Personal details are data that relate to an identified or identifiable natural person. Sensitive personal data are personal details that are specially protected by law due to their sensitivity, for example health data. Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or deletion. We comply with the Federal Data Protection Act (FADP), the implementing ordinance (DSGV) and other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR]).
Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.
The following companies are responsible under data protection law for the forms of data processing described here:
- Baloise Insurance Ltd
If you have any data protection concerns or wish to exercise your rights under clause 15, you can contact our data protection unit as follows:
- Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Website visitors from the European Union or the European Economic Area can also contact our data protection officer in accordance with Art. 27 GDPR if they have any questions:
- Baloise Life (Liechtenstein) AG
Alte Landstrasse 6
We primarily process the personal details necessary for the use of our websites and services, i.e. in particular the information provided by you as well as the data collected directly by us (see below).
When you use our website and services, we collect metadata. This includes, for example, information about your browser (type and version), your device type (e.g. smartphone or tablet) or your IP address. We also collect further data about access to the website, so-called log data. This includes, for example, the name of the website accessed, the date and time of the access, the amount of data transferred, the message about successful access, information about the operating system as well as information about the last website visited.
We only collect further personal details if you provide them to us in the course of using our services. We only store the personal details you provide in this regard if you provide them to us in the context of using our services on the website (e.g. when using our contact form or premium calculator). This primarily includes master data (e.g. personal details such as age and nationality or contact data such as name, address, email address, which must be provided when you make an appointment with us or sign up for our newsletter), communication data (e.g. the time or content of any correspondence with you) and, in some cases, contractual data (e.g. details of an insured item or when ordering an interchangeable licence plate).
Further information about the personal details we process when you use our websites and services can be found below.
Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or if we are legally obliged or entitled to process it, as well as for other purposes compatible with the aforementioned. For further details on the basis of our processing, please refer to clause 5.
Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us in writing with effect for the future. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.
Unless we ask you for your consent to processing, we base the processing of your personal details on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in doing so, for example, in order to pursue the purposes described below and the associated objectives as well as to take appropriate measures. Our legitimate interests also include the marketing of our products and services.
We may also process sensitive personal data (e.g. health data) on the basis of other legal grounds, for example in the event of legal disputes due to the need for processing for a possible court case or the enforcement or defence of legal claims. Other legal grounds may apply in individual cases, which we will communicate to you separately where necessary.
We primarily use data to create server log files in order to perform statistical analyses for the purpose of operating the website, ensuring the security of the IT systems and optimising the websites. For this purpose, we primarily use log data. The legal basis for this data processing is our legitimate interest in providing you with a secure and smooth user experience at all times. We also reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of specific indications. The log data is automatically deleted after a period of 90 days.
When you use Live Chat to contact us, we will process your input to answer your enquiry. The content and purpose of the communication is dictated by the message content you provide or your enquiry.
We will also send you information by email, provided that you have given us your email address for processing your concerns and questions or you have contacted us directly by email. The processing of your data is based on our legitimate interest and serves solely to process the contact. If the purpose of the email contact is the conclusion of a contract, the legal basis for the processing is the initiation of this contractual relationship.
You can revoke your consent for the future at any time by clicking on the relevant link at the end of each newsletter you receive.
We may also use your data to occasionally inform you about new products or services or other services of interest to you from us and our business partners.
If you do not wish your data to be processed for marketing purposes, you can inform us of this or refuse or revoke your consent to be contacted for advertising purposes (see contact address in clause 16).
We offer you services at various points on our website, some of which require you to provide personal details.
This includes, for example, our customer portal, various premium calculators and further calculation simulations, the possibility to arrange consultation appointments or further services in connection with your insurance contract (e.g. ordering an interchangeable licence plate, conclusion routes, claims notifications). In this context, we primarily collect master data and communication data, and in some cases also other information that is necessary to answer your enquiry. We may store your data for a limited period of time so that we can make it available to you again for a new enquiry if required. In addition, we may contact you to assist you in using our services (e.g. if you cancel an order).
We use so-called cookies on our websites. Cookies are small data packets (text files) that your browser stores on your access device (computer, smartphone, etc.) when instructed to do so by a visited website in order to remember certain information related to the device, for example your language settings or login information. Cookies cannot transmit viruses or intercept data. Cookies can be used to automatically collect the following data without establishing a connection to a possibly existing user account:
- Name of the website visited;
- File name;
- Date and time of access;
- Page views on our website;
- Browser type and version;
- Operating system of the user;
- Referrer URL (the previously visited page);
- IP address and the requesting provider;
- Session ID.
We distinguish between basic function cookies, functional cookies, targeting cookies (also called social media cookies) and performance cookies. The cookies are either set by us (so-called first-party cookies) or originate from other domains (so-called third-party cookies). Basic function cookies are necessary for the functioning of our website, contribute to the safe use of the website and cannot be deactivated in our systems. Functional cookies allow for the provision of advanced features and personalisation, such as videos and Live Chat. Targeting cookies may be used by our advertising partners to show you relevant advertising on other websites based on your interests. This works by uniquely identifying your browser or device. Performance cookies allow us to track visits to our websites, identify sources of access and thus determine and improve the performance of our websites.
Some of the basic function and functional cookies we use are deleted immediately after you close your browser (so-called session cookies). Still others remain permanently – i.e. until they expire or are deleted – stored on your device and enable us to recognise your browser again (so-called persistent cookies).
In some cases, third-party content is integrated into our websites, e.g. YouTube videos, maps from Google Maps, RSS feeds or graphics from other websites. This always assumes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of your IP address. The third-party providers cannot send the content to your browser without this IP address. Furthermore, certain services in the above sense are only activated when you actively select them.
We only include this content on our website to provide you with useful information or to facilitate a process for you. No further data processing is involved here. Therefore, the legal basis for this data processing is our legitimate interest in offering you such content as a service. We endeavour to only use content whose respective providers only use the IP address to deliver the content. But we have no control over any storage of your IP address by the third-party providers for statistical purposes.
We refer to the data protection declaration of the relevant service for the data processing by the third-party provider in question. There you will also receive further information on the individual setting options for protecting your privacy.
13.1 Google Analytics and Tag Manager
We use Google Analytics and the Google Tag Manager on our websites. This is a web analytics service and associated support tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”).
It cannot be ruled out that the Google Analytics and Tag Manager cookies may collect further personal details or that the data may be shared by Google with third parties, insofar as this is required by law or is necessary as part of the processing of the data by third parties on behalf of Google.
We ourselves do not share any personal details with Google without your consent. Your consent serves as the legal basis for us here. Further information on the Google Tag Manager is available at this link.
13.2 Google Ads (Conversion Tracking) and Google Marketing Platform
We use Google Ads on our websites in conjunction with Google Conversion Tracking. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”).
With Google Conversion Tracking, Google Ads sets a cookie on your devices if you have reached one of our websites via a Google ad. If you visit certain pages of our websites and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Every AdWords customer – and therefore also us – receives a different cookie. As such, cookies cannot be tracked across AdWords customers’ websites. The cookie is not used for personal identification.
The information obtained by means of the conversion cookie is used to create conversion statistics for AdWords customers and to determine your surfing behaviour for marketing purposes. This allows us to tailor promotional offers to your interests. But we do not receive any information that can be used to personally identify users.
Further information on Conversion Tracking and general information on Google Ads as well as on the Google Marketing Platform can be found using the links provided.
13.3 Google Places API / Google Maps
Google Maps is integrated into our websites. If you use Google Maps in the European Economic Area or in Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you use Google Maps from another country, the service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of this service on our websites is intended to show you an interactive map directly on our websites so that you can, for example, locate a customer adviser or locate our company geographically on the map.
It is necessary to store your IP address in order to use Google Maps. This information is generally transmitted from your browser to a Google server in the USA and stored there. By transmitting your IP address, Google may also be able to associate your data with your user account, provided you are logged in with this account. You can opt out of the use of Google Maps in your Google user account if you do not wish your user account to be associated with the respective service provider.
The legal basis for processing your data is our legitimate interest. This consists of providing you with useful information, facilitating location-based searches and automatically completing address data.
Further information on Google Maps is available at this link.
13.4 Google remarketing
We use the remarketing function of Google on our websites. This is a function offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).
Further information on Google remarketing is available at this link.
13.5 Google Campaign Manager (formerly DoubleClick by Google)
We use Google Campaign Manager (formerly DoubleClick by Google) services on our websites. It is a marketing tool of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).
13.6 Hotjar web analytics service
On our website baloise.ch we use the functions of the web analytics service of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, in order to better understand your requirements and to optimise the web page and customer experience on this website.
Hotjar’s technology gives us a better understanding of your experience (e.g. how much time you spend on which pages, which links you click on, what you like and do not like, etc.) and this, combined with user feedback, allows us to maintain and adjust our service experience.
More information about data security and processing at Hotjar Ltd. can be found at hotjar.com/privacy. You can use a browser plug-in to prevent the information collected by cookies from being sent to and used by Hotjar Ltd. Please use the following link to access the appropriate plug-in: hotjar.com/de/legal/policies/do-not-track/.
13.7 Siteimprove Analytics
We use this information to evaluate the user behaviour of our website visitors, compile reports about this behaviour and improve the website experience of our visitors. Siteimprove will not pass this information on to third parties or use it for marketing or advertising purposes of any kind.
We use social media plug-ins on our website. You can generally recognise the plug-ins by the logos of the respective social media.
When you visit such a platform, your browser establishes a direct connection with the servers of the corresponding social network. If you are logged into your respective social media user account (e.g. LinkedIn) at the same time, the relevant provider can assign your visit to our web pages to your user account. Even if you do not have a user account with the respective social media portal or are not logged in there, it is possible that your IP address will be transmitted and stored there.
14.1 Facebook business tools (Facebook Pixel, Facebook Retargeting, Facebook Conversion API)
We use the Facebook business tools Facebook Pixel, Facebook Retargeting and Facebook Conversion API on our website. These business tools are operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (hereinafter “Facebook”), a subsidiary of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, (hereinafter referred to as “Facebook”).
Facebook Pixel is a tracking cookie. It is set on all pages of our websites. This allows us to track your behaviour when you visit one of our websites. In addition, interest-based advertisements can be displayed and user profiles (profiling) or target groups can be created (Facebook Retargeting). If you do not want your personal details to be used by Facebook Retargeting and you have a user account with Facebook, you can deactivate this function here.
Using Facebook Event, we can track actions you take on our websites (so-called customer journey). In this case, Facebook Pixel is triggered and the action is recorded as an event. Information that is created when you interact with Facebook via the Facebook log-in, social plug-ins or in any other way (e.g. tagging a Facebook post with “Like”) is not collected. We engage Facebook to process the event information collected for campaign reporting and analytics as well as to create custom audiences so that we can track the impact of advertising campaigns and gain insights into how our website is used.
For more information, please see the Facebook data protection declaration at facebook.com/about/privacy/.
The Facebook Conversion API is a data interface through which we transmit data about your behaviour on our website to Facebook for evaluation. This allows us to show you advertisements that match your user behaviour on our website. We use the following data in connection with the Conversions API tool:
- IP address
- User agent
- Web page activity
14.2 TikTok Pixel
Our websites integrate Twitter buttons. These buttons are provided by Twitter Inc., 795 Folsom St, Suite 600, San Francisco, CA 94107, USA. Using the buttons, it is possible to share a post or a page of our website on Twitter or to follow us on Twitter. When you click this button, your browser establishes a direct connection with Twitter servers. Twitter transmits the content of the Twitter buttons directly to your browser.
The legal basis for processing your personal details is our legitimate interest. We include the Twitter content on our websites to provide you with useful information or to facilitate a process for you. No further data processing is involved here.
For more information, please see the Twitter data protection declaration at twitter.com/privacy.
YouTube is integrated into our websites. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “YouTube”).
YouTube offers free video clips that users can watch, rate and comment on. They also have the option of uploading their own video clips. We embed the YouTube video clips directly in our websites.
If you play such embedded video clips while visiting our websites, information about this use is shared with YouTube. Through this transmission, YouTube collects your IP address, as it cannot send content to your browser without your IP address. YouTube may also be able to assign your data to your user account as a result of the collection of your IP address, provided that you are logged in with this account. If you do not wish to be associated with your YouTube user account, you can log out of your YouTube user account before playing the video clips.
Your data will not be automatically forwarded to YouTube if you only visit our website and do not click on an embedded video clip.
The legal basis for processing your personal details is our legitimate interest. We incorporate YouTube content into our web page to provide you with useful information or to facilitate a process for you. No further data processing is involved here.
Further information on the collection and use of your data by YouTube and YouTube’s data protection declaration can be found on the Google website. You can find information and individual setting options for protecting your privacy on YouTube via Google on your Google user account in the sections “Personal details” and “Data and personalisation”.
Snap Pixel of the instant messaging service Snapchat from Snap Inc., 63 Market St. 90291, CA Los Angeles, USA, is integrated on our websites. When you visit our job openings or submit your application, a direct connection is made between your browser and the Snapchat servers via Snap Pixel. Snap Inc. thereby receives the information that, with your Snapchat app, you have visited our web page and have started or completed a job application. This allows Snap Inc. to associate the visit to our websites with your user account. The information received in this way may be used by us to measure the effectiveness of our Snapchat ads and to run other Snapchat ads. Further information about this is available in the data protection declaration of Snap Inc. at snap.com/en-US/privacy/privacy-policy/. If you do not want your data to be collected by Snap Pixel, you can deactivate Snap Pixel here.
We use the LinkedIn business tools LinkedIn Pixel and LinkedIn Retargeting on our website. These business tools are operated by LinkedIn Ireland Unlimited Company, Wilton Place Dublin 2, Ireland.
The LinkedIn Pixel is a tracking cookie. It is set on all pages of our websites. This allows us to track your behaviour when you visit one of our websites. In addition, interest-based advertisements can be displayed and user profiles (profiling) or target groups can be created (LinkedIn Retargeting).
When you visit our websites, a direct connection is established between your browser and the LinkedIn server via the Insights Tags. LinkedIn thereby receives the information that you have visited our website with your IP address. This allows LinkedIn to associate the visit to our website with your user account. We can use the information obtained in this way to measure ad effectiveness and to display LinkedIn ads. If you do not want data to be collected by LinkedIn, you can deactivate this function here.
Further information is available in the data protection declaration of LinkedIn at linkedin.com/legal/privacy-policy.
14.8. Xandr advertising platform
Xandr may collect the following personal data from you: (a) information about your browser, including: the type of browser you are using, the browser language, other settings and cookie information; (b) information about your terminal device, including the version of the operating system, type of connection, device make, device model, device identifiers such as your IDFA or AAID and the IP address from which the Internet is being accessed; (c) precise geographic location information if location services have been enabled for an application on your device that integrates Xandr’s technology or sends this information to the Xandr advertising platform; (d) information about your activity on our website and the time you visited it; and (e) information about the provider of your Internet connection. Your personal data is stored according to Xandr’s generally accepted security standards. Your personal data will usually be aggregated or deleted within 3 to 60 days, but may be stored on the Xandr advertising platform for up to 18 months from the date of collection before aggregation or deletion.
We use Xandr to tag users of our website and to be able to retarget them on third-party websites (retargeting) and to be able to measure the success of our advertising on third-party websites (e.g. to find out whether a person who has seen an advertisement for our job ads has also applied to us) and to optimise our advertising based on this knowledge (conversion measurement). Xandr, in turn, uses your personal data to provide, operate, manage, maintain and improve the Xandr advertising platform and to enable Xandr’s customers to use it. This includes: (a) enabling ad serving, through interest-based advertising and precise geographic location information; (b) reporting on ad delivery and conversion measurement; (c) providing frequency capping and recency measurement; (d) detecting and preventing fraud and malicious behaviour and maintaining and improving Xandr’s services, including the use of information for machine learning, optimisation and statistical analysis.
If Xandr transfers your personal data to group companies or third-party service providers outside European countries, we will ensure that there is adequate protection in accordance with European data protection legislation (including the Model Clauses).
For example, to ensure that your personal data is adequately protected when transferred outside European countries, Xandr has entered into inter-company Model Clause agreements and other adequacy agreements with various companies outside European countries with which we share your data. A copy of these agreements is available upon request.
Opting out of interest-based advertising
By clicking on “OPT OUT” via the following link: https://platform.xandr.com/privacy-center/opt_out. Please note that for technical reasons, the opt-out function only applies to the browser and device used to opt out. You can reach Xandr’s data protection officer via the following link: https://www.appnexus.com/platform-privacy-policy/form. Further information on data protection in connection with the Xandr advertising platform can be found at https://www.xandr.com/privacy/platform-privacy-policy/.
When processing your personal details, your data may also be transmitted to third parties abroad as part of your use of our website and services.
Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable Data Protection Act. Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.
You have the following rights in accordance with the applicable data protection law and if the conditions are met:
- You can request information about whether we process your personal details and, if so, what these details are;
- You can request us to correct incorrect data or complete incomplete data or correct or complete such data yourself to a limited extent via the customer portal at any time;
- You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations;
- You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out using automated processing, you have consented to the processing, or your data is processed for the conclusion or settlement of the pension relationship;
- In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation;
- Where applicable, you have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing;
- You have the right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person;
- You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss supervisory authority at edoeb.admin.ch and the Liechtenstein supervisory authority at datenschutzstelle.li.
Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.
If you wish to exercise your rights, you can contact us in writing or by email at the address below.
Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.
In individual cases, it is possible to retain personal details for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate business interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.
Please note that the Internet is a global, open network. When you transmit your data over the Internet, you always do so at your own risk.
The data you transmit is protected by encryption mechanisms (Transport Layer Security, TLS) that comply with current security standards. TLS is a protocol for secure data transmission on the Internet. Most browsers support this protocol. TLS uses the public key method, in which data encoded with a publicly accessible key can only be decoded again with a very specific private key. Most browsers indicate whether the connection is secure or unsecured with a key or padlock.
Despite extensive technical and organisational security precautions, it is still possible for data to be lost or intercepted and/or manipulated by unauthorised persons. Baloise takes appropriate technical and organisational security measures to prevent such occurrences within the Baloise system. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures. We do not, under any circumstances, accept liability for damage that you may incur as a result of data loss or manipulation.
We encrypt and protect the personal details transmitted by you via our websites in accordance with the state of the art (current: Transport Layer Security, TLS, at least 128 bit). TLS is a protocol for secure data transmission on the Internet. Most browsers support this protocol. TLS uses the public key method, in which data encoded with a publicly accessible key can only be decoded again with a very specific private key. Most browsers indicate whether the connection is secure or unsecured with a key or padlock. Despite extensive technical and organisational security precautions, it is still possible for data to be nevertheless lost or intercepted and/or manipulated by unauthorised persons. We take technical and organisational security measures to prevent the risk within our websites. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures.
Last updated in June 2023.