Data protection provisions

• In connection with all insurance lines with the exception of individual and group life insurance policies and legal protection insurance: 
  AXA Insurance Ltd, General-Guisan-Strasse 40, CH-8400 Winterthur 
• In connection with individual and group life insurance policies:
  AXA Life Ltd, General-Guisan-Strasse 40, CH-8400 Winterthur 
• In connection with legal protection insurance:
  AXA-ARAG Legal Protection Ltd, Ernst-Nobs-Platz 7, CH-8004 Zurich

• In connection with all insurance lines with the exception of individual and group life insurance policies and legal protection insurance:
  AXA Life Ltd, Zollstrasse 20, FL-9494 Schaan 
• In connection with individual and group life insurance policies:
  AXA Life Ltd, Zollstrasse 20, FL-9494 Schaan
• In connection with legal protection insurance:
  AXA-ARAG Legal Protection Ltd, Ernst-Nobs-Platz 7, CH-8004 Zurich

This includes first and last name, gender, date of birth, age, civil status, language, nationality, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.

This includes information submitted during the application process, e.g. on the risk to be insured, answers to questions, reports by experts, claims data from the previous insurer, as well as information on relationships with third parties affected by data processing (e.g. main drivers, beneficiaries). 

This includes data obtained in connection with the conclusion or processing of a contract, e.g. policy or contract number, type of insurance and coverage, description of the risk, benefits, premium, contract term, insured vehicles, registration numbers, subscriptions/unsubscriptions to newsletters, complaints, disagreements about benefits or the respective contracts concluded. 

This includes information about personal behavior, e.g. how the AXA website – www.axa.ch – and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.

This includes credit ratings, payment details, tax identification numbers, mortgage details, premium payments and outstanding payments, reminders, and credit balances.

This includes notices of claim, medical reports, diagnoses, investigation reports, invoices, data relating to injured third parties, pension dates, etc..

This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, as well as reports on other physical or mental impairments.

This includes data on religion, values, opinions, and activities relating to politics or labor unions, health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.

This includes, for example, IP address, cookies (for more information, see section 2.2. Cookies and similar technologies), metadata, logs or records of the use of our systems, IP packets and other technical identification details, data relating to online/telephone communication.

Personal data that you have provided to us or that we have lawfully received from companies in the AXA Group, or from partners, brokers, intermediaries, and other parties, is processed by us for the purposes set out below and/or purposes associated with them and underlying objectives.  Where a legal relationship subject to the EU General Data Protection Regulation (GDPR) exists, the specified legal basis applies (for more information see also section 1.3.10 Legal basis pursuant to GDPR). Further information can be found in Part 2 onward  – Part 2. Using the website.  

We process your data in the context of your request for advice, pre-contractual measures, provision of the quotation, and finally for the processing, administration, and any termination of the insurance contract. The contract cannot be concluded without your data. 

For example, we use your contact details – including the details of any co-insureds – to carry out pre-contractual investigations and be able to contact you. We use your application data (including health data, if applicable) in order to assess the risk we will be accepting as well as calculate the premium. We require your customer data for contract management purposes and your payment information in order to collect your premium on time.

We process relevant data from external providers in order to calculate your premium as well as check your creditworthiness. The processing of this data is permitted on the basis of the insurance contract.

Please also be aware that our premiums may be based on automated calculations that analyze various criteria concerning insured persons or property. This enables us to determine the insurance risk in more precise terms. We place a strong emphasis on fair insurance terms, however, in that the analysis always relates to customer segments and not to the individual insured person. 

In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely on the basis of the consent granted by you for the purpose of performing the contract.

If required for contract processing purposes, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved, previous or subsequent insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, and/or external experts that constitute the insurance chain. Furthermore, we notify third parties to which cover was confirmed (e.g. relevant authorities) about the suspension, amendment, or termination of the insurance relationship.

Processing is permitted on the basis of the insurance contract, including in the event that it is not taken out. If we collect sensitive personal data that requires particular protection, such as health data, we may ask for your express consent in order to process it. 

The data must be retained for at least 10 years after termination of the contract. Data regarding quotations is kept for  5 years, even if the insurance is not taken out. Your data will be erased once the relevant retention period has elapsed.

We process your information for the purpose of assessing, reviewing, and processing claims, legal cases, and benefits. It is not possible for us to review your claim, legal case, or insured event unless we have your data.

For example, we use your contact details – including the details of any co-insureds – in order to contact you. We require your customer information in order to manage claims, legal cases, and benefits; we require any information on claims or legal cases (including health data, if applicable) – such as notices of loss or legal cases, investigation reports, and invoices – in order to process your claim, benefit, or legal case; we also need your payment details in order to pay out claims or benefits, for example.

For claims processing and accident analysis purposes in the case of traffic accidents, data recorded directly by the insured vehicle can be read for the purpose of determining the events that led to the damage or to identify the consequences of the loss when a loss event occurs. AXA decides based on the notification of the claim whether the data needs to be read. Depending on the manufacturer, this includes information such as speed, acceleration, delay, date, and time.

In connection with a claim or insured event, we may obtain any relevant information from, and inspect the relevant files of, other insurance companies, authorities (police or investigating authorities, department of motor vehicles offices, or similar public offices), as well as from motor vehicle manufacturers and other third parties. If necessary, you must authorize the above-mentioned offices to disclose the relevant information or release the doctor from their obligation to maintain patient confidentiality; see also Art. 39 of the Insurance Contract Act (ICA) and Art. 62 FADP. 

In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of processing the claim, legal case, or benefit.

If required for processing the claim, legal case, or benefit, we disclose data – though only that which is strictly necessary – to third parties. Such third parties – cooperation partners, co-insurers, reinsurers, subsequent or other insurers involved, or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, lawyers, external experts, doctors, authorized parties, and/or claims handlers – constitute the insurance chain. In addition, for the purpose of enforcing the right of recourse and contractual recourse claims, information may be supplied to liable third parties and their liability insurer – including abroad. AXA-ARAG does not provide AXA with any information about legal cases if this could prejudice the insured.

Processing is permitted on the basis of the underlying insurance contract. If the processing of your personal information is based on consent, we process the data in the context of such consent (e.g. when disclosing particularly sensitive personal data to third parties). 

The data must be retained for at least 10 years after the claim is settled. Your data will be erased once the relevant retention period has elapsed.

We process your data for the purpose of automated or non-automated detection, prevention, and combating of potential insurance fraud.

For example, we use your contract, claims, and benefits data and analyze it in order to identify any suspicious patterns. To that end, and in order to protect you as well as us from unlawful or improper activities, we may also create and process profiles (see section 1.5.1 Profiling).

In connection with the identification of misuse – and the filtering out of suspicious cases – we exchange data with external cooperation partners and other insurance companies and investigators. If consent has been provided by the person concerned, we respond to inquiries from other insurance companies regarding their customers if there is a suspicion of insurance fraud. For example, we provide information about existing policies and previous claims. Information is only provided to authorities if there is a legal obligation to do so.

In the case of policyholders whose registered office or place of residence is in Switzerland, we can also make inquiries to the reference and information system (HIS) and, in the case of motor vehicle claims, to Car Claims Info.

• HIS: To prevent and detect insurance fraud, we have affiliated ourselves with the reference and information system (HIS) provided by SVV Solution AG. Participating insurance companies report specific circumstances indicating the need for in-depth examination of a loss event and may request relevant reports from other participating insurance companies. Information from the HIS is only used in connection with investigating the claim. Additional information about the HIS and your corresponding rights can be found at www.svv.ch/his (in German). All reports are deleted automatically 7 years after the date of the loss event.
• Car Claims Info: For the purpose of combating fraud in relation to motor vehicle insurance, we send vehicle-related claims data to SVV Solution AG for recording in the electronic database “Car Claims Info”. This makes it possible to check whether a registered vehicle claim has already been paid out by another insurance company. If fraud is suspected, then the companies may exchange relevant data. Additional information about Car Claims Info and your corresponding rights can be found in the privacy statement for “Car Claims Info” | SVV (in German). 

The processing is necessary on the basis of AXA’s legitimate interests in maintaining the technical and financial balance of the product, the sector, or the insurance company itself.

We process your data in order to meet regulatory and legal obligations, and to guarantee that laws, guidelines, standards, and internal directives are complied with.

In particular, we process your data for the purpose of combating  money laundering, terrorist financing, as well as bribery and corruption. In addition, we process your data for legally required disclosures to authorities with the aim of preventing, detecting, and investigating criminal offenses and other violations. This includes information, notification, and disclosure requirements in connection with obligations under supervisory and tax law.

Furthermore, your data is regularly checked for negative reporting as well as against the data contained in the sanctions lists of the United Nations, European Union, Switzerland’s State Secretariat for Economic Affairs, the UK finance and economics department, as well as the US Office of Foreign Assets Control (OFAC).

In the case of individual checks where specialist technical expertise or in-depth knowledge is required, we may enlist cooperation partners or other third parties to assess and/or process the case. In addition, as a member of the AXA Group we are required to report specific serious compliance and security incidents to the Group and share them with the relevant Group teams.

Processing is permitted on the basis of statutory obligations. AXA may be subject to legal obligations under Swiss or foreign laws. In addition, we include here sector standards, rules with regard to self-regulation, rules on in-house corporate governance, as well as instructions and requests from authorities.

The data must be retained for at least 10 years. Your data will be erased once the relevant retention period has elapsed.

We process your data for customer survey and marketing purposes, so that we can inform you about our products and services. “Marketing purposes” are any AXA activities aimed at the acquisition of new customers or deepening of existing customer relationships. 

For example, we use data about your behavior, preferences, and contract for analysis purposes with the aim of upgrading existing products, offering them to you, as well as developing new AXA Group products and services, including non insurance-related.   

In order to contact existing and potential customers through marketing measures which could be of interest to them, we process not only personal information and contact data but also other data to help us determine or personalize the target audience and content of marketing messages. This also includes data from interactions with us, e.g. regarding usage behavior on our website (see also Part 2. Using the website), as well as data from other public sources.  

For individualized and targeted advertising purposes, as well as to provide you with offers and cater to your needs more effectively, we may also create personality profiles for you and assign you to a specific advertising group. 

We do not use any sensitive data requiring particular protection, such as health data, for your personality profile. Specific marketing measures may be implemented by data processors and cooperation partners we have commissioned, and by common controllers or other third parties, or in cooperation with them.

You can object to direct marketing measures and personalized advertising at any time in accordance with section 1.9.7. To that end, you can contact the Data Protection Consultant directly (see section 1.10.1 Data Protection Consultant). You also have the following contact options:  

• General contact | AXA 
• AXA 24-hour helpline 0800 809 809 

Data processing is permitted on the basis of our overriding legitimate interest in providing you with targeted information about our products and services which could be of interest to you.

We process your data for general and insurance-specific statistical analysis, and for risk management as well as market research purposes.

For example, we use your customer and claims data to develop our conditions and premium rates and in general terms for the development of our insurance business, in particular in relation to artificial intelligence (AI). Furthermore, we use your claims data for analysis on the topics of road safety, to prevent accidents in the home, and to identify the effectiveness of fire protection measures.

We use market and opinion polling opportunities in order to develop our existing products and services (including our website) as well as identify needs and aspirations, thus enabling us to create an optimized offering. To that end, we use your contact, contract, and customer data as well as analyze how you navigate our website and what products are used by which groups of people and in what way.

This gives us an indication of the market acceptance of existing products and services as well as the market potential for new products and services. In addition, we use information from customer polls, surveys, and studies as well as other information, e.g. from the media, social media, internet, and other public sources. Within this context we may also obtain data from third parties or cooperation partners.

If possible, we use anonymized data for our analysis and also anonymize or pseudonymize the data over the course of the statistical process. 

In specific instances of statistical or scientific analysis or research work, we obtain data from third parties and merge it with our own data. In addition, data may be disclosed to data processors, cooperation partners, common controllers, or other third parties for the purpose described. For example, market research institutes may be appointed to carry out a telephone survey of customers. The data disclosed are processed by the relevant company for a specific purpose.

Data processing is permitted due to our overriding legitimate interest in improving our products, services, and internal processes.

If you apply for a job with us, we will process your data in order to proceed with the application. Without this data we will be unable to assess your application and decide whether you are suitable for the position concerned.

For example, we will use your contact details in order to schedule appointments with you. We will collect personal information, such as the information contained in your resume, and process data from references and educational qualifications. Alongside this essential information, you will have the opportunity to provide us with additional information for the application process. We will use the data provided to us in order to assess your application and reach a decision.

As a job applicant, you can use the AXA application platform to find out about vacant positions at various AXA companies in Switzerland and apply electronically. This covers the following companies, including their respective sales force:

• AXA Insurance Ltd 
• AXA Life Ltd 
• AXA-ARAG Legal Protection Ltd 
• AXA Mobility Services AG
• AXA Group Operations Switzerland AG
• AXA Liabilities Managers Switzerland AG
• AXA GIE, Paris, Winterthur branch, Switzerland

Your application data will only be shared with persons who are involved in the application process, such as recruitment managers and line managers. In addition, your data may be disclosed to authorities in the event of a statutory duty of notification.

Processing is permitted in the context of recruitment. Data will normally be erased 6 months after the application process has been concluded. Provided you give your consent, your application documents may be stored in the AXA candidates pool for future vacancies. If no suitable position has been found for you within 12 months of the conclusion of the application process, your data will be erased automatically. 

If your application leads to the conclusion of an employment contract, the data will be stored and used as part of the normal organizational and administration process as well as for the management of the employment relationship. Further details are set out in the information accompanying your employment contract.

Furthermore, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA.

Data processing is permitted on the basis of our overriding legitimate interest in expedient corporate management and development.

When you visit our premises, we will make video recordings in correspondingly designated areas for security and evidence purposes. The recordings are accessible to selected AXA employees within the framework of their responsibilities. We only analyze the recordings if necessary (cases subject to criminal law) and delete them between 7 and 30 days later.

Data processing is permitted on the basis of our overriding legitimate interest in ensuring the security of our buildings and systems. Where the GDPR is applicable, the legal basis is our legitimate interest (Art. 6 para. 1 (f) GDPR) in ensuring the security of our buildings and systems.

Where the GDPR applies, we proceed in application of the following legal obligations:

a) Initiation or performance of a contract  

b) Existence of a legal obligation

c) Consent from you or a person authorized by you 

d) Overriding or legitimate interests of AXA, examples of which include:  

• Efficient, effective protection of customers, employees, and other persons as well as protection of AXA’s data, secrets, and assets as well as data, secrets, and assets that have been entrusted to AXA
• Maintenance and secure organization of business operations, including secure, efficient, and effective operation, and successful development of the website and other IT systems
• Efficient and effective customer support, contact maintenance, and other communications with customers including outside of contract processing
• Expedient corporate management and development, in particular with regard to the AXA Group
• Documentation of customer behavior, activities, preferences, and needs, market studies
• Efficient and effective improvement of existing products and services as well as development of new products and services
• Management of advertising and marketing measures
• Successful sale or purchase of business areas, companies, or parts of companies and other transactions under company law
• Prevention of fraud, misdemeanors, and felonies as well as investigations in connection with such offenses and other inappropriate behavior, dealing with lawsuits and actions against AXA
• Participation in legal proceedings and cooperation with authorities as well as otherwise asserting, exercising, and defending legal entitlements

Personal data is primarily collected from you directly (e.g. personal consultation, and through online, application, and claims forms).

If you wish to take out an insurance policy on behalf of another person (e.g. family members) or provide us with personal data concerning other persons, please ensure that such individuals are familiar with our Privacy Policy. Please also ensure that all information provided to us is correct and that you are authorized to provide us with the data.

In specific cases, we collect your data from third parties or receive your data from third parties or public offices and manage this data to the extent permitted by law. We therefore process, for example, data received from public offices or authorities, finance companies, banks, other insurers, distribution partners, employers, medical service providers and experts, attorneys, CarClaims-Info, or the HIS reporting and information system to ensure we have the necessary data to conclude or process contracts. When you send an insurance application or report a claim or benefit case, you release the corresponding bodies from any duty to protect secrets. In addition, we process data obtained from data suppliers and address brokers or other website operators and online networks so that we can provide you with the best possible service and optimal advice as well as ensure data accuracy.

Where permitted, we obtain specific data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, internet) or receive such data from other companies within the AXA Group, as well as authorities, cooperation partners, and other third parties.

We may process and evaluate your data on an automated (i.e. computer-supported) basis as well as create profiles for the purposes specified in section 1.3 Purpose of data processing.

“Profiling” involves the automated processing of data in order to analyze or predict – and therefore assess – certain personal characteristics or a person’s behavior. This is done by combining, linking, and analyzing the personal data available to us. The result – that is, the profile created – gives us information about personal characteristics such as personal preferences, interests, place of residence, and changes of location. This enables us to support and advise you on a more personalized basis and more successfully tailor our offerings to individual customer requirements. Further details about personality profiling for marketing purposes can be found in section 1.3.6 Customer surveys and marketing. There you will also find information about how you can refuse to allow personalized advertising and thus assert your right to object.

In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes. We may also use these procedures to combat money laundering and misuse, as well as perform credit checks. Finally, these personalized risk assessment and evaluation procedures can be used as an essential calculation basis for the insurance contract.

Profiling is performed within AXA in order to process insurance business or in connection with our associated, overriding legitimate interests. We ensure that the results are proportionate and reliable at all times, and take action against any misuse of profiles or profiling.

To ensure the efficiency and uniformity of our decision-making processes, we may also take specific decisions on a fully automated basis (computerized basis in accordance with specific rules and without any human involvement or checking by employees). These decisions can also be taken on the basis of profiling/profiles.

In the event of such automated case-by-case decision-making, you will be specifically notified of its usage should the decision have negative legal consequences for you or cause comparatively significant impairment. In such cases, you can ask for these decisions to be reviewed by an AXA employee (see section 1.9.9 Automated case-by-case decision-making).

We protect your data and do not sell it to third parties.

In some circumstances, your data may be disclosed to data processors and third parties (e.g. if required for contract conclusion or processing, or for other purposes specified in this Privacy Policy). These recipients are contractually required to comply with current data protection laws as well as confidentiality and secrecy requirements, if applicable. In addition, your data may be disclosed to other controllers or cooperation partners. 

We reserve the right to disclose information even if it is confidential. In many cases, the disclosure of confidential data is necessary in order to process contracts or provide other benefits. Nondisclosure agreements do not generally exclude such information disclosures – including disclosure to service providers. Given the nature of the data and other factors, however, we always ensure that such third parties deal with the data in an appropriate manner.

To facilitate automated data exchange between AXA, the federal government, as well as cantonal driver and vehicle licensing offices or shipping authorities, AXA is affiliated with the electronic clearing office (CLS), which collates electronic certificates of insurance (data on vehicles and vehicle keepers, as well as ship and shipowner data) for administration and archiving purposes and forwards them to the road traffic licensing information system (IVZ) of the Federal Roads Office (FEDRO) or to the cantonal shipping authorities.

We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules (BCR). Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group. Details of individual companies in the AXA Group can be found here: list of AXA companies worldwide.

To fulfill contractual or statutory obligations, we sometimes work together with data processors such as suppliers, IT, and other service providers. They are contractually obliged to process the data only for the purposes predetermined by AXA. If the data processors themselves involve third parties, we may approve this.

We work with third parties that process your data based on their own responsibility, or based on shared responsibility with ourselves. Such third parties include any natural person or legal entity, authority, institution, or other public office that is not part of the AXA Group or its data processors. In particular, we include here our cooperation partners and the following categories: 

• Insurance intermediaries, distributors, and other contracting parties  
• Pension institutions 
• Experts such as doctors and lawyers  
• Previous insurers, co-insurers, and reinsurers 
• Social and health insurance companies as well as other private insurance companies 
• Other participants in an incident (e.g. in the event of a claim) 
• Authorities and public offices in Switzerland and abroad 
• Other parties in potential or actual legal proceedings 
• Repair shops/garages/mechanics/breakdown service providers/transporters/taxi and car rental companies

Cooperation partners in the mobility sector (list not exhaustive):  

• AXA Mobility Services / UPTO (fleet management)
• Cardossier (easy preparation of certificate of insurance for customers) 
• ryd (intelligent auto assistance) 

Cooperation partners in the Life & Health sector (list not exhaustive):

• Mental health / Aepsy (online self-testing / therapist search) 

Cooperation partners in SME sector (list not exhaustive): 

• DearEmployee (Working Atmosphere Compass) 
• Accounto (payroll bookkeeping) 
• Swibeco (employee benefits platform) 
• Pro Mente Sana (course for managers) 
• Health Keeper (AXA Group) (health platform) 

Cooperation partners in AI (artificial intelligence) sector (list not exhaustive):  

• Noimos (AI-supported claims handling) 
  

In addition, we may disclose data to research institutions or researchers for scientific research or statistical purposes. In this case we ensure that the data is disclosed on an anonymized or pseudonymized basis. 

In connection with our business activities, data may be disclosed in Switzerland, the EU/EFTA/EEA countries, and – in some circumstances – worldwide, mainly in countries in which other AXA Group companies operate (list of AXA companies worldwide).

Prior to transmitting data to a country outside of Switzerland or the EU/EFTA/EEA countries, we ensure that the country has an appropriate degree of data protection. If the country does not have appropriate data protection, we ensure an appropriate degree of protection by means of contractual provisions (e.g. based on standard contractual clauses of the European Commission or our Binding Corporate Rules [BCR]) along with effective technical security measures. Please note that such contractual precautions provide adequate protection; however, not all risks can be entirely ruled out (e.g. risk of government intervention abroad). All the necessary measures are taken when data is transferred, including the signing of standard contractual clauses if required. Please contact us if you would like a copy of the standard contractual clauses. 

The Swiss Earthquake Claims Organization (Schadenorganisation Erdbeben, SOE) actively supports the cantonal building insurers and private insurers with assessing damage to buildings and estimating the cost of reconstruction following an earthquake.

We send the required buildings information of policyholders (e.g. information on the owner of the building and administration of the building where available, sum insured, type of building, class and use of building, volume where available) to the SOE for the purpose of enriching the data from the Federal Register of Buildings and Dwellings (RBD) and for estimating the cost of repairing buildings following earthquake damage.

We process the data collected for as long as necessary and in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation), contractual retention periods, the requirements imposed by the authorities, and for performing our specified processing tasks, as well as on the basis of our overriding legitimate interests (e.g. documentation and evidence purposes) (in particular to provide evidence or to defend against claims and to demonstrate good data governance).

The statutory retention period is generally at least 10 years. The statutory limitation period is generally between 5 and 20 years. 

Within the meaning of a purpose-oriented retention period, we ensure that your data is only stored for as long as is absolutely necessary for the specific processing purpose. Due to actuarial circumstances (occurrence of a claim, suspected misuse, recourse claims, dispute) and changing legal parameters that can simultaneously involve different retention periods, the retention period may range from a few days to a few years or more. If the data is no longer required for processing purposes, it will be erased or anonymized in accordance with our customary erasure processes. 

Other information can be found under the respective processing tasks in section 1.3. Purpose of data processing or in Part 2 onward (Part 2. Using the website).

AXA Life Ltd processes personal data for the occupational benefits institutions for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits coverage and group life insurance in accordance with the tasks assigned to it.

With your consent, AXA Life Ltd, operating on behalf of your occupational benefits institution, discloses your occupational benefits-related data to AXA Insurance Ltd on an ongoing basis so as to provide an overview of pension cover as well as for individual product and service offerings. Such disclosure takes place only with your express consent. This consent is issued separately and can be revoked at any time on the myAXA portal. With this consent, AXA Insurance Ltd may use any data that it has already available to it to this end, link it with the data issued via the occupational benefits channel, and use the resultant profile also for marketing purposes. This affects the following data categories: personal information and contact data, customer/contract data, financial data, health-related data, and technical data. Verified service providers in Switzerland and abroad may be used to process this data.

All processing steps – from collection to retention and destruction of data – that take place at AXA Life Ltd or at commissioned third parties are carried out in accordance with the applicable statutory regulations of the FADP and the specific data protection provisions of the Occupational Pensions Act (BVG/OPA), or, where applicable, in accordance with the GDPR. 

Any person involved in the implementation as well as the control or supervision of the implementation of occupational pensions is subject to the duty of confidentiality pursuant to Art. 86 BVG/OPA.

If required for the implementation of occupational pensions, personal data in relation to the insured may be transmitted to co-insurers and reinsurance companies to the extent required. Furthermore, the disclosure and forwarding of data to third parties is based on section 1.8.1 and the specific data protection provisions of the BVG/OPA.

The retention of data is governed by the statutory requirements as defined by Art. 41 (8) BVG/OPA in conjunction with Art. 27i, Art. 27j, and Art. 27k of the Ordinance on Occupational Old Age, Survivors’ and Invalidity Pension Provision.

If your data is processed by AXA you may – in accordance with applicable data protection legislation and the processing purpose – assert the rights specified in sections 1.9.2 to 1.9.7, at any time and generally free of charge. Please note that these rights are subject to legal requirements and that exemptions and restrictions apply. Specifically, we may need to process and store your data in order to perform a contract with you, safeguard your legitimate interests (e.g. asserting, exercising, and defending legal entitlements), or to comply with legal obligations. Where legally permitted, in particular to protect the rights and freedoms of other affected persons as well as safeguard legitimate interests, we are therefore required to reject a data subject request in full or in part (e.g. by redacting certain content concerning third parties or business secrets).

These rights will be asserted pursuant to section 1.9.2 – 1.9.7 by sending an email or letter (postal address) to the unit specified in section 1.10.1  Data Protection Consultant.

For the purpose of avoiding misuse, the exercising of your rights generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport), unless we are able to identify you clearly in another way.

Data subject requests addressed to the units specified may be processed by other units such as AXA Complaint Management.

If you believe that the processing of your personal data violates the data protection legislation or that your rights under the legal provisions are breached in any other way, you have the option of submitting a complaint to the responsible data protection authority (see section 1.10.2  Data Protection Supervisory Authority). 

You have the right to request information from us as to whether we process your data and, if so, what data. You can submit your request for information in writing or by email, enclosing a copy of your identity card or passport (if your identity is not clear in another way or you cannot be identified), to the address listed under Contacts in section 1.10 Data Protection Consultant.

You have the right to request the release of specific personal data in a common electronic format or for it to be transferred to another controller.

You have the right to insist that we rectify any incorrect data or that we supplement any incomplete data if it is incorrect or incomplete. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide, unless you can correct or supplement it yourself via a portal. 

You have the right to request the erasure or anonymization of data that is not essential to the performance of the contract, or that is not being processed on the basis of legal obligations (e.g. mandatory retention) or on account of AXA’s overriding legitimate interests. If erasure is technically impossible or involves disproportionate effort, we will be unable to meet your request for erasure.

In certain cases you will have the right to the restriction of processing (e.g. if the accuracy of the data is disputed or unlawful processing is asserted). 

You have the right to object to the future processing of your data with immediate effect, in particular if processing is in order to maintain our legitimate interests, e.g. in the case of direct marketing and for the profiling undertaken for the purpose of direct advertising.

Provided the processing of your data is based on consent that you have granted, you have the right to revoke your consent to future processing at any time and with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations. You can assert this right at any time as follows:

• General contact | AXA (online form)
• AXA 24-hour helpline 0800 809 809

We will let you know if we have taken an automated case-by-case decision in the context of the applicable law. You will then have the right to present your point of view and demand that the decision is reviewed by a human. When informing you of the decision taken, we will let you know whom to contact. You should then get in touch with the contact person specified in the decision notification.

Please send applications and inquiries in connection with the processing of your data by AXA in writing, enclosing a copy of your identity card or passport, to the Data Protection Consultant: 

• AXA Data Protection Consultant for business activity in Switzerland
  AXA Insurance Ltd / AXA Life Ltd, Private Pensions
  General-Guisan-Strasse 40
  CH-8400 Winterthur 
  
  Email: datenschutzanliegen@axa.ch (unencrypted) 
   

• AXA Data Protection Consultant for business activity in the Principality of Liechtenstein
  AXA Insurance Ltd / AXA Life Ltd, Private Pensions
  General-Guisan-Strasse 40
  CH-8400 Winterthur  
  
  Email: datenschutzanliegen@axa.li (unencrypted) 
  
  
• Data Protection Consultant – Occupational Benefits for business activity in Switzerland  
  AXA Life Ltd: Occupational Benefits 
  General-Guisan-Strasse 42
  CH-8400 Winterthur  
  
  Email: datenschutzberater.BV@axa.ch (unencrypted) 
  
  
• Data Protection Consultant – Occupational Benefits for business activity in Liechtenstein  
  AXA Life Ltd: Occupational Benefits
  General-Guisan-Strasse 42
  CH-8400 Winterthur 
  
  Email: datenschutzberater.BV.li@axa.li (unencrypted)
   

• Data Protection Consultant for legal protection insurance 
  AXA-ARAG Data Protection Consultant 
  AXA-ARAG Legal Protection Ltd 
  Ernst-Nobs-Platz 7
  P.O. Box 1026
  CH-8021 Zurich 
  
  Email: datenschutzanliegen@axa-arag.ch (unencrypted)

If you believe AXA has failed to comply with the data protection regulations applicable to you, we would advise you to contact the relevant, above-mentioned AXA Data Protection Consultant in the first instance. 

You can, however, also file a complaint directly with the relevant data protection supervisory authority:

• Switzerland
  Federal Data Protection and Information Commissioner
  Feldeggweg 1
  CH-3003 Bern 

• Principality of Liechtenstein
  Data Protection Authority (DSS)
  Städtle 38
  P.O. Box 684
  FL-9490 Vaduz