compando.ch

Privacy Policy

Our privacy policy for Compando

Note: This is purely for content purposes and below policy is neither valid or applies to our platform

Our Policies

Effective Date: [Date of last update, e.g., September 1, 2023]

1. Introduction

Welcome to Compando ("we," "us," "our"). We are an insurance broker company registered in Switzerland, committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website [Website URL] (the "Site"), or otherwise interact with us.

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, other data protection laws such as the EU General Data Protection Regulation (GDPR).

This policy aims to inform you about:

  • Who we are and how to contact us.
  • What personal data we collect.
  • How we collect your personal data.
  • The legal basis and purposes for processing your personal data.
  • How we use and share your personal data.
  • International data transfers.
  • How we protect your personal data.
  • How long we keep your personal data.
  • Your rights regarding your personal data.
  • Changes to this policy.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Compando [Full Address] [City, Postal Code], Switzerland Email: [Email Address for privacy inquiries, e.g., privacy@[companydomain].com] Phone: [Phone Number] Website: [Website URL]

(If applicable) Our Data Protection Officer (DPO) or Data Protection Advisor can be contacted at: [DPO Name/Contact Details or privacy@[companydomain].com]

3. What Personal Data We Collect

We may collect various types of personal data depending on the services you request or use, and your interactions with us. This can include, but is not limited to:

  • Identification Data: Name, date of birth, gender, marital status, nationality, AHV/AVS number (social security number), identification document details (e.g., passport, ID card).
  • Contact Data: Postal address, email address, telephone number(s).
  • Financial Data: Bank account details, credit card information (for premium payments), income information, credit history (where relevant and legally permissible for risk assessment).
  • Insurance Policy Data: Information about existing or previous insurance policies, policy numbers, coverage details, premiums, claims history.
  • Risk Assessment Data: Information relevant to assessing insurance risks, which may vary depending on the type of insurance (e.g., for property insurance: property details, security measures; for vehicle insurance: driving license details, vehicle information, accident history).
  • Health Data (Sensitive Personal Data): For life, health, or accident insurance, this may include information about your physical or mental health, medical history, lifestyle (e.g., smoking habits). We will only process such data with your explicit consent or where otherwise legally permitted and strictly necessary.
  • Family and Beneficiary Data: Information about your family members or beneficiaries, if relevant to the insurance policy (e.g., names, dates of birth).
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site.
  • Usage Data: Information about how you use our Site and services.
  • Communication Data: Records of your communications with us, including emails, letters, call recordings (if you are informed beforehand), and notes from meetings.
  • Marketing and Communication Preferences: Your preferences in receiving marketing from us and our third parties and your communication preferences.

4. How We Collect Your Personal Data

We collect personal data in various ways:

  • Directly from you:
    • When you fill out application forms, questionnaires, or proposal forms for insurance products.
    • When you contact us by phone, email, post, or through our Site.
    • During meetings or consultations.
    • When you subscribe to our newsletters or marketing communications.
  • From third parties:
    • From insurance companies when obtaining quotes or managing your policies.
    • From other insurance brokers, if you are transferring your portfolio.
    • From publicly available sources (e.g., commercial registers, land registers).
    • From your employer, if we are providing services related to group insurance schemes.
    • From comparison websites or other lead generators, with your consent.
    • From medical professionals or institutions (with your explicit consent for health-related data).
    • From credit reference agencies (where permissible and necessary).
  • Automatically:
    • When you visit our Site, we may automatically collect Technical Data and Usage Data through cookies and similar tracking technologies. Please see our Cookie Policy [Link to Cookie Policy, if separate] for more details.

5. Legal Basis and Purposes for Processing Your Personal Data

We process your personal data based on one or more of the following legal grounds under the nFADP:

  • Performance of a Contract (Art. 31 para. 2 lit. a nFADP):
    • To provide you with insurance brokerage services, including needs analysis, obtaining quotes, arranging and managing insurance policies.
    • To process your applications for insurance products.
    • To assist you with claims handling.
    • To communicate with you regarding your policies and our services.
  • Legal Obligation (Art. 31 para. 1 nFADP):
    • To comply with legal and regulatory requirements, such as those set by the Swiss Financial Market Supervisory Authority (FINMA).
    • To comply with anti-money laundering (AML) and counter-terrorist financing (CTF) obligations.
    • To respond to requests from authorities or for legal proceedings.
    • For record-keeping and reporting obligations.
  • Legitimate Interests (Art. 31 para. 1 nFADP):
    • To improve our services, products, and customer experience.
    • For internal administrative purposes, including risk management and business operations.
    • To prevent fraud and ensure the security of our systems and data.
    • For marketing our services to existing clients or prospective clients (where consent is not required, and you have not objected).
    • To conduct customer satisfaction surveys.
    • To establish, exercise, or defend legal claims. Our legitimate interests are pursued provided they are not overridden by your interests or fundamental rights and freedoms.
  • Consent (Art. 31 para. 1 nFADP in conjunction with Art. 6 para. 6 and 7 nFADP):
    • For processing sensitive personal data (e.g., health data for life or health insurance), unless another legal basis applies (e.g., explicit legal provision).
    • For sending you direct marketing communications about products or services that may not be directly related to your existing engagement with us, where required.
    • For using certain non-essential cookies on our Site. You have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Specific Purposes for Processing:

  • Providing insurance advice and brokerage services.
  • Assessing your insurance needs and risk profile.
  • Obtaining quotations from insurance providers.
  • Arranging, renewing, and administering your insurance policies.
  • Assisting with the claims process, including negotiation with insurers.
  • Communicating with you about your policies, our services, and other relevant information.
  • Verifying your identity and conducting due diligence checks.
  • Managing payments and financial transactions.
  • Complying with regulatory and legal obligations.
  • Improving our services and developing new products.
  • Marketing and promotional activities (with your consent where required).
  • Preventing and detecting fraud.
  • Managing complaints and disputes.

6. Disclosure of Your Personal Data

We may share your personal data with the following categories of third parties for the purposes described in this policy:

  • Insurance Companies and Underwriters: To obtain quotes, arrange, and manage your insurance policies, and to process claims.
  • Other Insurance Intermediaries: If necessary to provide our services (e.g., co-brokers, specialist brokers).
  • Claims Handling Specialists: Loss adjusters, surveyors, investigators, and legal advisors involved in the claims process.
  • Service Providers (Data Processors): Third-party companies that provide services on our behalf, such as IT and system administration, cloud storage, data analytics, marketing services, payment processing, and document management. We have contracts in place with these processors to ensure they protect your data.
  • Professional Advisors: Lawyers, auditors, and consultants providing consultancy, banking, legal, insurance, and accounting services.
  • Regulatory and Governmental Authorities: FINMA, tax authorities, law enforcement agencies, and other authorities if required by law or to protect our rights.
  • Credit Reference Agencies: For fraud prevention and credit assessment (where applicable and legally permissible).
  • In the event of a business transfer: If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to the new owner.

We will only share the minimum necessary personal data and will take steps to ensure that third parties treat your data with respect and in accordance with the law. We do not sell your personal data to third parties.

7. International Data Transfers

Your personal data may be processed in Switzerland. If we transfer your personal data to recipients located outside of Switzerland, we will ensure that such transfers comply with the nFADP.

  • Transfers to countries with an adequate level of data protection: The Swiss Federal Council maintains a list of countries deemed to provide an adequate level of data protection (similar to the EU's adequacy decisions). Transfers to these countries (including EEA countries) do not require additional safeguards.
  • Transfers to other countries: If we transfer data to a country not deemed to have an adequate level of data protection, we will implement appropriate safeguards, such as:
    • Standard Contractual Clauses (SCCs) approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or recognised by Switzerland.
    • Binding Corporate Rules (BCRs), if applicable.
    • Your explicit consent for the specific transfer, after being informed of the risks.
    • Other derogations permitted under the nFADP (e.g., for the performance of a contract with you).

You can request more information about the safeguards we use for international transfers by contacting us.

8. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Physical security measures for our premises.
  • Access controls and authentication mechanisms for our IT systems.
  • Encryption of data where appropriate.
  • Regular security assessments and updates.
  • Data minimization and pseudonymization where feasible.
  • Confidentiality agreements with our employees and service providers.
  • Staff training on data protection and security.

Despite these measures, the transmission of information via the internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee the security of data transmitted to our Site; any transmission is at your own risk.

9. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for which we process your data and whether we can achieve those purposes through other means.
  • Applicable legal and regulatory requirements (e.g., typically 10 years for business records under Swiss law, longer for certain insurance-related documents).

Once your personal data is no longer required, we will securely delete or anonymize it.

10. Your Rights

Under the Swiss FADP, you have certain rights regarding your personal data. Subject to legal conditions and limitations, these include:

  • Right of Access (Art. 25 nFADP): You have the right to request information about whether we process personal data concerning you and, if so, to obtain access to this data and other information (e.g., purposes of processing, categories of data, recipients).

  • Right to Rectification (Art. 32 para. 1 nFADP): You have the right to request the correction of inaccurate or incomplete personal data we hold about you.

  • Right to Erasure (Right to be Forgotten) (Art. 32 para. 2 lit. c nFADP): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and there is no other legal ground for processing).

  • Right to Restriction of Processing (Art. 32 para. 2 lit. a & b nFADP): You have the right to request the restriction of processing of your personal data under certain circumstances (e.g., if you contest the accuracy of the data, or if the processing is unlawful but you oppose erasure).

  • Right to Data Portability (Art. 28 nFADP): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit this data to another controller, where processing is based on consent or contract and carried out by automated means.

  • Right to Object (Art. 30 para. 2 lit. b nFADP): You have the right to object to the processing of your personal data on grounds relating to your particular situation, where processing is based on our legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent (Art. 6 para. 7 nFADP): If we process your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Lodge a Complaint (Art. 49 nFADP): You have the right to lodge a complaint with the competent supervisory authority if you believe that our processing of your personal data infringes data protection laws. The competent authority in Switzerland is:

    Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1 CH-3003 Bern Switzerland Website: https://www.edoeb.admin.ch

To exercise any of these rights, please contact us using the details provided in Section 2. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Cookies and Tracking Technologies

Our Site may use cookies and similar tracking technologies to enhance user experience, analyze Site traffic, and for marketing purposes. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [Link to Cookie Policy, if you have a separate one, otherwise detail here or state that you do not use cookies beyond essential ones]. You can manage your cookie preferences through your browser settings or any cookie consent tool we may provide.

12. Children's Privacy

Our services are not generally directed at individuals under the age of 16 (or a higher age if stipulated by local law for specific processing activities). We do not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe we have inadvertently collected personal data from a child, please contact us so we can take appropriate action.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will post any changes on this page and update the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. For significant changes, we may also notify you through other means, such as by email.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:

Compando [Full Address] [City, Postal Code], Switzerland Email: [Email Address for privacy inquiries, e.g., privacy@[companydomain].com] Phone: [Phone Number]

Or contact our Data Protection Officer/Advisor (if applicable): [DPO Name/Contact Details]