The controller under data protection legislation – particularly the EU’s General Data Protection Regulation (GDPR) – is:
In cooperation with our hosting providers, we endeavour to protect the databases to the best of our ability against unauthorised access, loss, misuse and falsification.
We would like to point out that online data transfer (e.g. in the case of email communication) may be vulnerable to security flaws. Data cannot be protected entirely against third-party access.
By using this website, you agree to the collection, processing and use of your data in accordance with the description below. In principle, you can visit this website without registration. Data such as pages viewed, the name of the file retrieved, or the date and time are stored on the server for statistical purposes. It is not directly related to you personally. Personal data (particularly your name, address or email address) is collected on a voluntary basis as far as possible. Your data will not be disclosed to third parties without your consent.
Personal data processing
‘Personal data’ is all information that relates to an identified or identifiable natural person. A ‘data subject’ is a person about whom personal data is processed. ‘Processing’ includes any handling of personal data, regardless of the resources and processes used – particularly the retention, disclosure, acquisition, erasure, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection legislation. If and to the extent permitted by the EU GDPR, we also process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR:
- a) Personal data processing with the data subject’s consent.
- b) Personal data processing to fulfil a contract with the data subject and to implement appropriate pre-contractual measures.
- c) Personal data processing to fulfil a legal obligation that we are subject to under any applicable EU law or under any applicable law of any country in which the GDPR is applicable in whole or in part.
- d) Personal data processing to protect the vital interests of the data subject or of another natural person;
- f) Personal data processing to safeguard our own or a third party’s legitimate interests, except where such interests are overridden by fundamental freedoms, fundamental rights or the data subject’s interests. Legitimate interests include in particular our commercial interest in being able to provide our website, information security, asserting our own legal claims and compliance with Swiss law.
We process personal data for the duration necessary for the purpose(s) in question. We restrict processing accordingly in the event of longer-term retention requirements due to statutory and other obligations to which we are subject.
Where necessary, this website uses Google Maps to embed maps, Google invisible reCAPTCHA to protect against bots and spam, and YouTube to embed videos.
Google has undertaken to ensure an adequate level of data protection in accordance with the EU-US Privacy Shield and the Swiss-US Privacy Shield Frameworks.
This website uses what are known as ‘web fonts’ (provided by Google) to display fonts in a uniform manner. When a page is viewed, your browser loads the required web fonts in your browser cache to display texts and fonts correctly. If your browser does not support web fonts, your computer uses a standard font.
We process our customers’ data in accordance with the data protection legislation set down by the Swiss Confederation (Federal Act on Data Protection, FADP) and the EU GDPR in the context of our contractual services.
In this respect, we process inventory data (e.g. customer master data, such as names or addresses), contact data (e.g. email addresses, phone numbers), content data (e.g. text inputs, etc.), contract data (e.g. subject matter of the contract, term), payment data (e.g. bank details, payment history), and usage data and metadata (e.g. in the context of evaluation and measurement of the performance of marketing measures). The data subjects include our customers, prospects and their customers, users, visitors to our website or employees, and third parties. Processing is performed to provide contractual services, billing and our customer service. The legal bases of such processing activities are derived from Art. 6 para. 1b GDPR (contractual services), Art. 6 para. 1f GDPR (analysis, statistics, optimisation, security measures). We process data that is necessary in order to justify and fulfil the contractual services and point out the necessity to specify the same. Data is disclosed to external parties only if doing so is necessary in the context of an order. When we process the data we are provided with in the context of an order, we act in accordance with the client’s instructions and the statutory order processing requirements in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.
We delete the data after statutory warranty and similar obligations have expired. The need for data retention is reviewed at irregular intervals. If statutory archiving obligations are in place, data is deleted after these obligations have expired. If the client has disclosed data to us in the context of an order, we delete the data in accordance with the specifications set down in the order after it has been completed as a matter of principle.
We process data belonging to our customers, clients and prospects (uniformly referred to as ‘customers’) in accordance with the data protection legislation set down by the Swiss Confederation (Federal Act on Data Protection, FADP) and the EU GDPR in accordance with Art. 6 para. 1b GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this respect and the nature, scope, purpose and necessity of data processing are determined by the underlying order. In principle, this includes customer inventory and master data (name, address, etc.), contact data (email address, phone number, etc.), contract data (content of the order, fees, terms, details of the companies brokered/insurers/services) and payment data (commissions, payment history, etc.). We may also process information about the characteristics and circumstances of people or objects belonging to them, if this forms part of the subject matter of our order. This might include information about personal circumstances or movable or immovable tangible assets, for example.
In the context of our assignment, it may also be necessary for us to process special categories of data in accordance with Art. 9 para. 1 GDPR, in particular information on a person’s heath. To this end, we obtain the customer’s express consent, if necessary, in accordance with Art. 6 para. 1a, Art. 7 and Art. 9 para. 2a GDPR.
Insofar as is necessary for the fulfilment of the contract or legally required, we disclose or transfer customer data to providers of the brokered services/objects, insurers, reinsurers, broker pools, technical service providers, other service providers (such as cooperating associations), as well as financial service providers, credit institutions and investment companies, plus social security agencies, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Swiss Financial Market Supervisory Authority (FINMA) or the German Federal Financial Supervisory Authority (BaFin) in the context of coverage requests and the conclusion and processing of contracts. Furthermore, we may also engage subcontractors, such as sub-brokers. We obtain customer consent insofar as the same is required for disclosure/transfer (which may be the case in the event of special categories of data in accordance with Art. 9 GDPR, for example).
The data is deleted after statutory warranty and similar obligations have expired, whereby the necessity of data storage is reviewed at irregular intervals. The statutory retention obligations also apply. If there are statutory archiving obligations in place, data shall be deleted once these obligations have expired.
We process data belonging to our contractual partners and prospects, and other principals, customers, instructing parties, clients or contractual partners (uniformly referred to as ‘contractual partners’) in accordance with the data protection legislation set down by the Swiss Confederation (Federal Act on Data Protection, FADP) and the EU GDPR in accordance with Art. 6 para. 1b GDPR to provide them with our contractual or pre-contractual services. The data processed in this respect and the nature, scope, purpose and necessity of data processing are determined by the underlying contractual relationship.
The processed data includes our contractual partners’ master data (e.g. names and addresses), contact details (e.g. email addresses and phone numbers), contract data (e.g. services used, contents of the contract, contractual communication, names of contacts) and payment data (e.g. bank details, payment history).
As a matter of principle, we do not process special categories of personal data, unless they form part of commissioned or contractual processing activities.
We process data that is necessary in order to justify and fulfil the contractual services and point out the necessity to specify the same, if this is not evident to the contractual partners. Data is disclosed to external individuals or companies only if doing so is necessary in the context of a contract. When we process the data we are provided with in the context of an order, we act in accordance with the instructions issued by the client and the statutory requirements.
As part of the use of our online services, we may store the IP address and the time of relevant user actions. Data is stored based on our legitimate interests, and the user’s interests in protection against data misuse and other unauthorised use. In principle, this data will not be disclosed to third parties, unless doing so is necessary for pursuing our claims in accordance with Art. 6 para. 1f GDPR, or there is a statutory obligation to this effect in accordance with Art. 6 para. 1c GDPR.
The data is deleted when it is no longer necessary for the fulfilment of contractual or statutory duties of care or for dealing with any warranty and similar obligations, whereby the necessity of data storage is reviewed at irregular intervals. The statutory retention obligations shall also apply.
Information about data transfer to the US (United States of America)
For the sake of completeness, we would like to point out that users based in Switzerland are subject to surveillance measures by the US authorities that generally allow the storage of all personal data from Switzerland that has been transferred to the US.
This is done without distinction, restriction or exception based on the goals pursued, and without any objective criterion enabling limiting of the US authorities’ access and subsequent use of the data to very specific and strictly limited purposes that can justify both access to this data and exploitation associated with use of the same. We would also like to draw your attention to the fact that there are no legal remedies available in the US for Swiss data subjects that would allow them to access their data and to have said data rectified or erased, and that there is no effective legal protection in court against the US authorities’ general rights of access. We explicitly draw data subjects’ attention to this legal and factual situation, in order that they can make an appropriately informed decision to consent to use of their data.
Users residing in an EU member state are advised that the US does not have an adequate level of data protection from the European Union’s perspective.
The copyright and all other rights to content, images, photos or other files on the website belong exclusively to the website operator or the specifically named rights holders. The copyright holder’s written consent must be obtained in advance for the reproduction of all files.
Anyone who commits a copyright violation without the respective copyright holder’s consent may be liable to prosecution and to damages if necessary.
All the information provided on our website has been checked carefully. We make every effort to ensure that the information we provide is up to date, correct and complete. Nevertheless, we cannot rule out the possibility of errors entirely. In other words, we cannot guarantee that the information (including journalistic and editorial information) is complete, accurate and up to date. Liability claims arising from material or non-material damage caused by use of the information provided are excluded, unless there is evidence of wilful intent or gross negligence.
The publisher may modify or delete text at its own discretion and without any need to give prior notice, and it is not obligated to update the content of this website. Visitors use or access this website at their own risk. The publisher and its clients or partners are not responsible for damages (such as direct, indirect, accidental, pre-determined or consequential damages that are allegedly caused by visiting this website) and therefore do not assume any liability for the same.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed using external links on this website. Only the operators of linked pages are responsible for the content of the same. The publisher therefore expressly dissociates itself from all third-party content that may be relevant under criminal or liability law or which is immoral.
Questions for the data protection officer
Zurich, 22 January 2020