2 The extent to which we are responsible for processing your data
nothing else is communicated, e.g. in this or other data protection declarations, on forms or in contracts.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible. In cooperation with our hosting providers, we endeavor to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
3 We process this personal data about you
We process different categories of data about you depending on the nature of your relationship with us. The most important categories are as follows:
3.1 Master data
We define master data as the basic data that we require in addition to the contract data (see below) for the processing of our contractual and other business relationships, such as in particular name, contact details and financial information, date of birth, address, languages, nationality, cantonal and municipal affiliation, telephone number, e-mail address, age, gender, customer history, powers of attorney, signature authorizations and declarations of consent. Master data is not collected comprehensively for all contacts. Which data we collect in detail depends in particular on the purpose of the processing.
3.2 Contract data
This is data that arises in connection with the conclusion or processing of a contract, in particular information on bank details or the processing of payments, information from the application process (such as an application for insurance products or services), the insurance product, benefits, entry and exit dates, suspensions and deductibles, as well as information on the relevant contract and contract management (e.g. contact with customer services, support with technical matters and the enforcement of contractual claims). Contract data also includes information on defects, complaints and adjustments to a contract, as well as information on customer satisfaction, which we can collect by means of surveys, for example. The contract data also includes details of previous and other insurances as well as health data.
3.3 Communication data
If you contact us via a contact form, by e-mail, telephone or chat, by letter or other means of communication, we collect the data exchanged between you and us, including the content, your contact details, details of the preferred communication channel and the marginal data of the communication. If we record or listen to telephone conversations or video conferences for reasons of traceability, training and quality assurance purposes or for evidence purposes, we will draw your attention to this in particular. If we want or need to establish your identity, e.g. if you request information, we collect data to identify you (e.g. a copy of an identity document).
3.4 Technical data
3.5 Marketing, behavioral and preference data
Depending on the relationship we have with you, we try to get to know you and tailor our products, services and offers to you better. To the extent permitted, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties, including from publicly available sources. Some of the data processed for this purpose is already known to us (e.g. when you use our services), or we obtain this data by recording your behavior (e.g. how you navigate our website or you provide us with your data yourself (e.g. by subscribing to and unsubscribing from newsletters).
3.6 Other data
We also process your data in other situations. In connection with official or court proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may receive or produce photos, videos and sound recordings in which you may be recognizable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings or has corresponding access rights and when (including in the case of access controls, based on registration data or visitor lists, etc.), who participates in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the holding of events (e.g. General Meetings).
4 We obtain your personal data from these sources
You provide us with most of the aforementioned data yourself, e.g. via contact forms, in e-mails, correspondence, on the telephone, by using the website, in surveys or competitions and in contractual relationships, in particular in the context of a business relationship (e.g. customers and business partners or users of the website, the app or other applications) or with regard to a possible future business relationship (e.g. interested parties, applications, providers). However, personal data may also be collected indirectly, namely by persons and bodies authorized by customers. To the extent permitted, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media and professional networks such as Xing or LinkedIn) or receive data from third parties (e.g. business partners, intermediaries). Reference information is only obtained from those employers that are disclosed to us. Information about obtaining references will be provided during the interviews.
5 We process your personal data for these purposes
We process personal data in accordance with the legal requirements, in connection with our services, the initiation, processing and fulfillment of contracts as well as the maintenance and development of customer relationships, communication with (potential) contractual partners.
In addition, we process personal data in particular and to the extent permitted by law for the following purposes:
- Security of customers, employees and other persons (e.g. threats);
- Protection of data, secrets and assets, security of systems and buildings;
- for statistical evaluations and for market research and marketing purposes;
- Compliance with legal and regulatory requirements and internal rules;
- Prevention of fraud, misdemeanors and felonies and investigations related to such offenses and other inappropriate conduct, handling of legal civil or criminal proceedings;
- Enforcement of or defense against legal claims and proceedings or inquiries from authorities;
- Quality control, market research, marketing, advertising, promotions, further development of products, services and offers;
- Preparation of statistics, budgets, records and management information and other reports on customers, users or other persons, transactions and activities, offers and other business aspects for the purposes of the management and development of the company, the offer and activities as well as in the context of project management;
- Administration, operation and further development of the website (including the provision of functions that require identifiers or other personal data) and other IT systems as well as identity checks;
- Sale or purchase of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of customer data.
6 We process your personal data on these legal bases
Insofar as Simply Services AG’s data processing requires a legal basis, Simply Services AG processes your personal data on the basis of the following legal bases:
- Contract initiation, processing and fulfillment;
- Compliance with legal regulations (e.g. KVG, VVG, DSG);
- Consent of the customer, whereby the consent can be revoked at any time by written notification to us;
- Legitimate interests of Simply Services AG and third parties, in particular in order to fulfill the obligations set out in para. 5 and the associated objectives and to be able to implement appropriate measures.
- Safety of customers, employees and other persons;
- Protection of data, secrets and assets, security of systems and buildings;
- Compliance with legal and regulatory requirements and internal rules;
- Efficient and effective customer service, contact management and other communication with customers outside of contract processing;
- Efficient and effective organization of business operations;
- Corporate management and development;
- Understanding customer behavior, activities and needs, market studies;
- Efficient and effective improvement of existing products and services and development of new products and services;
- Market research, advertising and marketing;
- Efficient and effective operation and further development of the website and other IT systems;
- Sale or purchase of business divisions, companies or parts of companies and other transactions under company law;
- Preventing fraud, misdemeanors and felonies and participating in investigations related to such offenses and other inappropriate conduct, handling legal processes;
- Participation in legal proceedings, assertion, exercise or defense of legal claims and proceedings or inquiries from authorities.
7 We also pass on your personal data to third parties
If we are legally obliged or authorized to do so or if you have consented to the disclosure of data, we will also transfer your personal data to third parties within the scope of the above-mentioned purposes, in particular to the following categories of recipients:
- Insurance companies;
- Service providers, e.g. banks, IT providers, marketing companies, data analysis service providers, debt collection service providers;
- Business partners, e.g. suppliers, dealers and cooperation partners;
- Industry organizations, associations and other bodies;
- Authorities, courts, official bodies, supervisory authorities, if we are legally obliged or entitled to do so;
- Other parties in potential or actual administrative and legal proceedings;
- Acquirers or parties interested in acquiring business units, companies or other parts of Simply Services AG;
- Other persons, insofar as the inclusion results from the above-mentioned purposes.
The recipients are contractually obliged to comply with confidentiality and the applicable data protection law at all times and to implement suitable technical and organizational measures to secure the personal data and to protect it appropriately against unauthorized or unlawful processing, unintentional loss, alteration, disclosure or access.
8 Your personal data may also be transferred abroad
The recipients of personal data may be located not only in Switzerland, but also abroad, often within the EEA, but in some cases also worldwide. If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection or to an adequate level of protection (usually based on the standard contractual clauses of the European Commission, available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if it concerns data that you have made generally accessible and whose processing you have not objected to.
Please also note that data exchanged via the Internet is often routed via third countries. Your data can therefore be sent abroad even if the sender and recipient are in the same country.
9 How we protect your personal data
We take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorized access.
Security measures of a technical and organizational nature may include, for example, measures such as the encryption and pseudonymization of data, logging, access restrictions, the storage of backup copies, instructions to our employees, confidentiality agreements and controls. We protect your data transmitted via our website in transit by means of suitable encryption mechanisms. However, we can only secure areas that we control. We also oblige our processors to take appropriate security measures. However, safety risks cannot be completely ruled out; residual risks are unavoidable.
Our employees are subject to a contractual duty of confidentiality.
10 How long we process your data
We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or for as long as storage is technically necessary. Retention may be required for technical reasons if certain data cannot be separated from other data and we therefore have to retain it with the other data (e.g. in the case of backups or document management systems). The statutory retention period is generally 10 years. Some shorter time limits apply to certain data, e.g. for the recording of telephone or video surveillance or the logging of automated data processing. In the case of applications, this data protection declaration is deemed to be accepted and authorization is granted to continue to store all data even after a rejection in order to use it for a new application. Application data will be destroyed after one year at the latest. Longer retention periods may occur, for example, in connection with accidents or lost certificates. Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in the event of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance.
As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized.
11 You have these rights
To make it easier for you to control the processing of your personal data, you have the following rights in connection with our data processing
rights, provided that the relevant legal requirements are met and there are no reasons for a restriction or deferral:
- the right to request information from us as to whether and which of your data we process;
- the right to have us correct data if it is incorrect;
- the right to request the deletion of data;
- the right to obtain from us the personal data concerning you in a commonly used electronic format or to transmit those data to another controller;
- the right to withdraw your consent with effect for the future, insofar as our processing is based on your consent;
- the right to receive, on request, further information necessary for the exercise of these rights.
Please note that we may need to process and store your personal data in order to fulfill a contract with you, to protect our own legitimate interests, such as the exercise or defense of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to protect legitimate interests, we may therefore also reject a data subject’s request in whole or in part (e.g. by blacking out certain content that concerns third parties or our business secrets).
If you wish to exercise the above-mentioned rights, please contact the persons listed in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of an official identification document, e.g. ID or passport, whereby the unnecessary information can be blacked out)
Simply Services AG