Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
India
New Zealand
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Israel
Morocco
UAE
Tanzania
Bahrain
Oman
Saudi Arabia
Privacy policy
1. Introduction
2. What does this Privacy Policy cover?
3. Who is the controller?
4. Why is it important to have correct personal data?
5. What personal data is processed and how do we obtain it?
6. On what basis do we process your personal data?
7. For what purposes do we process your personal data?
8. Whom do we disclose your personal data to?
9. Is personal data transferred abroad?
10. How long do we process your personal data?
11. How do we protect your personal data?
12. Do we use automated individual decision-making?
13. Do we use cookies and tracking pixels?
14. What data do we process on our social media pages?
15. What rights do you have?
16. Can this Privacy Policy be changed?
1. Introduction
The Howden Group (hereinafter also ‘Howden’, ‘we’, or ‘us’) processes personal data relating to you or other individuals (‘third parties’).
Throughout this document, we use the term ‘data’ interchangeably with ‘personal data’ or ‘personal information’. ‘Personal data’ refers to any information relating to an identified or identifiable natural person. A ‘data subject’ is any individual whose personal data we process. ‘Processing’ means any operation performed on personal data, such as its collection, storage, use, modification, disclosure, or deletion. The terms ‘process’ and ‘processing’ are used synonymously in this policy.
This Privacy Policy applies to the following companies within the Howden Group: Howden Switzerland Holding Ltd., Howden Switzerland Ltd., Swibro Ltd., Vorsorge Partner AG, Howden Broker Service Switzerland Ltd., Howden Liechtenstein AG, Howden Sky AG.
Our data protection practices comply with the Swiss Federal Act on Data Protection (FADP), including the Ordinance on Data Protection (Data Protection Ordinance, DPO), as well as the EU General Data Protection Regulation (GDPR), with applicability depending on the specific circumstances of each case.
2. What does this Privacy Policy cover?
This Privacy Policy explains how we process personal data, particularly in the following situations:
• when you visit our website or any other website operated by us (collectively referred to as the “website”);
• when you communicate with us, whether by telephone, in writing, by e-mail, or through other communication channels;
• in the context of our marketing activities, for example when we provide information about our products and services;
• when you use our products or services, within the scope of existing or prospective contractual relationships;
• when third parties contact us in the course of their professional activities, in particular (potential) insured persons, employees or representatives of insurance brokers, insurers, claims adjusters, or other service providers, including during the pre-contractual phase, for example when initiating a contractual relationship.
We reserve the right to provide you with separate information about additional data processing activities not covered by this Privacy Policy—for instance, in connection with consent declarations or additional privacy notices.
3. Who is the controller?
The controller and contact for data processing is the Howden company that carries out the respective processing (e.g. provides the service under your contract, maintains a business relationship with you, or operates the website you visit).
3.1 Howden Switzerland Holding Ltd.
The controller responsible for services provided by Howden Switzerland Holding Ltd. is:
Howden Switzerland Holding Ltd.
Industriestrasse 8
6300 Zug
[email protected]
3.2 Howden Switzerland Ltd.
The controller responsible for services provided by Howden Switzerland Ltd. is:
Howden Switzerland Ltd.
Industriestrasse 8
6300 Zug
[email protected]
3.3 Swibro Ltd.
The controller responsible for services provided by Swibro Ltd. is:
Swibro Ltd.
Rorschacher Strasse 294
9016 St. Gallen
[email protected]
3.4 Vorsorge Partner AG
The controller responsible for services provided by Vorsorge Partner AG is:
Vorsorge Partner AG
Pestalozzistrasse 2
9000 St. Gallen
[email protected]
3.5 Howden Broker Service Switzerland Ltd.
The controller responsible for services provided by Howden Broker Service Switzerland Ltd. is:
Howden Broker Service Switzerland Ltd.
Picardiestrasse 3A
5040 Schöftland
[email protected]
3.6 Howden Liechtenstein AG
The controller responsible for services provided by Howden Liechtenstein AG is:
Howden Liechtenstein AG
Im Bretscha 2
9494 Schaan (FL)
[email protected]
3.7 Howden Sky AG
The controller responsible for services provided by Howden Sky AG is:
Howden Sky AG
Im Bretscha 2
9494 Schaan (FL)
[email protected]
4. Why is it important to have correct personal data?
We rely on accurate personal data to provide our services and carry out our business activities. We ask that you inform us of any changes to personal data relevant to the proper management and administration of insurance policies or services we provide (e.g. contact or bank details). If you also provide us with personal data relating to third parties (e.g. employees, acquaintances, or family members), we assume that you are authorised to do so and that such data is accurate. Please ensure that those individuals are aware of this Privacy Policy.
5. What personal data is processed and how do we obtain it?
We primarily process personal data that you provide to us. For our business relationship, it is necessary that you provide us with the personal data required for this purpose, as we are generally unable to enter into or perform a contract with you without this information. We may also process personal data provided by (potential) policyholders, insured persons, co-brokers, insurers, or other entitled third parties, including our business partners and other parties involved.
In addition, we process publicly available data (e.g. from debt collection, land, or commercial registers, or from media sources) and data collected automatically (e.g. through your use of our website). We may also receive personal data from other companies within our Group, from public authorities, or from other third parties, where this is permitted by law.
Howden processes the following categories of personal data in particular:
• contact details, personal and identification data, such as name, address, email address, telephone/mobile number, date of birth, gender, nationality, data, passport number, identity card number, OASI number, pension fund insurance number, ethnicity, marital status, lifestyle, insurance needs, and driving licence details;
• online and technical data, such as digital location data, IP addresses, browser history, social media handles, computer, device and connection information, usage data, cookie IDs, and registration data (e.g. username and password);
• banking, financial and payment data, such as account number, payment method, credit information, salary, account balance, credit/debit card numbers, bank details, premiums, outstanding amounts, reminders, credit balances, and social security benefits;
• Health data, such as allergies or intolerances, patient records, state of health, examination results or diagnosis, impairments, and medical certificates;
• Insurance data, such as broker mandates, analyses and reports, application data, service offers, insurance policy data, collection data, claims data, benefit and pension entitlements, retirement date, benefit-relevant events, information on the insured risk, expert opinions, details from the previous insurer on the claims history, contract duration, and insured risks;
• professional and employment data, such as position, appraisals or employment references, performance, character traits, conduct, absences, training and further education, objectives, employee number, employment status, professional experience, qualifications, and memberships;
• activity and event data, such as holding meetings, interest in and participation in events;
• communication data, such as emails, letters, telephone calls, video conferences, chat logs, responses to messages, and other interaction data;
• legal and compliance data, such as data from administrative or judicial proceedings, data relating to sanctions, media reports, security camera recordings, visitor data, log data, and data relating to the exercise of shareholder rights;|
• photographs and video recordings outside of security recordings, as well as data concerning the use of our infrastructure beyond general activity data;
• other data, such as professional information beyond direct employment status, driver data for vehicles, details from correspondence and meetings with third parties, as well as information from your environment such as family members and advisors.
6. On what basis do we process your personal data?
6.1 Consent
If we ask for your consent for certain processing activities, we will inform you separately about the corresponding purposes of such processing. You can revoke your consent at any time with effect for the future by sending an email to [email protected]. As soon as we receive notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent prior to its withdrawal.
6.2 Initiation or execution of a contract
We may also process personal data where this is necessary for the initiation, performance, or execution of a contract with data subjects, such as customers and business partners (or the entities they represent). In the context of providing services or entering into contracts for such services, we collect and use personal data to the extent necessary. This enables us to take the necessary measures to prepare and process quotations and to fulfil our contractual obligations.
6.3 Legitimate interests
We process personal data in order to pursue our legitimate interests, in particular to achieve the purposes and related objectives described in section 7 below, and to be able to implement appropriate measures. Such legitimate interests include, for example, ensuring IT and data security, optimising our services and customer experience, and maintaining our business relationships.
6.4 Legal and regulatory obligations
We process personal data in order to comply with our legal and regulatory obligations. For example, we are subject to supervision by regulatory authorities and are required to provide our services in accordance with the applicable laws and regulations. Where we process particularly sensitive personal data or data belonging to special categories (e.g. health data, or information relating to political, religious or ideological beliefs, or biometric data used for identification purposes), such processing may also be based on other legal grounds—for example, in connection with compulsory insurance, payroll reporting, or the disclosure of log data in response to official requests.
7. For what purposes do we process your personal data?
In compliance with legal obligations, we process personal data in particular for the following and related purposes (namely the secondary use of your data, e.g. for statistical
evaluations).
7.1. Conclusion and performance of contracts
We process personal data in connection with, among other things, the conclusion, administration, performance and execution of contracts, the provision, management and delivery of our services, tenders, the preparation of quotations, risk management, credit checks, consulting and support, claims assessment and processing, and premium calculation.
In doing so, we process personal data for the purpose of initiating or executing a contract.
7.2. Payment processing
In addition, we process personal data for the purpose of processing payments (e.g. with regard to insurance premiums and adjustments thereto). In doing so, we process personal data for the purpose of initiating or executing a contract.
7.3. Corporate management
We also process data for the purposes of our risk management and as part of prudent corporate governance, including operational organisation and corporate development. In this way, we process data specifically for our administration and accounting and to ensure our operations (e.g. IT).
In doing so, we process personal data based on our legitimate interests and to comply with our legal and regulatory obligations.
7.4. Compliance with legal and regulatory obligations
We process personal data to comply with laws, regulations, and directives issued by authorities, as well as with internal policies. We also process personal data for investigations carried out under our legal and regulatory obligations, including under the Anti-Money Laundering Act, insurance supervisory law, and obligations relating to the prevention of terrorist financing. This includes, in particular, authentication and identification within the scope of ‘Know Your Customer’ (KYC) procedures, necessary clarifications and reports, and the processing of data in the context of official investigations. We conduct regular screenings, during which we may carry out checks relating to sanctions, warnings, fit-and-proper requirements, political exposure, and adverse reporting.
In doing so, we process personal data to comply with our legal and regulatory obligations.
7.5 Marketing and development
We also process personal data for market research, service and operational improvement, and product development.
We conduct market and opinion research to continuously develop and enhance our products and services. In addition, we may offer other relevant products and services and communicate these through marketing materials. We also process personal data for the organisation and delivery of events and seminars, as well as for relationship management.
In doing so, we process personal data on the basis of our legitimate interests.
7.6 Website
When you visit our website, certain data is automatically stored on our servers or on the servers of service providers and products that we use and/or have installed for the purposes of system administration, statistics, security or tracking. This data includes:
• the name of your Internet service provider;
• your IP address (under certain circumstances);
• the version of your browser software;
• the operating system of the computer used to access the website;
• the date and time of access;
• the website from which you accessed our website;
• the search terms you used to find the website.
In doing so, we process personal data on the basis of our legitimate interests.
7.7 Communication
We process personal data in order to communicate with (potential) customers and third parties and to respond to their enquiries or feedback. We also process personal data to administer, investigate, and resolve claims or complaints, particularly in connection with insurance policies and services provided.
In this context, we process personal data for the purpose of initiating or executing a contract.
7.8 Security
We may also process personal data for security and access-control purposes. To ensure security, we use video surveillance and implement measures for IT, building, and facility security. We also carry out internal investigations to prevent and detect fraud and other criminal offences.
In doing so, we process personal data on the basis of our legitimate interests and to comply with our legal and regulatory obligations.
7.9 Legal claims and regulatory proceedings
We actively assert legal claims and defend ourselves in legal proceedings. For example, we process personal data for dispute resolution, the enforcement of agreements, and the pursuit of debtors and recovery of outstanding receivables.
In doing so, we process personal data on the basis of our legitimate interests and to comply with our legal and regulatory obligations.
7.10 Business transactions
We process personal data in the context of business transactions (e.g. the purchase and sale of business units, parts of companies or companies) and corporate law activities. We also process personal data in the context of our corporate management and further development, in particular by transferring business records to successor companies and performing due diligence checks for transactions.
In doing so, we process personal data for the purpose of initiating or executing a contract and based on our legitimate interests.
7.11 Job applications
If you apply for an open position with us, we process the personal data you provide in order to conduct the recruitment process and to contact you in this context. During the recruitment process, we share your personal data only with individuals directly involved in the selection process, such as the recruiting manager or your prospective supervisor. Where a statutory reporting obligation exists, your personal data will be disclosed to the competent authorities.
Once the recruitment process has been completed, your personal data will be deleted within six months if the position has been filled by another candidate. With your consent, we may retain your personal data beyond this period for consideration in future vacancies. If no suitable position arises within two years, your personal data will be permanently deleted.
If your application results in the conclusion of an employment contract, your personal data will be processed for the administration of the employment relationship. Please also refer to our separate Privacy Policy for Applicants and Privacy Policy for Employees.
In doing so, we process personal data for the purpose of initiating or executing a contract.
8. Whom do we disclose your personal data to?
In order to provide our products and services efficiently and to enable us to focus on our core competencies, we also transfer data to third parties, in particular to the following categories of recipients:
• Companies within the Howden Group: We may share personal data with other Howden companies, which may use such data for the same purposes as we do (see section 7).
• Insurance market participants: We may exchange personal data with other participants in the insurance market. These include, for example, insurance and reinsurance companies, claims adjusters, underwriters, brokers or intermediaries, pension and vested benefits institutions.
• Service providers in Switzerland and abroad: These include Shared Services within the Howden Group, banks, debt collection agencies, credit reference agencies, consulting firms, legal advisors, trustees, experts, medical professionals, software-as-a-service (SaaS) companies, IT providers, shipping and logistics companies, advertising service providers, login service providers, cleaning companies, security companies, credit agencies, auditors, address verifiers or other verification and risk management agencies.
• Co-brokers and their employees: We disclose to our co-brokers the personal data necessary for advising on, supporting and distributing our products and services and for calculating their remuneration. If you are an employee of a co-broker with whom we have concluded a contract, the execution of this contract may result in us disclosing personal data to the company.
• Authorities and courts: We may disclose personal data to public authorities such as government agencies, courts, law enforcement bodies, and supervisory or regulatory authorities in Switzerland and abroad if we are legally obliged or entitled to do so, or where this is necessary to safeguard our legitimate interests. Such disclosures may
also include health data. Any data received by such authorities are processed under their own responsibility.
• Other persons: individuals involved for the purposes set out in Section 7, such as service recipients, business successors, media or associations in which we are involved, as well as cases where you are part of one of our publications.
All of these categories of recipients may, under certain circumstances, engage third parties, which may result in your data also becoming accessible to them.
9. Is personal data transferred abroad?
As explained above, we also disclose personal data to other recipients, some of whom are located outside Switzerland. We may therefore transfer your personal data within Europe and to other countries worldwide, provided that the Swiss Federal Council or the European Commission has recognised an adequate level of data protection in those countries.
If a recipient is located in a country that does not provide an adequate level of data protection, we will contractually require the recipient to comply with the applicable data protection standards (for this purpose, we use the European Commission’s revised Standard Contractual Clauses), unless the recipient is already subject to a legally recognised framework that ensures adequate data protection, or an applicable derogation applies. Such derogations may apply, for example, in the context of foreign legal proceedings, for reasons of overriding public interest, where the performance of a contract requires such disclosure, where you have consented to it, or where the data concerned have been made publicly accessible by you and you have not objected to their processing.
Please note that data exchanged over the internet is frequently routed through third countries. Your data may, therefore, be transferred abroad even if the sender and recipient are located in the same country.
10. How long do we process your personal data?
We process personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with statutory retention obligations, and to safeguard our legitimate interests—for example, for documentation or evidence purposes—or for as long as storage is required for technical reasons. Where no legal or contractual obligations prevent this, we delete or anonymise personal data once the applicable retention or processing period has expired, in accordance with our standard procedures.
11. How do we protect your personal data?
We implement appropriate technical and organisational security measures to ensure the confidentiality, integrity, and availability of personal data, to protect it against unauthorised or unlawful processing, and to mitigate the risks of loss, accidental alteration, unintended disclosure, or unauthorised access.
12. Do we use automated individual decision-making?
In some cases, decisions affecting you may be made entirely through automated processing, meaning that such decisions are taken without human involvement. As a general rule, we do not engage in automated decision-making. If we plan to use automated decision-making in individual cases, we will inform you accordingly.
13. Do we use cookies and tracking pixels?
Please visit our cookie policy at this linkto learn more about our use of cookies and
tracking pixels.
14. What data do we process on our social media pages?
We maintain online presences on social media networks and third-party platforms (e.g. LinkedIn, Instagram; hereinafter referred to as ‘platforms’), such as fan pages, channels, or profiles. If you interact with us via such platforms—for example, by viewing our content, posting comments, or sending us messages—we process the personal data described in this Privacy Policy. We receive this data either directly from you or through the respective platform.
Please note that the operators of these platforms also collect and process personal data about your use of our online presences under their own data protection responsibility. This applies in particular to information about your usage behaviour and interests, which they may use for their own purposes, such as market research, audience measurement, or personalised advertising. The processing of your data by the platform operators is governed by their own privacy policies. We have no influence over the data processing carried out by these platforms.
15. What rights do you have?
To make it easier for you to exercise control over the processing of your personal data, you have the following rights in relation to our data processing, depending on the applicable data protection law:
• right of access – to request information about whether and which personal data we process about you, for what purposes, for how long, as well as the origin of the data and the categories of recipients to whom we disclose it;
• right to rectification – to request that we correct or complete inaccurate or incomplete data;
• right to restriction of processing;
• right to erasure (‘right to be forgotten’) – to request the deletion of personal data;
• right to data portability – to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
• right to object – to object to the processing of your data, particularly in connection with direct marketing;
• right to prevent future processing or disclosure to third parties;
• right to withdraw consent – where processing is based on your consent, to withdraw that consent at any time with effect for the future;
• right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
If you wish to exercise any of these rights against us (or one of our group companies), please contact us by email at [email protected]. To prevent misuse, we must verify your identity (e.g. by requesting a copy of your ID, where necessary).
Please note that these rights may be subject to conditions, exceptions, or limitations under applicable data protection law (e.g. to protect the rights of third parties or trade secrets). Where applicable, we will inform you accordingly.
You also have the option of lodging a complaint with the competent data protection supervisory authority. A list of authorities in the European Economic Area (EEA) can be found here. The contact details of the Swiss supervisory authority – the Federal Data Protection and Information Commissioner (FDPIC) – can be found at this link. The contact details of the data protection authority in Liechtenstein can be found here.
16. Can this Privacy Policy be changed?
We may amend this Privacy Policy at any time. The version published on this website is the current version.
Last updated: November 2025