nFADP – Data Privacy Policy

Our approach to personal information

It is of great concern for us, UNIQA, to inform you, our customers, about how your personal data is used and processed.

Please take a moment to read the following important points.

To provide our insurance-related services, we need to collect, store, and verify the necessary data. For example, we must gather our customers’ financial data to process reimbursement transactions.

For example, we need to collect our customers’ financial data to process reimbursement transactions. We obtain this data either directly from our customers or through intermediaries such as their employers. Our customers include the primary insured members, their spouses, and other family members (children) covered under the insurance contract.

If you have questions concerning personal data protection, please contact our data protection office at any time.

DPO Contact in Switzerland:

UNIQA GlobalCare SA

Avenue de la Praille 26 – CP 1431

CH-1227 Carouge, Suisse        contact@uniqa.ch

UNIQA Austria as our GDPR representative in the EU: UNIQA Insurance Group AG

Untere Donaustraße 21

1029 Vienna, Autriche               datenschutz@uniqa.at

Your personal data

Personal data is information which relates to an identified person or allows identifying (directly or indirectly) a natural person. This includes, in our case as an insurance company:

  • Identification information (first name, last name, nationality…)
  • Directory information (telephone number, addresses, email…)
  • Financial information (IBAN, bank information)
  • Professional information (position, address, matricule number…)
  • Health information (medical certificate, medical form, medical invoices…)

We pay special attention to the security and the appropriateness of the way we stored and process your personal data, relying on the standards of the new Swiss Federal Act on Data Protection (nFADP) as well as the European Union’s General Data Protection Regulation (GDPR). Our IT environment is regularly audited with regard to the access authorizations, the security measures, the continuity and change management.

The reason why we use personal data

We provision and process your personal data to either affiliate you and provide you with our insurance services or perform business analysis necessary to run our company and improve our services.

More specifically, we:

  • Set up insurance contracts with our customers
  • Refund our customers for the treatments included in their contracts
  • Refund healthcare providers for the treatments included in the contracts
  • Perform actuarial and statistical analyses necessary for managing the business

For instance, we receive details about our customers’ hospitalizations or illnesses to verify if

  • the case is covered by the insurance we provide.
  • If it is, we pay the corresponding bill to the person involved.

The legal ground under which we process personal data

Our personal data processing operations are lawful and fair.

In Switzerland, our personal data processing practices comply with the revised Federal Act on Data Protection (FADP), which came into effect on September 1, 2023. This law aims to protect the personality and fundamental rights of individuals whose personal data is processed, aligning with the European GDPR standards.

In compliance with the General Data Protection Regulation, the processing of our customer’s personal data is necessary either to perform our contractual obligations with them or to take steps, at their request, to enter into an insurance contract. We process some personal data other than health data, in a pseudonymized, way in order to produce statistics necessary for the management of our activities. Such statistical processing is compatible with the performance of our contractual services to our customers and are based on our legitimate interest, in compliance with the GDPR.

Furthermore, we store our customers’ personal data for the longest of the periods necessary:

  • To comply with the applicable regulatory and legal obligations and
  • To manage our operational constraints such as an adequate customer account management, an adequate support to our customer requests or answering to legal claims.

Therefore, we keep the vast majority of our customers’ information during 10 years after the end of our contractual agreement with them.

Cookies

Like most websites, we use cookies. Cookies are small text files that our server sends to your browser when you visit our website, stores on your device in order to make the use of our website possible, to make it more convenient, and to analyze it.

We use (i) functional cookies, which are necessary for the operation and availability of our website, and (ii) analysis cookies, which help us collect general information about website usage and interaction in order to

analyze and subsequently facilitate and improve the use of our website.

If we process personal data and the cookies are not technically necessary, we ask you for your prior consent.

You can also refuse the use of cookies by changing your browser settings. If you deactivate cookies completely or reject them, it is possible that you will not be able to use certain functions of our website.

Who we can transfer personal data to

We carefully select our business partners and only transfer personal data to them when absolutely necessary

Like us, they comply with the provisions established in the Swiss Data Protection Act (nFADP) and the GDPR.

Our business partners are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us. They are required to follow the General Data Protection Regulation as much as we are.

For instance, we provide financial information to our bank partners to reimburse our customers. We provide directory information to our mail delivery partners in order to provide our customers with the contractually agreed information. We cautiously and rigorously exchange health data with both our own medical advisors so as with the organisms providing healthcare services to our customers.

All our third parties are contractually bound to confidentiality. In particular, our medical advisors are bound to medical secrecy. Moreover, we only transfer the type of data that is necessary for the specific third party. We do not transfer data to business partners who don’t need it for their services.

In this context, data may be transferred as electronic file, by email by fax or on paper.

Data storage

UNIQA is a European organization. Therefore, your personal information may be stored and processed outside of your home country, namely in the country of residence of our headquarters which is Austria or in the country hosting our operations which is Switzerland. This means that our customers’ personal data are only transferred to the European Union and to a country (Switzerland) which is assessed as adequate by the European Commission with regard to personal data protection.

Your rights as data subjects

We comply with the provisions of the Swiss Federal Act on Data Protection (FADP) and the European General   Data Protection Regulation (GDPR)

Therefore, we only use data that has been provided upon request from you and process it under contractual agreement with you and we will gladly comply to any legitimate request you may have:

  • Access: You have the right to access and rectify your personal information at any time.
  • Erasure and restriction: under legitimate conditions, you may also have the right to request erasure of your personal data or a restriction on a given processing. For instance, the processing might be restricted in order to allow for the correction of specific personal data.
  • Objection: under specific regulatory criteria, and with regard to the terms and conditions of our contractual agreement, you may have the right to object to the processing of your personal data (e.g. processing related to direct marketing, processing based on your consent or processing based on our legitimate interest if you actively intend to contest its lawfulness).
  • Portability: for personal data you directly provided to us and which we process using automated means, you have the right to obtain your personal data in a structured, commonly used, machine- readable format and transfer it to another organisation of your choice. You may also request us to transfer this data directly to another organisation: we will be glad to comply within the limit of our technical capabilities.

In Switzerland, if you wish to file a complaint, you can contact the Federal Data Protection and Information Commissioner (FDPIC). In addition, you have the right to lodge a complaint with a public supervisory authority in the European Union.

In any case, please contact our Data Protection Officer.

Errors and omissions

If you believe there is an error in the information you provided to UNIQA, or in the personal data we have displayed, please contact us by email at: contact@uniqa.ch.

We will review your request for correction as soon as possible.

Additional information

We will regularly update this data privacy policy to reflect changes in our practices and legal requirements.