Data protection provisions

A responsible approach to dealing with your personal data or person-related data is important to us, and protecting your privacy is our top priority. We take utmost care with the data we use to carry out our activities. We ensure the greatest possible degree of data security in the information technology we use and only collect the data that is absolutely necessary. Our employees receive regular training in data protection matters and must comply with specific confidentiality obligations. In addition, we monitor compliance with the data protection provisions on a continuous basis. 

In this Privacy Policy, we explain how we collect and manage personal data as well as what rights you have in this connection.

  1. Information on data protection
  2. Using the website
  3. Communication
  4. Online portal/myAXA app
  5. Cookie Policy

This Privacy Policy contains important statements about data protection as well as your right to decide when and within what limits your personal data is used (“informational self-determination”). The Privacy Policy is constantly updated to reflect the latest statutory provisions as well as unilaterally adjusted in line with specific data processing requirements. 

Alternatively, you can request the latest version from your insurance advisor. 

This Privacy Policy was last amended in October 2022.

The German version is the legally authoritative version and serves as the basis for all language versions of our Privacy Policy.

1. Information on data protection

Personal data or person-related data (hereinafter also “data”) as referred to below is any information relating to an identified or identifiable person (e.g. name, date of birth, email address, IP address). Information that has been anonymized or aggregated and cannot (or can no longer) be used to identify a specific person is not deemed to be data in this sense.

“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure of data.

The legal basis and purpose of processing your data is primarily the initiation and/or performance of the insurance contract. Furthermore, we base the processing of data on the existence of a statutory basis/legal obligation and/or consent (from you or from a person you have authorized) as well as on existing overriding or legitimate interests on the part of AXA (i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures).

The processing of your personal data is based on the principles of accuracy, lawfulness, transparency, data minimization, proportionality, responsibility, and data security.

Our Privacy Policy is based on the requirements of the Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). Specific situations may be governed by other data protection information on a case-by-case basis. There are exemptions from the duty to provide information under data protection law: The latter does not apply in the case of impossibility, if the effort is disproportionate, if you have already been notified about the data processing, if processing is provided for by law, or if we are legally bound to maintain confidentiality.

If you wish to take out a contract with us, you need to provide us with all the information required for acceptance and implementation of the business relationship as well as for performing the associated contractual obligations. Without this data, we will not be able to conclude a contract with you, or to perform the contract and/or pay benefits.

If you wish to take out an insurance policy on behalf of another person (e.g. family members) or provide us with the personal data on other people (e.g. beneficiaries), we ask you to ensure that these individuals are familiar with our Privacy Policy. Please ensure that all information provided to us is correct and that you are authorized to provide us with the data.

1.1 Data controller 

The following AXA companies (also referred to in this Privacy Policy as “AXA” or “we”/“us”) are responsible for data processing: 

  • 1.1.1 Business activity in Switzerland
    • In connection with all insurance lines with the exception of individual life policies and legal protection insurance: 
      AXA Insurance Ltd, General-Guisan-Strasse 40, CH-8400 Winterthur 
    • In connection with individual life policies:
      AXA Life Ltd, General-Guisan-Strasse 40, CH-8400 Winterthur 
    • In connection with legal protection insurance:
      AXA-ARAG Legal Protection Ltd, Affolternstrasse 42, CH-8050 Zurich
  • 1.1.2 Business activity in the Principality of Liechtenstein
    • In connection with all insurance lines with the exception of legal protection insurance:
      AXA Life Ltd, Landstrasse 60, 9490 Vaduz 
    • In connection with legal protection insurance:
      AXA-ARAG Legal Protection Ltd, Affolternstrasse 42, CH-8050 Zurich 

1.2 Data categories

  • 1.2.1 Personal information and contact data

    This includes first and last name, gender, date of birth, age, civil status, language, nationality, telephone number, email address, customer history, powers of attorney, signatory authorizations, declarations of consent.

  • 1.2.2 Application data

    This includes information submitted during the application process, e.g. on the risk to be insured, answers to questions, reports by experts, claims data from the previous insurer, as well as information on relationships with third parties affected by data processing (e.g. main drivers, beneficiaries). 

  • 1.2.3 Customer/contract data

    This includes data obtained in connection with the conclusion or processing of a contract, e.g. policy or contract number, type of insurance and coverage, description of the risk, benefits, premium, contract term, a person’s insured vehicles, registration numbers and buildings, subscriptions/unsubscriptions to newsletters, complaints, disagreements about benefits or the respective contracts concluded. 

  • 1.2.4 Data on behavior and preferences

    This includes information about personal behavior, e.g. how the AXA website – www.axa.ch – and associated services (hereinafter “website”) are used, as well as data on personal preferences and interests.

  • 1.2.5 Financial and payment data

    This includes credit ratings, payment details, tax identification numbers, mortgage details, premium payments and outstanding payments, reminders, and credit balances.

  • 1.2.6 Data pertaining to any claims/benefits/legal cases

    This includes notices of claim, medical reports, diagnoses, investigation reports, invoices, data relating to injured third parties, pension dates, etc.).

  • 1.2.7 Health data

    This includes data relating to the physical or mental health of an individual, based on which information about their state of health is obtained. It includes diagnoses, medical reports, sick notes, illnesses, and/or other physical or mental impairments.

  • 1.2.8 Sensitive personal data requiring particular protection

    This includes data on religion, values, opinions, and activities relating to politics or labor unions, health, personal sphere, race or ethnicity, genetic information, biometric data clearly identifying an individual, as well as data relating to administrative or criminal proceedings or sanctions.

  • 1.2.9 Technical data

    This includes, for example, IP address, cookies (for more information, see section 2.2. Cookies and similar technologies), metadata, logs or records of the use of our systems, IP packets, and other technical identification details, data relating to online/telephone communication.

1.3 Purpose of data processing

  • 1.3.1 General principles

    Personal data that you have provided to us or that we have lawfully received from companies in the AXA Group, or from partners, brokers, intermediaries, and other parties, is processed by us for the purposes set out below and/or purposes associated with them and underlying objectives. Where a legal relationship subject to the EU General Data Protection Regulation (GDPR) exists, the specified legal basis applies (for more information see also section 1.3.10 Legal basis pursuant to GDPR). Further information can be found in Part 2 onward  – Part 2. Using the website.  

  • 1.3.2 Advice, quotation, and insurance contract

    We process your data in the context of your request for advice, pre-contractual measures, provision of the quotation, and finally for the processing, administration, and any termination of the insurance contract. The contract cannot be concluded without your data. 

    For example, we use your contact details – including the details of any co-insureds – to carry out pre-contractual investigations and be able to contact you. We use your application data (including health data, if applicable) in order to assess the risk we will be accepting as well as calculate the premium. We require your customer data for contract management purposes and your payment information in order to collect your premium on time.

    We process data from external providers in order to calculate your premium as well as check your creditworthiness. The processing of this data is permitted on the basis of the insurance contract.

    Please also be aware that our premiums may relate to automated calculations that analyze various criteria concerning insured persons or property. This enables us to determine the insurance risk in more precise terms. We place a strong emphasis on fair insurance terms, however, in that the analysis always relates to customer segments and not to the individual insured person. 

    In some circumstances, your consent may be necessary when querying sensitive data requiring particular protection, such as health information. In this case, we process the data solely on the basis of the consent granted by you for the purpose of performing the contract.

    If required for contract processing purposes, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities and/or external experts that constitute the insurance chain. Furthermore, we notify third parties to which cover was confirmed (e.g. relevant authorities) about the suspension, amendment, or termination of the insurance relationship.

    Processing is permitted on the basis of the insurance contract, including in the event that it is not taken out. If we collect sensitive personal data that requires particular protection, such as health data, we may ask for your express consent in order to process it. 

    The data must be retained for at least 10 years after termination of the contract. Data regarding quotations is kept for 5 years, including in the event that the insurance is not taken out. Your data will be erased once the relevant retention period has elapsed.

  • 1.3.3 Claims and benefits

    We process your information for the purpose of assessing, reviewing, and processing claims, legal cases, and benefits. It is not possible for us to review your claim, legal case, or insured event unless we have your data.

    For example, we use your contact details – including the details of any co-insureds – in order to contact you. We require your customer information in order to manage claims, legal cases, and benefits; we require any information on claims or legal cases (including health data, if applicable) – such as notices of loss or legal cases, investigation reports, and invoices – in order to process your claim, benefit, or legal case; we also need your payment details in order to pay out claims or benefits, for example.

    For claims processing and accident analysis purposes in the case of traffic accidents, data recorded directly by the insured vehicle can be read for the purpose of determining the events that led to the damage or to identify the consequences of the loss when a loss event occurs. AXA decides based on the notification of the claim whether the data needs to be read. Depending on the manufacturer, this includes information such as speed, acceleration, delay, date, and time.

    In connection with a claim or insured event, we may obtain any relevant information from, and inspect the relevant files of, other insurance companies, authorities (police or investigating authorities, department of motor vehicles offices, or similar public offices), as well as from motor vehicle manufacturers and other third parties. If necessary, you must authorize the above-mentioned offices to disclose the relevant information or release the doctor from their obligation to maintain patient confidentiality; see also Art. 39 of the Insurance Contract Act (ICA) and Art. 62 FADP. 

    In some circumstances, your consent may be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of processing the claim, legal case, or benefit.

    If required for processing the claim, legal case, or benefit, we disclose data – though only that which is strictly necessary – to cooperation partners, co-insurers, reinsurers, other insurers involved or previous insurers, insurance intermediaries/brokers, service providers, pledge holders, debt collection companies, authorities, lawyers, external experts, doctors, authorized parties and/or claims handlers that constitute the insurance chain. In addition, for the purpose of enforcing the right of recourse and contractual recourse claims, information may be supplied to liable third parties and their liability insurer – including abroad.  All data on legal cases is treated by AXA Insurance Ltd / AXA Life Ltd and AXA-ARAG Legal Protection Ltd as confidential and not exchanged between them. Mutual access to data relating to legal cases and claims is excluded. 

    Processing is permitted based on the underlying insurance contract as well as on the basis of performance of a legal obligation. If the processing of your personal information is based on consent, we process the data in the context of such consent. 

    The data must be retained for at least 10 years after the claim is settled. Your data will be erased once the relevant retention period has elapsed.

  • 1.3.4 Insurance fraud

    We process your data in order to detect potential insurance fraud, prevent such occurrences, and combat insurance fraud, money laundering, and terrorist financing in general.

    For example, we use your contract, claims, and benefits data and analyze it in order to identify any suspicious patterns. To that end, and in order to protect you as well as us from unlawful or improper activities, we may also create and process profiles (see section 1.5.1 Profiling).

    In connection with the identification of misuse – and the filtering out of suspicious cases – we exchange data with external cooperation partners and other insurance companies and investigators. If consent is in place, we respond to inquiries from other insurance companies regarding their customers if there is a suspicion of insurance fraud. For example, we provide information about existing policies and previous claims. In addition, we supply information to the authorities where there is a legal basis for doing so. 

    Furthermore, your data is regularly checked against the data contained in the sanctions lists of the United Nations, European Union, Switzerland’s State Secretariat for Economic Affairs (SECO), the UK finance and economics department (HM Treasury), as well as the US Office of Foreign Assets Control (OFAC). 

    In the case of policyholders whose registered office or place of residence is in Switzerland, we can also make inquiries to the reference and information system (HIS) and, in the case of motor vehicle claims, to Car Claims Info.

    • HIS: To prevent and detect insurance fraud, we have additionally affiliated ourselves with the reference and information system (HIS) provided by SVV Solution AG. Participating insurance companies report specific circumstances indicating the need for in-depth examination of a loss event and may request relevant reports from other participating insurance companies. Information from the HIS is only used in connection with investigating the claim. Additional information about the HIS and your corresponding rights can be found at www.svv.ch/his (in German). All reports are deleted automatically 7 years after the date of the loss event.
    • Car Claims Info: For the purpose of combating fraud in relation to motor vehicle insurance, we send vehicle-related claims data to SVV Solution AG for recording in the electronic database "Car Claims Info". This makes it possible to check whether a registered vehicle claim has already been paid out by another insurance company. If fraud is suspected, then the companies may exchange relevant data. Additional information about Car Claims Info and your corresponding rights can be found in the privacy statement for "Car Claims Info" | SIA (in German). 

    Processing is permitted based on our overriding legitimate interest in preventing insurance fraud as well as on the basis of legal requirements.

  • 1.3.5 Legal services and compliance

    We process your data in order to meet regulatory and legal obligations, and to guarantee that laws, guidelines, standards, and internal directives are complied with.

    For example, we process your data for legally required disclosures to authorities with the aim of preventing, detecting, and investigating criminal offenses and other violations. This includes information, notification, and disclosure requirements in connection with obligations under supervisory and tax law. 

    In the case of individual checks where specialist technical expertise or in-depth knowledge is required, we may enlist cooperation partners or other third parties to assess and/or process the case. In addition, as a member of the AXA Group we are required to report specific serious compliance and security incidents to the Group and share them with the relevant Group teams.

    Processing is permitted on the basis of statutory obligations. AXA may be subject to legal obligations under Swiss or foreign laws. In addition, we include here sector standards, rules with regard to self-regulation, rules on in-house corporate governance, as well as instructions and requests from authorities.

    The data must be retained for at least 10 years. Your data will be erased once the relevant retention period has elapsed.

  • 1.3.6 Customer surveys and marketing

    We process your data for customer survey and marketing purposes, so that we can inform you about our products and services. “Marketing purposes” are any AXA activities aimed at the acquisition of new customers or deepening of existing customer relationships. 

    For example, we use data about your behavior, preferences, and contract for analysis purposes with the aim of upgrading existing products, offering them to you, as well as developing new AXA Group products and services, including non insurance-related.   

    In order to contact existing and potential customers through marketing measures which could be of interest to them, we process not only personal information and contact data but also other data to help us determine or personalize the target audience, content, and sending of marketing messages. This also includes data from interactions with us, e.g. regarding usage behavior on our website (see also Part 2. Using the website), as well as data from other public sources.  

    For individualized and targeted advertising purposes, as well as to provide you with offers and cater to your needs more effectively, we may also create personality profiles for you and assign you to a specific advertising group. 

    We do not use any sensitive data requiring particular protection, such as health data, for your personality profile. Specific marketing measures may be implemented by data processors and cooperation partners we have commissioned, and by common controllers or other third parties, or in cooperation with them.

    You can withdraw your consent to direct marketing measures and personalized advertising at any time in accordance with section 1.9.7 Right to object. To that end, you can contact the Data Protection Consultant directly (see section 1.10. Data Protection Consultant). You also have the following options:  

    Data processing is permitted on the basis of our overriding legitimate interest in providing you with targeted information about our products and services which could be of interest to you.

  • 1.3.7 Statistics and science

    We process your data for general and insurance-specific statistical analysis, and for risk management as well as market research purposes.

    For example, we use your customer and claims data to develop our conditions and premium rates and in general terms for the development of our insurance business, in particular in relation to artificial intelligence (AI). Furthermore, we use your claims data for analysis on the topics of road safety, to prevent accidents in the home, and to identify the effectiveness of fire protection measures.

    We use market and opinion polling opportunities in order to develop our existing products and services (including our website) as well as identify needs and aspirations, thus enabling us to create an optimized offering. To that end, we use your contact, contract, and customer data as well as analyze how you navigate our website and what products are used by which groups of people and in what way.

    This gives us an indication of the market acceptance of existing products and services as well as the market potential for new products and services. In addition, we use information from customer polls, surveys, and studies as well as other information, e.g. from the media, social media, internet, and other public sources. Within this context we may also obtain data from third parties or cooperation partners.

    If possible, we use anonymized data for our analysis and also anonymize or pseudonymize the data over the course of the statistical process. 

    In specific instances of statistical or scientific analysis or research work, we obtain data from third parties and merge it with our own data. In addition, data may be disclosed to data processors, cooperation partners, common controllers, or other third parties for the purpose described. The data disclosed are processed by the relevant company for a specific purpose.

    Data processing is permitted due to our overriding legitimate interest in improving our products, services, and internal processes.

  • 1.3.8 Job applications

    If you apply for a job with us, we will process your data in order to proceed with the application. Without this data we will be unable to assess your application and decide whether you are suitable for the position concerned.

    For example, we will use your contact details in order to schedule appointments with you. We will collect personal information, such as the information contained in your resume, and process data from references and educational qualifications. Alongside this essential information, you will have the opportunity to provide us with additional information for the application process. We will use the data provided to us in order to assess your application and reach a decision.

    As a job applicant, you can use the AXA application platform to find out about vacant positions at various AXA companies in Switzerland and apply electronically. This covers the following companies, including their respective sales force:

    • AXA Insurance Ltd 
    • AXA Life Ltd 
    • AXA-ARAG Legal Protection Ltd 
    • AXA Mobility Services AG
    • AXA Group Operations Switzerland AG
    • AXA Liabilities Managers Switzerland AG
    • AXA GIE, Paris, Winterthur branch, Switzerland

    Your application data will only be shared with persons who are involved in the application process, such as recruitment managers and line managers. In addition, your data may be disclosed to authorities in the event of a statutory duty of notification.

    Processing is permitted in the context of recruitment. Data will normally be erased 6 months after the application process has been concluded. Provided you give your consent, your application documents may be stored in the AXA candidates pool for future vacancies. If you have not found a suitable position within 12 months of the conclusion of the application process, your data will be erased automatically. 

    If your application leads to the conclusion of an employment contract, the data will be stored and used as part of the normal organizational and administration process as well as for the management of the employment relationship. Further details are set out in the information accompanying your employment contract.

  • 1.3.9 Other purposes

    Furthermore, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA.

    Data processing is permitted on the basis of our overriding legitimate interest in expedient corporate management and development.

  • 1.3.10 Legal basis pursuant to GDPR

    Where the GDPR (General Data Protection Regulation) applies, we proceed in application of the following legal bases:

    a) Initiation or performance of a contract  

    b) Existence of a statutory basis 

    c) Consent from you or a person authorized by you 

    d) Overriding or legitimate interests of AXA, examples of which include:  

    • Efficient, effective protection of customers, employees, and other persons as well as protection of AXA’s data, secrets, and assets as well as data, secrets, and assets that have been entrusted to AXA
    • Maintenance and secure, efficient, and effective organization of business operations, including secure, efficient, and effective operations and successful development of the website and other IT systems
    • Efficient and effective customer support, contact maintenance, and other communications with customers including outside of contract processing
    • Expedient corporate management and development, in particular with regard to the AXA Group
    • Documentation of customer behavior, activities, preferences, and needs, market studies
    • Efficient and effective improvement of existing products and services as well as development of new products and services
    • Management of advertising and marketing measures
    • Successful sale or purchase of business areas, companies, or parts of companies and other transactions under company law
    • Prevention of fraud, misdemeanors, and felonies as well as investigations in connection with such offenses and other inappropriate behavior, dealing with lawsuits and actions against AXA
    • Participation in legal proceedings and cooperation with authorities as well as otherwise asserting, exercising, and defending legal entitlements

1.4 Collection of data

  • 1.4.1 Direct data collection

    Personal data is primarily collected from you directly (e.g. personal consultation, and through online, application, and claims forms).

  • 1.4.2 Reported data on third parties

    If you wish to take out an insurance policy on behalf of another person (e.g. family members) or provide us with personal data concerning other persons, please ensure that such individuals are familiar with our Privacy Policy. Please also ensure that all information provided to us is correct and that you are authorized to provide us with the data.

  • 1.4.3 Data obtained from/provided by third parties and public offices

    In specific cases, we collect your data from third parties or receive your data from third parties or public offices and manage this data to the extent permitted by law. We therefore process, for example, data we receive from public authorities or finance companies so that we have the necessary data to conclude or process contracts. In addition, we process data obtained from data suppliers and address brokers or third-party website operators and online networks so that we can provide you with the best possible service and optimal advice as well as ensure data accuracy.

  • 1.4.4 Data from publicly accessible sources

    Where permitted, we obtain specific data from publicly accessible sources (e.g. debt collection register, land register, commercial register, media, internet) or receive such data from other companies within the AXA Group, as well as authorities, cooperation partners, and other third parties.

1.5 Data analysis, profiling, automated case-by-case decision-making

  • 1.5.1 Profiling

    We may process and evaluate your data on an automated (i.e. computer-supported) basis as well as create profiles for the purposes specified in section 1.3 Purpose of data processing.

    “Profiling” involves the automated processing of data in order to analyze or predict – and therefore assess – certain personal characteristics or a person’s behavior. This is done by combining, linking, and analyzing the personal data available to us. The result – that is, the profile created – gives us information about personal characteristics such as personal preferences, interests, place of residence, and changes of location. This enables to support and advise you on a more personalized basis and more successfully tailor our offerings to individual customer requirements. Further details about personality profiling for marketing purposes can be found in section 1.3.6 Customer surveys and marketing. There you will also find information about how you can refuse to allow personalized advertising and thus assert your right to object.

    In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes. We may also use these procedures to combat money laundering and misuse, as well as perform credit checks. Finally, these personalized risk assessment and evaluation procedures can be used as an essential calculation basis for the insurance contract.

    Profiling is performed within AXA in order to process insurance business or in connection with our associated, overriding legitimate interests. We ensure that the results are proportionate and reliable at all times, and take action against any misuse of profiles or profiling.

  • 1.5.2 Automatic case-by-case decision-making

    To ensure the efficiency and uniformity of our decision-making processes, we may also take specific decisions on a fully automated basis (computerized basis in accordance with specific rules and without any human involvement/checking by employees). These decisions can also be taken on the basis of profiling/profiles.

    In the event of such automated case-by-case decision-making, you will be specifically notified of its usage in the individual case should the decision have negative legal consequences for you or cause comparatively significant impairment. In such cases, you can ask for these decisions to be reviewed by an AXA employee (see section 1.9.9 Automated case-by-case decision-making).

1.6 Disclosure of data

  • 1.6.1 General principles

    We protect your data and do not sell it to third parties.

    In some circumstances, your data may be disclosed to data processors and third parties (e.g. if required for contract conclusion or processing, or for other purposes specified in this Privacy Policy). These recipients are contractually required to comply with current data protection laws as well as confidentiality and secrecy requirements, if applicable. In addition, your data may be disclosed to other controllers or cooperation partners. 

    We reserve the right to disclose information even if it is confidential. In many cases, the disclosure of confidential data is necessary in order to process contracts or provide other benefits. Non-disclosure agreements do not generally exclude such information disclosures – including disclosure to service providers. Given the sensitivity of the data and other factors, however, we always ensure that such third parties deal with the data in an appropriate manner.

  • 1.6.2 Disclosure of data to electronic clearing office (CLS)

    To facilitate automated data exchange between AXA, the federal government, as well as cantonal driver and vehicle licensing offices or shipping authorities, AXA is affiliated with the electronic clearing office (CLS), which collates electronic certificates of insurance (data on vehicles and vehicle keepers, as well as ship and shipowner data) for administration and archiving purposes and forwards them to the motor vehicle information system (MOFIS) of the Federal Roads Office (FEDRO) or to the cantonal shipping authorities.

  • 1.6.3 Data disclosure within the AXA Group

    We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules [BCR]. Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group. Details of individual companies in the AXA Group can be found here: List of AXA companies worldwide.

  • 1.6.4 Disclosure of data to data processors

    To fulfill contractual or statutory obligations, we sometimes work together with data processors such as suppliers, IT and other service providers. They are contractually obliged to process the data only for the purposes predetermined by AXA. A list of data processors is available from our offices. If the data processors themselves involve third parties, we may approve this on a case-by-case basis.

  • 1.6.5 Disclosure of data to cooperation partners/third parties

    We work with third parties that process your data based on their own responsibility, or based on shared responsibility with ourselves. Such third parties include any natural person or legal entity, authority, institution, or other public office that is not part of the AXA Group or its data processors. In particular, we include here our cooperation partners and the following categories: 

    • Insurance intermediaries, distributors, and other contracting parties  
    • Pension institutions 
    • Experts such as doctors and lawyers  
    • Previous insurers, co-insurers, and reinsurers 
    • Social and health insurance companies as well as other private insurance companies 
    • Other participants in an incident (e.g. in the event of a claim) 
    • Authorities and public offices in Switzerland and abroad 
    • Other parties in potential or actual legal proceedings 
    • Garages/mechanics/breakdown service providers/transporters/taxi and car rental companies

    Cooperation partners in the mobility sector (list not exhaustive):  

    • AXA Mobility Services / UPTO (fleet management and car subscriptions)
    • Cardossier (easy preparation of certificate of insurance for customers) 
    • ryd (intelligent auto assistance) 

    Cooperation partners in the Life & Health sector (list not exhaustive):

    • HelloBetter (online course) 
    • Mental health / Aepsy (online self-testing/therapist search) 

    Cooperation partners in SME sector (list not exhaustive): 

    • DearEmployee (Working Atmosphere Compass) 
    • Accounto (payroll bookkeeping) 
    • Swibeco (employee benefits platform) 
    • Pro Mente Sana (course for managers) 
    • Health Keeper (AXA Group) (health platform) 

    Cooperation partners in AI (artificial intelligence) sector (list not exhaustive):  

    • Legal X (free AI initial legal assessment) 
    • Noimos (AI-supported claims handling) 

    In addition, we may disclose data to research institutions or researchers for scientific research or statistical purposes. In this case we ensure that the data is disclosed on an anonymized or pseudonymized basis. 

  • 1.6.6 Data abroad

    We process data worldwide, in particular in countries in which other AXA Group companies operate (list of countries of the AXA group of companies). Prior to transmitting data to a country outside of Switzerland and the EEA countries, we ensure that the country has an appropriate degree of data protection. If the country does not have appropriate data protection, we ensure an appropriate degree of protection by means of contractual provisions (e.g. based on standard contractual clauses of the European Commission or our Binding Corporate Rules [BCR]) along with effective technical security measures. By way of exception, data may be transmitted to a third country with an insufficient degree of data protection if you have given us consent to do so, if required by the underlying contract with you, in the case of legal proceedings abroad, or in the event of overriding public interest. Please contact us if you would like a copy of the standard contractual clauses.

1.7 Duration of storage

  • 1.7.1 Statutory retention periods

    We process the data collected for as long as necessary and in compliance with the statutory retention period (bookkeeping, limitation period, company law, tax and social insurance legislation) and for as long as required in order to perform our specified processing tasks as well as on the basis of our overriding legitimate interests (in particular to provide evidence or to defend against claims and to demonstrate good governance).

  • 1.7.2 Purpose-oriented retention period

    Within the meaning of a purpose-oriented retention period, we ensure that your data is only stored for as long as is absolutely necessary. Due to actuarial circumstances (occurrence of a claim, suspected misuse, recourse claims, dispute) and changing legal parameters that can simultaneously involve different retention periods, the retention period may range from a few days to a few years or more. If the data is no longer required for processing purposes, we erase or anonymize it.

    Other information can be found under the respective processing tasks in section 1.3. Purpose of data processing or in Part 2 onward (Part 2. Using the website).

1.8 Data protection in relation to occupational benefits

  • 1.8.1 Purpose of data processing

    AXA Life Ltd processes personal data for the purpose of providing occupational benefits as well as to maintain and continue occupational benefits coverage and group life insurance in accordance with the tasks assigned to it.

  • 1.8.2 Legal basis of processing

    All processing steps – from collection to retention and destruction of data – that take place at AXA Life Ltd or at commissioned third parties are carried out in accordance with the applicable statutory regulations of the FADP and the specific data protection provisions of the Occupational Pensions Act (BVG/OPA), or, where applicable, in accordance with the GDPR. 

    Any person involved in the implementation as well as the control or supervision of the implementation of occupational pensions is subject to the duty of confidentiality pursuant to Art. 86 BVG/OPA.

  • 1.8.3 Disclosure of data

    If required for the implementation of occupational pensions, personal data in relation to the insured may be transmitted to co-insurers and reinsurance companies to the extent required. Furthermore, the disclosure and forwarding of data to third parties is based on the specific data protection provisions of the BVG/OPA.

  • 1.8.4 Statutory retention periods

    The retention of data is governed by the statutory requirements as defined by Art. 41 (8) BVG/OPA in conjunction with Art. 27i, Art. 27j, and Art. 27k of the Ordinance on Occupational Old Age, Survivors’ and Invalidity Pension Provision.

1.9 Your rights

  • 1.9.1 General principles

     

    Unless stated otherwise, if your data is processed by AXA you may – in accordance with applicable data protection legislation and the processing purpose – assert the rights specified in sections 1.9.2 to 1.9.9, free of charge and at any time, as follows:

    email or letter (postal address) to the unit specified in section 1.10 Data Protection Consultant.

    For the purpose of avoiding misuse, the exercising of your rights generally requires that you prove your identity conclusively (e.g. by means of a copy of your identity card or passport), unless we are unable to identify you clearly in another way.

    Data subject requests addressed to the units specified may be processed by other units such as AXA Complaint Management.

    In the event of a violation of your rights, you have the option of submitting a complaint to the responsible data protection authority (see section 1.10 Data Protection Consultant).

  • 1.9.2 Right to information

    You have the right to request information from us as to whether we process your data and, if so, what data. You can submit your request for information in writing or by email, enclosing a copy of your identity card or passport (if your identity is not clear in another way or you cannot be identified), to the address listed under Contacts in section 1.10 Data Protection Consultant.

  • 1.9.3 Right to data portability

    You have the right to request the release of specific personal data in a common electronic format or for it to be transferred to another controller.

  • 1.9.4 Right to rectification

    You have the right to insist that we rectify any incorrect data. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide. 

  • 1.9.5 Right to erasure

    You have the right to request the erasure of data that is not essential to the performance of the contract, or that is not being processed for statutory reasons (e.g. mandatory retention) or on account of AXA’s overriding legitimate interests. If erasure is technically impossible or involves disproportionate effort, we will be unable to meet your request for erasure.

  • 1.9.6 Processing restriction

    In certain cases you will have the right to the restriction of processing (e.g. if the accuracy of the data is disputed or unlawful processing is asserted). 

  • 1.9.7 Right to object

    You have the right to object to the future processing of your data with immediate effect, in particular if processing is in order to maintain our legitimate interests, e.g. in the case of direct marketing.

  • 1.9.8 Revoking your consent

    You have the right – provided the processing of your data is based on consent that you have granted – to revoke your consent to future processing with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations. 

  • 1.9.9 Automated case-by-case decision-making

    We will let you know if we have taken an automated case-by-case decision in the context of the applicable law. You will then have the right to present your point of view, contest the decision, and demand that the decision is reviewed by a human. When informing you of the decision taken, we will let you know whom to contact. You should then get in touch with the contact person specified.

1.10 Data Protection Consultant

  • 1.10.1 Switzerland, Principality of Liechtenstein, legal protection insurance

    Please send applications and inquiries in connection with the processing of your data by AXA in writing, enclosing a copy of your identity card or passport, to the Data Protection Consultant: 

    • AXA Data Protection Consultant for business activity in Switzerland
      AXA Insurance Ltd / AXA Life Ltd 
      Pionierstrasse 3
      CH-8400 Winterthur 

      Email: datenschutzanliegen@axa.ch (unencrypted) 
    • AXA Data Protection Consultant for business activity in the Principality of Liechtenstein
      AXA Insurance Ltd / AXA Life Ltd 
      Pionierstrasse 3
      CH-8400 Winterthur  

      Email: datenschutzanliegen@axa.fl (unencrypted) 
    • Data Protection Consultant for legal protection insurance 
      AXA-ARAG Data Protection Consultant 
      AXA-ARAG Legal Protection Ltd 
      Affolternstrasse 42 
      CH-8050 Zurich 

      Email: info@axa-arag.ch (unencrypted)
  • 1.10.2 Data protection supervisory authority

    If you believe AXA has failed to comply with the data protection regulations applicable to you, we would advise you to contact the relevant, above-mentioned AXA Data Protection Consultant in the first instance. 

    You can, however, also file a complaint directly with the relevant data protection supervisory authority:

    • Switzerland
      Federal Data Protection and Information Commissioner
      Feldeggweg 1
      CH-3003 Bern 
    • Principality of Liechtenstein
      Data Protection Authority (DSS)
      Städtle 38
      P.O. Box 684
      FL-9490 Vaduz

AXA & You

Contact Report a claim Broker Job vacancies myAXA Login Customer reviews Garage portal myAXA FAQ

AXA worldwide

AXA worldwide

Stay in touch

DE FR IT EN Terms of use Data protection / Cookie Policy © {YEAR} AXA Insurance Ltd.

We use cookies and analysis tools to improve your user experience, to personalize advertising by AXA and our advertising partner companies, and to provide social media functions. Unfortunately you cannot change your cookie settings via our Cookie Preference Center if you use Internet Explorer 11. If you would like to change your settings, please use an up-to-date browser. By using our website with this browser, you consent to the use of cookies. Data protection / Cookie Policy