1. Basics
Expatpartners ltd (hereinafter expatpartners, we or us) attaches great importance to the privacy of the individuals whose data it processes and is committed to the protection of this personal data – i.e. all information on the basis of which someone can be identified as an individual person.
With this Data Protection Statement we therefore would like to inform you about
- who controls (responsible for) the processing of personal data;
- which personal data is collected and processed;
- how and from whom the personal data is collected and processed;
- the purpose and the legal grounds for our processing of personal data;
- to whom we transfer the personal data;
- how long we retain the personal data; and
- what your rights as a data subject (affected person) are.
While collecting, processing, transferring and retaining personal data, we and our employees not only comply with this Data Protection Statement but also with the ap-plicable data protection provisions – mainly the Swiss Data Protection Act (DPA) and its ordinance. Since we maintain business relationships with partners established in the European Union (EU) or in the European Economic Area, we have aligned our Data Protection Statement with the requirements according to the EU General Data Protection Regulation (GDPR).
If you provide us with personal data of other persons (such as employees, family members, work colleagues), please make sure the respective persons are aware of this Data Protection Statement and only provide us with their data if you are allowed to do so and if such personal data is correct.
2. Controller oft he Data Processing
The controller (i.e. the responsible person) of the data processing as described in this Data Protection Statement is expatpartners unless indicated otherwise. If you have concerns regarding data protection, you can contact our managing directors via e-mail (This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it.) or via postal service to the following address: Engimattstrasse 22, CH-8002 Zurich, Switzerland. Our number for telephone enquiries is: +41 44 280 68 68.
3. Collection and Processing of Personal Data
We primarily process personal data that we obtain in the course of our contractual relationships from you, our business partners (in particular domestic and foreign in-surance companies) as well as further third parties. Certain personal data we also collect if you use our websites (expatpartners.ch and auslandkrankenkasse.ch) or – as far as permitted – from publicly accessible sources (e.g. internet, press, debt registers, land registries or commercial registers).
The categories of personal data that we collect and process include amongst others
- personal (contact) information as name, sex, date of birth, address, telephone number, country or place of residence and where applicable salary and health information collected through your answers to health questionnaires;
- personal data in connection with communication as correspondence with you or business partners by letter, e-mail, telephone or other means of communication which may be recorded where necessary;
- automatically transmitted or collected personal data in connection with the use of our websites (e.g. date and time of use, previous and accessed page, IP address, data on the browser used, device identification, current location, insofar as this information has been released – otherwise we deliberately refrain from collecting such data as far as possible, cf. section 5);
- information about you in the media and the internet (as far as necessary in the individual case, e.g. in the course of a job application, press review, marketing) and possibly your interests and other socio-demographic factors (for marketing).
4. Purpose of Processing and Legal Grounds
We primarily use collected personal data for identification purposes and in order to conclude and process our contracts with you and business partners, in particular to develop and arrange for optimal insurance solutions. We also process personal data in order to provide all other services offered on our websites and to develop and design new offers and services. The processing of personal data also serves to fulfil our legal obligations at home and abroad. If you work for one of our customers or business partners, you may also be affected in this function with your personal data.
In addition, we process personal data of customers and other persons, as far as it is permitted and appears to be indicated to us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- advertising and marketing (including organizing events), provided that you have not objected to the use of your personal data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a list against further advertising mailings);
- asserting legal claims and defense in legal disputes and official proceedings;
- ensuring our business operations, in particular our IT, our websites, apps and other appliances;
- possible corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of expatpartners.
If you have given us your consent to process your personal data for certain purposes (for example for rendering an offer or by filling out a contact form), we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require to have one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
5. Use of our Websites
You use the internet or our websites at your own risk. This also applies to e-mails and links that lead you to our websites or to links to other websites that we offer you as well as to the content of third-party websites accessed via links.
Even if you send us confidential information and data in a way described above, you do so at your own risk. The transmission of information and data via the internet is usually cross-border and not specially encrypted. Among other things, there is the danger that a third party may gain unnoticed access to your computer while using the internet and causes damage to your computer. We assume no responsibility for this. In order to minimize these and similar dangers, we offer you the possibility of communicating with us via encrypted e-mails, if desired and technically feasible. SEPPmail guarantees the authenticity of the sender, the confidentiality and integrity of the message. SEPPmail is a multi-award-winning Swiss software company with over 15 years of technology and application experience, which enables and secures the sending and receiving of encrypted and signed e-mails in the familiar e-mail environment.
Currently, we deliberately do not use cookies or Google Analytics on our websites to analyse the use of our websites.
6. Disclosure of Personal Data
In the context of our business activities and in line with the purposes of the data processing set out in section 4, we may transfer your personal data to third parties, insofar as such a transfer is permitted and we deem it appropriate. Grounds for such transfer primarily are that third parties process your personal data for us or require them for their own purposes. In particular, the following categories of recipients may be concerned:
- business partners regarding human resources (e.g. in sectors as compensation & benefits and global mobility) as well as insurance brokers and other supporting persons;
- companies affiliated with customers;
- service providers of us, including data processors (e.g. IT providers);
- domestic and foreign authorities or courts as well as arbitral tribunals;
- media, public, including visitors of websites and social media;
- possible opposing parties or parties interested in connection with corporate transactions;
- other parties in possible or pending legal proceedings.
These recipients may be within Switzerland but they may be located in any country worldwide. In particular, personal data may be transferred to countries, in which our customers, their affiliated companies or business partners and service providers are located. If we transfer personal data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts (in particular on the basis of the standard contract clauses of the European Commission) or binding corporate rules or we rely on the statutory exceptions of consent, performance of contracts, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the persons concerned. You can obtain a copy of the above-mentioned contractual guarantees at any time from the contact person named under section 2 above. However, we reserve the right to redact copies for data protection reasons, reasons of secrecy or to produce excerpts only.
7. Retention and Security of Personal Data
We retain your personal data in Switzerland and have enacted appropriate technical and organizational security means. We store your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, as far as possible. In general, shorter retention periods, of no more than twelve months, apply for operational data (e.g. system logs).
8. Your Rights as a Data Subject
Your rights as a data subject (affected person) arise out of the data protection law applicable to your case. In accordance with the Swiss Data Protection Act you have the right to access, rectify, suspend and erase your personal data as well as the right to restrict the data processing. If the GDPR is applicable, you have the additional rights to object to our data processing or to receive certain personal data for transfer to another controller (data portability).
However, statutory restrictions exist on our part regarding these rights if we, for example, are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the personal data in order to assert claims. Therefore, we reserve the right to refer to such statutory restrictions. If exercising certain rights incurs costs for you, we will notify you thereof in advance.
We have already informed you of the possibility to withdraw consent in section 4 above. Please note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs for you. If this is the case, we will inform you in advance unless it has already contractually been agreed upon.
In general, exercising your rights requires that you are able to unambiguously prove your identity (e.g. by a copy of identification documents when your identity is not evident otherwise or cannot be verified in another way). In order to assert these rights, please contact us at the addresses provided in section 2 above.
In addition, you have the right to enforce your rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).
9. Amendments
We may amend this Data Protection Statement (version effective as of June 18, 2019) at any time without prior notice. The current version published on our websites shall apply. If the Data Protection Statement is part of an agreement with you, we will notify you by e-mail or other appropriate means if there is an amendment.