Privacy and Cookie Policy for Helsana Websites

In this Privacy Policy we explain the principles governing how the Helsana Group (including Helsana Supplementary Insurances Ltd, Helsana Insurance Company Ltd, Helsana Accidents Ltd, hereinafter collectively referred to as Helsana, we or us) collects and processes personal data through this website and other websites operated by Helsana (hereinafter referred to as Website). Personal data refers to any information that personally identifies you or makes your identification possible.

Version 1.2 dated 12. December 2021

1. Scope

This Privacy Policy explains the acquisition and further processing of personal data collected via Helsana’s Website. This Privacy Policy does not conclusively govern all aspects of data processing performed by Helsana. Data processing may be covered by other privacy policies or data protection statements and processing regulations, or may arise through specific circumstances or be governed by law.

2. Data controller | Data Protection Officer

Helsana Ltd is responsible for all data processing performed within the scope of this Privacy Policy. Helsana’s Data Protection Officer can be contacted at:

Helsana Ltd
Data Protection Officer
Zürichstrasse 130
CH-8600 Dübendorf

To the extent that Helsana falls within the scope of the GDPR, Active-Assets A2 GmbH serves both as its Data Protection Officer within the meaning of Art. 37 GDPR and its representative pursuant to Art. 27 GDPR. Its contact details are as follows:

Active-Assets A2 GmbH
Gottlieb-Daimler-Str. 5
78467 Constance
Germany
privacy@helsana.ch

3. Collection and processing of personal data when using the Website

3.1 Type of data collected

When you visit our Website, your Internet browser automatically sends us certain data regarding your usage and stores this in log files. This concerns the following data in particular: Date and time when the Website was accessed, name of the Website accessed, IP address of your computer or mobile device, address of the referring website, transferred data volume as well as the name and version of the Internet browser used. 

These data form the basis for statistical, anonymous evaluations, help to optimise and continuously further develop the Websites and can also be evaluated for marketing purposes. If you wish to prevent this, you can change your settings in the cookie preference centre at any time.

As described below, certain uses of the Website also require Helsana to collect personal data. When using the Website, you either provide these manually (see Section 4 below) or their provision is dependent on your Internet browser’s technical settings and these are either automatically collected or made available by third parties in accordance with those settings (see Section 5). If you do not wish to provide us with this personal data, you may not be able to take advantage of certain offers on the Website (such as the premium calculator) or their functionality may be impaired. 

3.2 Personal data collected in connection with the use of the Website 

In connection with the use of the Website, Helsana collects the following categories of personal data: 

  • Data provided manually: This includes, but is not limited to, first name, surname, gender, date of birth, age, marital status, (e-mail) address, insurance number, telephone number, family members, preferred communication channel, personal data contained in uploaded files, etc.;
  • Personal data collected automatically: This includes cookies, date, time and number of visits to the Website, pages and content accessed, referring websites, downloaded files, etc. 

3.3 Use of personal data collected on the Website and legal basis

If you are already a customer of Helsana or wish to become one, we collect and process personal data during the conclusion and execution of contracts with our customers. We may link the personal data you provide via the Website to other existing personal data. Data are processed for purposes that are primarily geared toward specific products (e.g. basic insurance, BeneFit PLUS, SANA, COMPLETA, PRIMEO), and may include requirements analyses and insurance consultations. For information regarding further purposes of data processing conducted as part of the contractual relationship, please refer to the corresponding privacy policies.

Other than for the fulfilment of the contract or outside an existing contractual relationship, we use data collected via the Website to protect the legitimate interests of us or third parties. Examples: 

  • to provide and develop the Website and improve and ensure the Website’s customer friendliness;
  • to perform statistical analyses of Website use; 
  • to examine and optimise requirements analysis methods for the purpose of approaching customers directly; 
  • to advertise and market our products and services; 
  • to conduct market research, customer satisfaction and opinion surveys, as long as you have not objected to the use of your data; 
  • to enforce legal claims and as defence in legal disputes; 
  • to safeguard IT security and IT operations of the insurance company; 
  • to prevent and investigate criminal offences; 
  • to adopt measures for the further development of services and products, also in connection with corporate transactions where appropriate. 

We may also use the data to comply with our legal and regulatory obligations. 

If, in individual cases, you have consented to the processing of your personal data for a specific purpose, we will base the processing on this consent. You may withdraw your consent at any time, whereby such withdrawal only applies to the future and does not affect the legality of data processing already carried out. Data processing carried out on the basis of your consent includes, in particular, delivery of the newsletter or submission of a contract offer based on the information you entered into the premium calculator.

4. Personal data provided manually by the user

4.1 Newsletter 

On this Website, you can subscribe to our newsletter by providing us with personal data (first name, surname and e-mail address). For verification purposes, we will send you a confirmation e-mail immediately after completion of the registration process. The personal data collected during your registration will be used for sending our newsletter. This personal data may be passed on to our marketing department, which processes the data only on our behalf. To the extent permitted by applicable data protection law, we may include codes in our newsletters with which we can recognise whether the recipient has opened the e-mail and downloaded the images contained therein. The recipient can block this in their e-mail program. 

You can unsubscribe from our newsletter by clicking on the link at the end of each newsletter.

4.2 E-mail

Normal e-mails that you send to Helsana are not encrypted and may potentially be viewed by third parties. Since we are unable to safeguard the data security of unencrypted e-mail traffic sent to Helsana, Helsana excludes any warranty and liability for such traffic. For this reason, we recommend that you get in touch with us directly by using the available contact forms.

4.3 Contact forms

Confidential, personal data that you send to Helsana using the forms provided on the Websites are transmitted in encrypted form according to the current state of the art and cannot be viewed by third parties. The data you enter via the Website will be used in particular to process contracts, process your requests and, if necessary, for marketing purposes within the Helsana Group. 

By entering your data in the premium calculator, you agree in particular to be contacted by the companies of the Helsana Group by telephone or another channel for the purpose of making you an offer.

5. Personal user data collected automatically

5.1 Cookies 

What are cookies?

We use cookies on our Websites. Cookies are small text files that are sent by the websites you visit to the browser you use (Firefox, Google Chrome, etc.) and stored on the hard drive of your computer or mobile device. They enable websites to run or are intended to provide information to the owners of a website or third parties who receive data from this website, such as information about the devices you use and your preferences. Cookies store certain settings about your browser as well as data concerning interactions with the website through your browser. When a cookie is activated, it is assigned an identification number (cookie ID), which is used to identify your browser and use the information contained in the cookie. Generally speaking, this information does not identify you directly, however it can make it possible for you to have a tailored online experience.

Most of the cookies we use are temporary session cookies that are automatically deleted from your computer or mobile device at the end of your browser session. We also use permanent cookies. These remain stored on your computer or mobile device after your browser session has ended. Depending on the type of cookie, permanent cookies remain stored on your computer or mobile device for up to two years and are automatically deactivated at the end of the pre-programmed time.

Why do we use cookies?

The cookies we use help enable various functions offered by our Websites. For example, cookies help save your language preferences across different pages visited during a single Internet session and thus facilitate your access to the Websites. Cookies also enable us to track and analyse the behaviour of visitors to our Websites. This helps us design our Websites in a more user-friendly, effective way and to make your visit to our Websites as pleasant as possible and to improve the Website’s general visitor experience. 

If you use the “myHelsana” client portal or other parts of our Website where users must log in to access content, the Website may use cookies or some other technology that helps us authenticate you more easily, store and recognise your configuration and user attributes, facilitate your navigation on the Website and provide you with more tailored content to make the available information more interesting for you.

However, cookies also enable us to personalise the content of our Website in general. We also use remarketing cookies to help us target advertisements on other websites to the interests of our Website’s visitors based on the pages you view on our Website. Cookies on our Websites additionally enable us to offer social media features that let you share content via Facebook, Twitter, etc.

How can you change your cookie settings?

In our Cookie Preference Centre you can adjust your consent to the use of cookies on our Website at any time based on your needs.

You can choose at any time to set your browser such that no cookies are accepted or saved. Instead, you can choose to receive a warning message each time before accepting a cookie or set your browser to accept only cookies from certain websites. You can also delete any cookies that have already been saved at any time.

We would like to point out that the use of individual functions offered by our Website may be restricted or prevented altogether if you reject cookies from the Website. In order to make website navigation easier, we recommend that you accept cookies and do not delete them. If you block cookies, you may not be able to make full use of the interactive functions on this Website.

Which cookies do we use?

5.2 Web analysis 

We use Google Analytics or similar services on our Website. This is a service provided by third parties who may be located in any country of the world (in the case of Google Analytics it is Google Ireland Limited in Ireland, www.google.com) which we can use to measure and evaluate the use of the Website. Permanent cookies, set by the service provider, are also used for this purpose. The service provider does not receive any personal data from us (and does not store any IP addresses), but may track your use of the Website, combine this information with data from other websites you have visited and which are also tracked by service providers, and use these findings for its own purposes (e.g. to control advertising). If you are registered with the service provider, the service provider also recognises you. The service provider’s processing of your personal data is then the responsibility of the service provider and is carried out in accordance with its data protection provisions. The service provider merely informs us how our respective Website is used (without any information about you personally).

5.3 Google reCAPTCHA

We use reCAPTCHA from Google to determine whether a person or a computer makes a certain entry in our contact or newsletter form. The legal basis for this usage is Art. 13(1) of the Data Protection Act and Art. 6(1)(f) GDPR, because Helsana has a legitimate interest in ensuring the security of its own Website and protecting it from automated entries (attacks). reCAPTCHA is a service that protects websites from spam and misuse. It uses advanced risk analysis techniques to distinguish between human and non-human users (bots). For example, Google uses the following data to check whether you are a human or a computer: IP address of the device used, which Website of ours you visit and in which reCAPTCHA is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements and keystrokes, and the number of click and touch actions in reCAPTCHA areas.

To see the data that Google captures and the purposes for which it is used, please consult https://policies.google.com/privacy. You can find the Terms of Service for Google products and services at https://policies.google.com/terms.

5.4 Social plug-ins

Our websites use social media plug-ins, e.g. for Facebook, Twitter or Google+ (providers). These plug-ins are labelled with the provider’s logo and can, for example, be a Like button, a Google+ button or a Twitter button. 

When you visit one of our Websites that features a plug-in of this nature, your Internet browser establishes a direct connection with the provider’s computers. The provider’s website sends the content of the plug-in directly to your browser, which incorporates it into the Website. Through the incorporation of the plug-in, the provider is informed that you visited our Website. If you are logged in to your account on the provider’s website at the same time, the provider can match the visit to your profile. If you interact with the plug-ins – for example by pressing the Like button or posting a comment – the corresponding information is sent by your browser directly to the provider and stored on their servers. 

If you do not want the provider to collect data on you via our Website, you have to log out of your account on the provider’s website before visiting our Website. Even if you have logged out of your account, providers still collect data in anonymised form via the social plug-ins and place a cookie on your computer. If you log in to your account on the provider’s website at a later date, this data can be linked to your profile. 

If a login is offered via a social login service, e.g. Facebook Connect, data will be exchanged between the provider and our Website. In the case of Facebook Connect, this could be, for example, data from your public Facebook profile. By using such login services, you are agreeing to the transfer of your data. 

Please see the provider’s privacy policy for the purpose and scope of the database and the further processing of your data by the provider, as well as your associated rights and configuration options to protect your privacy:

For Facebook: https://www.facebook.com/policy

For Google: https://policies.google.com/privacy?hl=en

For Twitter Inc.: http://twitter.com/privacy

6. Data security

We take appropriate technical and organisational measures to protect your personal data collected via Websites against unauthorised processing, loss and destruction. We are also concerned about the confidentiality, availability and integrity of your personal data.

7. Data retention

We will retain your personal data for as long as necessary to provide the services available on the Website or for other processing purposes, such as fulfilling legal obligations, resolving disputes and enforcing our policies. If we have a legal obligation to retain your personal data, we will delete it after expiry of the respective retention period.

8. Disclosure of data and transfer of personal data abroad

Regardless of how we collect your personal data in connection with the Website, all Helsana Group companies have access to the personal data. This means that your personal data can also be processed for various purposes and linked together with personal data that is collected by another company of the Helsana Group.

Furthermore and to the extent permitted by applicable (data protection) law, Helsana may also disclose personal data to contracted service providers (both inside and outside Switzerland). In connection with data collected on the Website, these specifically consist of IT service providers working in the area of data storage and data analysis.

Personal data obtained in connection with the use of the Website may also be disclosed to third parties (inside or outside Switzerland) if we are obliged to do so by law, by court order or by official order or if this is necessary to support internal or external investigations, other legal investigations or proceedings in Switzerland or abroad or any corporate transactions.

The service providers and third parties to whom Helsana transmits data may be located in any country in the world (specifically the USA and Ireland). If data is transferred to a country without adequate data protection, Helsana guarantees adequate protection through the use of sufficient contractual guarantees, specifically on the basis of EU Standard Contractual Clauses, binding corporate rules or based on exceptions with respect to consent, contract execution, the determination, exercise or enforcement of legal claims, overriding public interest, the data published by you or because it is necessary to protect your individual integrity. You may request a copy of the contractual guarantees by sending a written request along with a copy of an official form of identification to the contact address specified above (see Section 2) or find out from this contact where you can obtain such a copy. Helsana reserves the right to black out such copies for reasons of data protection or secrecy or to deliver only excerpts.

9. Profiling and automated individual decision-making

We or service providers acting on our behalf do not process data with the aim of evaluating specific personal characteristics (profiling).

As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR to establish and engage in the business relationship. Should we use these methods in individual cases, we will inform you separately if this is required by law.

10. Obligation to provide data

Access to the Website and the related collection of connection data (such as IP addresses) must be logged; this happens automatically during use and cannot be disabled for individual users. With the exception of the data required for technical reasons (see Section 3.1 above), you are not obliged to provide us with any personal data in connection with your use of the Website. However, certain services cannot be used without the provision of personal data, otherwise their functionality is impaired.

11. Users’ rights

Within the scope of the data protection law applicable to you, you have the right to access your data, to have it rectified or erased, the right to restrict data processing and otherwise to object to our data processing and to the disclosure of certain personal data for the purpose of transferring such personal data to another location (data portability). If the processing of personal data is based on your consent, you may withdraw this consent at any time. Exercising these rights usually requires that you can clearly prove your identity. Please note, however, that we reserve the right to enforce the statutory restrictions, for example if we are obliged to retain or process certain data, have an overriding interest in it (insofar as we may invoke it) or need it for enforcing claims.

If Helsana automatically takes a decision concerning an individual person, which has a legal impact or significantly affects the data subject in a similar way, the data subject may speak to a competent person at Helsana and request a reconsideration of the decision, or demand from the very start that this be assessed by a competent person, to the extent provided for by law. In this case, the data subject might no longer be able to use certain automated services. The person will be informed of such decisions subsequently or separately in advance.

Every data subject has the right to file a complaint with the competent data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch/).

You can also prevent or restrict the installation of cookies by changing your browser settings accordingly. However, we would like to point out that, in this case, you may not be able to use all the functions of this Website to their full extent.

Furthermore, the automated data processing carried out on this Website can be technically prevented as follows:

  • Google Analytics: install the browser add-on by clicking the following link:  https://tools.google.com/dlpage/gaoptout.
  • If you do not want the provider of social media plug-ins to collect data on you via our Website, you have to log out of your account on the provider’s website before visiting our Website. Even if you have logged out of your account, providers still collect data in anonymised form via the social plug-ins and place a cookie on your computer. If you log in to your account on the provider’s website at a later date, this data can be linked to your profile.

12. Changes to the Privacy Policy

Helsana may modify this Privacy Policy at any time without advance notice and without notification. The version currently published on the Website shall apply.

Do you have questions?

We're here to help.