As of May 2018
Generali Switzerland is well aware of the value of your personal data. Here below we provide some information on how Generali Switzerland processes your personal data and the rights you have.
Please note the following data protection policy.
Generali Switzerland has published this data protection policy in view of the forthcoming revision to the Swiss Data Protection Act (DPA) and the entry into force of the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union (EU) and the European Economic Area (EEA), for various reasons parts of it may be relevant for Generali Switzerland too. Firstly, Swiss data protection legislation has historically been closely aligned with European regulation, so the amendments expected to the Data Protection Act are heavily influenced by the GDPR; secondly, due to their extra-territorial effect the high data protection standards under the GDPR are in some circumstances applicable outside the EU/EEA.
The controller of your data is
Generali (Switzerland) Holding Ltd.
You can contact our data protection officer by email at privacy. email@example.com or by post at the address above, addressing it to the attention of the “Data Protection Officer”.
Purposes and legal basis of data processing
We comply with all relevant provisions of data protection law when processing your personal data. Here below we provide more detailed general information on how we process your data.
Your data is mainly processed to conclude and process contracts with you. If you apply for insurance coverage we need the information you provide to conclude the contract and estimate the risk we are taking on. If the insurance agreement is taken out, we process this data to implement the contractual relationship, e.g. to issue the policy and submit an invoice. We need information on a claim to be able to check whether an insured event occurred and how large the claim is. This may – where necessary – include information from third parties who have been appointed to investigate the claim (experts), who may be able to provide information (authorities, witnesses, etc.) or who are involved in providing a service in connection with the claim (workshops, craftsmen, doctors, hospitals). We may also use data about you from publicly available sources (internet sites, social media, etc.).
If data concerning health are essential to assess whether and on what conditions your insurance contract is to be concluded, we gather (subject to your consent) the data concerning health needed to assess the contract, which may include information and documents from examining or treating physicians, hospitals, other healthcare or medical institutions and social insurance entities.
We also process your personal data to produce insurance-specific statistics and analytical evaluations, e.g. to develop new tariffs or meet regulatory requirements. We further use the data for an overall view of your relationship with Generali Switzerland, e.g. to advise you about a contractual amendment or to provide comprehensive information.
In addition, the processing of your personal data goes beyond
the scope of actually performing the contract, enabling us to protect
our own legitimate interests and those of third parties. This
may be necessary (for example):
– to ensure IT security and operations and protect our employees and assets;
– to calculate credit and default risks;
– to support sales and for quality and satisfaction surveys;
– to develop our offering and advertise products of Generali Switzerland;
– to manage the company and as part of restructuring and transactions;
– to enforce and fight legal claims, prevent and investigate criminal activities, especially data analysis to identify indications which might suggest insurance fraud and to prevent money laundering and the financing of terrorism.
In addition, we need your personal data to meet legal obligations such as supervisory requirements, retention obligations under commercial and tax law, or our duty as your insurance advisor.
If we wish to process your data for a purpose not listed above or on another legal basis, we will inform you when required.
As part of the business relationship you must provide the data needed to commence and process our contractual relationship or the data required by law. Without this data we are generally not able to conclude or pursue a contract with you.
Categories of recipients of personal data
Owing to the complexity of modern data processing, we sometimes have to use service providers and appoint them to process your data or give them access to it. Some of these service providers may be outside Switzerland, and even outside Europe or anywhere in the world, in particular wherever our Group has a branch. When we use service providers we always take care to ensure that the relevant data protection provisions and data security standards continue to be observed. When carrying out our business transactions it may be necessary to transfer your data within our insurance company or within our Group or to process it jointly.
Involvement of reinsurers
When insuring some risks, we work closely with our reinsurers, who support us in examining risks and benefit payments. This requires us to exchange with our reinsurers data about you and your insurance relationship. This exchange of data always only takes place for the purposes of jointly examining your insurance risk and benefit payments and in compliance with the Swiss Federal Law on Insurance Contracts.
Involvement of intermediaries
In insurance matters or when using services provided by Generali Switzerland and/or our partners, you are advised by intermediaries, who might – with your consent - also offer financial advisory. For the purposes of providing their advisory service, the intermediary collects and processes the personal application, contractual and claims data required to process the contract. Generali Switzerland also provides your intermediary with data about yourself and your insurance relationship, when the intermediary needs this to provide you with service and advice.
Forwarding data to supervisory authorities, courts and other third parties
Being an insurance company, we are subject to strict regulatory requirements and constant monitoring of the supervision authorities. We may have to disclose personal data of our policyholders/ insured persons on request to authorities, courts, auditors, etc. as part of their legal duties. When examining your benefit payment we may also have to consult third parties such as physicians, healthcare institutions, experts, lawyers or companies appointed as loss adjusters or providers of credit information and transfer your personal data to them. In all cases we always ensure compliance with the legal basis.
Data processing within the Group
In order to ensure comprehensive insurance coverage, separate companies in Switzerland and abroad provide some services of Generali Switzerland. These may be specialised companies inside the Generali Group or cooperation partners of Generali Switzerland. As part of the contractual relationship, Generali Switzerland has to transfer data both within and outside the Group.
Transfer of data abroad to certain third countries
When data is transferred to a country that does not have an appropriate data protection regime, we ensure appropriate protection by using sufficient contractual warranties, specifically on the basis of the EU standard contractual clauses or binding corporate rules, or we rely on the derogation of consent, performance of the contract, exercise or enforcement of legal claims, overwhelming public interest, the fact that the data is public or that it is needed to protect the integrity of the data subject. You can obtain a copy of the contractual warranties from the contact addresses mentioned above, or you will be told where copies can be obtained. We reserve the right to blacken such copies for reasons of data protection or confidentiality.
Automated data processing
In order to deal with transactions as efficiently as possible, in some cases we use automated checking programmes which determine the insurance risk based on the information in your application, decide on whether a contract is concluded and, for example, set the amount of the premiums or your risk exclusions. In some areas, we also use such programmes to determine our obligation to pay benefits in the event of a claim. Depending on the transaction, this automated processing may also include special categories of personal data and/or sensitive personal data, including data concerning health. The checking parameters used in these programmes are based on actuarial empirical values and thus ensure that the standard used for assessment is objective.
Processing data of persons who have no insurance relationship with us
In order to establish an insurance relationship, it may be necessary to process data of people who are not contractual parties. For example, we process personal identification data (name and date of birth) of persons named as beneficiaries. This is necessary necessary to be able to provide the agreed insurance benefit to the beneficiary if an insured event occurs.
When a contract provides insurance coverage for people other than the policyholder, we process their data too. We need this data to be able to arrange insurance coverage adapted to the personal circumstances of the insured person, and to be able to provide the agreed insurance benefit to the insured/beneficiary in the event a benefit is paid.
If an insured event occurs, we process the data of third parties, e.g. the injured party, the person responsible for an accident, other people involved or witnesses. This data has to be processed to determine the facts in the case, as well as to assess whether an insurance benefit has to be paid, and if so how much. We also need this data to enforce legal rights (e.g. make compensation or recourse claims) or fight legal claims (e.g. defend against claims with no basis).
We also process personal data of any creditors, legal representatives, agents for service and other recipients of documents, plus – when relevant for performing the insurance contract – the personal data of experts and lawyers.
If we receive this data concerning third parties from you, we kindly ask you to notify them that we process their data, draw their attention to this data protection policy and if necessary obtain their consent before giving us the data. The rights of data subjects that are set out in this data protection policy also apply to such third parties.
Duration of data retention
We process and save your personal data for as long as it is required to perform our contractual and legal obligations, or for the purposes for which it is processed, for example for the duration of the entire business relationship (from initiation and processing to the end of the contract), and beyond that in line with the legal obligations concerning retention and documentation. Personal data may be retained for the period during which claims may be raised against our company (e.g. the limitation period) and where we are under a different obligation to do so, or our legitimate interests require it (e.g. for the purposes of evidence and documentation). Once your personal data is no longer needed for the listed purposes, it will be is deleted.
Generali customer portal, Generali apps and newsletter
If you have requested access to the Generali customer portal, we provide in your personal area data about you, your contracts and any claims adjustments, as well as any associated correspondence. Moreover, depending on the insurance concluded, you will find health data in order to provide you a full and user-friendly service. The data is saved in your personal Generali customer portal as long as the customer portal (i.e. your account) exists. If you or we terminate your Generali customer account, the data saved in it will be deleted.
If you install the Generali apps on your device (smartphone, tablet, etc.), some data on your contracts may be saved on your device, depending on the app. Newsletters are sent based on your consent and according in line with the data you provided when subscribing to the newsletter or because you are a customer of ours. You can withdraw your consent to receiving newsletters at any time and decline to receive further issues by using the unsubscribe link in the newsletter.
Rights of data subjects
You can request information about the data held on you at the address given above. Subject to certain conditions, you can also request that your data is rectified or erased. You also have a right to restrict or oppose the processing of your data and a right to be given the data you have provided. If you have given us your consent to process the data you can withdraw this at any time with future effect.
If you have any questions, please contact us at the address mentioned above. Please always provide proof of your identity, for example by sending a scan of your identity card.
You have the right to file a complaint with the relevant data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin. ch).