Privacy policy

Privacy Policy Welcome.ch

In accordance with Art. 13 General Data Protection Regulation (GDPR) as well as other applicable data protection laws, Swisscare Switzerland Ltd. (hereinafter Swisscare) is informing the Customer about how personal data will be processed within the scope of the services provided by Swisscare. 

Scope

This Privacy Policy  together with any referenced documents are applicable to the Swisscare Insurance Management System (SIMS), the myswisscare account, and the myswisscare mobile application, as well as the website Welcome.ch (hereinafter all are collectively referred to as the Welcome.ch) including, but not limited to the privacy policies applied by Apple Inc. and Google Inc. ("Play Store Rules") with respect to the use of their App Store and Play Store respectively located at https://www.apple.com/privacy/ ("App Store") and https://policies.google.com/privacy?hl=en-US ("Play Store"). 

Who is responsible for processing your personal data

Swisscare Switzerland Ltd.
Morgenstrasse 129
3018 Bern (Switzerland)

The data protection officer can be contacted via the above-mentioned address with the addition to the Data Protection Officer” or via email at [email protected] 

Representation in the EU:

Swisscare Europe Ltd. 
Landstrasse 20
9496 Balzers (Liechtenstein)

Rights of the data subject

Every data subject has the right to request information about any personal data being processed by Welcome.ch. In particular, information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with personal data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, transmission of data, the source of the personal data if not collected through Swisscare and if automatic decision-making technologies including profiling are being used.  

Additionally, every data subject has the right to revoke a previously granted consent to use personal data at any time. 

The Customer has the right to object to the processing of personal data for marketing purposes. Welcome.ch enables Clients to unsubscribe from the newsletter independently. If Welcome.ch processes personal data in order to protect legitimate interests, the Client has the possibility to object to this based on the particular situation. 

Should the processing of personal data be inconsistent or contradicts the applicable data protection laws there is the possibility to lodge a complaint with the data protection officer. 

Why does Swisscare process personal data? What is the legal basis?

Welcome.ch processes personal data in compliance with the GDPR, as well as other applicable data protection laws. 

Within the scope of the services offered, Welcome requires certain information in order to be able to conclude a contract with a Customer. If the potential Customer decides to conclude an insurance contract with Swisscare, personal data is processed in order to apply for an offer, as well as to conclude and maintain a contractual relationship, for example for invoicing purposes or to verify eligibility.  

Swisscare is unable to conclude a contractual relationship with a Customer without this personal data. For this reason, the information required is based on Art. 6 paras. 1 letter b (necessary for the performance of a contract) and c (compliance with a legal obligation) of the GDPR, for example, due to tax law regulations, social security and health insurance law regulations, corporate regulations and compliance obligations. Due to these regulations and statutory retention periods, Swisscare is unable to delete certain personal data until these statutory retention periods have passed. 

Data we process due to Art. 6 para. 1 letter f GDPR (legitimate interests) are due to the following:

  • IT Security and Operations
  • Insurance Fraud Prevention
  • Marketing of Swisscare products and services

Third parties who receive personal data

Relevant personal data will be communicated to the Insurer based on the concluded contract. Swisscare may be obliged to disclose personal data to governing authorities concerning the insurance validity, as well as to other insurers and reinsurers. Swisscare may also have to give access to third-party providers of the IT Services in order to maintain IT Security and Operations who may be accessing Swisscare’s data from the EU/EFTA area or from a third country. Standard contractual clauses are applied if any transfers take place to non EU/EFTA areas, or areas that are deemed to not been recognised as equivalent. 

It is also possible that Swisscare will also have to communicate personal data to governing authorities for the fulfillment of statutory duties of notifications (finance authorities, criminal investigation agencies). 

Data retention

Swisscare will store personal data until the statute of limitations for claims against Swisscare has ended (retention period is between 5 and 30 years), and if Swisscare has a legal obligation to do so.

Description of data processing 

→ Plausible Analytics

Plausible Analytics

Welcome uses Plausible Analytics, a privacy-focused analytics service. Plausible Analytics does not use so-called "cookies", and they do not collect or store any personal data.

Plausible Analytics only collects the following data:

  • Page URL
  • HTTP Referer
  • Browser
  • Operating system
  • Device type
  • Visitor Country

→ Stripe

Stripe is a payment provider used to enable credit card payments and direct purchases through the app. Stripe may collect your telephone number and app related usage data. For further information, please consult the privacy policy form Stripe: https://stripe.com/en-gb-ch/privacy-center/legal

→ Braintree

Braintree is a payment provider used to enable credit card payments and direct purchases through the app. Braintree  may collect your telephone number and app related usage data. For further information, please consult the privacy policy form Stripe: https://www.braintreepayments.com/li/legal/braintree-privacy-policy?referrer=https%3A%2F%2Fwww.ecosia.org%2F

→ Cookies 

Swisscare uses cookies on the website to ensure a user-friendly experience. Cookies are small files that are managed by the user’s web browser and are directly stored on the respective device (Laptop, Tablet, Smartphone etc.) whenever a User visits our website. Cookies are stored as long as they are not deleted. This process allows Swisscare to recognize the browser on the next visit. 

If the User does not wish to use cookies the settings in the browser can be changed accordingly. The User will then be notified whenever the browser attempts to create a cookie and the User can decide whether they want to allow the cookie. However, please note that deactivation of cookies may result in a limited user experience and may render certain functionalities unusable. 

Legal basis for the processing of data through cookies is Article 6 (1) lett. f GDPR. 

Cookies are valid for 14 days and will subsequently be deleted by your browser. 

→ Contact Form

If a User fills out a contact form, sends us an email or another form of electronic message, the data will only be used to process the inquiry and possible further questions.

Legal basis for the processing of your inquiry is Article 6 (1) lett. b GDPR.

→ Newsletter 

During the application process a user account is created. During the creation of this user account, the Customer can sign up to the Newsletter. The Newsletter is managed via Mailchimp, their privacy policy can be found here: https://mailchimp.com/legal/privacy/ 

Swisscare newsletters do not contain visible or hidden counters, third party ads or links to external websites that are not directly connected to the content in the newsletter. 

Each newsletter contains a reference on how to unsubscribe from the newsletter.

→ myswisscare account

To purchase an insurance policy online the User has to sign up and chose an email address and define a password. The password is encrypted and cannot be viewed by us.

When signing up the Customer must provide name, passport number, residence and destination, address, email address, and payment information. During the insurance application, further information will be provided about the reason and scope of the data processing. The Customer can agree to the terms by checking a box. 

The data from the purchased insurance policies are also stored on the user account. 

Swisscare only uses the personal data collected at the initial sign up to properly process the insurance application. 

If the Customer requests to update any information Swisscare keeps a copy of the prior details for questions that might come up. 

Claims can be submitted via the customer care account, however, these are deleted immediately after having been submitted to the concerned claim service. 

The Customer can revoke your consent to process the above-mentioned data at any time. If the request can be processed, the User will be required to sign up for any future orders. The revocation of consent is to be directed at the DPO, whose details are mentioned  above. 

All personal data will be deleted after completion of the order if there is no legal obligation to keep them (e.g. for accounting purposes). 

The Customer has the possibility to delete your user account when there are no pending orders. 

Data Security 

We use a common encryption technology SSL in connection with the highest encryption levels that are supported by your browser. If a page on our website was/is being transmitted encrypted it is shown by the lock symbol in the address bar of your browser. 

Additionally, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments.