Data protection provisions

Your personal data are processed in accordance with the statutory provisions, specifically the provisions governing data protection and the Insurance Contract Act, and, insofar as this is required, with your consent.

Personal data you have provided to us yourself or we have legitimately received from companies in the AXA Group, from contracting partners such as insurance brokers and other third parties, may be processed by us for the following purposes:

• Processing of the insurance contract
  The conclusion and performance of the insurance contract are not possible without the processing of your personal data. When applying for insurance cover you will send us personal data; we require these data to assess the risk we are potentially assuming as well as to be able to conclude and subsequently implement the contract, for instance in order to issue a policy or invoice. In the event of a claim you will once again be required to send us information; without this we will be unable to check whether a claim event has occurred or to determine the amount of the claim. In connection with the risk assessment and processing of a claim it is also possible that we will request your consent – for instance in order to set aside patient confidentiality. If you do not issue the necessary consent with your request, or issue only partial consent, this could make it impossible for us to conclude the contract. 
  This processing is necessary for the performance of an insurance contract in accordance with Art. 6 (1) (b) GDPR, for compliance with legal obligations pursuant to Art. 6 (1) (c) GDPR and for obtaining your consent in accordance with Art. 6 (1) (a) GDPR.
  
• Exchange of information within AXA
  To simplify administrative procedures and insofar as necessary, AXA Group companies operating in Switzerland and the Principality of Liechtenstein grant each other access to master data and basic contract data (excluding health data), claims summaries and customer profiles. This processing is necessary for the performance of an insurance contract in accordance with Art. 6 (1) (b) GDPR and for the purposes of pursuing AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR.
  
• Checking your credit rating
  For the purpose of assessing your creditworthiness, we may use credit rating data from external providers. This processing is necessary in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR and for the purpose of AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR.
  
• Detecting, preventing and combating fraud
  We also process your data for the purpose of detecting, preventing and combating insurance fraud, money laundering and the financing of terrorism. This processing is necessary for the purposes of pursuing AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR and for compliance with a legal obligation in accordance with Art. 6 (1) (c) GDPR. 
  
• Statistical analysis
  Personal data may be used by AXA or a third party for statistical analysis purposes. These analyses can involve different subject areas such as road safety, the prevention of accidents in the home, the effectiveness of fire protection measures and potential improvements in contract management. The processing of personal data is necessary for the purposes of pursuing AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR. 
  
• Direct marketing
  AXA may use personal data for direct marketing purposes. This term includes promotions and personalized advertising. We use this personal data to improve knowledge about our customers – or prospective customers – and ensure they are given information about our activities, products and services, as well as receive offers. Personal data for direct marketing purposes may also be sent to other companies in the AXA Group, insurance brokers and companies connected to AXA.  This processing is necessary for obtaining your consent in accordance with Art. 6 (1) (a) GDPR and for the purposes of pursuing AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR.
• Data analyses
  So that we can continuously improve our products and services, we analyze the personal data available to us. We may link historical, current and future data, for example to enable us to undertake evaluations in connection with risk profiles. This processing is necessary for the purposes of pursuing AXA's legitimate interests in accordance with Art. 6 (1) (f) GDPR.
  

AXA may send or disclose your personal data to other companies or individuals, but only on the condition that sending or disclosing the information serves one of the above-mentioned purposes or is necessary in connection with the processing of an order. 

The recipients of personal data specifically include lawyers, experts, doctors specialized in occupational health, reinsurers, co-insurers, insurance brokers, service providers, other insurance companies, agents and claims adjusters. These recipients may only process your personal data insofar as this is necessary for the performance of their tasks. 

Where provided for under current legislation, personal data may also be transmitted to the government offices and authorities concerned.

We only transmit personal data to recipients outside of the European Economic Area (EEA) if the third country has been recognized by the European Commission as providing adequate protection of data or if adequate data protection guarantees exist – such as the AXA Group's binding internal data protection rules, EU standard contractual clauses and the EU-US Privacy Shield.

The officers responsible for data processing are domiciled in Switzerland and data processing takes place mainly in Switzerland. Switzerland is recognized by the European Commission as a secure third country providing adequate data protection. 

AXA is part of the AXA Group. Some of the business processes are carried out in centralized service centers and data processing systems. The processing of data outside of the European Economic Area or Switzerland is done on the basis of the AXA Group's Binding Corporate Rules; these Rules were approved by the European Data Protection Authorities. They ensure an adequate level of protection when data are processed by AXA companies domiciled outside of the EU.

The length of time data are kept varies depending on the type of business transaction involved. AXA determines this on the basis of the following criteria: 

• Fulfillment of its purposes
• Legal parameters
• Operational needs
• Safeguarding the interests of the persons affected, e.g. customers, visitors to our websites, prospective customers
• Taking into account internal procedures and data dependencies

Once the set period of time expires your personal data will be deleted. 

In the case of insurance contacts we retain your personal data throughout the life of the contractual relationship or settlement of the claim, in accordance with statutory retention periods. In this case the retention period is up to ten years and may be extended if legal claims are asserted, exercised or defended.

AXA takes appropriate technical and organizational security measures to protect the personal data you transmit against unlawful or unauthorized access, manipulation, erasure, alteration, forwarding and use. These security measures are constantly enhanced and upgraded in accordance with the latest technological developments. The websites to which you transmit personal data are secured against third-party access by secure socket layer (SSL) encryption technology. You can check whether your connection to AXA's servers is secure by looking in the address line of your browser: If it begins with https://, the link is secure. 

However, we would point out that the completeness, confidentiality and security of the data and its transmission on the internet cannot be guaranteed in general. We cannot be held liable for the security of your personal data during transmission, only as of the time your data arrives in our systems.

Information for our customers is provided on our websites and no personal data are collected or processed in principle. When you visit our website you remain anonymous. We cannot identify you personally without involving an internet service provider.

When you use our premium calculator, your data are stored and processed for product and service as well as policy issuing purposes. When personal data are entered we are able to identify you personally. This also applies to use of the customer portal www.myaxa.ch, since this requires registration. Registration is used to identify the user – and minimizes the risk of unauthorized parties being able to access data.

Our web servers automatically store the usage data for our websites. To optimize its websites, AXA evaluates this data anonymously – i.e. without including the IP address.

The cookies we use are designed to facilitate various functions on our websites. For example, cookies help us store your country and language settings as well as your shopping cart across different pages during an internet session.

By using cookies we can also record and analyze the user behavior of visitors to our internet pages. This enables us to make our internet pages more user-friendly and effective, and your visit to our internet pages as enjoyable an experience as possible. In addition, we can display information tailored to your specific interests.

We also use cookies to optimize our advertising. Cookies enable us to show you advertising and/or specific products and services that may be of particular interest to you based on your use of our website. Our objective is to make our internet service as attractive as possible and to show you advertising that is likely to match your interests.

Cookies record usage information such as the date and time our website was visited, the name of the internet pages visited, the IP address of your device and the operating system used. For example, cookies provide information about which of our internet pages you visit and the website from which you reached our internet page. We also use cookies to track the subjects you are searching for on our internet pages.

The cookies or corresponding technologies stored on your computer or mobile device can also come from other companies in the AXA Group or from independent third parties such as advertising partners and internet service providers.

These cookies enable our partner companies to approach you with individualized advertising and to measure its impact. The cookies from partner companies likewise remain stored on your computer or mobile device for the period of time set by the third-party provider and are automatically deactivated at the end of this period.

Our advertising partners only have access to data based on an identification number (cookie ID). This comprises online usage information such as the internet pages you have visited and the content you have used.

In the case of AXA customers who have registered, the online usage information containing details of the use of AXA products and services as well as demographic data such as age group, location and gender are linked and made usable for advertising partners. Our customers have the right to object to the use of such data by advertising partners by adjusting the settings via the partner company links shown below.

We use web analysis tools to obtain information about the use of our internet pages and to improve our web presence. These tools usually come from a third-party provider. The information obtained for these purposes is transmitted to the third party's server through the use of cookies. These servers may be located abroad, depending on the third-party provider.

IP addresses are shortened when data are transmitted, so as to prevent individual devices from being identified. The IP address sent by your browser as a result of the use of tools from third-party providers is not linked to other data from this third-party provider. This information is only transmitted by third-party providers on the basis of statutory requirements or in connection with the processing of order data.

We also use retargeting technologies on our web pages. This also enables us to target users of our internet pages with advertising on third-party websites. The advertising shown on internet pages is based on cookies in your browser, a cookie ID and an analysis of your previous usage.

When you access our internet pages from the European Economic Area (EEA), we only use the following cookies from third-party providers and tracking technologies to identify traffic from the EEA and to manage the use of tools as well as rectify faults and improve our internet pages:

• AT Internet
• Adobe Text & Targets
• Google Analytics 

If you want to block the use of these tools, you can proceed as described in the following section.

Most internet browsers accept cookies automatically. However, you can instruct your browser not to accept any cookies or to ask every time before a cookie is accepted on a website you visited. You can also delete cookies on your computer or mobile device by using the corresponding function on your browser.

A list of the technologies used, with information about the providers, the purpose of the technologies concerned, the corresponding options for preventing or restricting their use as well as additional information from the relevant providers can be found here:

If you decide not to accept our cookies, or the cookies and tools of our partner companies, you will not see certain information on our websites and will be unable to use some functions.

On our internet pages we also use social plugins, which are identifiable through the logo of the social networking site concerned.

All plugins used are installed using a 2-click process. This means the plugins concerned are only activated when you click on the provider's icon.

When you visit a page of our website containing an activated plugin, your browser establishes a direct link to the provider's servers. The content of the plugin is directly transmitted to your browser by the relevant provider and incorporated into the page. Through incorporation of the plugin, specific information is sent to and stored by the third-party provider.

Even if they are not a member of the relevant social networking site, they are still able to obtain and store your IP address via the social plugin. When you are logged into one of the social networking sites, the third-party providers can directly assign your visit to our website to your personal profile on the social networking site. If you interact with the plugins, for instance by clicking the "Like", "+1", "Twitter" or "Instagram" button, the corresponding information is likewise sent directly to and stored on a server belonging to the third-party providers. The information is also published on the social networking site, Twitter or Instagram account, and displayed to your contacts there. For information about the purpose and extent of data collection and the further processing and use of data by third-party providers, as well as your associated rights and possible settings for protecting your privacy, please consult the third-party providers' data protection provisions. A list of the plugins we use, as well as further information about the relevant providers, can be found here:

If you want to prevent Google, Facebook, Twitter or Instagram from assigning the data collected via our web presence to your personal profile on the social networking site concerned, you need to log out of the relevant social networking site before accessing our website. By using specialized add-ons for your browser, such as NoScript (https://noscript.net/) and Ghostery (https://www.ghostery.com/), you can completely prevent plugins from being loaded.