we use your personal data. In the course of providing our services, we process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG).

This data protection statement applies to all websites, applications, services and tools of ELVIA unless they contain separate data protection provisions and irrespective of how you access or use these services (including access via mobile devices). If required, we can draw up separate data protection information for further activities.

We process the personal data that you make available to us yourself. If required for the provision of our services, we also process personal data that we have obtained by legitimate means from publicly accessible sources (e.g. public databases, the Internet, the press) or from third parties (e.g. general agencies, brokers, cooperation partners, previous insurers, lawyers, assessors, credit check companies).

The personal data we process can include the following:

• Personal details (e.g. your name, address and other contact information, date of birth, language preferences, application and usage data, information on your creditworthiness).
• Data on customer activity (e.g. contractual data, claims, customer contacts, session information relating to visits to our website, apps for mobile devices, participation in competitions).
• Further data that we are obliged or entitled by law to record and process and that we require to authenticate or identify you or to check the data we have collected (e.g. origin of assets).

Should we require personal data of a particularly sensitive nature (e.g. health data, medical reports) in order to enter into or perform the contract, we will obtain your consent for this.

Please note that we are not able to provide our services or conclude or process a contract with you without your personal data.

Your personal data is used in accordance with legal requirements for the following purposes:

• As part of the conclusion and performance of the contract:
  g. provision of advice and customer support, risk assessment, credit checks, contract management and amendment, collection, claims handling, surveys on customer satisfaction in connection with the contractual services.
• To safeguard our legitimate interests or those of third parties:
  g. identification of fraudulent activities, evaluations of entire customer relationships/customer behaviour for the purpose of contract optimisation and further development of products, services and processes, marketing (including profiling) for our own products and those of Allianz Suisse subsidiaries, newsletters, market surveys and opinion polls.
• On the basis of your consent:
  We require your consent to process your data in certain cases, e.g. in order to process personal data of a particularly sensitive nature when entering into or performing a contract and during claims processing.
• Due to legal obligations:
  We are subject to various legal requirements (e.g. the Anti-Money Laundering Act, insurance supervisory law and supervisory law requirements of FINMA, retention requirements).

We do not pass your personal data onto unauthorised third parties. Our employees only have access to the data they require for the purpose of fulfilling the contractual and legal obligations. To be able to provide our services, it is also necessary for us to pass on your data both within and outside the company. Depending on the intended purpose, this includes, for example, companies of the Allianz Group, general agencies, brokers, previous insurers, reinsurers, doctors, occupational pension providers, cooperation partners and other companies in the fields of claims handling, IT services, logistics, printing services, collection and marketing. All third parties integrated into our business processes handle your personal data on our behalf and do so exclusively in the way we are permitted to. We check them carefully in relation to data protection and data security and oblige them to maintain confidentiality and comply with the relevant data protection provisions, taking into account the applicable law on data protection.

In addition, we have to disclose your personal data to government agencies (e.g. authorities, social security providers, courts) to the extent that we are legally obliged to do so.

In some cases, your data may undergo automated processing with the aim of evaluating certain personal factors, for example in the following cases:

• Legal and regulatory requirements oblige us to take certain measures (e.g. in order to combat money laundering and the financing of terrorism). Data evaluations are performed in the course of these measures (on conclusion of the contract, during the term of the contract and in the event of payouts).
• We carry out evaluations so that we can provide you with targeted information and advice on products. This enables us to tailor our communications and marketing (including market research and opinion polling) to your needs.

We can make automated individual decisions in order to enter into and perform the contractual relationship. Automated decisions are made on the basis of your information about the conclusion of the contract, possible excluded risks, the amount of the insurance premium or the obligation to pay benefits, for example. Fully automated decisions are based on predefined rules for weighting the relevant information (e.g. during the application process, assessments are performed on the basis of actuarial criteria and calculations). Where we do take such automated individual decisions, you have the right to obtain human intervention on the part of the data controller, to express your own point of view and to contest the decision. This right does not exist if your request has been fully granted.

If required for the provision of our services and taking into account the intended purpose, your personal data will be transmitted to the recipients listed in section 5 within and outside Switzerland and the EU.

Data will only be transferred to countries outside the EU if those countries have appropriate data protection laws comparable to those in Switzerland and the EU or an equivalent level of data protection is contractually agreed with the recipient.

Data transmissions to other Allianz Group companies outside Switzerland and the EU are performed on the basis of the Allianz data protection standards (Allianz BCR), which guarantee an appropriate level of data protection and are binding for all Allianz Group companies. You can view the Allianz BCR and the list of all Allianz Group companies that comply with them at www.allianz.com/en/.

When you visit a website, it can access or save information from your browser, usually in the form of cookies. This may be information about you, your settings or your device, and it is mostly used to ensure that the website functions as expected. This information generally does not identify you directly, but is used to offer you a personalised web experience.  

If we also offer you a chat function as a contact option, you will be connected to someone from our customer service and will be able to communicate in writing in real time in a separate browser window. No contact details will be requested from you and the content of the chat will be deleted once it is over.

If you transmit information to us via the Internet or other electronic means of communication, there is always the risk that it will be lost, damaged or manipulated. You therefore do so at your own risk.

All data transmissions via the Internet platforms are encrypted. In the process, we ensure that the personal data we receive is safeguarded against unauthorised processing, loss and destruction by means of appropriate technical and organisational measures.

You have the right to obtain information about your personal data, to have it rectified or erased, to object to it or to restrict its processing and – where applicable – a right to data portability and a right to lodge complaints with the responsible data protection supervisory authority.

You also have the right to object to the processing of your personal data for direct marketing purposes. Where we process your personal data for the purpose of legitimate interests, you can also object to this if there are reasons against processing it that result from your special situation.

If you would like to exercise these rights, please contact the Data Protection Officer. Please note that the exercise of these rights may prevent us from entering into or performing the contract or from offering further services. We can – under certain circumstances and in accordance with the applicable law – refuse to provide such information, only comply with your request in part, or refuse to rectify or erase your personal data.

I have read and understood the above information on data protection. If personal data of a particularly sensitive nature (e.g. health data in connection with the conclusion or performance of the contract and/or claims handling) is to be processed, I hereby give my consent for this to take place.

This information was last amended in June 2018.