This privacy policy applies to data processing in connection with visits to the websites of the companies named in clause 2 (hereinafter also referred to as “Baloise” or “we”), unless these websites have their own data protection regulations. We process your personal details (hereinafter also referred to as “data”) insofar as this is necessary for the use of our websites and the associated online services or online applications (together hereinafter referred to as “services”). Our websites may contain links to websites of other providers to which this privacy policy does not apply (see clause 12).

Personal details are data that relate to an identified or identifiable natural person. Sensitive personal data are personal details that are specially protected by law due to their sensitivity, for example health data. Processing means any form of handling of your data, in particular collection, storage, use, disclosure, archiving or deletion. We comply with the Federal Data Protection Act (FADP), the implementing ordinance (DSGV) and other data protection laws applicable in individual cases (e.g. the European General Data Protection Regulation [GDPR]).

In the following, we will show what data we collect, what we use it for and what your rights are in this regard. When you transmit data to us via third parties, we assume that you are authorised to do so and that this data is correct. Therefore, please inform these third parties about the processing of their data by us and provide them with a copy of this privacy policy or relevant product information. If we refer you to a new version of these documents, please also hand over this new version in each case.

Our employees are regularly trained on data protection topics and are sworn to secrecy. In addition, our data protection unit monitors compliance with data protection regulations.

The following companies are responsible under data protection law for the forms of data processing described here:

• Baloise Insurance Ltd
  Aeschengraben 21
  4051 Basel
  Switzerland

If you have any data protection concerns or wish to exercise your rights under clause 15, you can contact our data protection unit as follows:

• Baloise Insurance Ltd
  Data protection unit
  Aeschengraben 21, P.O. Box
  4002 Basel, Switzerland
  Email: datenschutz@baloise.ch

Website visitors from the European Union or the European Economic Area can also contact our data protection officer in accordance with Art. 27 GDPR if they have any questions:

• Baloise Life (Liechtenstein) AG
  Alte Landstrasse 6
  9496 Balzers
  Liechtenstein
  Email: dataprotection@baloise-life.com

We primarily process the personal details necessary for the use of our websites and services, i.e. in particular the information provided by you as well as the data collected directly by us (see below).

When you use our website and services, we collect metadata. This includes, for example, information about your browser (type and version), your device type (e.g. smartphone or tablet) or your IP address. We also collect further data about access to the website, so-called log data. This includes, for example, the name of the website accessed, the date and time of the access, the amount of data transferred, the message about successful access, information about the operating system as well as information about the last website visited.

We only collect further personal details if you provide them to us in the course of using our services. We only store the personal details you provide in this regard if you provide them to us in the context of using our services on the website (e.g. when using our contact form or premium calculator). This primarily includes master data (e.g. personal details such as age and nationality or contact data such as name, address, email address, which must be provided when you make an appointment with us or sign up for our newsletter), communication data (e.g. the time or content of any correspondence with you) and, in some cases, contractual data (e.g. details of an insured item or when ordering an interchangeable licence plate).

Further information about the personal details we process when you use our websites and services can be found below.

Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or if we are legally obliged or entitled to process it, as well as for other purposes compatible with the aforementioned. For further details on the basis of our processing, please refer to clause 5.

Where we ask for your consent for certain forms of processing, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us in writing with effect for the future. Once we have received notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.

Unless we ask you for your consent to processing, we base the processing of your personal details on the fact that the processing is necessary for the initiation or execution of a contract with you or that we or third parties have a legitimate interest in doing so, for example, in order to pursue the purposes described below and the associated objectives as well as to take appropriate measures. Our legitimate interests also include the marketing of our products and services.

We may also process sensitive personal data (e.g. health data) on the basis of other legal grounds, for example in the event of legal disputes due to the need for processing for a possible court case or the enforcement or defence of legal claims. Other legal grounds may apply in individual cases, which we will communicate to you separately where necessary.

We primarily use data to create server log files in order to perform statistical analyses for the purpose of operating the website, ensuring the security of the IT systems and optimising the websites. For this purpose, we primarily use log data. The legal basis for this data processing is our legitimate interest in providing you with a secure and smooth user experience at all times. We also reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of specific indications. The log data is automatically deleted after a period of 90 days.

When contacting us via the contact form, your contact details are recorded for processing the enquiry and in the event of follow-up questions. The data is transmitted to us in encrypted form. As part of the submission process, your consent to the processing of the data is obtained and reference is made to this privacy policy. You can revoke your consent at any time with effect for the future. For this purpose, please contact the responsible offices mentioned above. 

When you use Live Chat to contact us, we will process your input to answer your enquiry. The content and purpose of the communication is dictated by the message content you provide or your enquiry.

We will also send you information by email, provided that you have given us your email address for processing your concerns and questions or you have contacted us directly by email. The processing of your data is based on our legitimate interest and serves solely to process the contact. If the purpose of the email contact is the conclusion of a contract, the legal basis for the processing is the initiation of this contractual relationship.

You can subscribe to our newsletter on our websites. This will enable you to find out about our offers on a regular basis. When you register for the newsletter, your contact details (title, last name, first name and email address) are transmitted to us from the data entry screen. To ensure the security of your data, we use the so-called double opt-in method. This means that after you have provided your email address and subscribed to the newsletter, we will send you an email with a confirmation link to the email address you have provided. Only when you click on this link will you receive our newsletter in future. Your consent is required to subscribe to the newsletter. You give us this consent by subscribing to the newsletter, with which you also acknowledge our privacy policy.

You can revoke your consent for the future at any time by clicking on the relevant link at the end of each newsletter you receive.

We may also use your data to occasionally inform you about new products or services or other services of interest to you from us and our business partners.

If you do not wish your data to be processed for marketing purposes, you can inform us of this or refuse or revoke your consent to be contacted for advertising purposes (see contact address in clause 16).

We offer you services at various points on our website, some of which require you to provide personal details.

This includes, for example, our customer portal, various premium calculators and further calculation simulations, the possibility to arrange consultation appointments or further services in connection with your insurance contract (e.g. ordering an interchangeable licence plate, conclusion routes, claims notifications). In this context, we primarily collect master data and communication data, and in some cases also other information that is necessary to answer your enquiry. We may store your data for a limited period of time so that we can make it available to you again for a new enquiry if required. In addition, we may contact you to assist you in using our services (e.g. if you cancel an order).

For the processing of the data, your consent may be obtained at the time of transmission and reference is made to this privacy policy. You have the right to revoke your consent at any time. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.

Our privacy policy for insurance contracts applies to all data processing in connection with an insurance contract (e.g. request for a quote or notification of a claim) (baloise.ch/en/about-us/information/privacy-policy.html).

Our customer portal has its own terms of use including privacy policy (Terms of Use for Online Services).

We use so-called cookies on our websites. Cookies are small data packets (text files) that your browser stores on your access device (computer, smartphone, etc.) when instructed to do so by a visited website in order to remember certain information related to the device, for example your language settings or login information. Cookies cannot transmit viruses or intercept data. Cookies can be used to automatically collect the following data without establishing a connection to a possibly existing user account:

• Name of the website visited;
• File name;
• Date and time of access;
• Page views on our website;
• Browser type and version;
• Operating system of the user;
• Referrer URL (the previously visited page);
• IP address and the requesting provider;
• Session ID.

We distinguish between basic function cookies, functional cookies, targeting cookies (also called social media cookies) and performance cookies. The cookies are either set by us (so-called first-party cookies) or originate from other domains (so-called third-party cookies). Basic function cookies are necessary for the functioning of our website, contribute to the safe use of the website and cannot be deactivated in our systems. Functional cookies allow for the provision of advanced features and personalisation, such as videos and Live Chat. Targeting cookies may be used by our advertising partners to show you relevant advertising on other websites based on your interests. This works by uniquely identifying your browser or device. Performance cookies allow us to track visits to our websites, identify sources of access and thus determine and improve the performance of our websites.

Some of the basic function and functional cookies we use are deleted immediately after you close your browser (so-called session cookies). Still others remain permanently – i.e. until they expire or are deleted – stored on your device and enable us to recognise your browser again (so-called persistent cookies).

You can find out more about this topic – including the storage periods for the individual cookies – in our cookie policy and in the Cookie Preference Center.

The use of cookies on our websites is always based on your consent. With regard to the basic function cookies, the legal basis is our legitimate interest. This consists of providing you with functional and optimally user-friendly websites.

You can adjust the use of cookies on our websites to your preferences at any time in the Cookie Preference Center or revoke your consent to the use of cookies. You can also deactivate cookies in the settings of your browser. However, this may result in you not being able to access applications that make the websites and apps more efficient and some of our services may no longer work. If you would like to have a comprehensive and up-to-date overview of all third-party accesses to your Internet browser, we recommend installing a browser plug-in created for this purpose. You can also set your computer to warn you each time a cookie is sent. Alternatively, you can disable all cookies. To do this, you can change the browser settings in each browser you use and on each device you use. All browsers differ slightly from each other. You can find out how to change your cookie settings in the help menu of your browser.

In some cases, third-party content is integrated into our websites, e.g. YouTube videos, maps from Google Maps, RSS feeds or graphics from other websites. This always assumes that the providers of this content (hereinafter referred to as “third-party providers”) are aware of your IP address. The third-party providers cannot send the content to your browser without this IP address. Furthermore, certain services in the above sense are only activated when you actively select them.

We only include this content on our website to provide you with useful information or to facilitate a process for you. No further data processing is involved here. Therefore, the legal basis for this data processing is our legitimate interest in offering you such content as a service. We endeavour to only use content whose respective providers only use the IP address to deliver the content. But we have no control over any storage of your IP address by the third-party providers for statistical purposes.

We refer to the data protection declaration of the relevant service for the data processing by the third-party provider in question. There you will also receive further information on the individual setting options for protecting your privacy.

13.1 Google Analytics and Tag Manager

We use Google Analytics and the Google Tag Manager on our websites. This is a web analytics service and associated support tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”). 

Google Analytics uses cookies to analyse your use of our website. Google Tag Manager is a solution with which we can manage so-called website tags via an interface. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The Baloise web page uses IP anonymisation by default. This means that your IP address is shortened before it is transmitted to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

It cannot be ruled out that the Google Analytics and Tag Manager cookies may collect further personal details or that the data may be shared by Google with third parties, insofar as this is required by law or is necessary as part of the processing of the data by third parties on behalf of Google.

We ourselves do not share any personal details with Google without your consent. Your consent serves as the legal basis for us here. Further information on the Google Tag Manager is available at this link.

13.2 Google Ads (Conversion Tracking) and Google Marketing Platform

We use Google Ads on our websites in conjunction with Google Conversion Tracking. The service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”). 

With Google Conversion Tracking, Google Ads sets a cookie on your devices if you have reached one of our websites via a Google ad. If you visit certain pages of our websites and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Every AdWords customer – and therefore also us – receives a different cookie. As such, cookies cannot be tracked across AdWords customers’ websites. The cookie is not used for personal identification.

The information obtained by means of the conversion cookie is used to create conversion statistics for AdWords customers and to determine your surfing behaviour for marketing purposes. This allows us to tailor promotional offers to your interests. But we do not receive any information that can be used to personally identify users.

Further information on Conversion Tracking and general information on Google Ads as well as on the Google Marketing Platform can be found using the links provided.

13.3 Google Places API / Google Maps

We use Google Places API on our websites to facilitate location-based searches for our users and to automatically complete address data. The data collected through a search supported by Google Places API is subject to Google’s Terms of Use. Data is processed by Google about the user’s use of Places. More information can be found here: developers.google.com/maps/terms?hl=de#section_9.

Google Maps is integrated into our websites. If you use Google Maps in the European Economic Area or in Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you use Google Maps from another country, the service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of this service on our websites is intended to show you an interactive map directly on our websites so that you can, for example, locate a customer adviser or locate our company geographically on the map.

It is necessary to store your IP address in order to use Google Maps. This information is generally transmitted from your browser to a Google server in the USA and stored there. By transmitting your IP address, Google may also be able to associate your data with your user account, provided you are logged in with this account. You can opt out of the use of Google Maps in your Google user account if you do not wish your user account to be associated with the respective service provider. 

The legal basis for processing your data is our legitimate interest. This consists of providing you with useful information, facilitating location-based searches and automatically completing address data. 

Further information on Google Maps is available at this link.

13.4 Google remarketing

We use the remarketing function of Google on our websites. This is a function offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). 

Google remarketing uses cookies to display interest-based advertisements to visitors of the respective website within the Google advertising network. On the other websites you visit that are also part of the Google advertising network, you may consequently be shown advertisements that relate to content that you have previously accessed on our websites. If you do not wish to use Google’s remarketing function, you can deactivate it by making the appropriate settings in Google. We do not share any personal details with Google without your consent.

Further information on Google remarketing is available at this link.

13.5 Google Campaign Manager (formerly DoubleClick by Google)

We use Google Campaign Manager (formerly DoubleClick by Google) services on our websites. It is a marketing tool of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

Google Campaign Manager uses cookies to show you ads that are relevant to you. In the process, an anonymising identification number (ID) is assigned to your browser, which can be used to check which ads were displayed in your browser and which ads were called up. The cookies do not contain any personal details. The Campaign Manager cookies only enable Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet when using Facebook Like buttons. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. Data is only transmitted by Google to third parties on the basis of statutory regulations or in the context of order data processing. Under no circumstances will Google merge your data with other data collected by Google. Your consent serves as the legal basis for us here.

13.6 Hotjar web analytics service

On our website baloise.ch we use the functions of the web analytics service of Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, in order to better understand your requirements and to optimise the web page and customer experience on this website.

Hotjar’s technology gives us a better understanding of your experience (e.g. how much time you spend on which pages, which links you click on, what you like and do not like, etc.) and this, combined with user feedback, allows us to maintain and adjust our service experience.

Hotjar uses cookies and other technologies to collect data about users’ behaviour and devices (in particular, the IP address of the device, which is only collected and stored in anonymised form, the screen size of the device and the type or unique identifiers of the device, browser data, geographical location or country only, preferred language when visiting our website). Hotjar stores this information in an anonymised user profile.

More information about data security and processing at Hotjar Ltd. can be found at hotjar.com/privacy. You can use a browser plug-in to prevent the information collected by cookies from being sent to and used by Hotjar Ltd. Please use the following link to access the appropriate plug-in: hotjar.com/de/legal/policies/do-not-track/.

13.7 Siteimprove Analytics

The website baloise.ch uses Siteimprove Analytics, a web analysis service provided by Siteimprove. Siteimprove Analytics uses cookies – text files that are stored on your computer or smartphone to help us analyse the way in which visitors use the website. The information generated about visitors’ website usage by way of cookies is stored and processed by Siteimprove on servers in Denmark. IP addresses are completely anonymised before the data collected via the Siteimprove Suite are made accessible to us. It is not possible to reverse the anonymisation of IP addresses and assign them to the data collected.

We use this information to evaluate the user behaviour of our website visitors, compile reports about this behaviour and improve the website experience of our visitors. Siteimprove will not pass this information on to third parties or use it for marketing or advertising purposes of any kind.

We use social media plug-ins on our website. You can generally recognise the plug-ins by the logos of the respective social media.

When you visit such a platform, your browser establishes a direct connection with the servers of the corresponding social network. If you are logged into your respective social media user account (e.g. LinkedIn) at the same time, the relevant provider can assign your visit to our web pages to your user account. Even if you do not have a user account with the respective social media portal or are not logged in there, it is possible that your IP address will be transmitted and stored there.

14.1 Facebook business tools (Facebook Pixel, Facebook Retargeting, Facebook Conversion API)

We use the Facebook business tools Facebook Pixel, Facebook Retargeting and Facebook Conversion API on our website. These business tools are operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (hereinafter “Facebook”), a subsidiary of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, (hereinafter referred to as “Facebook”).

Facebook Pixel is a tracking cookie. It is set on all pages of our websites. This allows us to track your behaviour when you visit one of our websites. In addition, interest-based advertisements can be displayed and user profiles (profiling) or target groups can be created (Facebook Retargeting). If you do not want your personal details to be used by Facebook Retargeting and you have a user account with Facebook, you can deactivate this function here.

When you visit our websites, a direct connection is established between your browser and the Facebook server via the retargeting tags. The Facebook server is informed which of our websites you have visited. Facebook associates this information with your personal Facebook user account. For more information on the collection and use of data by Facebook, as well as your rights in this regard and the options for protecting your privacy, please refer to Facebook’s privacy policy. If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the “Custom Audiences” retargeting function here. You must be logged into Facebook to do this.

Using Facebook Event, we can track actions you take on our websites (so-called customer journey). In this case, Facebook Pixel is triggered and the action is recorded as an event. Information that is created when you interact with Facebook via the Facebook log-in, social plug-ins or in any other way (e.g. tagging a Facebook post with “Like”) is not collected. We engage Facebook to process the event information collected for campaign reporting and analytics as well as to create custom audiences so that we can track the impact of advertising campaigns and gain insights into how our website is used.

The legal basis for the processing of your personal details by Facebook Pixel is your consent. You can revoke your consent at any time by clicking on the “Show details” button in our cookie policy. Facebook is independently responsible for any processing of personal details contained in Facebook Pixel that goes beyond this and does not serve the aforementioned purposes. The relevant information from Facebook and information about how Facebook processes your data, including the legal basis on which Facebook relies and the ways in which you can protect your rights vis-à-vis Facebook, can be found here.

For more information, please see the Facebook data protection declaration at facebook.com/about/privacy/.

The Facebook Conversion API is a data interface through which we transmit data about your behaviour on our website to Facebook for evaluation. This allows us to show you advertisements that match your user behaviour on our website.  We use the following data in connection with the Conversions API tool:

• IP address
• User agent
• Web page activity

14.2 TikTok Pixel

TikTok Pixel (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom) is integrated on our web pages. TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitors’ activity on our websites. We can use the information obtained in this way for the display of TikTok ads as well as for additional targeting measures. For more information on this, please see TikTok’s data protection declaration at tiktok.com/legal/privacy-policy?lang=de-DE.

14.3 Twitter

Our websites integrate Twitter buttons. These buttons are provided by Twitter Inc., 795 Folsom St, Suite 600, San Francisco, CA 94107, USA. Using the buttons, it is possible to share a post or a page of our website on Twitter or to follow us on Twitter. When you click this button, your browser establishes a direct connection with Twitter servers. Twitter transmits the content of the Twitter buttons directly to your browser.

The legal basis for processing your personal details is our legitimate interest. We include the Twitter content on our websites to provide you with useful information or to facilitate a process for you. No further data processing is involved here.

For more information, please see the Twitter data protection declaration at twitter.com/privacy.

14.4 YouTube

YouTube is integrated into our websites. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “YouTube”). 

YouTube offers free video clips that users can watch, rate and comment on. They also have the option of uploading their own video clips. We embed the YouTube video clips directly in our websites. 

If you play such embedded video clips while visiting our websites, information about this use is shared with YouTube. Through this transmission, YouTube collects your IP address, as it cannot send content to your browser without your IP address. YouTube may also be able to assign your data to your user account as a result of the collection of your IP address, provided that you are logged in with this account. If you do not wish to be associated with your YouTube user account, you can log out of your YouTube user account before playing the video clips. 
Your data will not be automatically forwarded to YouTube if you only visit our website and do not click on an embedded video clip.

The legal basis for processing your personal details is our legitimate interest. We incorporate YouTube content into our web page to provide you with useful information or to facilitate a process for you. No further data processing is involved here.

Further information on the collection and use of your data by YouTube and YouTube’s data protection declaration can be found on the Google website. You can find information and individual setting options for protecting your privacy on YouTube via Google on your Google user account in the sections “Personal details” and “Data and personalisation”.

14.5 Snapchat

Snap Pixel of the instant messaging service Snapchat from Snap Inc., 63 Market St. 90291, CA Los Angeles, USA, is integrated on our websites. When you visit our job openings or submit your application, a direct connection is made between your browser and the Snapchat servers via Snap Pixel. Snap Inc. thereby receives the information that, with your Snapchat app, you have visited our web page and have started or completed a job application. This allows Snap Inc. to associate the visit to our websites with your user account. The information received in this way may be used by us to measure the effectiveness of our Snapchat ads and to run other Snapchat ads. Further information about this is available in the data protection declaration of Snap Inc. at snap.com/en-US/privacy/privacy-policy/. If you do not want your data to be collected by Snap Pixel, you can deactivate Snap Pixel here.

14.6 Indeed

Our job application web pages contain the LinkedIn Insights Tag of the job search platform Indeed from Indeed Ireland Operations Limited in Dublin, Ireland. When you apply for a job advertised by us, the conversion tracking pixel establishes a direct connection between your browser and the Indeed server. If you have previously visited a Baloise job advertisement on Indeed, Indeed receives anonymised information that a visitor has applied in response to the advertisement. No personal information is shared. We can use the information obtained in this way to measure the success and improve our job ads on Indeed. Further information is available in the privacy policy of Indeed at indeed.ch/legal?hl=en. If you do not want data to be collected via the Indeed conversion tracking pixel, you can deactivate this function here.

14.7 LinkedIn

We use the LinkedIn business tools LinkedIn Pixel and LinkedIn Retargeting on our website. These business tools are operated by LinkedIn Ireland Unlimited Company, Wilton Place Dublin 2, Ireland.

The LinkedIn Pixel is a tracking cookie. It is set on all pages of our websites. This allows us to track your behaviour when you visit one of our websites. In addition, interest-based advertisements can be displayed and user profiles (profiling) or target groups can be created (LinkedIn Retargeting). 

When you visit our websites, a direct connection is established between your browser and the LinkedIn server via the Insights Tags. LinkedIn thereby receives the information that you have visited our website with your IP address. This allows LinkedIn to associate the visit to our website with your user account. We can use the information obtained in this way to measure ad effectiveness and to display LinkedIn ads. If you do not want data to be collected by LinkedIn, you can deactivate this function here.

Further information is available in the data protection declaration of LinkedIn at linkedin.com/legal/privacy-policy.

14.8. Xandr advertising platform

This website uses the Xandr advertising platform. The Xandr advertising platform is operated by Xandr Inc., 28 West 23rd Street, Fl 4, New York, NY 10010, USA (“Xandr”). This may involve the use of cookies, beacons, pixels, tags, mobile SDKs and other non-cookie technologies to collect information in connection with a browser or mobile device.

Xandr may collect the following personal data from you: (a) information about your browser, including: the type of browser you are using, the browser language, other settings and cookie information; (b) information about your terminal device, including the version of the operating system, type of connection, device make, device model, device identifiers such as your IDFA or AAID and the IP address from which the Internet is being accessed; (c) precise geographic location information if location services have been enabled for an application on your device that integrates Xandr’s technology or sends this information to the Xandr advertising platform; (d) information about your activity on our website and the time you visited it; and (e) information about the provider of your Internet connection. Your personal data is stored according to Xandr’s generally accepted security standards. Your personal data will usually be aggregated or deleted within 3 to 60 days, but may be stored on the Xandr advertising platform for up to 18 months from the date of collection before aggregation or deletion.

We use Xandr to tag users of our website and to be able to retarget them on third-party websites (retargeting) and to be able to measure the success of our advertising on third-party websites (e.g. to find out whether a person who has seen an advertisement for our job ads has also applied to us) and to optimise our advertising based on this knowledge (conversion measurement). Xandr, in turn, uses your personal data to provide, operate, manage, maintain and improve the Xandr advertising platform and to enable Xandr’s customers to use it. This includes: (a) enabling ad serving, through interest-based advertising and precise geographic location information; (b) reporting on ad delivery and conversion measurement; (c) providing frequency capping and recency measurement; (d) detecting and preventing fraud and malicious behaviour and maintaining and improving Xandr’s services, including the use of information for machine learning, optimisation and statistical analysis.

Data transfer

If Xandr transfers your personal data to group companies or third-party service providers outside European countries, we will ensure that there is adequate protection in accordance with European data protection legislation (including the Model Clauses).

For example, to ensure that your personal data is adequately protected when transferred outside European countries, Xandr has entered into inter-company Model Clause agreements and other adequacy agreements with various companies outside European countries with which we share your data. A copy of these agreements is available upon request.

Opting out of interest-based advertising

By clicking on “OPT OUT” via the following link: https://platform.xandr.com/privacy-center/opt_out. Please note that for technical reasons, the opt-out function only applies to the browser and device used to opt out. You can reach Xandr’s data protection officer via the following link: https://www.appnexus.com/platform-privacy-policy/form. Further information on data protection in connection with the Xandr advertising platform can be found at https://www.xandr.com/privacy/platform-privacy-policy/.

When processing your personal details, your data may also be transmitted to third parties abroad as part of your use of our website and services.

Your data may therefore be processed worldwide, including outside Switzerland or the European Union or the European Economic Area (i.e. also in so-called third countries such as the US). Many third countries currently do not have laws that ensure a level of data protection equivalent to the applicable Data Protection Act. Therefore, following a risk assessment, we take contractual precautions to contractually compensate for the weaker legal protection, as well as further measures (e.g. pseudonymisation) to reduce the risk of state/government access abroad authorised by foreign legislation. We rely on the guarantees required by law, insofar as the recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exceptional provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the performance of a contract requires such disclosure, if you have given your consent or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

You have the following rights in accordance with the applicable data protection law and if the conditions are met:

• You can request information about whether we process your personal details and, if so, what these details are;
• You can request us to correct incorrect data or complete incomplete data or correct or complete such data yourself to a limited extent via the customer portal at any time;
• You may request the erasure of your data unless we are required or authorised to retain your data under applicable laws and regulations;
• You may request that the data you have provided be released or transferred to another data controller in a commonly used electronic format, provided that the processing is carried out using automated processing, you have consented to the processing, or your data is processed for the conclusion or settlement of the pension relationship;
• In cases in which the data processing is based on your consent, you have the right to revoke this at any time. If you revoke your consent this does not affect the lawfulness of the data processing undertaken on the basis of your consent up until the revocation;
• Where applicable, you have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing;
• You have the right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person;
• You also have the right to lodge a complaint with our data protection unit or the competent data protection supervisory authority if you do not agree with our handling of your rights. You can contact the Swiss supervisory authority at edoeb.admin.ch and the Liechtenstein supervisory authority at datenschutzstelle.li.

Please note that these rights are subject to statutory requirements and that exceptions and limitations apply. In particular, we may need to process and store your personal details in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with statutory obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we must therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets). In order for us to be able to rule out fraudulent use, we must verify your identity (e.g. with a copy of your identity card, if identification is not possible in any other way). We generally retain information in connection with the processing of data subject requests for three years.

If you wish to exercise your rights, you can contact us in writing or by email at the address below.

Baloise Insurance Ltd
Data protection unit
Aeschengraben 21, P.O. Box
4002 Basel, Switzerland
Email: datenschutz@baloise.ch

Your data will only be stored by us for as long as is required for reaching the aforementioned purposes and for as long as we are legally or contractually obligated to store it.

In individual cases, it is possible to retain personal details for longer, for example if claims are asserted against us (during the statutory limitation period) or if we are otherwise contractually, legally or officially obliged to do so, if you consent to this or if legitimate business interests (e.g. documentation and evidence purposes) require this. As soon as your data is no longer required for the above purposes, it will be deleted or anonymised as part of our standard deletion processes.

Please note that the Internet is a global, open network. When you transmit your data over the Internet, you always do so at your own risk.

The data you transmit is protected by encryption mechanisms (Transport Layer Security, TLS) that comply with current security standards. TLS is a protocol for secure data transmission on the Internet. Most browsers support this protocol. TLS uses the public key method, in which data encoded with a publicly accessible key can only be decoded again with a very specific private key. Most browsers indicate whether the connection is secure or unsecured with a key or padlock.

Despite extensive technical and organisational security precautions, it is still possible for data to be lost or intercepted and/or manipulated by unauthorised persons. Baloise takes appropriate technical and organisational security measures to prevent such occurrences within the Baloise system. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures. We do not, under any circumstances, accept liability for damage that you may incur as a result of data loss or manipulation.

We encrypt and protect the personal details transmitted by you via our websites in accordance with the state of the art (current: Transport Layer Security, TLS, at least 128 bit). TLS is a protocol for secure data transmission on the Internet. Most browsers support this protocol. TLS uses the public key method, in which data encoded with a publicly accessible key can only be decoded again with a very specific private key. Most browsers indicate whether the connection is secure or unsecured with a key or padlock. Despite extensive technical and organisational security precautions, it is still possible for data to be nevertheless lost or intercepted and/or manipulated by unauthorised persons. We take technical and organisational security measures to prevent the risk within our websites. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures.

This privacy policy is not part of the contract and can be amended by us at any time. In each case, the version published here applies.

Last updated in June 2023.