A responsible approach to dealing with your personal data or person-related data is important to us, and protecting your privacy is our top priority. We take utmost care with the data we use to carry out our activities. We ensure the greatest possible degree of data security in the information technology we use and only collect the data that is absolutely necessary. Our employees receive regular training in data protection matters and must comply with specific confidentiality obligations. In addition, we monitor compliance with the data protection provisions on a continuous basis.
Alternatively, you can request the latest version from your insurance advisor.
Personal data or person-related data (hereinafter also “data”) as referred to below is any information relating to an identified or identifiable person (e.g. name, date of birth, email address, IP address). Information that has been anonymized or aggregated and cannot (or can no longer) be used to identify a specific person is not deemed to be data in this sense.
“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure of data.
The legal basis and purpose of processing your data is primarily the initiation and/or performance of the insurance contract. Furthermore, we base the processing of data on the existence of a statutory basis/legal obligation and/or consent (from you or from a person you have authorized) as well as on existing overriding or legitimate interests on the part of AXA (i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures).
The processing of your personal data is based on the principles of accuracy, lawfulness, transparency, data minimization, proportionality, responsibility, and data security.
If you wish to take out a contract with us, you need to provide us with all the information required for acceptance and implementation of the business relationship as well as for performing the associated contractual obligations. Without this data, we will not be able to conclude a contract with you, or to perform the contract and/or pay benefits.
This includes first and last name, gender, date of birth, age, civil status, language, nationality, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.
This includes information submitted during the application process, e.g. on the risk to be insured, answers to questions, reports by experts, claims data from the previous insurer, as well as information on relationships with third parties affected by data processing (e.g. main drivers, beneficiaries).
This includes data obtained in connection with the conclusion or processing of a contract, e.g. policy or contract number, type of insurance and coverage, description of the risk, benefits, premium, contract term, a person’s insured vehicles, registration numbers and buildings, subscriptions/unsubscriptions to newsletters, complaints, disagreements about benefits or the respective contracts concluded.
This includes information about personal behavior, e.g. how the AXA website – www.axa.ch – and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.
This includes credit ratings, payment details, tax identification numbers, mortgage details, premium payments and outstanding payments, reminders, and credit balances.
This includes notices of claim, medical reports, diagnoses, investigation reports, invoices, data relating to injured third parties, pension dates, etc.).
This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, illnesses, and/or other physical or mental impairments.
This includes data on religion, values, opinions, and activities relating to politics or labor unions, health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.
This includes, for example, IP address, cookies (for more information, see section 2.2. Cookies and similar technologies), metadata, logs or records of the use of our systems, IP packets, and other technical identification details, data relating to online/telephone communication.
Personal data that you have provided to us or that we have lawfully received from companies in the AXA Group, or from partners, brokers, intermediaries, and other parties, is processed by us for the purposes set out below and/or purposes associated with them and underlying objectives. Where a legal relationship subject to the EU General Data Protection Regulation (GDPR) exists, the specified legal basis applies (for more information see also section 1.3.10 Legal basis pursuant to GDPR). Further information can be found in Part 2 onward – Part 2. Using the website.
We process your data in the context of your request for advice, pre-contractual measures, provision of the quotation, and finally for the processing, administration, and any termination of the insurance contract. The contract cannot be concluded without your data.
For example, we use your contact details – including the details of any co-insureds – to carry out pre-contractual investigations and be able to contact you. We use your application data (including health data, if applicable) in order to assess the risk we will be accepting as well as calculate the premium. We require your customer data for contract management purposes and your payment information in order to collect your premium on time.
We process data from external providers in order to calculate your premium as well as check your creditworthiness. The processing of this data is permitted on the basis of the insurance contract.
Please also be aware that our premiums may relate to automated calculations that analyze various criteria concerning insured persons or property. This enables us to determine the insurance risk in more precise terms. We place a strong emphasis on fair insurance terms, however, in that the analysis always relates to customer segments and not to the individual insured person.
In some circumstances, your consent may be necessary when querying sensitive data requiring particular protection, such as health information. In this case, we process the data solely on the basis of the consent granted by you for the purpose of performing the contract.
If required for contract processing purposes, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities and/or external experts that constitute the insurance chain. Furthermore, we notify third parties to which cover was confirmed (e.g. relevant authorities) about the suspension, amendment, or termination of the insurance relationship.
Processing is permitted on the basis of the insurance contract, including in the event that it is not taken out. If we collect sensitive personal data that requires particular protection, such as health data, we may ask for your express consent in order to process it.
The data must be retained for at least 10 years after termination of the contract. Data regarding quotations is kept for 5 years, including in the event that the insurance is not taken out. Your data will be erased once the relevant retention period has elapsed.
We process your information for the purpose of assessing, reviewing, and processing claims, legal cases, and benefits. It is not possible for us to review your claim, legal case, or insured event unless we have your data.
For example, we use your contact details – including the details of any co-insureds – in order to contact you. We require your customer information in order to manage claims, legal cases, and benefits; we require any information on claims or legal cases (including health data, if applicable) – such as notices of loss or legal cases, investigation reports, and invoices – in order to process your claim, benefit, or legal case; we also need your payment details in order to pay out claims or benefits, for example.
For claims processing and accident analysis purposes in the case of traffic accidents, data recorded directly by the insured vehicle can be read for the purpose of determining the events that led to the damage or to identify the consequences of the loss when a loss event occurs. AXA decides based on the notification of the claim whether the data needs to be read. Depending on the manufacturer, this includes information such as speed, acceleration, delay, date, and time.
In connection with a claim or insured event, we may obtain any relevant information from, and inspect the relevant files of, other insurance companies, authorities (police or investigating authorities, department of motor vehicles offices, or similar public offices), as well as from motor vehicle manufacturers and other third parties. If necessary, you must authorize the above-mentioned offices to disclose the relevant information or release the doctor from their obligation to maintain patient confidentiality; see also Art. 39 of the Insurance Contract Act (ICA) and Art. 62 FADP.
In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of processing the claim, legal case, or benefit.
If required for processing the claim, legal case, or benefit, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, lawyers, external experts, doctors, authorized parties and/or claims handlers that constitute the insurance chain. In addition, for the purpose of enforcing the right of recourse and contractual recourse claims, information may be supplied to liable third parties and their liability insurer – including abroad. AXA-ARAG does not provide AXA with any information about legal cases if this could prejudice the insured.
Processing is permitted based on the underlying insurance contract as well as on the basis of performance of a legal obligation. If the processing of your personal information is based on consent, we process the data in the context of such consent.
The data must be retained for at least 10 years after the claim is settled. Your data will be erased once the relevant retention period has elapsed.
We process your data in order to detect potential insurance fraud, prevent such occurrences, and combat insurance fraud, money laundering, and terrorist financing in general.
For example, we use your contract, claims, and benefits data and analyze it in order to identify any suspicious patterns. To that end, and in order to protect you as well as us from unlawful or improper activities, we may also create and process profiles (see section 1.5.1 Profiling).
In connection with the identification of misuse – and the filtering out of suspicious cases – we exchange data with external cooperation partners and other insurance companies and investigators. If consent is in place, we respond to inquiries from other insurance companies regarding their customers if there is a suspicion of insurance fraud. For example, we provide information about existing policies and previous claims. In addition, we supply information to the authorities where there is a legal basis for doing so.
Furthermore, your data is regularly checked against the data contained in the sanctions lists of the United Nations, European Union, Switzerland’s State Secretariat for Economic Affairs (SECO), the UK finance and economics department (HM Treasury), as well as the US Office of Foreign Assets Control (OFAC).
In the case of policyholders whose registered office or place of residence is in Switzerland, we can also make inquiries to the reference and information system (HIS) and, in the case of motor vehicle claims, to Car Claims Info.
Processing is permitted based on our overriding legitimate interest in preventing insurance fraud as well as on the basis of legal requirements.
We process your data in order to meet regulatory and legal obligations, and to guarantee that laws, guidelines, standards, and internal directives are complied with.
For example, we process your data for legally required disclosures to authorities with the aim of preventing, detecting, and investigating criminal offenses and other violations. This includes information, notification, and disclosure requirements in connection with obligations under supervisory and tax law.
In the case of individual checks where specialist technical expertise or in-depth knowledge is required, we may enlist cooperation partners or other third parties to assess and/or process the case. In addition, as a member of the AXA Group we are required to report specific serious compliance and security incidents to the Group and share them with the relevant Group teams.
Processing is permitted on the basis of statutory obligations. AXA may be subject to legal obligations under Swiss or foreign laws. In addition, we include here sector standards, rules with regard to self-regulation, rules on in-house corporate governance, as well as instructions and requests from authorities.
The data must be retained for at least 10 years. Your data will be erased once the relevant retention period has elapsed.
We process your data for customer survey and marketing purposes, so that we can inform you about our products and services. “Marketing purposes” are any AXA activities aimed at the acquisition of new customers or deepening of existing customer relationships.
For example, we use data about your behavior, preferences, and contract for analysis purposes with the aim of upgrading existing products, offering them to you, as well as developing new AXA Group products and services, including non insurance-related.
In order to contact existing and potential customers through marketing measures which could be of interest to them, we process not only personal information and contact data but also other data to help us determine or personalize the target audience, content, and sending of marketing messages. This also includes data from interactions with us, e.g. regarding usage behavior on our website (see also Part 2. Using the website), as well as data from other public sources.
For individualized and targeted advertising purposes, as well as to provide you with offers and cater to your needs more effectively, we may also create personality profiles for you and assign you to a specific advertising group.
We do not use any sensitive data requiring particular protection, such as health data, for your personality profile. Specific marketing measures may be implemented by data processors and cooperation partners we have commissioned, and by common controllers or other third parties, or in cooperation with them.
You can withdraw your consent to direct marketing measures and personalized advertising at any time in accordance with section 1.9.7 Right to object. To that end, you can contact the Data Protection Consultant directly (see section 1.10. Data Protection Consultant). You also have the following options:
Data processing is permitted on the basis of our overriding legitimate interest in providing you with targeted information about our products and services which could be of interest to you.
We process your data for general and insurance-specific statistical analysis, and for risk management as well as market research purposes.
For example, we use your customer and claims data to develop our conditions and premium rates and in general terms for the development of our insurance business, in particular in relation to artificial intelligence (AI). Furthermore, we use your claims data for analysis on the topics of road safety, to prevent accidents in the home, and to identify the effectiveness of fire protection measures.
We use market and opinion polling opportunities in order to develop our existing products and services (including our website) as well as identify needs and aspirations, thus enabling us to create an optimized offering. To that end, we use your contact, contract, and customer data as well as analyze how you navigate our website and what products are used by which groups of people and in what way.
This gives us an indication of the market acceptance of existing products and services as well as the market potential for new products and services. In addition, we use information from customer polls, surveys, and studies as well as other information, e.g. from the media, social media, internet, and other public sources. Within this context we may also obtain data from third parties or cooperation partners.
If possible, we use anonymized data for our analysis and also anonymize or pseudonymize the data over the course of the statistical process.
In specific instances of statistical or scientific analysis or research work, we obtain data from third parties and merge it with our own data. In addition, data may be disclosed to data processors, cooperation partners, common controllers, or other third parties for the purpose described. The data disclosed are processed by the relevant company for a specific purpose.
Data processing is permitted due to our overriding legitimate interest in improving our products, services, and internal processes.
If you apply for a job with us, we will process your data in order to proceed with the application. Without this data we will be unable to assess your application and decide whether you are suitable for the position concerned.
For example, we will use your contact details in order to schedule appointments with you. We will collect personal information, such as the information contained in your resume, and process data from references and educational qualifications. Alongside this essential information, you will have the opportunity to provide us with additional information for the application process. We will use the data provided to us in order to assess your application and reach a decision.
As a job applicant, you can use the AXA application platform to find out about vacant positions at various AXA companies in Switzerland and apply electronically. This covers the following companies, including their respective sales force:
Your application data will only be shared with persons who are involved in the application process, such as recruitment managers and line managers. In addition, your data may be disclosed to authorities in the event of a statutory duty of notification.
Processing is permitted in the context of recruitment. Data will normally be erased 6 months after the application process has been concluded. Provided you give your consent, your application documents may be stored in the AXA candidates pool for future vacancies. If you have not found a suitable position within 12 months of the conclusion of the application process, your data will be erased automatically.
If your application leads to the conclusion of an employment contract, the data will be stored and used as part of the normal organizational and administration process as well as for the management of the employment relationship. Further details are set out in the information accompanying your employment contract.
Furthermore, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA.
Data processing is permitted on the basis of our overriding legitimate interest in expedient corporate management and development.
Where the GDPR (General Data Protection Regulation) applies, we proceed in application of the following legal bases:
a) Initiation or performance of a contract
b) Existence of a statutory basis
c) Consent from you or a person authorized by you
d) Overriding or legitimate interests of AXA, examples of which include:
Personal data is primarily collected from you directly (e.g. personal consultation, and through online, application, and claims forms).
In specific cases, we collect your data from third parties or receive your data from third parties or public offices and manage this data to the extent permitted by law. We therefore process, for example, data we receive from public authorities or finance companies so that we have the necessary data to conclude or process contracts. In addition, we process data obtained from data suppliers and address brokers or third-party website operators and online networks so that we can provide you with the best possible service and optimal advice as well as ensure data accuracy.
Where permitted, we obtain specific data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, internet) or receive such data from other companies within the AXA Group, as well as authorities, cooperation partners, and other third parties.
We may process and evaluate your data on an automated (i.e. computer-supported) basis as well as create profiles for the purposes specified in section 1.3 Purpose of data processing.
“Profiling” involves the automated processing of data in order to analyze or predict – and therefore assess – certain personal characteristics or a person’s behavior. This is done by combining, linking, and analyzing the personal data available to us. The result – that is, the profile created – gives us information about personal characteristics such as personal preferences, interests, place of residence, and changes of location. This enables to support and advise you on a more personalized basis and more successfully tailor our offerings to individual customer requirements. Further details about personality profiling for marketing purposes can be found in section 1.3.6 Customer surveys and marketing. There you will also find information about how you can refuse to allow personalized advertising and thus assert your right to object.
In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes. We may also use these procedures to combat money laundering and misuse, as well as perform credit checks. Finally, these personalized risk assessment and evaluation procedures can be used as an essential calculation basis for the insurance contract.
Profiling is performed within AXA in order to process insurance business or in connection with our associated, overriding legitimate interests. We ensure that the results are proportionate and reliable at all times, and take action against any misuse of profiles or profiling.
To ensure the efficiency and uniformity of our decision-making processes, we may also take specific decisions on a fully automated basis (computerized basis in accordance with specific rules and without any human involvement/checking by employees). These decisions can also be taken on the basis of profiling/profiles.
In the event of such automated case-by-case decision-making, you will be specifically notified of its usage in the individual case should the decision have negative legal consequences for you or cause comparatively significant impairment. In such cases, you can ask for these decisions to be reviewed by an AXA employee (see section 1.9.9 Automated case-by-case decision-making).
We protect your data and do not sell it to third parties.
We reserve the right to disclose information even if it is confidential. In many cases, the disclosure of confidential data is necessary in order to process contracts or provide other benefits. Non-disclosure agreements do not generally exclude such information disclosures – including disclosure to service providers. Given the sensitivity of the data and other factors, however, we always ensure that such third parties deal with the data in an appropriate manner.
To facilitate automated data exchange between AXA, the federal government, as well as cantonal driver and vehicle licensing offices or shipping authorities, AXA is affiliated with the electronic clearing office (CLS), which collates electronic certificates of insurance (data on vehicles and vehicle keepers, as well as ship and shipowner data) for administration and archiving purposes and forwards them to the motor vehicle information system (MOFIS) of the Federal Roads Office (FEDRO) or to the cantonal shipping authorities.
We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules [BCR]. Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group. Details of individual companies in the AXA Group can be found here: List of AXA companies worldwide.
To fulfill contractual or statutory obligations, we sometimes work together with data processors such as suppliers, IT and other service providers. They are contractually obliged to process the data only for the purposes predetermined by AXA. A list of data processors is available from our offices. If the data processors themselves involve third parties, we may approve this on a case-by-case basis.
We work with third parties that process your data based on their own responsibility, or based on shared responsibility with ourselves. Such third parties include any natural person or legal entity, authority, institution, or other public office that is not part of the AXA Group or its data processors. In particular, we include here our cooperation partners and the following categories:
Cooperation partners in the mobility sector (list not exhaustive):
Cooperation partners in the Life & Health sector (list not exhaustive):
Cooperation partners in SME sector (list not exhaustive):
Cooperation partners in AI (artificial intelligence) sector (list not exhaustive):
In addition, we may disclose data to research institutions or researchers for scientific research or statistical purposes. In this case we ensure that the data is disclosed on an anonymized or pseudonymized basis.
We process data worldwide, in particular in countries in which other AXA Group companies operate (list of countries of the AXA group of companies). Prior to transmitting data to a country outside of Switzerland and the EEA countries, we ensure that the country has an appropriate degree of data protection. If the country does not have appropriate data protection, we ensure an appropriate degree of protection by means of contractual provisions (e.g. based on standard contractual clauses of the European Commission or our Binding Corporate Rules [BCR]) along with effective technical security measures. By way of exception, data may be transmitted to a third country with an insufficient degree of data protection if you have given us consent to do so, if required by the underlying contract with you, in the case of legal proceedings abroad, or in the event of overriding public interest. Please contact us if you would like a copy of the standard contractual clauses.
We process the data collected for as long as necessary and in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation) and for as long as required in order to perform our specified processing tasks as well as on the basis of our overriding legitimate interests (in particular to provide evidence or to defend against claims and to demonstrate good governance).
Within the meaning of a purpose-oriented retention period, we ensure that your data is only stored for as long as is absolutely necessary. Due to actuarial circumstances (occurrence of a claim, suspected misuse, recourse claims, dispute) and changing legal parameters that can simultaneously involve different retention periods, the retention period may range from a few days to a few years or more. If the data is no longer required for processing purposes, we erase or anonymize it.
Other information can be found under the respective processing tasks in section 1.3. Purpose of data processing or in Part 2 onward (Part 2. Using the website).
AXA Life Ltd processes personal data for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits coverage and group life insurance in accordance with the tasks assigned to it.
All processing steps – from collection to retention and destruction of data – that take place at AXA Life Ltd or at commissioned third parties are carried out in accordance with the applicable statutory regulations of the FADP and the specific data protection provisions of the Occupational Pensions Act (BVG/OPA), or, where applicable, in accordance with the GDPR.
Any person involved in the implementation as well as the control or supervision of the implementation of occupational pensions is subject to the duty of confidentiality pursuant to Art. 86 BVG/OPA.
If required for the implementation of occupational pensions, personal data in relation to the insured may be transmitted to co-insurers and reinsurance companies to the extent required. Furthermore, the disclosure and forwarding of data to third parties is based on the specific data protection provisions of the BVG/OPA.
The retention of data is governed by the statutory requirements as defined by Art. 41 (8) BVG/OPA in conjunction with Art. 27i, Art. 27j, and Art. 27k of the Ordinance on Occupational Old Age, Survivors’ and Invalidity Pension Provision.
Unless stated otherwise, if your data is processed by AXA you may – in accordance with applicable data protection legislation and the processing purpose – assert the rights specified in sections 1.9.2 to 1.9.9, free of charge and at any time, as follows:
email or letter (postal address) to the unit specified in section 1.10 Data Protection Consultant.
For the purpose of avoiding misuse, the exercising of your rights generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport), unless we are unable to identify you clearly in another way.
Data subject requests addressed to the units specified may be processed by other units such as AXA Complaint Management.
In the event of a violation of your rights, you have the option of submitting a complaint to the responsible data protection authority (see section 1.10 Data Protection Consultant).
You have the right to request information from us as to whether we process your data and, if so, what data. You can submit your request for information in writing or by email, enclosing a copy of your identity card or passport (if your identity is not clear in another way or you cannot be identified), to the address listed under Contacts in section 1.10 Data Protection Consultant.
You have the right to request the release of specific personal data in a common electronic format or for it to be transferred to another controller.
You have the right to insist that we rectify any incorrect data. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide.
You have the right to request the erasure of data that is not essential to the performance of the contract, or that is not being processed for statutory reasons (e.g. mandatory retention) or on account of AXA’s overriding legitimate interests. If erasure is technically impossible or involves disproportionate effort, we will be unable to meet your request for erasure.
In certain cases you will have the right to the restriction of processing (e.g. if the accuracy of the data is disputed or unlawful processing is asserted).
You have the right to object to the future processing of your data with immediate effect, in particular if processing is in order to maintain our legitimate interests, e.g. in the case of direct marketing.
You have the right – provided the processing of your data is based on consent that you have granted – to revoke your consent to future processing with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations.
We will let you know if we have taken an automated case-by-case decision in the context of the applicable law. You will then have the right to present your point of view, contest the decision, and demand that the decision is reviewed by a human. When informing you of the decision taken, we will let you know whom to contact. You should then get in touch with the contact person specified.
Please send applications and inquiries in connection with the processing of your data by AXA in writing, enclosing a copy of your identity card or passport, to the Data Protection Consultant:
If you believe AXA has failed to comply with the data protection regulations applicable to you, we would advise you to contact the relevant, above-mentioned AXA Data Protection Consultant in the first instance.
You can, however, also file a complaint directly with the relevant data protection supervisory authority: