Version 1.2 dated 12. December 2021
Data Protection Officer
To the extent that Helsana falls within the scope of the GDPR, Active-Assets A2 GmbH serves both as its Data Protection Officer within the meaning of Art. 37 GDPR and its representative pursuant to Art. 27 GDPR. Its contact details are as follows:
Active-Assets A2 GmbH
When you visit our Website, your Internet browser automatically sends us certain data regarding your usage and stores this in log files. This concerns the following data in particular: Date and time when the Website was accessed, name of the Website accessed, IP address of your computer or mobile device, address of the referring website, transferred data volume as well as the name and version of the Internet browser used.
These data form the basis for statistical, anonymous evaluations, help to optimise and continuously further develop the Websites and can also be evaluated for marketing purposes. If you wish to prevent this, you can change your settings in the cookie preference centre at any time.
As described below, certain uses of the Website also require Helsana to collect personal data. When using the Website, you either provide these manually (see Section 4 below) or their provision is dependent on your Internet browser’s technical settings and these are either automatically collected or made available by third parties in accordance with those settings (see Section 5). If you do not wish to provide us with this personal data, you may not be able to take advantage of certain offers on the Website (such as the premium calculator) or their functionality may be impaired.
In connection with the use of the Website, Helsana collects the following categories of personal data:
If you are already a customer of Helsana or wish to become one, we collect and process personal data during the conclusion and execution of contracts with our customers. We may link the personal data you provide via the Website to other existing personal data. Data are processed for purposes that are primarily geared toward specific products (e.g. basic insurance, BeneFit PLUS, SANA, COMPLETA, PRIMEO), and may include requirements analyses and insurance consultations. For information regarding further purposes of data processing conducted as part of the contractual relationship, please refer to the corresponding privacy policies.
Other than for the fulfilment of the contract or outside an existing contractual relationship, we use data collected via the Website to protect the legitimate interests of us or third parties. Examples:
We may also use the data to comply with our legal and regulatory obligations.
If, in individual cases, you have consented to the processing of your personal data for a specific purpose, we will base the processing on this consent. You may withdraw your consent at any time, whereby such withdrawal only applies to the future and does not affect the legality of data processing already carried out. Data processing carried out on the basis of your consent includes, in particular, delivery of the newsletter or submission of a contract offer based on the information you entered into the premium calculator.
On this Website, you can subscribe to our newsletter by providing us with personal data (first name, surname and e-mail address). For verification purposes, we will send you a confirmation e-mail immediately after completion of the registration process. The personal data collected during your registration will be used for sending our newsletter. This personal data may be passed on to our marketing department, which processes the data only on our behalf. To the extent permitted by applicable data protection law, we may include codes in our newsletters with which we can recognise whether the recipient has opened the e-mail and downloaded the images contained therein. The recipient can block this in their e-mail program.
You can unsubscribe from our newsletter by clicking on the link at the end of each newsletter.
Normal e-mails that you send to Helsana are not encrypted and may potentially be viewed by third parties. Since we are unable to safeguard the data security of unencrypted e-mail traffic sent to Helsana, Helsana excludes any warranty and liability for such traffic. For this reason, we recommend that you get in touch with us directly by using the available contact forms.
Confidential, personal data that you send to Helsana using the forms provided on the Websites are transmitted in encrypted form according to the current state of the art and cannot be viewed by third parties. The data you enter via the Website will be used in particular to process contracts, process your requests and, if necessary, for marketing purposes within the Helsana Group.
By entering your data in the premium calculator, you agree in particular to be contacted by the companies of the Helsana Group by telephone or another channel for the purpose of making you an offer.
What are cookies?
Most of the cookies we use are temporary session cookies that are automatically deleted from your computer or mobile device at the end of your browser session. We also use permanent cookies. These remain stored on your computer or mobile device after your browser session has ended. Depending on the type of cookie, permanent cookies remain stored on your computer or mobile device for up to two years and are automatically deactivated at the end of the pre-programmed time.
The cookies we use help enable various functions offered by our Websites. For example, cookies help save your language preferences across different pages visited during a single Internet session and thus facilitate your access to the Websites. Cookies also enable us to track and analyse the behaviour of visitors to our Websites. This helps us design our Websites in a more user-friendly, effective way and to make your visit to our Websites as pleasant as possible and to improve the Website’s general visitor experience.
However, cookies also enable us to personalise the content of our Website in general. We also use remarketing cookies to help us target advertisements on other websites to the interests of our Website’s visitors based on the pages you view on our Website. Cookies on our Websites additionally enable us to offer social media features that let you share content via Facebook, Twitter, etc.
How can you change your cookie settings?
You can choose at any time to set your browser such that no cookies are accepted or saved. Instead, you can choose to receive a warning message each time before accepting a cookie or set your browser to accept only cookies from certain websites. You can also delete any cookies that have already been saved at any time.
We would like to point out that the use of individual functions offered by our Website may be restricted or prevented altogether if you reject cookies from the Website. In order to make website navigation easier, we recommend that you accept cookies and do not delete them. If you block cookies, you may not be able to make full use of the interactive functions on this Website.
Which cookies do we use?
We use Google Analytics or similar services on our Website. This is a service provided by third parties who may be located in any country of the world (in the case of Google Analytics it is Google Ireland Limited in Ireland, www.google.com) which we can use to measure and evaluate the use of the Website. Permanent cookies, set by the service provider, are also used for this purpose. The service provider does not receive any personal data from us (and does not store any IP addresses), but may track your use of the Website, combine this information with data from other websites you have visited and which are also tracked by service providers, and use these findings for its own purposes (e.g. to control advertising). If you are registered with the service provider, the service provider also recognises you. The service provider’s processing of your personal data is then the responsibility of the service provider and is carried out in accordance with its data protection provisions. The service provider merely informs us how our respective Website is used (without any information about you personally).
We use reCAPTCHA from Google to determine whether a person or a computer makes a certain entry in our contact or newsletter form. The legal basis for this usage is Art. 13(1) of the Data Protection Act and Art. 6(1)(f) GDPR, because Helsana has a legitimate interest in ensuring the security of its own Website and protecting it from automated entries (attacks). reCAPTCHA is a service that protects websites from spam and misuse. It uses advanced risk analysis techniques to distinguish between human and non-human users (bots). For example, Google uses the following data to check whether you are a human or a computer: IP address of the device used, which Website of ours you visit and in which reCAPTCHA is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements and keystrokes, and the number of click and touch actions in reCAPTCHA areas.
To see the data that Google captures and the purposes for which it is used, please consult https://policies.google.com/privacy. You can find the Terms of Service for Google products and services at https://policies.google.com/terms.
Our websites use social media plug-ins, e.g. for Facebook, Twitter or Google+ (providers). These plug-ins are labelled with the provider’s logo and can, for example, be a Like button, a Google+ button or a Twitter button.
When you visit one of our Websites that features a plug-in of this nature, your Internet browser establishes a direct connection with the provider’s computers. The provider’s website sends the content of the plug-in directly to your browser, which incorporates it into the Website. Through the incorporation of the plug-in, the provider is informed that you visited our Website. If you are logged in to your account on the provider’s website at the same time, the provider can match the visit to your profile. If you interact with the plug-ins – for example by pressing the Like button or posting a comment – the corresponding information is sent by your browser directly to the provider and stored on their servers.
If you do not want the provider to collect data on you via our Website, you have to log out of your account on the provider’s website before visiting our Website. Even if you have logged out of your account, providers still collect data in anonymised form via the social plug-ins and place a cookie on your computer. If you log in to your account on the provider’s website at a later date, this data can be linked to your profile.
If a login is offered via a social login service, e.g. Facebook Connect, data will be exchanged between the provider and our Website. In the case of Facebook Connect, this could be, for example, data from your public Facebook profile. By using such login services, you are agreeing to the transfer of your data.
For Facebook: https://www.facebook.com/policy
For Google: https://policies.google.com/privacy?hl=en
For Twitter Inc.: http://twitter.com/privacy
We take appropriate technical and organisational measures to protect your personal data collected via Websites against unauthorised processing, loss and destruction. We are also concerned about the confidentiality, availability and integrity of your personal data.
We will retain your personal data for as long as necessary to provide the services available on the Website or for other processing purposes, such as fulfilling legal obligations, resolving disputes and enforcing our policies. If we have a legal obligation to retain your personal data, we will delete it after expiry of the respective retention period.
Regardless of how we collect your personal data in connection with the Website, all Helsana Group companies have access to the personal data. This means that your personal data can also be processed for various purposes and linked together with personal data that is collected by another company of the Helsana Group.
Furthermore and to the extent permitted by applicable (data protection) law, Helsana may also disclose personal data to contracted service providers (both inside and outside Switzerland). In connection with data collected on the Website, these specifically consist of IT service providers working in the area of data storage and data analysis.
Personal data obtained in connection with the use of the Website may also be disclosed to third parties (inside or outside Switzerland) if we are obliged to do so by law, by court order or by official order or if this is necessary to support internal or external investigations, other legal investigations or proceedings in Switzerland or abroad or any corporate transactions.
The service providers and third parties to whom Helsana transmits data may be located in any country in the world (specifically the USA and Ireland). If data is transferred to a country without adequate data protection, Helsana guarantees adequate protection through the use of sufficient contractual guarantees, specifically on the basis of EU Standard Contractual Clauses, binding corporate rules or based on exceptions with respect to consent, contract execution, the determination, exercise or enforcement of legal claims, overriding public interest, the data published by you or because it is necessary to protect your individual integrity. You may request a copy of the contractual guarantees by sending a written request along with a copy of an official form of identification to the contact address specified above (see Section 2) or find out from this contact where you can obtain such a copy. Helsana reserves the right to black out such copies for reasons of data protection or secrecy or to deliver only excerpts.
We or service providers acting on our behalf do not process data with the aim of evaluating specific personal characteristics (profiling).
As a matter of principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR to establish and engage in the business relationship. Should we use these methods in individual cases, we will inform you separately if this is required by law.
Access to the Website and the related collection of connection data (such as IP addresses) must be logged; this happens automatically during use and cannot be disabled for individual users. With the exception of the data required for technical reasons (see Section 3.1 above), you are not obliged to provide us with any personal data in connection with your use of the Website. However, certain services cannot be used without the provision of personal data, otherwise their functionality is impaired.
Within the scope of the data protection law applicable to you, you have the right to access your data, to have it rectified or erased, the right to restrict data processing and otherwise to object to our data processing and to the disclosure of certain personal data for the purpose of transferring such personal data to another location (data portability). If the processing of personal data is based on your consent, you may withdraw this consent at any time. Exercising these rights usually requires that you can clearly prove your identity. Please note, however, that we reserve the right to enforce the statutory restrictions, for example if we are obliged to retain or process certain data, have an overriding interest in it (insofar as we may invoke it) or need it for enforcing claims.
If Helsana automatically takes a decision concerning an individual person, which has a legal impact or significantly affects the data subject in a similar way, the data subject may speak to a competent person at Helsana and request a reconsideration of the decision, or demand from the very start that this be assessed by a competent person, to the extent provided for by law. In this case, the data subject might no longer be able to use certain automated services. The person will be informed of such decisions subsequently or separately in advance.
Every data subject has the right to file a complaint with the competent data protection authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch/).
You can also prevent or restrict the installation of cookies by changing your browser settings accordingly. However, we would like to point out that, in this case, you may not be able to use all the functions of this Website to their full extent.
Furthermore, the automated data processing carried out on this Website can be technically prevented as follows:
We're here to help.