Simpego Privacy Policy

Version as of 4 December 2023

This version of the Privacy Policy is valid from 4th December 2023. The previous versions can generally be found at www.simpego.ch/downloads, or you can contact legal@simpego.ch to obtain them.

Data privacy is of considerable importance to Simpego Versicherungen AG (hereinafter referred to as “Simpego”). Therefore, in this Privacy Policy, we describe how we collect and process personal data. This description is non-exhaustive. There may be other Simpego documents which set out special privacy terms for specific circumstances. Personal data is deemed to be all data that relates to an identified or identifiable individual.

When you provide us with the personal data of other people (e.g. family members or colleagues), please ensure that those people are aware of the Simpego Privacy Policy and only share their personal data with us if you are permitted to do so and if the personal data is accurate.

1    Controller/data protection officer/representative

Under data protection law, Simpego Versicherungen AG, Hohlstrasse 556, 8048 Zurich is the controller of the Simpego data processing operations described in this Privacy Policy, unless specified otherwise in individual cases.

You can contact us regarding privacy concerns and to exercise your rights as follows:

Simpego Versicherungen AG 
Hohlstrasse 556
CH-8048 Zurich
legal@simpego.ch

You can also contact our data protection advisor Doris Andres using this email address.

We have also enlisted a data protection representative in the EU in accordance with Art. 27 of the GDPR:

KAISER & SOZIEN Partnerschaft mbB
Wilhelmstrasse 1b
DE-79098 Freiburg
joerg.vogel@kaisersozien.de

You can contact this office with privacy concerns too.


2    Collection and processing of personal data

We primarily process personal data which we receive from our (prospective) clients and other business partners, and other related parties, as part of our business relationships with them, or which we collect from users of our website, apps and other applications and personal data we receive from job applicants and our employees in connection with our application, hiring and employment process. 

Where permitted, we also retrieve certain data from public sources or from other companies, authorities and other third parties. As well as the data supplied to us directly by you, categories of personal data we receive from third parties relating to you include, specifically:

  • Data from public registers
  • Data that comes to our attention in connection with regulatory and judicial proceedings
  • Credit checks (in particular at Intrum AG, www.intrum.ch);
  • Information relating to you supplied to us by individuals of your acquaintance (family, advisors, legal representatives, etc.) so we can conclude or perform contracts with you or involving you
  • Written authorisations (e.g. brokers)
  • Information from the media and the internet relating to you (insofar as this is appropriate in the specific case, e.g. as part of an application, marketing, sales, etc.)
  • Your interests and other sociodemographic data (for marketing)
  • Data in connection with your use of our website (e.g. information regarding your device and settings, cookies, the time and date of visit, pages and content accessed, features used, referring website, location information with some providers, see section 4 below)


3    Purposes of data processing and legal grounds

3.1    General
We use the personal data we collect for the primary purpose of concluding and performing our contracts with our clients and business partners as well as our employees, specifically in connection with our insurance activity with our clients in the fields of motor vehicles, home, living and pets, procuring products and services from our suppliers, partners and sub-contractors, and fulfilling our legal obligations both domestically and overseas. If you work for any such client or business partner, your personal data might also be affected in connection with this role.

Furthermore, where admissible and appropriate, we process your personal data and the personal data of other people for the following purposes in which we (and sometimes also third parties) have a legitimate interest that is consistent with the purpose:

  • Advertising and developing our products, services and websites, apps and other platforms where we have a presence
  • Communicating with third parties and processing their enquiries (e.g. applications and media enquiries)
  • Testing and optimising methods of analysing demand for the purposes of contacting clients directly and collecting personal data from public sources for the purposes of client acquisition
  • Advertising and marketing (including events) unless you have objected to the use of your data (if you are an existing client and we send you promotional material, you can object, in which case we will remove your name from our mailing lists)
  • Market and opinion research and media monitoring
  • Enforcing and defending against legal claims in connection with legal disputes and official proceedings
  • Preventing and investigating criminal acts and other misconduct (e.g. insurance fraud, see section 3.2 below)
  • Ensuring operation, especially of IT systems, our websites, apps and other platforms
  • Telephone recordings for quality assurance and the protection of our employees and others
  • Acquiring and selling business divisions, companies or parts of companies and other corporate law transactions and the associated transmission of personal data
  • Measures aimed at business management and compliance with legal and regulatory obligations as well as internal Simpego guidelines

Where you have consented to the processing of your personal data for certain purposes (e.g. when concluding an insurance contract or requesting a quote), we will process your personal data within the scope and on the basis of that consent unless we have any other legal grounds and where we require any such consent. The consent can be withdrawn at any time, although this has no effect on data processed up to that point.

3.2    Insurance fraud
Among other purposes, we process your personal data to enable us to uncover or prevent any potential insurance fraud and/or may process your personal data generally for the purposes of preventing insurance fraud, money laundering or the financing of terrorism.

  • External fraud detection. We exchange data with contracted service providers and other insurance companies for investigations in connection with the identification of fraud and/or the supervision of suspected cases. We also disclose data to authorities where a legal basis exists for this. 
  • Internal fraud detection. For instance, we may use your personal data and analyse it based on corresponding patterns. For this purpose, and for your and our protection against criminal or fraudulent activity, we may also create and edit profiles.
  • Enquiries from previous insurers. If we have obtained consent to do so during the conclusion of an insurance contract, we will respond to enquiries from other insurance companies about their clients if there is a suspicion of insurance fraud. For example, we provide information about existing insurance contracts or previous claims. We may also make such enquiries about our clients to other insurance companies if we have obtained consent to do so during the conclusion of an insurance contract.
  • Comparison against sanctions lists. Your personal data may also be compared with data in the relevant sanctions lists. 
  • HIS. To prevent and detect insurance fraud, we may also join the SVV Solution AG’s reference and information system HIS. Participating insurance companies report certain circumstances that recommend a more in-depth review of a claim and may search for corresponding reports submitted by other participating insurance companies. Information from HIS may only be used in connection with claims reviews. You can find out more about HIS and your corresponding rights at https://www.svv.ch/de/his.
  • Car Claims Info. To prevent fraud in vehicle insurance, we may transmit vehicle-related claims data to SVV Solution AG for entry in the Car Claims Info electronic data collection. This makes it possible to check whether a registered vehicle insurance claim has already been paid out by another insurance company. In cases of justified suspicion, the companies may exchange corresponding data. You can find out more about Car Claims Info and your corresponding rights at https://www.svv.ch/de/branche/regelwerke/datenschutzerklaerung-fuer-car-claims-info. 

This processing is permissible on the basis of our overriding legitimate interest in preventing insurance fraud and necessitated by legal requirements.


4    Use of our website (cookies and/or tracking and other technologies)
On our website, we use various techniques which allow us and third parties engaged by us (esp. advertising contractors) to recognise you during use and, under certain circumstances, track you across several visits. We will inform you about this in this section. By using our website, you agree to such processing.

In essence, this is so we can distinguish your access (via your system) from other users’ accesses, enabling us to ensure the functionality of the website and carry out evaluations and personalisation. The techniques we use are designed in such a way that you are recognised as an individual visitor each time you visit a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (a “cookie”).

You can configure your internet browser to block or deceive certain cookies or alternative techniques or to delete existing cookies. You can also enhance your internet browser with software that blocks tracking by certain third parties. Further information can be found on your internet browser’s help pages (usually under the heading “Privacy”) or on the third-party websites listed below. If you deactivate cookies in your browser, you might not be able to use all of the features of our website to their full extent.

  • Essential cookies: some cookies are necessary for the functioning of the website or specific features. For instance, they might ensure that you can switch between pages without losing information entered in a form. They also make sure that you stay logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond a session (i.e. a visit to the website) if you make use of this feature (e.g. selected language, consent given, the feature for automatic login, etc.).
  • Performance and marketing cookies: we and our advertising partners have an interest in controlling advertising in a target group-specific manner, i.e. displaying it only to those we want to target. We have listed our advertising contractors below. We and our advertising partners also use cookies that can log content accessed or contracts concluded for this purpose. This enables us and our advertising contractors to display advertisements that we can assume will be of interest to you on our website, but also on other websites that display advertisements from us or our advertising contract partners. You can deactivate them at any time via your browser’s cookie settings. If you do not allow our cookies, you will not see less advertising, but simply other arbitrary advertisements.

We currently use the services of the following service providers and advertising contract partners (insofar as these use your data or cookies set on your browser for managing advertising):

  • Google Analytics. Google Ireland (based in Ireland) is the provider of the service “Google Analytics” and acts as our contract processor. Google Ireland uses Google LLC (based in the USA) as its contract processor for this (hereinafter jointly referred to as “Google”). Google uses performance cookies (see above) to track the behaviour of users on our website (duration, frequency of site accesses, geographical origin of access, etc.) and generates reports for use regarding the use of our website on the basis of this. These cookies are valid for a maximum of 90 days. The service is configured in such a way that the IP addresses of users aren’t tracked; personal details such as name, address or contact details are never transmitted to Google Analytics either. While we can assume that the information we share with Google is not deemed personal data by Google, there is the potential that Google could use this data to infer the identity of users, create personal profiles and link this data with Google accounts held by these individuals. You can find out more about the Google Analytics privacy policy here: https://support.google.com/analytics/answer/6004245 and if you have a Google account, you can find out more about how Google processes data here: https://policies.google.com/technologies/partner-sites.
  • Google Ads. Google Ireland (based in Ireland) is the provider of the service “Google Analytics” and acts as our contract processor. Google Ireland uses Google LLC (based in the USA) as its contract processor for this (hereinafter jointly referred to as “Google”). Google uses performance cookies (see above) to track the behaviour of visitors to our website if they have clicked on a Google advertisement. These cookies are valid for a maximum of 90 days. No personal data is transmitted to Google here. As long as this cookie is valid, Google and we, as the website operator, can see that you have clicked on an advertisement and ended up on a certain target page. The cookie enables conversion statistics to be generated in Google AdWords. These statistics record the number of users that have clicked on our advertisement. These also count how many users have reached a target page that has been assigned a “conversion tag”. However, these statistics do not contain any data that could be used to identify you. You can find out more about how Google uses conversion data and the Google privacy policy at: https://support.google.com/adwords/answer/93148?ctx=tltp. 
  • Meta Ads. Simpego displays advertising on Meta platforms (based in the USA, among other places). However, Simpego does not use any lead ads, so no personal data is recorded by the advertisements. Simpego does however use Meta Pixel to create events and categorise users into target groups, but this does not involve any personal data. You can find out more about Meta’s privacy policy here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. 


5    Use of our pages on social networks

We may operate pages and other online presences (e.g. profiles) on social networks and other platforms operated by third parties and collect the information specified in section 2 and the personal data described below. We receive this personal data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g. in relation to your behaviour and preferences). They also process this data for their own purposes on their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. what content they display to you).

We process this data for the purposes specified in section 3, in particular for communication, for marketing purposes (including advertising on these platforms, see section 4) and for market research. We may share content published by you (e.g. comments on an announcement) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the Usage Guidelines (e.g. inappropriate comments). 

For further information on the processing undertaken by the operators of the platforms, please refer to the privacy policies of the platforms. These also detail the countries in which they process your data, what access, erasure and other rights you have as a data subject and how you can exercise these or obtain further information. We currently have profiles on the following platforms:

  • Instagram: https://www.instagram.com/simpego/
  • Facebook: https://www.facebook.com/simpego
  • LinkedIn: https://www.linkedin.com/company/simpego/
  • TikTok: https://www.tiktok.com/@simpego.ch
  • YouTube: https://www.youtube.com/@simpego


6    Disclosure of data to third parties and transmission abroad

6.1    General
We also disclose personal data to third parties as part of our commercial activities and the purposes outlined in section 3 insofar as this is permitted and we deem it appropriate, specifically if these third parties process said data on our behalf. The third parties might be the following in particular:

  • Our service providers (e.g. dispatch by post or credit checks)
  • Including contract processors (e.g. IT providers or service centres) and other contractual and business partners (e.g. cooperation partners)
  • Previous insurers, co-insurers and reinsurers
  • Insurance intermediaries and brokers
  • Garages, mechanics, breakdown services, hauliers, taxi and car rental companies
  • Domestic and foreign authorities, official bodies or courts (e.g. FINMA, road traffic licensing departments, criminal prosecution authorities)
  • Legally prescribed internal and external auditors
  • Shareholders
  • Experts such as lawyers or doctors
  • Those involved in an incident (e.g. in claims)
  • Other parties in actual or potential legal proceedings

All hereinafter referred to collectively as “Recipients”

Some of these Recipients are in Switzerland but others might be in any country in the world. 
In particular, you must expect your data to be transferred to various European countries – which, according to the Swiss Federal Council, have a sufficient standard of data protection – Kosovo and Israel, where the service providers we use (such as pricing machines or service centres) are located.

If a Recipient is located in a country without adequate legal data protection according to the Swiss Federal Council, we contractually oblige the Recipient to comply with the applicable standard of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?) and – if appropriate – obtain a Transfer Impact Assessment from a local law firm, insofar as the Recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure (e.g. in the event of a car accident abroad), if you have consented or if the data is generally accessible by you and you have not objected to the processing of the same. Furthermore, significant outsourcings of ours are still under review by the Financial Market Authority.

6.2    Simpego FlexDrive

This section only applies to you if you use the Simpego FlexDrive product and the associated Simpego FlexDrive app. Unless specifically regulated in this section, the general provisions of this Privacy Policy also apply.

The Simpego FlexDrive app (hereinafter referred to as the “App”) incorporates cloud-based technology to measure the driving behaviour and dynamically reflect it in the insurance premium without the need for a device to be permanently installed in the vehicle. This cloud-based technology, as well as the App, is provided and maintained by our third-party provider. Simpego is the data controller of the personal data processed by the App, and our third-party provider is the data processor.

Data collection. If you use the App, the following categories of personal data in particular will be collected from you. 

  • Data provided by you: when you download and use the App (after signing up for the App), you can provide personal data such as your name and contact details (e.g. e-mail, phone number and address) and other data you provide when using the App.
  • Data collected through use of the App: in addition, we may also collect high-frequency data relating primarily to your driving habits and activities during your journeys (hereinafter referred to as “Driving Data”). This high-frequency sensor- and GPS-assisted Driving Data is generated on the basis of detailed trip files and includes location, trip duration (start and end time), odometer reading, routes, braking, rapid acceleration, hard stopping, rapid turning, cornering, speeding, mobile device information, information about travel outside the vehicle, mobile interactions while driving (e.g. phone activity, phone calls and phone handling activity) and potential collisions.

Simpego only receives the data collected by the processor in the App and/or the processor evaluation in condensed or aggregated form.

Data use. In addition to the purposes set out in section 3, we use the data collected through the App for the following purposes in particular:

  • Facilitating, operating and providing the App and, in particular, profiling users based on their driving behaviour to ensure the evaluation of users and support the conclusion of insurance contracts for the user
  • Authenticating the identity of users and allowing them to access the App
  • Automatic detection of collisions and subsequent notification of us
  • Providing help and support to users
  • Further developing, adapting and improving the App and the user experience based on common or personal preferences, experiences and difficulties
  • Contacting users with general or personalised service-related messages (e.g. requests for schedules, information on the use of services, etc.)
  • Supporting and improving our data security measures, including the prevention and mitigation of fraud, errors or illegal or prohibited activity
  • Compiling aggregated statistical data, derived non-personal data or anonymised or pseudonymised data (that is non-personal) that we or our business partners may use to provide and improve our respective services

Evaluation in particular:
The data processor can use all data mentioned above under “Data collection” to evaluate your driving behaviour within the App. You can view your current rating transparently in the App. The App also gives you feedback on which events during your journeys were considered bad for your rating. 

Data retention:
The data processor has locations in various countries. However, your personal data in regard to your use of the App will only be processed in countries that provide adequate data privacy in accordance with the GDPR. The high-frequency Driving Data collected by the App is erased or anonymised one year after collection.

6.3    autoSense

This section only applies to you if you use the autoSense product. Unless specifically regulated in this section, the general provisions of this Privacy Policy also apply.

From the moment the contract is activated, the following data is exchanged between autoSense Ltd and Simpego:

  • Simpego notifies autoSense Ltd of contract status, insurance cover, status of insurance cover, information about the insured vehicle, premium to be charged for the previous month.
  • autoSense Ltd notifies Simpego of adapter status (disconnect/connect), kilometres driven within the local coverage area according to the General Terms & Conditions of Insurance, transaction code of the payment.

No information about your driving behaviour, your location, the vehicle location or any claims will be shared between Simpego and autoSense Ltd.

You can find the autoSense Ltd privacy policy at: https://www.autosense.ch/privacy. 

6.4    Pet insurance
This section only applies to you if you have taken out pet insurance with Simpego or have been charged a premium for this. Unless specifically regulated in this section, the general provisions of this Privacy Policy also apply.

The app for taking out the pet insurance policies offered by Simpego (Sales Funnel) is provided and maintained by our third-party provider Calingo. Both Simpego and Calingo are “controllers” in their own right with respect to the personal data processed on the basis of said pet insurance. You can find the Calingo privacy policy at: https://pet.calingo.ch/privacy-policy.


7    Duration of storage of personal data

We process your personal data for as long as necessary to fulfil our contractual and statutory obligations or other purposes for which we are processing the data, i.e. for the term of the entire business relationship (from the initiation to the performance and termination of a contract), as well as in line with the statutory regulations on storage and documentation. It is possible that personal data might be stored for the period of time in which claims can be filed against our company and if we are otherwise legally obligated to do so or if our legitimate interests require it (e.g. for the purposes of evidence and documentation). Retention periods are determined by Simpego internally. In principle your personal data will be erased or anonymised as soon as they are no longer required for the purposes above.


8    Data security

We have implemented reasonable technical and organisational measures, such as the adoption of guidelines, staff training, IT and network security solutions, IT as well as access controls and restrictions, to protect your personal data from being accessed by unauthorised parties and misused.


9    Your obligation to make personal data available

As part of our business relationship, you are required to provide the personal data necessary for the initiation and execution of a business relationship and for the fulfilment of the related contractual obligations (you are not normally legally obliged to provide us with data). Without such data, we will not normally be able to enter into or execute a contract with you (or the body or person you represent). The website cannot be used either if certain information for securing data transmission (such as IP address) is not disclosed.


10    Rights of the data subject

Within the framework of data protection law, you have the right to access, rectification, erasure, the restriction of data processing and the right to otherwise object to our data processing, in particular for direct marketing purposes and other legitimate interests in the processing as well as to the surrender of certain personal data for the purpose of transfer to another entity (data portability).

However, please note that we reserve the right to utilise the statutory restrictions on our part if, for instance, we are obliged to store or process certain data, have an overriding interest in doing so (provided that we are permitted to cite it) or need to do so in order to exercise legal rights. We shall notify you in advance if you will incur costs. We have already made you aware of your option to withdraw your consent in section 3. 

Please note that exercising these rights might conflict with contractual agreements and might have consequences such as the premature dissolution of the contract or additional costs. In this case, we shall notify you in advance unless contractual provisions already apply to the matter.

The exercise of such rights requires that you clearly prove your identity (by providing a copy of your identity document). You can contact us at the address provided in section 1 in order to exercise your rights.

Furthermore, every data subject has the right to enforce their claims in a court of law and to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).

11    Amendments

We can amend this Privacy Policy at any time without providing prior notice. The current version published on our website is the valid version. If the Privacy Policy is a component of an agreement with you and is updated, we shall notify you of the amendments by e-mail or in another appropriate manner.