GENERAL PRIVACY POLICY OF CHECK ALL AG

Check All AG ("Check ALL" or "We") attaches great importance to responsible and legally compliant handling of personal data. Personal data is processed exclusively on the basis of the applicable law. In this privacy statement, we inform our (future) customers, visitors to our website and users of our products and services ("Customers" or "you") about the handling and processing of personal data.

We process data exclusively on the basis of the applicable law. Processing is subject to the Swiss Federal Data Protection Act (DSG) and the Ordinance to the Swiss Federal Data Protection Act (VDSG).

We reserve the right to change this privacy policy at any time. The version published on our website is the currently valid version.

Last update of this statement: September 2022

Privacy policy

1. General privacy policy

We process data about you when they are in contact with us directly or indirectly. Check All uses the term "Data" synonymous with the term "personal data". By data is meant information that relates directly to you or can be directly assigned to you by us. In section 1.2. we inform you about the categories of data that are processed according to the information in this privacy policy. Processing means any handling of data, e.g. obtaining, storing, using, disclosing or deleting.

This privacy policy describes how we process data when you use services from us or obtain products that we broker. In addition to the mediation of insurance products and loans as well as the use of other services, you are in particular in the context of general communication with us (e.g. via website, newsletter, use of the user account and e-mail) in contact (customer communication). Thus, this privacy policy applies to the processing of data that we have already collected or will collect about you in the future.

We provide information about certain data processing separately, e.g. in further notices on our website, on product or service brochures, applications for insurance, loans or memberships, service descriptions for specific products or services, and in consent forms and forms.

1.1 Who is responsible for processing the data?

Check All is responsible for data processing in accordance with this data protection declaration. Check All is also the responsible body under data protection law, unless otherwise communicated in individual cases. You can contact us for exercising rights and for contacting us with data protection concerns in writing (Check All AG, Bahnstrasse 58, 8105 Regensdorf) or by e-mail (contact@checkall.ch).

1.2 What data do we process?

We process different data from various sources depending on the situation and purpose. We primarily collect and receive this data directly from you when you use our products and services, during your visit to our website or as part of general customer communications. We process different categories of data in the process. The most important categories of data are described below:

  • Master data: Master data refers to data relating to identity and personal characteristics and circumstances, such as name, address, date of birth, gender or age.
  • Offer and form data: When you use our products and services, in addition to master data, we also process other data, such as data about your current insurance policies, income and asset and credit circumstances, other living conditions or information about your vehicle or real estate. Such data includes information for the preparation of your offers and application documents.
  • Behavioral and Preference Data: Behavioral data is data about certain actions and interactions between you and us. We can derive from this and other data information about the statistical probability that you are interested in certain products or services. Behavioral data tells us about certain actions, such as logins, obtaining and using products and services from us or third parties, contacting us.

    Preference data tells us what your needs are, what products and services you might be interested in, or when and how you respond to messages from us. We obtain this information from the analysis of existing data in order to get to know you better, to target offers more precisely and to improve them.

    Behavioral and preference data can be analyzed either on a person-related basis, in order to provide tailored offers or display advertising, or on a non-person-related basis, for the purpose of product development.

  • Communication data: This is data in connection with communication with you in correspondence, by telephone and via electronic channels. When establishing your identity (e.g. in the case of a request for information), we also collect data to identify you (e.g. via a copy of an identification document).
  • Technical data: This is data that we collect when you use our website. This data also includes the IP address of an end device. To ensure the functioning of these offers, we can assign an individual code to end devices. Technical data does not allow any conclusions to be drawn about the identity of a person. Together with data from user accounts, registrations, access controls or, for example, the processing of applications or offers, we may be able to link other data to specific individuals. Technical data also includes log files that may be generated in our systems.
  • Registration data: This is data that is transmitted during registration or activation in order to be able to use certain products, offers or services from us (e.g. newsletter).
  • Other data: We collect further data relating to customers in various contexts. For example, data is collected in connection with official or legal proceedings (e.g. files, evidence, etc.).

1.3 For what purposes processed data?

We process your data for the following purposes:

  • Processing of applications and offers

    With the use of our products and services in connection with the compilation and preparation of your applications and offers, we process in particular the contact details and the information on language, gender and date of birth, as well as data relating to a concrete product or service (e.g. information on profession or financial situation).

    Check All partially integrates original content from insurance and credit partners. In this case, the data is collected by us, but on behalf of our insurance and credit partners. In such a case, we have no influence on the data fields to be collected. The data collected by form serves the smooth processing of your application or your offer with the respective insurance and credit partner. The insurance and credit partners are named on the respective page.

  • Advertise automobiles and real estate

    The data entered by you within the framework of the sales platform for automobiles and real estate offered by us will only be stored and used for the purpose of using our marketplace. The purpose is to bring you together efficiently and cost-effectively with potential counterparties (and, if applicable, commercial buyers) and to obtain targeted offers for you and to mediate them.

  • Health insurance

    The health insurance products and services we offer require the collection of health data (such as details of medical conditions or medications taken). You understand and accept that we must submit such sensitive data about your health status to our insurance partners in order to process the offers and applications. This information is mandatory for the review of the application or offer.

    This data will be forwarded exclusively to the respective health insurance company selected by you.

  • User account

    Our customer account is a central service offered and operated by us. It offers you, after agreeing to this privacy policy and our legal provisions, the possibilities to view, optimize and manage comparisons and offers ("activities") that they have carried out with us to date. The service also allows users to save additional time when making comparisons, as the information they have already entered once can also be conveniently used for a new request with a simple click. Furthermore, we attach particular importance to the fact that at no time will data be passed on between us and other companies without the consent of a user.

  • Newsletter

    In addition, we use your e-mail address to send you our newsletter if you order it and have given the corresponding consent to receive the newsletter with possibly promotional content. In this case, we process your e-mail address in order to deliver the newsletter as requested. You can object to the use of the e-mail address for such purposes at any time in writing or in text form with effect for the future.

    For our newsletters, we also select the content based in part on your prior use of our website and the interests in products and content expressed thereby, so that we can best individualize the respective newsletter to you and your interests.

  • Input fields

    Input fields for data that are mandatory for the use of our offers and services are marked accordingly when collected. The provision of data in other fields is voluntary.

  • Compliance with laws, recommendations of authorities and internal regulations

    We also process data to comply with laws, directives and recommendations from authorities as well as internal regulations (compliance). The data processed includes in particular master data, financial data and communication data. In addition, data processing requires the fulfillment of disclosure, information or reporting obligations, the fulfillment of retention obligations as well as the prevention, detection and clarification of criminal offenses and other violations.

    This includes receiving and processing complaints and other reports, monitoring communications, disclosing records to a government agency if we are required to do so or have legitimate interests in disclosure. We may also process data about you in the course of investigations (e.g., by a regulatory or law enforcement agency or an appointed private entity) and internal investigations.

  • Corporate Development

    In the area of business development, we may sell or acquire businesses, parts of businesses or companies and enter into partnerships, which may also result in the exchange and processing of data.

  • Marketing, profile building and customer care

    We process data for marketing purposes and for customer care, in order to send customers personalized information and offers on products and services from us and third parties (e.g. partner insurers). This may be in the form of a letter, as part of a newsletter, or by email. We may also process data to tailor marketing content to better meet customer interests. For marketing purposes and customer care, we may primarily use master data, financial data, and behavioral and preference data.

    In particular, you authorize us to create and evaluate customer profiles in order to develop or evaluate products and services in which you might be interested and, if necessary, to offer such products and services (also from third parties) or to send information about them to your postal, e-mail or telephone address (e.g. SMS). You have the option of revoking your consent to profiling for marketing purposes with effect for the future (profiling block) by means of a corresponding written notification or in text form (e.g. by e-mail). This does not apply to non-promotional messages and automatically generated system and invoice texts.

    We may also process data in connection with contests, sweepstakes and events. Customer care includes the personalized approach to existing customers. As part of customer care, we maintain a customer database in which the data about you that is necessary to maintain the relationship is stored. This includes data about contact persons, the relationship history (e.g. products and services purchased and interactions) and interests or marketing measures.

    You have the option of objecting to the sending of information (advertising block) or revoking the consent given to the processing of data for marketing purposes by notifying us accordingly in writing (also by e-mail) (general revocation). This does not apply to non-promotional messages and automatically generated system texts.

  • Improvement of services and operations as well as product development

    Data may also be processed for market research purposes, to improve services and operations, and for product development. For these purposes, we may use master data, behavioral and preference data, and information from surveys.

    We continuously develop our own products and services, adapt them to the needs of our customers and find out how satisfied they are. We analyze which products are used by which groups of people and how new products and services could be designed and used. This gives us an indication of the market acceptance of existing products and services and the market potential of new ones.

  • Security purposes and access controls

    We may also process master data, technical data, behavioral data and other data for security and access control purposes. We continuously review and improve the security of our IT and infrastructure. However, data security breaches cannot be ruled out with complete certainty. We counter this risk with appropriate technical and organizational measures in accordance with the state of the art.

  • Communication

    We process data in order to communicate with you, to provide you with information or to send you messages and to be able to process your requests. For this purpose, we use master data and communication data. We generally keep this data in order to be able to document the communication that has taken place, but also for quality assurance purposes and for subsequent inquiries. If customers contact us by e-mail, we are expressly authorized to reply via the same channel to the sender's address or to the address provided. E-mails are transmitted unencrypted via the open Internet and it cannot be ruled out that they are accessible, viewable and manipulable by third parties. Thus, e-mail communication is not suitable for the transmission of confidential information.

  • Other purposes

    We may also process data for other purposes, such as internal operations and administrative purposes. Administrative purposes include the management of master data, accounting and data retention as well as the testing and management of the IT infrastructure. Furthermore, we use this data to protect and exercise our own rights, e.g. to enforce claims in court, before or out of court, as well as before authorities in Switzerland and abroad, to preserve evidence, to carry out legal clarifications and to participate in court or official proceedings.

    Other purposes include the evaluation and improvement of internal processes as well as training and educational purposes. The protection of other legitimate interests, which cannot be named exhaustively, are also included.

1.4 To whom do we disclose data?

We are bound to confidentiality by the Data Protection Act and other regulatory requirements. Products and services are often developed, provided and processed in a division of labor. Data is therefore processed by different units. The agencies involved may each process data from you, but may only do so within the scope of legal and/or contractual requirements. We transfer data to the following categories of recipients.

  • Internal persons

    Within Check All, individuals and their business units have access to data to the extent necessary for the purposes set forth in this Privacy Policy.

  • Insurance and credit partners and memberships

    If you choose one of our brokered products or services, we will transmit your applications and quotes to your selected insurance and credit partner. You acknowledge and understand that by providing your data to our contractual partners, they may process it for their own purposes. The further processing of your data is subject to the data protection notices of the respective insurance and credit partners.

    The same applies when you take out a membership with one of our partners (e.g. Touring Club Switzerland as well as asisa).

  • Authorities and other official bodies

    We may disclose data to government agencies, courts and other authorities or official bodies if we are legally obligated or entitled to do so, or if we represent our own rights and legitimate interests.

  • Electronic data transmission

    Data can also be transferred to third parties in Germany and abroad during electronic data transmission without any action on our part. Especially when using mobile devices, manufacturers of devices or software (such as Apple or Google) may receive data.

    These third parties may process and also pass on this data in accordance with their own terms of use or data protection notices.

1.5 Do we disclose data abroad?

The data of our customers is located exclusively in Switzerland. We do not transfer any data abroad. Our server services are provided in Switzerland, which also affects the storage of data.

1.6 How long do we store and when do we delete data?

We store data for as long as required by the applicable legal requirements or the purpose of the processing. The duration of storage therefore depends on the legal and internal regulations.

We also take into account retention obligations and the need to protect our own interests (e.g., to enforce or defend against claims and to ensure IT security). If these purposes have been achieved or no longer apply and there is no (longer any) obligation to retain the data, we delete or anonymize this data. Depending on the legal basis, this may be more than ten years.

Documentation and evidentiary purposes include our interest in documenting processes, interactions and other facts in the event of legal claims, discrepancies, for IT and infrastructure security purposes, and to demonstrate good corporate governance and compliance.

Retention may also be technically necessary because certain data cannot be separated from others and must continue to be retained with them (e.g., in the case of backup or document management system).

1.7 How do we protect the data?

We take appropriate security measures of a personnel, technical and organizational nature to maintain the security of data, to protect it against unauthorized or unlawful processing and to counteract the risk of loss, unintentional modification, unintentional disclosure or unauthorized access. However, security risks cannot be completely ruled out in general. Residual risks are unavoidable.

1.8 What rights do you have?

You have the right to request certain information about data and the processing by us (right to information). You can demand that we correct or supplement incorrect or incomplete data (correction). You can also demand that we delete certain data.

If rights are exercised, you have to contact with a signed letter and a legible copy of identification. Revocation may be made by other means, provided that we make them available. It should be noted that these rights are subject to legal requirements and restrictions and therefore they cannot be fully exercised in every case. We will inform you when exceptions apply. These rights may also be exercised with respect to other entities that cooperate with us on their own responsibility. To the extent that the requirements of applicable law are met, you have the following rights:

  • Access to information about your own data;

  • Correction of incorrect or incomplete data;

  • Deletion of own data;

  • Restriction of data processing of own data;

1.9 Do customers have a right of withdrawal?

Customers have the right to revoke their consent at any time with effect for the future. In certain cases, customers may also object to data processing (for example, in the case of data processing in connection with advertising). However, processing activities carried out in the past on the basis of consent do not become unlawful as a result of the customer's revocation.

In cases where data processing is mandatory for the provision of the service, revocation is not possible. In such cases, a waiver of such data processing is only possible by renouncing the use of the products and services.