Data protection


General information

To execute the invitation and registration process for events, Baloise uses the online platform provided by evenito AG, Zurich (hereinafter referred to as the Platform).

Controller and contact details

The controller for the data processing described here is:

  • Baloise Insurance Ltd, Aeschengraben 21, 4002 Basel, Switzerland (hereinafter referred to as “Baloise” or “we”)

If you have any questions, you can contact Baloise Insurance Ltd’s data protection officer at:

Baloise Insurance Ltd

Data Protection Officer

Aeschengraben 21, P.O. Box

CH-4002 Basel, Switzerland

datenschutz@baloise.ch

Principle

The processing of your personal data (hereinafter “data”) is essential and indispensable for the purpose of registering for a Baloise event. We greatly value the trust you place in Baloise, which is why protecting your privacy is our highest priority. Our employees therefore receive regular training on data protection and are obliged to comply with special confidentiality obligations. In addition, compliance with data protection is continuously monitored by us.

Processing refers to any handling of your data, regardless of the means and procedures used, including, in particular, the acquisition, retention, use, alteration, disclosure, archiving or destruction of the data.

In order to inform you transparently about the processing of your data and so that you can better understand the individual steps of data processing, we would like to show you below how Baloise processes your data in the context of events (e.g. for admission, food orders, hotel reservations, registrations for online events, etc.). In addition, we may inform you separately about the processing of data, e.g. by way of a declaration of consent.

When you transmit data to us about third parties, we assume that you are authorised to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about the data processing described below.

1. General information on data processing

1.1. Category of personal data

During the registration process, we process personal data provided by you, including the following. The amount of data collected varies depending on the event.

  • Contact details: name, address, telephone number, email address
  • Master data (including sensitive personal data): age, date of birth, gender, clothing size, (food) allergies, physical and health restrictions for special activities, passport or identity card information;
  • Information on accompanying persons: name, address, telephone number, email address, age, date of birth, gender, (food) allergies, health restrictions for special activities, passport or identity card information;
  • Registration data: information regarding registration, cancellation, participation or non-participation in an event (on site).
  • Other data: your usage behaviour on the online event platform if the event is held virtually (e.g. time and duration of participation, questions and chat messages, and other activities during the event).

1.2. Purposes of data processing

Your data will only be processed by us for the purposes we have indicated to you when collecting your data, or if we are legally obliged or entitled to process it.

1.2.1 Processing for the organisation of an event

If you register for a Baloise event on the Platform, we will process your data, in particular your contact and master data and that of your accompanying persons as well as registration data, insofar as this is necessary for the preparation (registration, correspondence), implementation and follow-up (management accounting) of the event.

1.2.2 Processing for marketing purposes

We may use your data to send you advertisements about our products and services and notices of other events that we are organising. You have the option to unsubscribe from the newsletter at any time. If you do not wish to receive advertising, you can notify us at our contact address.

1.2.3 Other purposes

The other purposes of data processing vary depending on the event.

  • We draw on the usage behaviour for online events on online platforms to create statistical evaluations and data analyses with the goal of optimising our events in terms of length and content and better adapting them to your needs.
  • The information from questions during the online event (e.g. via chat) will be answered anonymously and made available to all participants, or your question will be forwarded to your customer adviser, who will answer it personally.
  • Registration data for physical events will be used for compliance with health protection plans specified by the authorities (e.g. Covid-19) so that you can be contacted for further protection or prevention measures, if necessary.

1.3. Recipients of personal data

In connection with the organisation of events, the processing of data and disclosure of such data to third parties within Switzerland or abroad is unavoidable. This primarily includes your master data and that of your accompanying persons, and possibly also registration data. The recipients of data vary depending on the event. The following categories of recipients will receive data about you, depending on the nature of the event:

  • Caterers/restaurants can, in particular, obtain data on existing (food) allergies so they can take them into account accordingly
  • Hotels / travel agencies / airlines and other operators can receive your contact information and also passport details to book transfers and accommodation
  • Activity providers may receive your contact information as well as information on physical or health restrictions, depending on the event
  • The authorities can obtain contact details of participants based on the respective protection concepts in place in the context of the Covid-19 pandemic (e.g. for contact tracing) so that these participants can be contacted for further protection or prevention measures
  • Service providers, i.e. legally independent businesses in Germany and abroad that process data on our behalf. These service providers are also contractually obliged to adhere to the purposes we have defined for the data processing. We conclude a contract with these service providers that meets the requirements of the applicable data protection law. In the case of service providers located in a country whose data protection legislation is assessed to be unsuitable by the supervisory authorities, we impose obligations on such providers in order to ensure compliance with statutory guarantees.

These recipients of personal data will always be required to comply with the applicable privacy policy.

1.4. Additional data entry for online events

1.4.1 Login

Online events are organised with external partners via their web pages. You will receive the access data and further information from us in the invitation. To participate in the online event, it is usually necessary to provide data such as first name, last name and email address when logging in.

1.4.2 Evaluation

When accessing these web pages, the following additional data is usually stored in log files: the data you entered, IP address, date, time, browser request and general information transmitted about the operating system or browser. This usage data is collected by the external partner and forwarded to us. It forms the basis for statistical evaluations (e.g. participation behaviour, number of participants), so that trends can be identified which we can use to improve our offerings accordingly.

1.5. Your rights in relation to your data

If you wish to receive information about your data that is processed by us, you can do so by submitting to us your written request for information with an enclosed copy of your identity card or passport to verify your identity.

You may demand that we rectify inaccurate data or complete information that is incomplete, or you can rectify or complete this yourself, to a certain extent, on the Platform at any time.

You may also demand the deletion of your data, provided we are not required or authorised by applicable law or regulations to retain your data.

You may also request the surrender or transfer of your personal data that you have provided to us in a common electronic format, provided that the processing is carried out by means of automated processing, you have consented to the data processing or your data is processed for the conclusion or settlement of the insurance contract.

In all cases in which the data processing is based on your consent, you have the right to revoke this at any time. If consent is revoked, this will not affect the lawfulness of the processing carried out based on the consent previously given, up until the date of its revocation.

You can submit the relevant requests to the following address:

Baloise Insurance Ltd

Data Protection Officer

Aeschengraben 21, P.O. Box

CH-4002 Basel, Switzerland

datenschutz@baloise.ch

1.6. Storage period

In accordance with our data retention policies, your data will only be stored by us for as long as is required for the aforementioned purposes and for as long as we are legally or contractually obligated to store it (as a rule, six months after the organisation of an event).

In individual cases, it is possible to retain personal data for longer, for example if claims are asserted against Baloise (during the statutory limitation period) or if we are otherwise legally or officially obliged to do so or if legitimate business interests require this. As soon as your personal data is no longer required for the purposes set out above, it will be deleted. We will inform you about any changes in this regard by email.

2. Data security

2.1. Confidentiality

We treat your data as confidential and comply with the applicable privacy policy.

2.2. Internet risks

In transferring data via the Internet, you are acting at your own risk. We protect the data you transmit via our web pages during transit by means of appropriate encryption mechanisms. We take appropriate technical and organisational security measures to reduce the risk within our web pages and those of our external partners. Your device, however, is outside the security area that we are able to control. You are therefore required to inform yourself about the necessary security precautions and to take suitable measures in this regard.

2.3. Email encryption

We will send you requested information by email if you have provided us with your email address. Confidential information is transmitted in encrypted form. If information cannot be shared in encrypted form via email, we will use other channels for this purpose (e.g. the customer portal or Baloise Secure Transfer).

2.4. Changes to this information on data processing

We reserve the right to amend or supplement this information on data processing at any time. In each case, the version published here applies.

Last updated 25.02.2021