1. General information and scope
Thank you for your interest in Global Sana. With this information we would like to inform you about the handling of your personal data. In order to provide this website, we process personal information in accordance with the Swiss Data Protection Act (DSG) and the European Data Protection Regulation (DSGVO).
This privacy statement applies to Global Sana’s websites, services and contracts, unless separate privacy statements are mentioned there.
2. Responsible entity and data protection officer
Responsible for data processing is:
Global Sana AG
If you have any questions about the processing of your personal data, please contact us via the above e-mail address or by post at the above address.
3. What personal data are at issue?
We use personal data that you provide to us yourself. The following data may be collected when using the website and the newsletter:
- the name of the website visited,
- the IP address from which the website is accessed,
- Date and time of the visit,
- the file name,
- the notification that the website has been successfully accessed,
- the volume of data transmitted,
- the previously visited website (referring URL),
- Type and version of the browser,
- Operating system of the user,
- Master data (e.g. name, address, e-mail)
4. For what purposes and based on what legal basis is the data processed?
Legal basis: Purpose
- Within the framework of the initiation and implementation of contracts: If applicable, advice and support, risk assessment, credit assessment, contract administration and modification, debt collection, claims processing, determination of customer satisfaction
- To maintain legitimate interests: Detection of fraudulent acts (fraud prevention), evaluation of customer relationships and customer behaviour for contract optimisation and optimisation of products, services, processes, advertising for own products
- Consent: Sending newsletters and market and opinion surveys, for the processing of personal data requiring special protection (health data) when concluding contracts, carrying out contracts and pro-cessing claims
- Legal requirements: Compliance with various legal requirements (e.g. Money Laundering Act, insurance supervisory law/ supervisory requirements of FINMA, statutory retention obligations)
5. Is personal data passed on to third parties?
We do not pass on your personal data to unauthorised third parties. In accordance with the need-to-know principle, our employees only have access to the data they need to fulfil their duties. In order to provide our services, we rely on the transfer of your data. Depending on the purpose, this includes e.g. IT services, logistics and marketing. Any third parties involved in our processes will only process your personal data on our behalf as we are permitted to do ourselves. They are thoroughly checked with regard to data protection and data security prior to the conclusion of the contract and are obliged to comply with data protection regulations and technical-organisational measures in accordance with the current state of technology.
If we are required to do so by government bodies (e.g. authorities, courts, …), we may have to disclose your personal data if we are legally obliged to do so.
6. Is automated case-by-case decision-making and profiling used?
Yes, your data will be processed, in part automatically, with the aim of evaluating certain aspects, e.g. in the following cases:
- We are obliged to take certain measures based on legal and regulatory requirements (e.g. combating money laundering and terrorist financing). For this purpose, data evaluations (at the conclusion of the contract, during the term and in the case of disbursements) are required.
- We compile statistics in order to be able to provide targeted information about products. This enables adapted communication (incl. market and opinion research).
Automated individual decisions are made for the initiation and execution of the contracts – e.g. an au-tomated decision is made on the basis of the information you provide regarding the conclusion of the contract, possible risks, the amount of premiums and, if applicable, the obligation to pay benefits. Au-tomated decisions are based on defined rules for prioritizing information (actuarial criteria for calcula-tion). In the case of automated decisions, you have the right to request the intervention of a person in charge, to express your point of view and to contest the decision.
7. Where is your personal data processed?
If it is necessary to provide our services, your personal data will be transferred to the above-mentioned recipients in Switzerland, the EU and outside.
Data transfer to third countries (outside the EU) only takes place if there is an adequate level of data protection comparable to Switzerland and the EU or if the recipient contractually assures equivalent data protection (e.g. by using the EU Standard Contractual Clauses/ SCC).
8. Are cookies being in use?
The data subject can prevent the setting of cookies by our website at any time by means of an appropri-ate setting of the Internet browser used and thus permanently object to the setting of cookies. Further-more, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
9. Is your personal data protected?
Yes, we have implemented extensive technical and organizational measures in accordance with the current state of technology. For example, all data traffic transmitted via our website is encrypted.
However, complete security is not economically feasible. Should you send us information via the Inter-net and/or other electronic means, there is a risk of damage, leakage and manipulation.
10. How long is personal data stored?
The data is stored and processed for as long as the purpose of the data collection exists and we are obliged to do so by legal or contractual provisions.
11. What rights do you have in relation to your personal data?
- Right to confirmation. Every data subject shall have the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed.
- Right to information. Any person concerned by the processing of personal data shall have the right to obtain from the controller, at any time and free of charge, information about the personal data stored concerning him or her, as well as a copy of such information.
- Right of rectification. Any person concerned by the processing of personal data has the right to obtain the immediate rectification of personal data relating to him or her which are inaccurate.
- Right to deletion (right to be forgotten). Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data relating to him or her.
- Right to restrict processing. Any person concerned by the processing of personal data has the right, under certain conditions, to obtain from the controller the restriction of processing.
- Right to data portability. Any person concerned by the processing of personal data shall have the right to obtain the personal data relating to him or her which have been provided by the data subject to a controller in a structured, commonly used and machine-readable format.
- Right of objection. Any person concerned by the processing of personal data has the right to object at any time, on the basis of his or her particular situation, to the processing of personal data relating to him or her.
- Automated decisions in individual cases including profiling. Any person concerned by the processing of personal data has the right not to be subject to a decision based solely on automated processing, in-cluding profiling.
- Right to withdraw consent under data protection law. Any person affected by the processing of person-al data has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller.
Our website uses functions of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA . When you call up our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In the process, data is already transferred to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular the use of a comment function or the clicking of a “Like” or “Share” button are also passed on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.
Also integrated on our website are functions of Instagram. These functions are integrated by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.
Within our online offer, we use the marketing services of LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
For example, information on the operating system, the browser, the website you previously visited (re-ferrer URL), which websites the user visited, which offers the user clicked on, and the date and time of your visit to our website are recorded.
The information generated by the cookie about your use of this website is transferred in pseudony-mized form to a LinkedIn server in the USA and stored there. LinkedIn therefore does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the per-son for whom the cookie was generated. This does not apply if the user has allowed LinkedIn to process without pseudonymization or has a LinkedIn account.
15. What about the newsletter?
You can subscribe to our newsletter. The information you provide in the process will be used to con-firm your subscription and to store it in the recipient list. You can cancel the subscription at any time by clicking on the link contained in each newsletter.
16. Google Analytics (with anonymisation function)?
We have integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on the website from which a data subject has accessed a website (so-called referrers), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. A web analysis is mainly used to optimize a website and to analyze the costs and benefits of internet advertis-ing.
The operating company of the Google Analytics component is the Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymised by Google if access to our Internet pages is made from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website operated by the data controller is ac-cessed and on which a Google Analytics component has been integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google Ana-lytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission calculations.
By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
As of April 2022