Privacy policy

Conscientious handling of your personal data and the protection of your privacy are important to us. We treat the personal data that we process as part of our activities with the utmost degree of care. We use state-of-the-art information technology to ensure the best possible data security for your data. Our employees are bound by a confidentiality obligation and are regularly trained on data protection. In providing our services, we process your personal data in accordance with the Swiss Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR), where applicable.

 

Privacy policy

1. Introduction
2. Responsibility
3. Scope of application
4. Importance of correct personal data
5. What data do we process and how do we obtain it?
6. For what purposes do we process your data?
7. On what basis do we process your data?
8. To whom do we disclose your data?
9. Is your personal data also sent abroad?
10. How long do we process your data?
11. How do we protect your data?
12. What rights do you have?
13. Automated decision making
14. Do we use cookies and tracking pixels?
15. What data do we process on our page in social networks?
16. Can this privacy policy be amended?

1. Introduction

The Howden Group (hereinafter also referred to as "Howden", "we" or "us") processes personal data concerning you or other persons (so-called "third parties"). We use the term "data" here synonymously with "personal data". We determine the purposes for which and the manner in which personal data is collected, used and processed.
In this data protection declaration, we provide information on which personal data we process in connection with our activities and operations, including our websites.
The Howden Group consists of Howden Switzerland Holding Ltd., Haakon Ltd., Howden Switzerland Ltd., Swibro Ltd., H1 Underwriting Services Ltd., Vorsorge Partner AG, BSC Broker Service Center GmbH, IT Xpert AG, Perennial Ltd., Howden Liechtenstein AG and Howden Sky Ltd.
"Personal data" means data relating to identified or identifiable natural persons.
"Data subject" is a person about whom we process personal data.
"Processing" means any operation performed on personal data (e.g. obtaining, storing, using, adapting, disclosing and deleting).
Our privacy policy complies with the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act (DSG) including the Swiss Data Protection Ordinance (DSV), whereby the applicability varies depending on the individual case.

2. Responsibility

The Howden company that initiates the respective data processing (e.g. provides the service with which you have concluded a contract, maintain a business relationship or whose website you visit) is responsible for the data processing and is the contact person:

2.1. Howden Switzerland Holding Ltd.
Controller in connection with services provided by Howden Switzerland Holding Ltd. is:
Howden Switzerland Holding Ltd.
Industriestrasse 8
6300 Zug
[email protected]

2.2. Haakon Ltd.
Controller in connection with services provided by Haakon Ltd. is:
Haakon Ltd.
Elisabethenanlage 11
4051 Basel
[email protected]

2.3. Howden Switzerland Ltd.
Controller in connection with services provided by Howden Switzerland Ltd. is:
Howden Switzerland Ltd.
Industriestrasse 8
6300 Zug
[email protected]

2.4. Swibro Ltd.
Controller in connection with services provided by Swibro Ltd. is:
Swibro Ltd.
Zwinglistrasse 11
9000 St. Gallen
[email protected]

2.5. H1 Underwriting Services Ltd.
Controller in connection with services provided by H1 Underwriting Services Ltd. is:
H1 Underwriting Services Ltd.
Grellingerstrasse 9
4052 Basel
[email protected]

2.6. Vorsorge Partner AG
Controller in connection with services provided by Vorsorge Partner AG is:
Vorsorge Partner AG
Pestalozzistrasse 2
9000 St. Gallen
[email protected]

2.7. BSC Broker Service Center GmbH
Controller in connection with services provided by BSC Broker Service Center GmbH is:
BSC Broker Service Center GmbH
Picardiestrasse 3A
5040 Schöftland
[email protected]

2.8. IT Xpert AG
The controller in connection with services provided by IT Xpert AG is :
IT Xpert AG
Picardiestrasse 3A
5040 Schöftland
[email protected]

2.9. Perennial Ltd.
The controller in connection with services provided by Perennial Ltd. is :
Perennial Ltd.
Le Trési 6 A
1028 Préverenges
[email protected]
 
2.10. Howden Liechtenstein AG
The controller in connection with services provided by Howden Liechtenstein AG is the:
Howden Liechtenstein AG
Im Bretscha 2
9494 Schaan (FL)
[email protected]

2.11. Howden Sky Ltd.
The controller in connection with services provided by Howden Sky Ltd. is :
Howden Sky Ltd.
Im Bretscha 2
9494 Schaan (FL)
[email protected]

3. Scope of application

Our Privacy Policy governs the collection and further processing of personal data when using the website https://howdengroup.com/ch-de or other websites operated by us (hereinafter collectively referred to as "Website"), services and products, in the context of contractual relationships and when communicating with us. We reserve the right to inform you separately about additional data processing activities that are not listed in this privacy policy, for example by means of declarations of consent or additional data protection notices.

4. Importance of correct of personal data

In order to provide our services and conduct our business activities, we rely on accurate personal data. We ask you to inform us of any changes to personal data relevant to the proper management and administration of the insurance policies and/or the services provided (e.g. contact details and bank account information). If you also provide us with data of third parties (e.g. employees, acquaintances, family members), we assume that they are authorized to do so and that this data is accurate. Please ensure that these individuals have been informed about our privacy policy.

5. What data do we process and how do we obtain it?

We mainly process personal data that you provide to us.
It is necessary for our business relationship that you provide us with the required personal data, as we are usually unable to conclude or execute a contract with you without this information.
In addition, we process personal data provided by policyholders, insured persons, insurers or authorized third parties, including our business partners and other persons involved. We also process publicly accessible data (e.g. from debt collection registers, land registers, commercial registers, media) as well as automatically collected data (e.g. through the use of our website). Furthermore, we receive data from other companies in Howden, from authorities and from other third parties, provided this is legally permitted.
The categories of personal data that we process include, among others:
-       Contact details, personal and identification data: e.g. name, address, e-mail address, telephone/mobile number, date of birth, gender, nationality, creditworthiness data, passport number, identity card, social security number, pension fund insurance number, ethnicity, marital status, lifestyle, insurance needs.
-       Online and technical data: e.g. digital location data, IP addresses, browser history, social media handles, computer, device and connection information, usage data, cookie IDs, registration data (e.g. user name and password).
-       Bank, financial and payment data: e.g. account number, payment method, credit rating, salary, account balance, credit/debit card numbers, bank details, premium receipts, outstanding payments, reminders, credit balances, social security benefits.
-       Health data: e.g. allergies/intolerances, patient files, state of health, examination results/diagnosis, impairments, medical certificates.
-       Biometric data: e.g. hand scans.
-       Insurance data: e.g. broker mandates, analyses and reports, application data, service offers, data from insurance policies, collection data, claims data, benefit and pension claims, retirement date, benefit-relevant events, information on the insured risk, expert opinions, information from the previous insurer on the claims history, contract term, insured risks.
-       Professional data and employment data: e.g. function, assessment/work references, performance, character traits, behavior, absences, education and training, objectives, employee number, employment status, professional experience, qualifications, memberships.
-       Activity and event data: e.g. holding meetings, interest and participation in events.
-       Communication data: e.g. emails, letters, telephone calls, video conferences, chat logs, responses to messages and other interaction data. 
-       Legal and compliance data: e.g. data from official/judicial proceedings, data in connection with sanctions, recordings from security cameras, visitor data, log data, data on the exercise of shareholder rights.
-       Photos/videos other than security recordings and data on the use of our infrastructure that go beyond general activity data.
-       Other data: e.g. professional information other than direct employment status, driver data for vehicles, details from correspondence and meetings with third parties, as well as information from your environment such as family and advisors.

6. For what purposes do we process your data?

Taking into account the legal requirements, we process personal data in particular for the following and related purposes (e.g. secondary use of your data as for statistical evaluations, research, training of our proprietary AI, etc.):

6.1. Conclusion and fulfillment of the contract
We process personal data, among other things, in the context of contract initiation, administration, contract fulfillment and contract processing, the provision, administration and execution of our services, in the context of tenders, preparation of offers, risk management, credit checks, advice and support, claims assessment and processing and premium calculation.

6.2. Payment processing
In addition, we process personal data for the processing of payments (e.g. with regard to insurance premiums and their adjustments).

6.3. Corporate management
We also process data for the purposes of our risk management and in the context of prudent corporate governance, including business organization and corporate development. In particular, we process data for our administration, accounting and to ensure our operations (e.g. IT).

6.4. Applications
If you apply for an open position with us, we will process the personal data you provide to carry out the application process and to contact you in this regard.
In the application process, we only share your personal data with persons who are involved in the application process, such as recruiting managers or your future supervisor. If there is a legal obligation to report, your personal data will be reported to the authorities.
At the end of the application process, your personal data will be deleted within 6 months if we have filled the position elsewhere. Subject to your consent, your personal data may be stored for future vacancies beyond the aforementioned period. If no suitable vacancy arises within 2 years, your personal data will be permanently deleted.
If your application results in the conclusion of an employment contract, your personal data will be processed for the purposes of the employment relationship.
Please note our privacy policy for applicants and for employees.

6.5. Compliance with legal and regulatory requirements:
We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations. We also process personal data for investigations within the scope of our legal and regulatory obligations, including the Anti-Money Laundering Act, insurance supervision law and requirements relating to the financing of terrorism. In particular, this includes authentication and identification as part of "Know Your Customer" processes, necessary clarifications and notifications as well as the processing of data in the course of official investigations. We carry out regular sanction screenings.

6.6. Marketing and development
We continue to process your data for market research, to improve our services and operations and for product development.
We conduct market and opinion research in order to continuously develop and improve our products and services. We also offer other relevant products and services and communicate these through promotional material. Furthermore, we process personal data in the organization and implementation of events and seminars and in the context of relationship management.

6.7. Log data
When you visit our website, certain data is automatically stored on our servers or on servers of services and products that we purchase and/or have installed for system administration, for statistical or backup purposes or for tracking purposes. These are
-       the name of your Internet service provider;
-       Your IP address (under certain circumstances);
-       the version of your browser software;
-       the operating system of the computer used to access the website;
-       the date and time of access;
-       the website from which you visit the website;
-       the search terms you used to find the website.

6.8. Communication
We process personal data in order to communicate with customers and third parties and to respond to their inquiries and comments. We also process personal data for the administration, investigation or settlement of claims or complaints, in particular with regard to insurance policies and services provided.

6.9. Security
We may also process your data for security purposes and for access control. We use video surveillance and IT, building and system security measures to ensure security. We also conduct internal investigations to prevent and detect fraud and other criminal offenses.

6.10. Legal claims and official procedures
We take an active role in asserting legal claims and defending ourselves in legal disputes. For example, we use this data to settle disputes, to enforce agreements and to pursue debtors and collect outstanding debts.

6.11. Business transactions
We process personal data in the context of business transactions (e.g. purchase and sale of business divisions, parts of companies or companies) and activities under company law. We also process personal data as part of our company management and further development, in particular by transferring business records to successor companies and due diligence checks for transactions.

7. On what basis do we process your data?

7.1. Consent
If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with effect for the future by sending a corresponding message to [email protected] or [email protected]. Once we have received notification of your withdrawal, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. If you withdraw your consent, this does not change the fact that the data processing carried out prior to withdrawal on the basis of your consent was lawful.

7.2. Initiation or execution of a contract
 We may also base the processing of personal data on the fact that the processing is necessary for the initiation, performance, or execution of a contract with data subjects, such as customers and business partners (or the entity represented by them). In the course of providing services or concluding a contract for such services, we collect and use personal data to the extent necessary. This enables us to take the necessary measures to prepare and process offers and to fulfill our contractual obligations.

7.3. Legitimate interests
We process personal data so that we can fulfill our legitimate interests, in particular in order to fulfill the purposes described above in section 6. 6 described above and the associated objectives and to be able to implement corresponding measures. For example, ensuring IT security, optimizing our services and customer experience and maintaining our business relationships are such legitimate interests.

7.4. Legal and regulatory requirements
We process personal data so that we can comply with our legal and regulatory obligations. For example, we are regulated by supervisory authorities and are obliged to provide our services in accordance with the applicable regulations.
If we process special category of personal data (e.g. health data, information on political, religious or ideological views or biometric data for identification purposes), we may also process your data on the basis of other legal bases, e.g. in the case of mandatory insurance policies, payroll reports or the disclosure of log data in response to official requests.

8. To whom do we disclose your data?

In order to provide our products and services efficiently and to enable us to concentrate on our core competencies, we obtain services from third parties in numerous areas. We transfer your personal data (including special category of personal data) to third parties, in particular to the following categories of recipients:
-       Companies within the Howden Group: We may share personal data with other Howden companies, which may use this data for the same purposes as we do (see section 6). 
-       Insurance market participants: We may exchange your data with other participants in the insurance market. These include, for example, insurance companies, reinsurers, claims adjusters, underwriters, brokers/intermediaries and pension and vested benefits institutions.
-       Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf as commissioned data processors, as joint controllers or under their own responsibility as controllers. Our service providers include, for example, legal advisors and notary's offices, jointly and severally liable debtors, banks, experts and medical professionals, SaaS companies, CRM providers, IT providers, shipping and logistics companies, advertising service providers, login service providers, cleaning companies, security companies, debt collection companies, credit assessment companies, credit reference agencies, credit agencies, auditors, address verifiers or other verification and risk management agencies. 
-       Co-brokers and their employees: We disclose to our co-brokers such personal data as is necessary for the provision of advice, support and distribution of our products and services and for the calculation of their compensation. If you work as an employee for a co-broker with whom we have concluded a contract, the execution of this contract may result in us disclosing personal data to the company. 
 -       Authorities: We may disclose personal data to offices, courts, law enforcement agencies, supervisory and government bodies and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us under their own responsibility. 
-       Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in para. 6 e.g. service recipients, business successors, media and associations in which we are involved or if you are part of one of our publications.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

9. Is your personal data also sent abroad?

As explained in section 8, we also disclose data to other parties. These are not only located in Switzerland. Your data may therefore be transferred to Europe as well as to all states and territories on earth and elsewhere in the universe, provided that adequate data protection is in place there in accordance with the decision of the Swiss Federal Council or the European Commission.
If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law (we use the revised standard contractual clauses of the European Commission for this purpose), unless the recipient is already subject to a legally recognized set of rules to ensure data protection or we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.
Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

10. How long do we process your data?

We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing, e.g. for documentation and evidence purposes, or if storage is technically necessary. If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the storage or processing period has expired as part of our normal processes.

11. How do we protect your data?

We take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access.

12. What rights do you have?

To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:
 
–           The right to request information from us as to whether we process your data, which data we process, for what purposes and for how long, as well as its origin and the categories of recipients to whom we disclose your data;
–           the right to have us correct data if it is incorrect or incomplete;
–           the right to restrict processing;
–           the right to request the deletion of data;
–           the right to obtain from us the personal data concerning you in a commonly used electronic format or to transmit those data to another controller;
–           the right to object to processing, in particular in the context of direct marketing;
–           the right to demand the cessation of future data processing or disclosure to third parties;
–           the right to withdraw consent where our processing is based on your consent;
–           the right not to be subject exclusively to automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you.
If you wish to exercise any of the above rights against us (or against one of our group companies) , please contact us by email at [email protected] or [email protected]. So that we can rule out misuse, we must identify you (e.g. with a copy of your ID, if this is not otherwise possible).
Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.
 
If you do not agree with our handling of your rights or data protection, please let us know. In particular, if you are in the EEA or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your country.
A list of the authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_de.
You can contact the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/adresse.html
You can contact the data protection office in Liechtenstein here: https://www.datenschutzstelle.li/

13. Automated decision making

In some cases, decisions that affect you can be fully automated. In this case, the decisions are made without human involvement. As a general rule, we do not do engage in this practice. Should we provide for such automated decisions in individual cases, we will inform you accordingly.

14. Do we use cookies and do we use tracking pixels?

Please visit our Cookie Policy to learn more about how we use of cookies and tracking pixels.

15. What data do we process on our page in social networks?

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks (e.g. LinkedIn) and other platforms operated by third parties and provide the services described in section 5 and below about you. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g. about your behavior and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. what content they show you).

16. Can this privacy policy be changed?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version. In case of any discrepancies between the versions of this privacy policy, the German version shall be prevail.

Last updated: December 2024