1.1 Purpose of the data privacy statement
SWICA Healthcare Organisation (SWICA Group, consisting of SWICA Healthcare Insurance Ltd, SWICA Insurance Ltd., PROVITA Gesundheitsversicherung AG, ProVAG Versicherungen AG, and SWICA Management Ltd – hereinafter referred to as “SWICA”) is committed to complying with legal provisions in its data processing and to promoting open communications with the affected individuals when managing personal data. For this purpose, this data privacy statement has been drafted to inform all interested and affected persons (hereinafter referred to as “affected individuals”) about how SWICA processes data on its websites and web applications.
This data privacy statement applies to all websites, web applications integrated into websites, and other online services (hereinafter referred to as “online services”) offered on the SWICA website and is to be applied equally to every site. SWICA attaches great importance to ensuring that its communications with affected individuals are clear, straightforward and simple. If you are unable to understand certain sections of this data privacy statement, please contact us immediately at email@example.com so that we can adapt these sections as quickly as possible, and of course explain them as well.
Should certain special conditions or the general terms and conditions (GTC) of individual online services offered on the SWICA website contradict this data privacy statement, the respective special conditions and GTC of the individual online services take precedence.
For data processing as part of general insurance operations, we refer to the separate data privacy statement and to the General Insurance Conditions (GIC) and Supplementary Conditions (SC) that apply to the insurance product in question.
1.3 Legal basis for data processing
As a Swiss company subject to Swiss law, SWICA must comply with Swiss law on data protection. SWICA therefore processes personal data only for a justified reason that has been established in the form of a consent, a statutory requirement, or a legitimate private or public interest.
1.4 Unit responsible for data processing
SWICA Healthcare Insurance Ltd is responsible for all data processing and acts on behalf of all companies of the Group.
SWICA Healthcare Insurance Ltd
We would first like to explain the following terms that are used in this data privacy statement:
SWICA uses the term personal data to refer to all information relating to natural persons or legal entities that have been or can be identified directly or indirectly by name, identification number, location data, online identifier or one or more special features capturing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural or legal person.
Personal data requiring special protection refers to data on religious, ideological, political, and trade union affiliations or activities; to data on health, privacy, race, ethnicity, genetics, and biometrics that clearly identify a natural person; to data on administrative and criminal prosecutions or sanctions; and to data on social assistance measures.
SWICA defines processing as any manual or automated procedure or series of procedures whereby personal data is collected, entered, organised, arranged, stored, adapted, modified, read, retrieved, applied, disclosed through transmission, disseminated, made available, compared, linked, restricted, deleted or destroyed.
3. Which data is processed on SWICA's websites?
3.1 Data processing during website visits
Various non-personal and peripheral data is processed automatically when you visit a SWICA website. SWICA's web server logs every access to the website, and SWICA then stores the data in anonymised form (i.e. SWICA cannot attribute the data to you). In particular, the collected information includes the
- anonymised IP address of the device being used,
- identification number of the browser being used (e.g. Internet Explorer, Firefox, etc.),
- operating system of the computer being used (e.g. Windows 10, Mac OSX, Android, etc.),
- amount of data that was transmitted (the number of files downloaded from the website),
- name of the internet service provider (e.g. Swisscom, UPC, Sunrise, etc.),
- date and time of the access, and the
- technical data (e.g. name and URL of the referring SWICA website if the website was accessed via a link, and the search term if the website was accessed via a search engine.
The collected data does not allow SWICA to draw any conclusions about you as a person and is stored in aggregated form for an unlimited period.
3.2 Data processing through the use of online services
Whenever you use certain online services (e.g. premium calculator, policy purchase, competition, comment function, etc.), you may be prompted to enter an email address, your personal details (surname, first name, date of birth), contact information such as the address or phone number, and possibly other personal information and data that requires special protection. Unless the nature of the matter calls for a different procedure (e.g. SWICA contacts you in response to a contact form that you have submitted), you will be asked to authorise SWICA to disclose and process your data. The respective declaration of consent also informs about the specific data that is processed for a certain purpose.
The data will be kept for the period as defined in the respective consent agreement (provided that one was obtained). If the period is not clearly specified in the consent agreement or in cases where no consent was obtained, the data storage period is determined by a) the processing purpose, b) the last customer contact (max. 5 years after the last contact), and c) any statutory period for which business data can be stored. SWICA can also store data longer if required by an administrative or court order. The same applies if the data is required for SWICA in connection with providing evidence or asserting a claim. In such cases, rights relating to processing data (in accordance with no. 8) may also be curtailed.
All personal data is stored in Switzerland unless specified otherwise in the consent agreement.
4. Why is the data processed?
4.1 Data processing during website visits
The peripheral data that is processed as part of any website access is used primarily to establish the connection and enable our content to be used. Furthermore, it is processed for internal, system-related purposes, such as technical administration and system security, for statistical purposes, and for improving the functionality of the website.
4.2 Data processing through use of online services
The personal data you enter in the respective online services will be used only for purposes to which you have agreed. If the reason for using the data is derived from the nature of the matter, it is not necessary to obtain consent as described in no. 3.2 and SWICA thus refrains from describing the purpose in detail.
5. Who can access your data?
Your personal data is passed on within SWICA Group (in accordance with no. 1). Your data is not passed on, sold or exchanged with third parties outside the SWICA Group for marketing purposes. Your personal data will be passed on to third parties only if necessary in order to provide you with the services you requested. However, the data will be passed on only with your prior consent (in accordance with no. 7.2).
6. Inclusion of social media plugins
SWICA's websites and web applications use social media plugins from the following networks, among others.
- Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA),
- Google Plus (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA),
- Twitter (Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- YouTube (YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA)
- Xing (XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany)
- Instagram (Instagram LLC, 1601 Willow Road, Menlo Park CA 94025, USA)
These social media plugins enable you to share website content with your network contacts. Because of the integrated plugins, the network providers (Facebook, YouTube, etc.) receive information via your IP address that the website of our online service has been accessed. This of course applies only if you are logged on to the respective network. In addition, the network providers can associate your website visit with your network account.
7.1 Data processing during website visits
By using our website, you give SWICA permission to process your data during the visit (in accordance with section 3.1) to the extent laid out above and for the stated purpose (in accordance with no. 4.1).
7.2 Data processing through use of online services
For data processing in connection with the use of online services (in accordance with no. 3.2), SWICA obtains explicit or assumes implicit consent if the purpose and processing steps are stipulated by the nature of the matter (in accordance with no. 4.2).
7.3 Data processing through use of other SWICA or third-party offers
The use of other SWICA or third-party offers may require separate prior consent for data processing. The mobile applications that SWICA offers (e.g. BENEVITA, SWICA invoice app or BENECURA app, etc.) stipulate in their GTC that consent must be obtained in order to process the data. If you follow SWICA in the social media (e.g. Facebook, Instagram, Twitter, etc.), the respective provider’s conditions apply.
7.4. Use of social media plugins
By using the social media plugins, you give your express consent to have your data transmitted to the respective network provider. The provisions of the respective network providers govern how data is to be processed and define the processing purposes, storage period and rights of the affected individuals.
8. What are your rights with respect to data processing?
Under the provisions laid out in this data privacy statement you can exercise the following rights vis-à-vis SWICA in connection with personal data processing:
- You have the right to get information at any time about stored personal data that concerns you;
- You have the right to have copies of data about you that SWICA processes with your consent or automatically based on an agreement sent to you or another party in a structured, customary and machine-readable format. This applies only to personal data that you have transmitted to SWICA;
- You have a right of objection against the use and/or transmission of your data within the scope of statutory provisions;
- In accordance with the statutory provisions, you have the right to correct, supplement, block or delete this personal data, provided that doing so does not conflict with other provisions (e.g. retention obligations or mandatory processing due to a contractual or statutory obligation (in accordance with no. 3.2));
- You have the right to refuse direct advertising. This also applies to profiling analyses for direct advertising purposes;
- You have the right to restrict processing activities
- if you object to processing that is based on SWICA's legitimate interest, in which case SWICA will restrict all processing of such data until the legitimate interest has been established.
- if you inform SWICA that your personal data is incorrect, SWICA must restrict all processing of this data until it has been clarified whether such data is in fact incorrect.
- if data processing proves to be unlawful, in which case you can object to the deletion of personal data and instead demand that use of your personal data be restricted.
- if SWICA no longer needs the personal data but it is necessary for you to defend your legal rights.
- If you are uncertain about the legality of data processing, you can contact SWICA directly at firstname.lastname@example.org. You also have the right to file a complaint with a supervisory authority.
- You have the right to revoke your consent to data processing, unless another provision takes precedence.
To exercise these rights, we kindly ask that you send a written request with a copy of your official ID to the following address:
SWICA Healthcare Organisation
For general questions on data protection, you can contact SWICA's data protection unit at email@example.com at any time.
10. Updating the data privacy statement
SWICA updates this data privacy statement occasionally. You will always find the most recent version of it on the SWICA website.