A responsible approach to dealing with your personal data or person-related data is important to us, and protecting your privacy is our top priority. We take utmost care with the data we use to carry out our activities. We ensure the greatest possible degree of data security in the information technology we use and only collect the data that is absolutely necessary.
We take appropriate technical and organizational security measures (e.g. encryption and/or pseudonymization of your personal data, internal directives, confidentiality statements, and checks) to protect your personal data against manipulation, loss, destruction, or access by unauthorized parties. These measures are based on international standards; they are therefore subject to regular review and adjusted if necessary.
Our employees receive regular training in data protection matters and must comply with specific confidentiality obligations. In addition, we monitor compliance with the data protection provisions on a continuous basis. This also applies to the data processors we have commissioned.
These data protection provisions contain important statements about data protection as well as your right to decide when and within what limits your personal data is used (“informational self-determination”). These data protection provisions are not a component of your contract and may be adjusted by us at any time in accordance with the statutory provisions. The version published here is the valid version. The German version is the legally authoritative version and serves as the basis for all language versions of our data protection provisions.
Alternatively, you can request the latest version from your insurance advisor.
Personal data or person-related data (hereinafter also “data”) as referred to below is any information relating to an identified or identifiable person (e.g. name, date of birth, email address, IP address). Information that has been anonymized or aggregated and cannot (or can no longer) be used to identify a specific person is not deemed to be data in this sense.
“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure of data.
The legal basis and purpose of processing your data is primarily the initiation and/or performance of the insurance contract. Furthermore, we base the processing of data on the existence of a statutory basis/legal obligation and/or consent (from you or from a person you have authorized) as well as on overriding or legitimate interests on the part of AXA (i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures).
The processing of your personal data is based on the principles of accuracy, lawfulness, transparency, data minimization, proportionality, responsibility, and data security.
If you wish to take out a contract with us, you need to provide us with all the information required for acceptance and implementation of the business relationship as well as for performing the associated contractual obligations. Without this data, we will not be able to conclude a contract with you, or to perform the contract and/or pay benefits.
If you wish to take out an insurance policy on behalf of another person (e.g. family members) or provide us with data on other people (third parties) (e.g. beneficiaries), we assume that you are authorized to do so and that this data is correct. Please notify such third parties of the processing of their data by us and ensure that such persons are familiar with our data protection provisions or relevant product information.
This includes first and last name, gender, date of birth, age, civil status, language, nationality, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.
This includes information submitted during the application process, e.g. on the risk to be insured, answers to questions, reports by experts, claims data from the previous insurer, as well as information on relationships with third parties affected by data processing (e.g. main drivers, beneficiaries).
This includes data obtained in connection with the conclusion or processing of a contract, e.g. policy or contract number, type of insurance and coverage, description of the risk, benefits, premium, contract term, insured vehicles, registration numbers, subscriptions/unsubscriptions to newsletters, complaints, disagreements about benefits or the respective contracts concluded.
This includes information about personal behavior, e.g. how the AXA website – www.axa.ch – and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.
This includes credit ratings, payment details, tax identification numbers, mortgage details, premium payments and outstanding payments, reminders, and credit balances.
This includes notices of claim, medical reports, diagnoses, investigation reports, invoices, data relating to injured third parties, pension dates, etc..
This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, as well as reports on other physical or mental impairments.
This includes data on religion, values, opinions, and activities relating to politics or labor unions, health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.
This includes, for example, IP address, cookies (for more information, see section 2.2. Cookies and similar technologies), metadata, logs or records of the use of our systems, IP packets and other technical identification details, data relating to online/telephone communication.
Personal data that you have provided to us or that we have lawfully received from companies in the AXA Group, or from partners, brokers, intermediaries, and other parties, is processed by us for the purposes set out below and/or purposes associated with them and underlying objectives. Where a legal relationship subject to the EU General Data Protection Regulation (GDPR) exists, the specified legal basis applies (for more information see also section 1.3.10 Legal basis pursuant to GDPR). Further information can be found in Part 2 onward – Part 2. Using the website.
We process your data in the context of your request for advice, pre-contractual measures, provision of the quotation, and finally for the processing, administration, and any termination of the insurance contract. The contract cannot be concluded without your data.
For example, we use your contact details – including the details of any co-insureds – to carry out pre-contractual investigations and be able to contact you. We use your application data (including health data, if applicable) in order to assess the risk we will be accepting as well as calculate the premium. We require your customer data for contract management purposes and your payment information in order to collect your premium on time.
We process relevant data from external providers in order to calculate your premium as well as check your creditworthiness. The processing of this data is permitted on the basis of the insurance contract.
Please also be aware that our premiums may be based on automated calculations that analyze various criteria concerning insured persons or property. This enables us to determine the insurance risk in more precise terms. We place a strong emphasis on fair insurance terms, however, in that the analysis always relates to customer segments and not to the individual insured person.
In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely on the basis of the consent granted by you for the purpose of performing the contract.
If required for contract processing purposes, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, and/or external experts that constitute the insurance chain. Furthermore, we notify third parties to which cover was confirmed (e.g. relevant authorities) about the suspension, amendment, or termination of the insurance relationship.
Processing is permitted on the basis of the insurance contract, including in the event that it is not taken out. If we collect sensitive personal data that requires particular protection, such as health data, we may ask for your express consent in order to process it.
The data must be retained for at least 10 years after termination of the contract. Data regarding quotations is kept for 5 years, even if the insurance is not taken out. Your data will be erased once the relevant retention period has elapsed.
We process your information for the purpose of assessing, reviewing, and processing claims, legal cases, and benefits. It is not possible for us to review your claim, legal case, or insured event unless we have your data.
For example, we use your contact details – including the details of any co-insureds – in order to contact you. We require your customer information in order to manage claims, legal cases, and benefits; we require any information on claims or legal cases (including health data, if applicable) – such as notices of loss or legal cases, investigation reports, and invoices – in order to process your claim, benefit, or legal case; we also need your payment details in order to pay out claims or benefits, for example.
For claims processing and accident analysis purposes in the case of traffic accidents, data recorded directly by the insured vehicle can be read for the purpose of determining the events that led to the damage or to identify the consequences of the loss when a loss event occurs. AXA decides based on the notification of the claim whether the data needs to be read. Depending on the manufacturer, this includes information such as speed, acceleration, delay, date, and time.
In connection with a claim or insured event, we may obtain any relevant information from, and inspect the relevant files of, other insurance companies, authorities (police or investigating authorities, department of motor vehicles offices, or similar public offices), as well as from motor vehicle manufacturers and other third parties. If necessary, you must authorize the above-mentioned offices to disclose the relevant information or release the doctor from their obligation to maintain patient confidentiality; see also Art. 39 of the Insurance Contract Act (ICA) and Art. 62 FADP.
In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of processing the claim, legal case, or benefit.
If required for processing the claim, legal case, or benefit, we disclose data – though only that which is strictly necessary – to third parties. Such third parties – cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, lawyers, external experts, doctors, authorized parties, and/or claims handlers – constitute the insurance chain. In addition, for the purpose of enforcing the right of recourse and contractual recourse claims, information may be supplied to liable third parties and their liability insurer – including abroad. AXA-ARAG does not provide AXA with any information about legal cases if this could prejudice the insured.
Processing is permitted based on the underlying insurance contract as well as on the basis of performance of a legal obligation. If the processing of your personal information is based on consent, we process the data in the context of such consent.
The data must be retained for at least 10 years after the claim is settled. Your data will be erased once the relevant retention period has elapsed.
We process your data in order to detect potential insurance fraud and prevent such occurrences.
For example, we use your contract, claims, and benefits data and analyze it in order to identify any suspicious patterns. To that end, and in order to protect you as well as us from unlawful or improper activities, we may also create and process profiles (see section 1.5.1 Profiling).
In connection with the identification of misuse – and the filtering out of suspicious cases – we exchange data with external cooperation partners and other insurance companies and investigators. If consent is in place, we respond to inquiries from other insurance companies regarding their customers if there is a suspicion of insurance fraud. For example, we provide information about existing policies and previous claims. In addition, we supply information to the authorities where there is a legal basis for doing so.
In the case of policyholders whose registered office or place of residence is in Switzerland, we can also make inquiries to the reference and information system (HIS) and, in the case of motor vehicle claims, to Car Claims Info.
Processing is permitted based on our overriding legitimate interest in preventing insurance fraud as well as on the basis of preventing the negative consequences for AXA and the insured community.
We process your data in order to meet regulatory and legal obligations, and to guarantee that laws, guidelines, standards, and internal directives are complied with.
In particular, we process your data for the purpose of combating money laundering, terrorist financing, as well as bribery and corruption. In addition, we process your data for legally required disclosures to authorities with the aim of preventing, detecting, and investigating criminal offenses and other violations. This includes information, notification, and disclosure requirements in connection with obligations under supervisory and tax law.
Furthermore, your data is regularly checked for negative reporting as well as against the data contained in the sanctions lists of the United Nations, European Union, Switzerland’s State Secretariat for Economic Affairs, the UK finance and economics department, as well as the US Office of Foreign Assets Control (OFAC).
In the case of individual checks where specialist technical expertise or in-depth knowledge is required, we may enlist cooperation partners or other third parties to assess and/or process the case. In addition, as a member of the AXA Group we are required to report specific serious compliance and security incidents to the Group and share them with the relevant Group teams.
Processing is permitted on the basis of statutory obligations. AXA may be subject to legal obligations under Swiss or foreign laws. In addition, we include here sector standards, rules with regard to self-regulation, rules on in-house corporate governance, as well as instructions and requests from authorities.
The data must be retained for at least 10 years. Your data will be erased once the relevant retention period has elapsed.
We process your data for customer survey and marketing purposes, so that we can inform you about our products and services. “Marketing purposes” are any AXA activities aimed at the acquisition of new customers or deepening of existing customer relationships.
For example, we use data about your behavior, preferences, and contract for analysis purposes with the aim of upgrading existing products, offering them to you, as well as developing new AXA Group products and services, including non insurance-related.
In order to contact existing and potential customers through marketing measures which could be of interest to them, we process not only personal information and contact data but also other data to help us determine or personalize the target audience and content of marketing messages. This also includes data from interactions with us, e.g. regarding usage behavior on our website (see also Part 2. Using the website), as well as data from other public sources.
For individualized and targeted advertising purposes, as well as to provide you with offers and cater to your needs more effectively, we may also create personality profiles for you and assign you to a specific advertising group.
We do not use any sensitive data requiring particular protection, such as health data, for your personality profile. Specific marketing measures may be implemented by data processors and cooperation partners we have commissioned, and by common controllers or other third parties, or in cooperation with them.
You can object to direct marketing measures and personalized advertising at any time in accordance with section 1.9.7. To that end, you can contact the Data Protection Consultant directly (see section 1.10.1 Data Protection Consultant). You also have the following contact options:
Data processing is permitted on the basis of our overriding legitimate interest in providing you with targeted information about our products and services which could be of interest to you.
We process your data for general and insurance-specific statistical analysis, and for risk management as well as market research purposes.
For example, we use your customer and claims data to develop our conditions and premium rates and in general terms for the development of our insurance business, in particular in relation to artificial intelligence (AI). Furthermore, we use your claims data for analysis on the topics of road safety, to prevent accidents in the home, and to identify the effectiveness of fire protection measures.
We use market and opinion polling opportunities in order to develop our existing products and services (including our website) as well as identify needs and aspirations, thus enabling us to create an optimized offering. To that end, we use your contact, contract, and customer data as well as analyze how you navigate our website and what products are used by which groups of people and in what way.
This gives us an indication of the market acceptance of existing products and services as well as the market potential for new products and services. In addition, we use information from customer polls, surveys, and studies as well as other information, e.g. from the media, social media, internet, and other public sources. Within this context we may also obtain data from third parties or cooperation partners.
If possible, we use anonymized data for our analysis and also anonymize or pseudonymize the data over the course of the statistical process.
In specific instances of statistical or scientific analysis or research work, we obtain data from third parties and merge it with our own data. In addition, data may be disclosed to data processors, cooperation partners, common controllers, or other third parties for the purpose described. The data disclosed are processed by the relevant company for a specific purpose.
Data processing is permitted due to our overriding legitimate interest in improving our products, services, and internal processes.
If you apply for a job with us, we will process your data in order to proceed with the application. Without this data we will be unable to assess your application and decide whether you are suitable for the position concerned.
For example, we will use your contact details in order to schedule appointments with you. We will collect personal information, such as the information contained in your resume, and process data from references and educational qualifications. Alongside this essential information, you will have the opportunity to provide us with additional information for the application process. We will use the data provided to us in order to assess your application and reach a decision.
As a job applicant, you can use the AXA application platform to find out about vacant positions at various AXA companies in Switzerland and apply electronically. This covers the following companies, including their respective sales force:
Your application data will only be shared with persons who are involved in the application process, such as recruitment managers and line managers. In addition, your data may be disclosed to authorities in the event of a statutory duty of notification.
Processing is permitted in the context of recruitment. Data will normally be erased 6 months after the application process has been concluded. Provided you give your consent, your application documents may be stored in the AXA candidates pool for future vacancies. If no suitable position has been found for you within 12 months of the conclusion of the application process, your data will be erased automatically.
If your application leads to the conclusion of an employment contract, the data will be stored and used as part of the normal organizational and administration process as well as for the management of the employment relationship. Further details are set out in the information accompanying your employment contract.
Furthermore, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA.
Data processing is permitted on the basis of our overriding legitimate interest in expedient corporate management and development.
When you visit our premises, we will make video recordings in correspondingly designated areas for security and evidence purposes. We only analyze the recordings if necessary (cases subject to criminal law) and delete them between 7 and 30 days later.
Data processing is permitted on the basis of our overriding legitimate interest in ensuring the security of our buildings and systems. Where the GDPR is applicable, the legal basis is our legitimate interest (Art. 6 para. 1 (f) GDPR) in ensuring the security of our buildings and systems.
Where the GDPR applies, we proceed in application of the following legal bases:
a) Initiation or performance of a contract
b) Existence of a statutory basis
c) Consent from you or a person authorized by you
d) Overriding or legitimate interests of AXA, examples of which include:
Personal data is primarily collected from you directly (e.g. personal consultation, and through online, application, and claims forms).
In specific cases, we collect your data from third parties or receive your data from third parties or public offices and manage this data to the extent permitted by law. We therefore process, for example, data we receive from public authorities or finance companies so that we have the necessary data to conclude or process contracts. In addition, we process data obtained from data suppliers and address brokers or other website operators and online networks so that we can provide you with the best possible service and optimal advice as well as ensure data accuracy.
Where permitted, we obtain specific data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, internet) or receive such data from other companies within the AXA Group, as well as authorities, cooperation partners, and other third parties.
We may process and evaluate your data on an automated (i.e. computer-supported) basis as well as create profiles for the purposes specified in section 1.3 Purpose of data processing.
“Profiling” involves the automated processing of data in order to analyze or predict – and therefore assess – certain personal characteristics or a person’s behavior. This is done by combining, linking, and analyzing the personal data available to us. The result – that is, the profile created – gives us information about personal characteristics such as personal preferences, interests, place of residence, and changes of location. This enables us to support and advise you on a more personalized basis and more successfully tailor our offerings to individual customer requirements. Further details about personality profiling for marketing purposes can be found in section 1.3.6 Customer surveys and marketing. There you will also find information about how you can refuse to allow personalized advertising and thus assert your right to object.
In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes. We may also use these procedures to combat money laundering and misuse, as well as perform credit checks. Finally, these personalized risk assessment and evaluation procedures can be used as an essential calculation basis for the insurance contract.
Profiling is performed within AXA in order to process insurance business or in connection with our associated, overriding legitimate interests. We ensure that the results are proportionate and reliable at all times, and take action against any misuse of profiles or profiling.
To ensure the efficiency and uniformity of our decision-making processes, we may also take specific decisions on a fully automated basis (computerized basis in accordance with specific rules and without any human involvement or checking by employees). These decisions can also be taken on the basis of profiling/profiles.
In the event of such automated case-by-case decision-making, you will be specifically notified of its usage should the decision have negative legal consequences for you or cause comparatively significant impairment. In such cases, you can ask for these decisions to be reviewed by an AXA employee (see section 1.9.9 Automated case-by-case decision-making).
We protect your data and do not sell it to third parties.
We reserve the right to disclose information even if it is confidential. In many cases, the disclosure of confidential data is necessary in order to process contracts or provide other benefits. Nondisclosure agreements do not generally exclude such information disclosures – including disclosure to service providers. Given the nature of the data and other factors, however, we always ensure that such third parties deal with the data in an appropriate manner.
To facilitate automated data exchange between AXA, the federal government, as well as cantonal driver and vehicle licensing offices or shipping authorities, AXA is affiliated with the electronic clearing office (CLS), which collates electronic certificates of insurance (data on vehicles and vehicle keepers, as well as ship and shipowner data) for administration and archiving purposes and forwards them to the road traffic licensing information system (IVZ) of the Federal Roads Office (FEDRO) or to the cantonal shipping authorities.
We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules (BCR). Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group. Details of individual companies in the AXA Group can be found here: list of AXA companies worldwide.
To fulfill contractual or statutory obligations, we sometimes work together with data processors such as suppliers, IT, and other service providers. They are contractually obliged to process the data only for the purposes predetermined by AXA. A list of data processors is available from our offices. If the data processors themselves involve third parties, we may approve this on a case-by-case basis.
We work with third parties that process your data based on their own responsibility, or based on shared responsibility with ourselves. Such third parties include any natural person or legal entity, authority, institution, or other public office that is not part of the AXA Group or its data processors. In particular, we include here our cooperation partners and the following categories:
Cooperation partners in the mobility sector (list not exhaustive):
Cooperation partners in the Life & Health sector (list not exhaustive):
Cooperation partners in SME sector (list not exhaustive):
Cooperation partners in AI (artificial intelligence) sector (list not exhaustive):
In addition, we may disclose data to research institutions or researchers for scientific research or statistical purposes. In this case we ensure that the data is disclosed on an anonymized or pseudonymized basis.
In connection with our business activities, personal data may be disclosed in Switzerland, in EEA countries, and – in some circumstances – worldwide, mainly in countries in which other other AXA Group companies operate (list of countries of the AXA group of companies).
Prior to transmitting data to a country outside of Switzerland or the EEA countries, we ensure that the country has an appropriate degree of data protection. If the country does not have appropriate data protection, we ensure an appropriate degree of protection by means of contractual provisions (e.g. based on standard contractual clauses of the European Commission or our Binding Corporate Rules [BCR]) along with effective technical security measures. Please note that such contractual precautions provide adequate protection; however, not all risks can be entirely ruled out (e.g. risk of government intervention abroad).
By way of exception, data may be transmitted to a third country with an insufficient degree of data protection if you have given us consent to do so, if required by the contract concluded with you, in the case of legal proceedings abroad, or in the event of overriding public interest. Please contact us if you would like a copy of the standard contractual clauses.
The Swiss Earthquake Claims Organization (Schadenorganisation Erdbeben, SOE) actively supports the cantonal building insurers and private insurers with assessing damage to buildings and estimating the cost of reconstruction following an earthquake.
We send the required buildings information of policyholders (e.g. information on the owner of the building and administration of the building where available, sum insured, type of building, class and use of building, volume where available) to the SOE for the purpose of enriching the data from the Federal Register of Buildings and Dwellings (RBD) and for estimating the cost of repairing buildings following earthquake damage.
We process the data collected for as long as necessary and in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation), contractual retention periods, the requirements imposed by the authorities, and for performing our specified processing tasks, as well as on the basis of our overriding legitimate interests (e.g. documentation and evidence purposes) (in particular to provide evidence or to defend against claims and to demonstrate good data governance).
The statutory retention period is generally at least 10 years. The statutory limitation period is generally between 5 and 20 years.
Within the meaning of a purpose-oriented retention period, we ensure that your data is only stored for as long as is absolutely necessary for the specific processing purpose. Due to actuarial circumstances (occurrence of a claim, suspected misuse, recourse claims, dispute) and changing legal parameters that can simultaneously involve different retention periods, the retention period may range from a few days to a few years or more. If the data is no longer required for processing purposes, it will be erased or anonymized in accordance with our customary erasure processes.
Other information can be found under the respective processing tasks in section 1.3. Purpose of data processing or in Part 2 onward (Part 2. Using the website).
AXA Life Ltd processes personal data for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits coverage and group life insurance in accordance with the tasks assigned to it.
All processing steps – from collection to retention and destruction of data – that take place at AXA Life Ltd or at commissioned third parties are carried out in accordance with the applicable statutory regulations of the FADP and the specific data protection provisions of the Occupational Pensions Act (BVG/OPA), or, where applicable, in accordance with the GDPR.
Any person involved in the implementation as well as the control or supervision of the implementation of occupational pensions is subject to the duty of confidentiality pursuant to Art. 86 BVG/OPA.
If required for the implementation of occupational pensions, personal data in relation to the insured may be transmitted to co-insurers and reinsurance companies to the extent required. Furthermore, the disclosure and forwarding of data to third parties is based on the specific data protection provisions of the BVG/OPA.
The retention of data is governed by the statutory requirements as defined by Art. 41 (8) BVG/OPA in conjunction with Art. 27i, Art. 27j, and Art. 27k of the Ordinance on Occupational Old Age, Survivors’ and Invalidity Pension Provision.
If your data is processed by AXA you may – in accordance with applicable data protection legislation and the processing purpose – assert the rights specified in sections 1.9.2 to 1.9.7, at any time and generally free of charge. Please note that these rights are subject to legal requirements and that exemptions and restrictions apply. Specifically, we may need to process and store your data in order to perform a contract with you, safeguard your legitimate interests (e.g. asserting, exercising, and defending legal entitlements), or to comply with legal obligations. Where legally permitted, in particular to protect the rights and freedoms of other affected persons as well as safeguard legitimate interests, we are therefore required to reject a data subject request in full or in part (e.g. by redacting certain content concerning third parties or business secrets).
These rights will be asserted pursuant to section 1.9.2 – 1.9.7 by sending an email or letter (postal address) to the unit specified in section 1.10.1 Data Protection Consultant.
For the purpose of avoiding misuse, the exercising of your rights generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport), unless we are able to identify you clearly in another way.
Data subject requests addressed to the units specified may be processed by other units such as AXA Complaint Management.
If you believe that the processing of your personal data violates the data protection legislation or that your rights under the legal provisions are breached in any other way, you have the option of submitting a complaint to the responsible data protection authority (see section 1.10.2 Data Protection Supervisory Authority).
You have the right to request information from us as to whether we process your data and, if so, what data. You can submit your request for information in writing or by email, enclosing a copy of your identity card or passport (if your identity is not clear in another way or you cannot be identified), to the address listed under Contacts in section 1.10 Data Protection Consultant.
You have the right to request the release of specific personal data in a common electronic format or for it to be transferred to another controller.
You have the right to insist that we rectify any incorrect data or that we supplement any incomplete data if it is incorrect or incomplete. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide, unless you can correct or supplement it yourself via a portal.
You have the right to request the erasure or anonymization of data that is not essential to the performance of the contract, or that is not being processed for statutory reasons (e.g. mandatory retention) or on account of AXA’s overriding legitimate interests. If erasure is technically impossible or involves disproportionate effort, we will be unable to meet your request for erasure.
In certain cases you will have the right to the restriction of processing (e.g. if the accuracy of the data is disputed or unlawful processing is asserted).
You have the right to object to the future processing of your data with immediate effect, in particular if processing is in order to maintain our legitimate interests, e.g. in the case of direct marketing and for the profiling undertaken for the purpose of direct advertising.
You have the right – provided the processing of your data is based on consent that you have granted – to revoke your consent to future processing at any time and with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations. You can assert this right at any time as follows:
We will let you know if we have taken an automated case-by-case decision in the context of the applicable law. You will then have the right to present your point of view and demand that the decision is reviewed by a human. When informing you of the decision taken, we will let you know whom to contact. You should then get in touch with the contact person specified in the decision notification.
Please send applications and inquiries in connection with the processing of your data by AXA in writing, enclosing a copy of your identity card or passport, to the Data Protection Consultant:
If you believe AXA has failed to comply with the data protection regulations applicable to you, we would advise you to contact the relevant, above-mentioned AXA Data Protection Consultant in the first instance.
You can, however, also file a complaint directly with the relevant data protection supervisory authority: