Search

Data Protection Statement

1. What is this purpose of this Privacy Policy?

This Privacy Policy applies to Allianz Suisse Insurance Company Ltd. and CAP Legal Protection Insurance Company Ltd. with registered office in Wallisellen (hereinafter Allianz Suisse” and “CAP”, also “we”, “us”). We obtain and process personal data, in particular personal data about our policyholders, other customers, affiliated persons, contracting parties, injured parties, insured persons, visitors to our website, participants in events, recipients of newsletters and other bodies and/or their respective contact persons and employees (hereinafter also referred to as “you”). This Privacy Policy provides information about this data processing. In addition to this Privacy Policy, we may inform you separately about the processing of your data (e.g. in forms or contractual terms).

If you provide us with data about other persons (e.g. family members), we assume that you are authorised to do so, that this data is correct and that you have ensured that these persons have been informed of this disclosure, insofar as a legal obligation to provide information applies (e.g. by having brought this Privacy Policy to their attention in advance).

2. Who is responsible for processing your data?

Each collection and further processing of personal data is the responsibility of one or more (data protection) controllers. For the activities of Allianz Suisse and CAP, unless otherwise stated, this is the Allianz Suisse or CAP company that is responsible for the relevant website or the area of the website where you have accessed this Privacy Policy and is indicated as the operator (e.g. in the legal notice, by name or as a reference in the relevant documents). If on such a website another organisation obtains personal data as an independent controller, we will indicate this. Furthermore, the company with whom you communicate, with whom you have or wish to conclude a contract, with whom you are insured or are a beneficiary or wish to claim a benefit, to whom you apply for a job, which you visit, whose social media pages you visit, whose apps you use or which contacts you, is the controller for the associated collection of personal data (this does not include companies that merely act as processors for one of the other companies).

“www.elvia.ch” is the website of the direct insurer of Allianz Suisse Insurance Company Ltd. P.O. Box 8010 Zurich, which is responsible as the insurer and underwriter for data processing in relation to the car, motorcycle, household contents and liability insurance products.

If you have any questions about the processing of your personal data in relation to the car, motorcycle, household contents and liability insurance products, please contact us at data-privacy@allianz.ch or by post to Allianz Suisse, Data Protection Officer, C RD C, P.O. Box, 8010 Zurich.

Responsibility for data processing in relation to legal protection insurance (as insurer, underwriter and subsidiary of Allianz Suisse Insurance Company Ltd) lies with CAP Legal Protection Insurance Company Ltd, Neue Winterthurerstrasse 88, 8304 Wallisellen.

If you have any questions about the processing of your personal data in relation to legal protection insurance, please contact us at data-privacy@cap.ch or by post at CAP Legal Protection Insurance Company Ltd, Data Protection Officer, c/o Allianz Suisse, C RD C, P.O. Box, 8010 Zurich.

3. For what purposes do we process personal data?

We collect and process various categories of your personal data. Allianz Suisse and CAP combine various divisions of the company that may collect and process your personal data. In the following areas, all or several business units collect the following categories of data for the following purposes:

  • Communication: In order to communicate with you and third parties by email, telephone, chat, letter or otherwise (e.g. to respond to enquiries, in the course of a consultation and to initiate or execute a contract), we process and obtain in particular the content of the communication, your contact details and the marginal data of the communication. If you contact us via a chat function on our website, the chat may be automated or you may be connected to a customer service operative. We can also produce image and audio recordings of (video) calls and conferences. In such a case, we will inform you separately and you will have the opportunity to inform us if you do not wish to be recorded or wish to terminate the communication (if you simply do not wish your image to be recorded, please switch off your camera). We may also process the data generated during communication (in particular recordings of (video) telephone calls and conferences as well as chat logs) for training, evidence or quality assurance purposes. If we need or want to establish your identity, we collect additional data (e.g. a copy of an ID card).
  • Website, apps: In order to operate our website and our apps securely and stably, but also to improve them and understand how they are used, we collect and process technical data, such as IP address, information about the operating system and settings of your end device, the region and the time and type of use. We also use cookies and similar technologies. They are mostly used to ensure that the website functions as expected, but also for the purposes mentioned above. Usually this information does not identify you directly. However, it can offer you a more personalised web experience (e.g. save language selection). For more information, see Section 10.
  • Registration: In order to use certain offers and services (e.g. login areas, free Wi-Fi or newsletters), you have to register (directly with us or via our external login service providers). For this we process the data provided during the respective registration process. We may also link this data with cookie data (e.g. to provide you with customised offers, for more information see Section 10). Furthermore, we may also collect personal data about you while you are using the offer or service; if necessary, we will provide you with further information about the processing of this data.
  • Relationship management and marketing: We also obtain and process your personal data for relationship management and marketing purposes, namely to send our customers, other contracting parties and other interested parties personalised advertising (e.g. on our website, as printed matter, by email or by telephone) and suitable offers for products, services and other news from us. We also obtain and process personal data in the context of individual marketing campaigns (e.g. events or competitions). For this, we process in particular the names, email addresses, telephone numbers and other contact details that we receive during the conclusion or processing of a contract or any registration (e.g. for the newsletter). You can reject these mailings (which can be sent via all contact channels we have) at any time or refuse or revoke your consent to being contacted for advertising purposes by notifying us (see contact details in Section 2).
  • Market research, improving our services and operations and product development: In order to continuously improve our products and services (including our website, our apps and other electronic offerings), we collect data about your behaviour and preferences, for example by analysing how you navigate through our website or our apps, how you interact with our social media profiles or which products are used by which groups of people and in what way. We may also conduct customer surveys, e.g. to find out whether you are satisfied with us and our services and products and/or how we can improve. Where appropriate, we may link and supplement such information with other data, including from third parties (also from publicly accessible sources).
  • Job applications: If you apply for a job with us, we obtain and process the relevant data for the purpose of reviewing the application, carrying out the application process and, in the case of successful applications, for the preparation and conclusion of a corresponding contract. For this purpose, we process in addition to your contact details and the information from the corresponding communication, in particular the data contained in your application documents and the data that we may additionally obtain about you, e.g. from job-related social networks, the internet, the media and from references from other organisations, if you consent to us obtaining references.
  • Security purposes and access controls: We obtain and process personal data in order to ensure and continuously improve the appropriate security of our IT and other infrastructure (e.g. buildings). This includes, for example, monitoring and controlling electronic access and activities on and in our IT system(s) as well as physical access to our premises, analyses and tests of our IT infrastructures, system and error checks and the creation of backup copies. For documentation and security purposes (preventive and to investigate incidents), we also keep access logs and visitor lists in relation to our premises and use surveillance systems (e.g. security cameras). We inform you of the cameras at the relevant locations by means of appropriate signs.
  • Compliance: We obtain and process personal data (in particular master data, contractual and financial data, behavioural data and technical data) for compliance with applicable laws (e.g. to combat money laundering or due to tax obligations), self-regulation, certifications, industry standards, economic sanctions, our corporate governance and for internal and external investigations (e.g. by a law enforcement or supervisory authority or a commissioned private body).
  • Risk management and corporate governance: We obtain and process personal data within the scope of our risk management (e.g. to protect against criminal activities, monitoring of debtors and creditors) and corporate management (in particular contractual and financial data, behavioural data and technical data). This includes, among other things, our business organisation (e.g. resource planning) and corporate development (e.g. acquisition and sale of business units, assets, business activities or companies and corresponding exchange of information with third parties), profitability analyses, portfolio restructuring and participation in activities of the international group of companies to which we belong and corresponding reports to them.
  • Contractual relationship: With regard to the initiation, conclusion and processing of a contract with you (or your employer or client), we may obtain and otherwise process in particular your name, contact details, powers of attorney, declarations of consent, information about third parties (e.g. family details), contract contents, date of contract conclusion, creditworthiness and profitability data as well as all other data that you provide to us or that we collect from third parties (e.g. references, information from the previous insurer). This may also include health data or other data that can provide us with information about your life situation. We also process personal data so that we can fulfil our contractual obligations vis-à-vis our customers and other contracting parties (e.g. service providers, project partners) and, in particular, provide and demand the contractual services. We also process personal data in order to offer you customised services and products. For customer support, the enforcement of contracts (debt collection, legal proceedings, etc.) and for accounting purposes, we process the data that we receive or have collected during the initiation, conclusion and fulfilment of the contract, including, for example, data on contractual services and the provision of services, information on reactions (e.g. information on satisfaction) and financial and payment information. We may also process personal data for profitability analyses and portfolio restructuring.
  • Other purposes: Other purposes include, for example, training and education purposes, administrative purposes (e.g. accounting), optimisation and further development of our systems (e.g. carrying out test runs for new functions to be implemented), processing and settlement of legal disputes (e.g. in court proceedings), internal reporting, e.g. on reports and further developments in the media (including social media), and public relations. In addition, we may process personal data for the organisation, implementation and follow-up of events, in particular lists of participants, content of presentations and discussions, as well as image and audio recordings made during these events. Other purposes include the protection of other legitimate interests, which cannot be listed exhaustively.

4. For what specific purposes do we process your data in particular?

We obtain and process your personal data for the following purposes, particularly in the following business-specific areas:

4.1 Insurance

  • Claims: We obtain and process your personal data in order to assess, check and process claims. In addition to your contact details, we sometimes also need behavioural, location, financial, salary and professional data, health data and other sensitive data (e.g. family situation, ethnicity, religion) as well as data that describes an incident, its causes and consequences (or lack thereof) and may relate to you or other persons. We collect this data, for example, from damage reports, police reports, appraisal reports, surveillance reports, medical certificates, accident reports and invoice receipts, from public sources, from authorities or directly from third parties, e.g. from other insurance companies, authorities, vehicle manufacturers or other persons whose information is required for this purpose or from whom relevant information can be obtained (e.g. employer, information providers). If we deem it necessary, we access data recorded by the vehicle before, during and after the accident in order to clarify the circumstances of a road traffic accident.
  • Misuse of our services: We obtain and process data for the purpose of detecting or preventing insurance fraud. For this purpose, we also share data with third parties and obtain data from them. In addition to contact details, this also includes, for example, data on the occurrence of the damage, the origin of the damage, identification numbers (e.g. serial number or vehicle identification number) or state of ownership and possession. We are affiliated with the Car Claims Information Pool (“CC-Info”) and the information and notification system (“HIS”) of SVV Solution AG (which is an independent controller under data protection law). When processing a claim, we can make a query in the HIS and use the data transmitted to check whether information about you is stored on the basis of a previous report (detailed information on the HIS can be found at www.svv.ch/his or https://www.allianz.ch/de/informationen/his.html). In the course of claims processing, we can also make a query in CC-Info and use the data transmitted to check whether previous damage has been recorded for your motor vehicle (detailed information on CC-Info can be found at https://www.svv.ch/de/car-claims-info). In addition to HIS and CC-Info, we also obtain the data from public sources (e.g. social media), authorities or third parties (e.g. persons involved, witnesses, insurance companies, experts, investigative services); this may include in particular be information about an incident under discussion, its causes and consequences (or lack thereof), but also the behaviour of the persons involved or further information on the circumstances of a possible fraud, a previous incident and how it was handled. To investigate the facts of legal cases, we also pass on personal data to the authorities. Insofar as this is permissible, namely in cases of suspicion, we can also commission specialists to carry out fact-finding, investigation and surveillance measures in Switzerland and abroad (e.g. observation measures investigations).
  • Recourse: We obtain and process personal data for the purpose of asserting and enforcing our rights of recourse against third parties (e.g. insurance companies or natural persons) or to examine, settle and/or accept or reject claims asserted against Allianz Suisse and CAP. To this end, we collect not only contact data but also, in particular, information on the circumstances of the accident or the occurrence of the damage, the persons involved, location data and, where we deem it necessary, health data. We collect this data from you, from third parties (e.g. persons involved, witnesses, insurance companies), authorities or from public sources. Together with other insurance companies, we use the recourse platform provided by SVV (which is an independent controller under data protection law). This is used to ensure the efficient digital processing of recourse cases between Swiss personal, property and liability insurers (detailed information on the recourse platform and the personal data processed can be found at https://www.svv.ch/de/regressplattform).

5. Where do we get your personal data from?

  • From you: You yourself provide us with much of the data we process (e.g. in connection with our services, the use of our website and apps or communication with us). You are not obliged to disclose your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to conclude contracts with us or utilise our services, for example, you must disclose certain data to us.
  • From third parties: We may also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive such data from (i) authorities in Switzerland and abroad, (ii) your employer or client, insofar as they either have a business relationship with us or are otherwise involved, as well as from (iii) other third parties (e.g. general agencies, brokers, cooperation partners, pre-insurance companies, lawyers, appraisers, other insurance companies, other vehicle manufacturers, credit reference agencies, address traders, associations, contracting parties, internet analysis services, investigation services). The data that we collect from third parties includes, in particular, the data that we obtain and process in the context of the initiation, conclusion and processing of contracts (particularly also in the examination and processing of claims), as well as data from correspondence and discussions with third parties, but also all other categories of data specified in Sections 3 and 4.

6. Who do we disclose your data to?

In connection with the purposes listed in Sections 3 and 4, we may transfer your personal data to the following categories of recipients in particular:

  • Group companies and general agencies: The group companies may use your data for themselves, as described in this Privacy Policy, for the same purposes as we do (see Sections 3 and 4). The same applies to our general agencies. The recipients may also process the data as independent controllers.
  • Service providers: We work with service providers in Switzerland and abroad who process data that they have received from us or collected for us (i) on our behalf (e.g. IT providers), (ii) under joint responsibility with us or (iii) under their own responsibility. These service providers include, for example, IT providers, brokering agencies, advertising agencies, banks, insurance and reinsurance companies, debt collection agencies, credit reference agencies, address verifiers, consulting firms, appraisers, investigation services, doctors and lawyers. Depending on the nature of our relationship, the legal regulations and other circumstances, we agree contracts with these third parties on the use and protection of personal data.
  • Customers and other contracting parties: These are primarily customers and other contracting parties of ours where the transfer of your data arises from the contract (e.g. because you work for a contracting party or they provide services for you, such as brokers). This category of recipients also includes contracting parties with whom we cooperate (e.g. HIS, CC-Info, the SVV recourse platform, earthquake claims organisation) or who advertise for us. The recipients generally process the data under their own responsibility.
  • Authorities: We may pass on personal data to administrative bodies, courts and other authorities and social insurance schemes in Switzerland and abroad if we are legally obliged or authorised to do so or if this appears necessary or expedient to protect our interests. These recipients process the data under their own responsibility.
  • Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in Sections 3 and 4. This applies, for example, to payees specified by you, third parties in the context of representative relationships (e.g. your lawyer or your bank) or persons involved in official or court proceedings. If we work with media and send them material (e.g. photos), you may also be affected. As part of our corporate development, we may sell or acquire businesses, business units, assets or companies or enter into partnerships, which may also result in the disclosure of data (including your data, e.g. as a customer, supplier or their representative) to the persons involved in these transactions. In the course of communication with our competitors, industry organisations, associations and other bodies, data relating to you may also be exchanged.

All these categories of recipients may in turn involve third parties, meaning that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We reserve the right to disclose data even if it concerns confidential data (unless we have expressly agreed with you that we will not disclose this data to certain third parties or we would be legally obliged to do so; we reserve the right to observe confidentiality obligations under social security law). Notwithstanding the above, your data will continue to be subject to appropriate data protection even after disclosure in Switzerland and the European Economic Area (EEA) and the United Kingdom. For disclosure to other countries, the provisions of Section 8 apply. If you do not wish certain confidential data to be passed on, please let us know so that we can check whether and to what extent we can accommodate this.

We also allow certain third parties to collect personal data from you on our website and at our events, including under their own responsibility (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Unless we are decisively involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. We have listed them in Section 10.

7. What applies with regard to profiling and automated decisions?

We use your data to automatically evaluate certain personal characteristics of yours for the purposes specified in Sections 3 and 4 (“profiling”). We do this, for example, when we use our premium calculator: Using the data required for the insurance application, a risk profile is automatically created which serves as a basis for determining your individual insurance premium. Automated processing may also take place if we want to determine preference data, carry out statistical analyses or for operational planning purposes. We also carry out automated processing to identify risks of abuse and security risks, e.g. we are obliged to take certain measures due to legal and regulatory requirements (e.g. combating money laundering or terrorist financing). We may also create profiles for these purposes.

In certain situations, it may be necessary for reasons of efficiency and standardisation of decision-making processes for us to automate discretionary decisions that affect you (“automated individual decisions”). We do this in particular to initiate and process contractual relationships (e.g. automated decisions are made on the basis of your information regarding the conclusion of the contract, possible risk exclusions, the amount of the insurance premium or the obligation to pay benefits). If the automated discretionary decisions have legal consequences or potentially significant disadvantages, we will inform you and, as required by law, offer you a hearing where you can present your point of view. If we grant your request in full, this right shall not apply within the scope of the Data Protection Act.

8. Is your personal data also sent abroad?

We process and store personal data mainly in Switzerland and the EEA, but potentially in any country in the world.

Data transfers to other Allianz Group companies outside of Switzerland or the EEA are made on the basis of the “Allianz Data Protection Standards” (Allianz Binding Corporate Rules - BCR), which ensure adequate data protection and are binding on all Allianz Group companies. The Allianz BCR and the list of all Allianz Group companies that comply with them can be found at  https://www.allianz.com/de/datenschutzprinzipien.html#bindingcorporaterules and https://www.allianz.com/de/datenschutzprinzipien.html#bcrgesellschaften.

With regard to other data recipients in a country without adequate data protection, we contractually oblige the recipients to comply with an adequate level of data protection (we generally use the revised Standard Contractual Clauses of the European Commission [that can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?]), unless they are already subject to a legally recognised set of rules to ensure data protection. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests, if the execution of a contract that is in your interest requires such disclosure, if you have consented or it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or your physical integrity or that of a third party, or if it concerns data that you have made generally accessible and the processing of which you have not objected to.

9. What are your rights?

You have certain rights in relation to our data processing. Under the applicable law, you may in particular request information about the processing of your personal data, have incorrect personal data corrected, request the erasure of personal data, object to data processing, request the disclosure of certain personal data in a commonly used electronic format or its transfer to another controller.

If you wish to exercise your rights against us, please contact us; our contact details can be found in Section 2. So that we can rule out any fraud, we have to identify you (e.g. with a copy of your ID, if necessary).

Please note that certain conditions, exceptions or restrictions apply to these rights (e.g. to protect third parties or business secrets). We reserve the right to redact copies for reasons of data protection or confidentiality or to provide only excerpts or to postpone or refuse to provide information.

10. Our use of cookies, similar technologies and social media plug-ins

When you use our website (including the newsletter and other digital offers), data is collected that is stored in logs (particularly technical data). We may also use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognise website visitors, evaluate their behaviour and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables a specific device or browser to be recognised.

You can set your browser so that it automatically rejects, accepts or deletes cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

Neither the technical data collected by us nor cookies generally contain any personal data. However, personal data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or these providers) may be linked to the technical data or to the information stored in and obtained from cookies and thus possibly to your person. For example, if you have a login with us or fill out an online contact form, we can link the cookie data with the login or contact details in order to improve your user experience and provide you with customised offers.

We also use social media plug-ins, which are small software modules that establish a connection between your visit to our website and third-party providers. The social media plug-in informs the third parties that you have visited our website and can send the third parties cookies that they have previously placed on your web browser. For more information on how these third parties use your personal data collected via their social media plug-ins, please refer to their respective privacy policies.

We also use our own tools and third-party services (which may themselves use cookies) on our website, in particular to improve the functionality or content of our website (e.g. integration of videos or maps), to compile statistics and to place adverts.

At present, we may in particular use offers from the following service providers and advertising partners, whereby their contact details and further information on the individual data processing can be found in their respective privacy policies:

Some of the third-party providers we use may be located outside Switzerland. Information on the disclosure of data abroad can be found in Section 8. In terms of data protection law, some of them are “only” processors on our behalf and some are controllers. Further information on this can be found in their privacy policies.

11. Processing of personal data on our pages in social networks

We operate pages and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). The providers of the platforms can analyse your use and process this data together with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act as their own data controllers for this purpose. For further information on processing by the platform operators, please refer to the privacy policies of the respective platforms.

We currently use the following platforms, whereby the identity and contact details of the platform operators can be found in their respective privacy policies:

We are entitled, but not obliged, to check third-party content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider and the operator of the platform in question.

Some of the platform operators may be located outside Switzerland. Information on the disclosure of data abroad can be found in Section 8.

12. What else needs to be taken into consideration?

The GDPR does not apply in the majority of our relationships with customer and third parties. However, where this is the case (e.g. in relation to the customers we attract in the Principality of Liechtenstein), the following additional information applies:

Our processing of your personal data is based in particular on the fact that

  • this is necessary for the initiation and conclusion of contracts and the administration and implementation of these (Article 6 (1) b GDPR; see Sections 3 and 4),
  • where no other legal ground applies, this is necessary to safeguard the overriding legitimate interests pursued by us or by third parties, in particular for communication with you or third parties, to operate our website, to improve our electronic offerings and registration for certain offerings and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance (Article 6 (1) f GDPR; see Section 3) and for other purposes, such as training and education, administration, evidence and quality assurance, organisation, implementation and follow-up of events, and other legitimate interests (Sections 3 and 4),
  • this is legally required or permitted in individual cases under the law of the EEA or a Member State,
  • this is necessary in individual cases to protect your vital interests or those of other natural persons,
  • this is necessary in individual cases for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
  • you have separately consented to the processing, e.g. via a corresponding query on our website (Article 6 (1) a and Article 9 (2) a GDPR).

Please note that we will generally process your data for as long as required by our processing purposes (see Sections 3 and 4), the statutory retention periods and our legitimate interests, in particular for documentation and evidence purposes, or if storage is necessary for technical reasons (e.g. in the case of backups or document management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymise your data after the storage or processing period has expired as part of our normal processes and in accordance with our retention policy.

If you do not provide certain personal data, this may mean that it is not possible to provide the associated services or conclude a contract. We will always indicate where the personal data requested by us is mandatory.

The right to object to the processing of your data set out in Section 9 applies in particular to data processing for the purpose of direct marketing. The right to object also includes your right under the GDPR to restrict data processing.

If you do not agree with our handling of your rights or data protection, please let us know (see contact details in Section 2). If you are located in the EEA, you also have the right to lodge a complaint with the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.

Our representatives in the EEA as per Article 27 GDPR (if required) are: Data Protection Officer of Allianz Suisse Insurance Company Ltd., Data-Privacy@Allianz-Suisse.ch, and Data Protection Officer of CAP, Legal Protection Insurance Company Ltd., Data-Privacy@cap.ch

13. Can this Privacy Policy be amended?

This Privacy Policy is not part of any contract with you. We may update this Privacy Policy at any time. The version published on this website is the current version.
Date: January 21st 2025