Mobile menu

App privacy policy

Privacy Policy Swisscare 

 

In accordance with Art. 13 General Data Protection Regulation (GDPR), Swisscare Europe Ltd. (hereinafter Swisscare) is informing the Customer about how personal data will be processed within the scope of the services provided by Swisscare. 

Scope

 

This Privacy Policy  together with any referenced documents are applicable to the Swisscare Insurance Management System (SIMS), the myswisscare account, and the myswisscare mobile application (hereinafter all are collectively referred to as the Swisscare App) including, but not limited to the privacy policies applied by Apple Inc. and Google Inc. ("Play Store Rules") with respect to the use of their App Store and Play Store respectively located at https://www.apple.com/privacy/ ("App Store") and https://policies.google.com/privacy?hl=en-US ("Play Store"). 

 

Who is responsible for processing your personal data

 

SWISSCARE Europe Ltd.

Landstrasse 20


9496 Balzers

Liechtenstein

 

The data protection officer can be contacted via the above-mentioned address with the addition to the Data Protection Officer” or via email at dpo@swisscare.com 

 

Rights of the data subject

 

Every data subject has the right to request information about any personal data being processed by Swisscare. In particular, information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with personal data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, transmission of data, the source of the personal data if not collected through Swisscare and if automatic decision-making technologies including profiling are being used.  

Additionally, every data subject has the right to revoke a previously granted consent to use personal data at any time. 

 

The Customer has the right to object to the processing of personal data for marketing purposes. Swisscare enables Clients to unsubscribe from the newsletter independently. If Swisscare processes personal data in order to protect legitimate interests, the Client has the possibility to object to this based on the particular situation. 

 

Should the processing of personal data be inconsistent or contradicts the applicable data protection laws there is the possibility to lodge a complaint with the data protection officer. 


 

Why does Swisscare process personal data? What is the legal basis?

 

Swisscare processes personal data in compliance with the GDPR, and the local data protection regulations applicable in the Principality of Liechtenstein, namely the Data Protection Act and the Data Protection Ordinance. 

Within the scope of the services offered, Swisscare requires certain information in order to be able to conclude a contract with a Customer. If the potential Customer decides to conclude an insurance contract with Swisscare, personal data is processed in order to apply for an offer, as well as to conclude and maintain a contractual relationship, for example for invoicing purposes or to verify eligibility.  

 

Swisscare is unable to conclude a contractual relationship with a Customer without this personal data. For this reason, the information required is based on Art. 6 paras. 1 letter b (necessary for the performance of a contract) and c (compliance with a legal obligation) of the GDPR, for example, due to tax law regulations, social security and health insurance law regulations, corporate regulations and compliance obligations. Due to these regulations and statutory retention periods, Swisscare is unable to delete certain personal data until these statutory retention periods have passed. 

 

Data we process due to Art. 6 para. 1 letter f GDPR (legitimate interests) are due to the following:

 

  • IT Security and Operations

  • Insurance Fraud Prevention 

  • Marketing of Swisscare products and services

 

Third parties who receive personal data

 

Relevant personal data will be communicated to the Insurer based on the concluded contract. Swisscare may be obliged to disclose personal data to governing authorities concerning the insurance validity and concerning exemption from mandatory health insurance, as well as to other insurers and reinsurers. Swisscare may also have to give access to third-party providers of the IT Services in order to maintain IT Security and Operations who may be accessing Swisscare’s data from the EU/EFTA area or from a third country. Standard contractual clauses are applied if any transfers take place to non EU/EFTA areas, or areas that are deemed to not been recognised as equivalent. 

 

It is also possible that Swisscare will also have to communicate personal data to governing authorities for the fulfillment of statutory duties of notifications (finance authorities, criminal investigation agencies). 

 

Data retention

 

Swisscare will store personal data until the statute of limitations for claims against Swisscare has ended (retention period is between 5 and 30 years), and if Swisscare has a legal obligation to do so.


 

Description of data processing 

 

Visitor and usage data:

 

Swisscare’s system records data and information about the computer used by the User automatically and with every visit on our website.

 

The following data are collected:

 

  • Information regarding the type and version of internet browser used to access the website

  • Language applied

  • Operating system

  • Internet service provider

  • IP address

  • Date, time and country of each access

  • Web page from which the user was redirected to our page 

 

The data mentioned above are saved for a maximum time period of [specify] days. This storing is done due to security reasons to ensure the stability and integrity of our systems.


 

Google Analytics 

 

Swisscare uses “Google Analytics” a web analysis client by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to evaluate the usage of our website. Google Analytics uses cookies which will be stored on the Users computer. The containing information regarding website and internet usage can be evaluated and processed by Google. The collected data may be transmitted to countries outside the EU/EEA, especially to the USA. However, Google has committed to follow the Privacy Shield Framework agreement. Further information about data subject rights of said agreement is found here:  http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf.

Additionally, we ensure that your IP address is anonymised before it is transmitted to Google. [

 

The retention settings for Google Analytics have been set to 14 months. 

 

Legal basis for the usage of Google Analytics is Article 6 (1) lett. f GDPR. 

 

Stripe

 

Stripe is a payment provider used to enable credit card payments and direct purchases through the app. Stripe may collect your telephone number and app related usage data. For further information, please consult the privacy policy form Stripe: https://stripe.com/en-gb-ch/privacy-center/legal

 

Cookies 

 

Swisscare uses cookies on the website to ensure a user-friendly experience. Cookies are small files that are managed by the user’s web browser and are directly stored on the respective device (Laptop, Tablet, Smartphone etc.) whenever a User visits our website. Cookies are stored as long as they are not deleted. This process allows Swisscare to recognize the browser on the next visit. 

 

If the User does not wish to use cookies the settings in the browser can be changed accordingly. The User will then be notified whenever the browser attempts to create a cookie and the User can decide whether they want to allow the cookie. However, please note that deactivation of cookies may result in a limited user experience and may render certain functionalities unusable. 

 

Legal basis for the processing of data through cookies is Article 6 (1) lett. f GDPR. 

 

Cookies are valid for 14 days and will subsequently be deleted by your browser. 

 

Contact Form

 

If a User fills out a contact form, sends us an email or another form of electronic message, the data will only be used to process the inquiry and possible further questions.

 

Legal basis for the processing of your inquiry is Article 6 (1) lett. b GDPR.

 

Newsletter 

 

During the application process a user account is created. During the creation of this user account, the Customer can sign up to the Newsletter. The Newsletter is managed via Mailchimp, their privacy policy can be found here: https://mailchimp.com/legal/privacy/ 

 

Swisscare newsletters do not contain visible or hidden counters, third party ads or links to external websites that are not directly connected to the content in the newsletter. 

Each newsletter contains a reference on how to unsubscribe from the newsletter.

 

myswisscare account

 

To purchase an insurance policy online the User has to sign up and chose an email address and define a password. The password is encrypted and cannot be viewed by us.

When signing up the Customer must provide name, passport number, residence and destination, address, email address, and payment information. During the insurance application, further information will be provided about the reason and scope of the data processing. The Customer can agree to the terms by checking a box. 

 

The data from the purchased insurance policies are also stored on the user account. 

Swisscare only uses the personal data collected at the initial sign up to properly process the insurance application. 

 

If the Customer requests to update any information Swisscare keeps a copy of the prior details for questions that might come up. 

 

Claims can be submitted via the customer care account, however, these are deleted immediately after having been submitted to the concerned claim service. 

 

The Customer can revoke your consent to process the above-mentioned data at any time. If the request can be processed, the User will be required to sign up for any future orders. The revocation of consent is to be directed at the DPO, whose details are mentioned  above. 

All personal data will be deleted after completion of the order if there is no legal obligation to keep them (e.g. for accounting purposes). 

The Customer has the possibility to delete your user account when you have no pending orders. 




 

Data Security 

 

We use a common encryption technology SSL in connection with the highest encryption levels that are supported by your browser. If a page on our website was/is being transmitted encrypted it is shown by the lock symbol in the address bar of your browser. 

Additionally, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments.