1 Controller/data protection officer/representative
You can contact us regarding privacy concerns and to exercise your rights as follows:
Simpego Versicherungen AG
You can also contact our data protection advisor Doris Andres using this email address.
We have also enlisted a data protection representative in the EU in accordance with Art. 27 of the GDPR:
KAISER & SOZIEN Partnerschaft mbB
You can contact this office with privacy concerns too.
2 Collection and processing of personal data
We primarily process personal data which we receive from our (prospective) clients and other business partners, and other related parties, as part of our business relationships with them, or which we collect from users of our website, apps and other applications and personal data we receive from job applicants and our employees in connection with our application, hiring and employment process.
Where permitted, we also retrieve certain data from public sources or from other companies, authorities and other third parties. As well as the data supplied to us directly by you, categories of personal data we receive from third parties relating to you include, specifically:
- Data from public registers
- Data that comes to our attention in connection with regulatory and judicial proceedings
- Credit checks
- Information relating to you supplied to us by individuals of your acquaintance (family, advisors, legal representatives, etc.) so we can conclude or perform contracts with you or involving you
- Written authorisations (e.g. brokers)
- Information from the media and the internet relating to you (insofar as this is appropriate in the specific case, e.g. as part of an application, marketing, sales, etc.)
- Your interests and other sociodemographic data (for marketing)
- Data in connection with your use of our website (e.g. information regarding your device and settings, cookies, the time and date of visit, pages and content accessed, features used, referring website, location information with some providers, see section 4 below)
3 Purposes of data processing and legal grounds
We use the personal data we collect for the primary purpose of concluding and performing our contracts with our clients and business partners as well as our employees, specifically in connection with our insurance activity with our clients in the fields of motor vehicles, home, living and pets, procuring products and services from our suppliers, partners and sub-contractors, and fulfilling our legal obligations both domestically and overseas. If you work for any such client or business partner, your personal data might also be affected in connection with this role.
Furthermore, where admissible and appropriate, we process your personal data and the personal data of other people for the following purposes in which we (and sometimes also third parties) have a legitimate interest that is consistent with the purpose:
- Advertising and developing our products, services and websites, apps and other platforms where we have a presence
- Communicating with third parties and processing their enquiries (e.g. applications and media enquiries)
- Testing and optimising methods of analysing demand for the purposes of contacting clients directly and collecting personal data from public sources for the purposes of client acquisition
- Advertising and marketing (including events) unless you have objected to the use of your data (if you are an existing client and we send you promotional material, you can object, in which case we will remove your name from our mailing lists)
- Market and opinion research and media monitoring
- Enforcing and defending against legal claims in connection with legal disputes and official proceedings
- Preventing and investigating criminal acts and other misconduct (e.g. insurance fraud, see section 3.2 below)
- Ensuring operation, especially of IT systems, our websites, apps and other platforms
- Telephone recordings for quality assurance and the protection of our employees and others
- Acquiring and selling business divisions, companies or parts of companies and other corporate law transactions and the associated transmission of personal data
- Measures aimed at business management and compliance with legal and regulatory obligations as well as internal Simpego guidelines
Where you have consented to the processing of your personal data for certain purposes (e.g. when concluding an insurance contract or requesting a quote), we will process your personal data within the scope and on the basis of that consent unless we have any other legal grounds and where we require any such consent. The consent can be withdrawn at any time, although this has no effect on data processed up to that point.
3.2 Insurance fraud
Among other purposes, we process your personal data to enable us to uncover or prevent any potential insurance fraud and/or may process your personal data generally for the purposes of preventing insurance fraud, money laundering or the financing of terrorism.
- External fraud detection. We exchange data with contracted service providers and other insurance companies for investigations in connection with the identification of fraud and/or the supervision of suspected cases. We also disclose data to authorities where a legal basis exists for this.
- Internal fraud detection. For instance, we may use your personal data and analyse it based on corresponding patterns. For this purpose, and for your and our protection against criminal or fraudulent activity, we may also create and edit profiles.
- Enquiries from previous insurers. If we have obtained consent to do so during the conclusion of an insurance contract, we will respond to enquiries from other insurance companies about their clients if there is a suspicion of insurance fraud. For example, we provide information about existing insurance contracts or previous claims. We may also make such enquiries about our clients to other insurance companies if we have obtained consent to do so during the conclusion of an insurance contract.
- Comparison against sanctions lists. Your personal data may also be compared with data in the relevant sanctions lists.
- HIS. To prevent and detect insurance fraud, we may also join the SVV Solution AG’s reference and information system HIS. Participating insurance companies report certain circumstances that recommend a more in-depth review of a claim and may search for corresponding reports submitted by other participating insurance companies. Information from HIS may only be used in connection with claims reviews. You can find out more about HIS and your corresponding rights at https://www.svv.ch/de/his.
- Car Claims Info. To prevent fraud in vehicle insurance, we may transmit vehicle-related claims data to SVV Solution AG for entry in the Car Claims Info electronic data collection. This makes it possible to check whether a registered vehicle insurance claim has already been paid out by another insurance company. In cases of justified suspicion, the companies may exchange corresponding data. You can find out more about Car Claims Info and your corresponding rights at https://www.svv.ch/de/branche/regelwerke/datenschutzerklaerung-fuer-car-claims-info.
This processing is permissible on the basis of our overriding legitimate interest in preventing insurance fraud and necessitated by legal requirements.
4 Use of our website (cookies and/or tracking and other technologies)
On our website, we use various techniques which allow us and third parties engaged by us (esp. advertising contractors) to recognise you during use and, under certain circumstances, track you across several visits. We will inform you about this in this section. By using our website, you agree to such processing.
In essence, this is so we can distinguish your access (via your system) from other users’ accesses, enabling us to ensure the functionality of the website and carry out evaluations and personalisation. The techniques we use are designed in such a way that you are recognised as an individual visitor each time you visit a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (a “cookie”).
You can configure your internet browser to block or deceive certain cookies or alternative techniques or to delete existing cookies. You can also enhance your internet browser with software that blocks tracking by certain third parties. Further information can be found on your internet browser’s help pages (usually under the heading “Privacy”) or on the third-party websites listed below. If you deactivate cookies in your browser, you might not be able to use all of the features of our website to their full extent.
- Essential cookies: some cookies are necessary for the functioning of the website or specific features. For instance, they might ensure that you can switch between pages without losing information entered in a form. They also make sure that you stay logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond a session (i.e. a visit to the website) if you make use of this feature (e.g. selected language, consent given, the feature for automatic login, etc.).
We currently use the services of the following service providers and advertising contract partners (insofar as these use your data or cookies set on your browser for managing advertising):
5 Use of our pages on social networks
We may operate pages and other online presences (e.g. profiles) on social networks and other platforms operated by third parties and collect the information specified in section 2 and the personal data described below. We receive this personal data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g. in relation to your behaviour and preferences). They also process this data for their own purposes on their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. what content they display to you).
We process this data for the purposes specified in section 3, in particular for communication, for marketing purposes (including advertising on these platforms, see section 4) and for market research. We may share content published by you (e.g. comments on an announcement) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or to you in accordance with the Usage Guidelines (e.g. inappropriate comments).
For further information on the processing undertaken by the operators of the platforms, please refer to the privacy policies of the platforms. These also detail the countries in which they process your data, what access, erasure and other rights you have as a data subject and how you can exercise these or obtain further information. We currently have profiles on the following platforms:
- Instagram: https://www.instagram.com/simpego/
- Facebook: https://www.facebook.com/simpego
- LinkedIn: https://www.linkedin.com/company/simpego/
- TikTok: https://email@example.com
- YouTube: https://www.youtube.com/@simpego
6 Disclosure of data to third parties and transmission abroad
We also disclose personal data to third parties as part of our commercial activities and the purposes outlined in section 3 insofar as this is permitted and we deem it appropriate, specifically if these third parties process said data on our behalf. The third parties might be the following in particular:
- Our service providers (e.g. dispatch by post or credit checks)
- Including contract processors (e.g. IT providers or service centres) and other contractual and business partners (e.g. cooperation partners)
- Previous insurers, co-insurers and reinsurers
- Insurance intermediaries and brokers
- Garages, mechanics, breakdown services, hauliers, taxi and car rental companies
- Domestic and foreign authorities, official bodies or courts (e.g. FINMA, road traffic licensing departments, criminal prosecution authorities)
- Legally prescribed internal and external auditors
- Experts such as lawyers or doctors
- Those involved in an incident (e.g. in claims)
- Other parties in actual or potential legal proceedings
All hereinafter referred to collectively as “Recipients”
Some of these Recipients are in Switzerland but others might be in any country in the world.
In particular, you must expect your data to be transferred to various European countries – which, according to the Swiss Federal Council, have a sufficient standard of data protection – Kosovo and Israel, where the service providers we use (such as pricing machines or service centres) are located.
If a Recipient is located in a country without adequate legal data protection according to the Swiss Federal Council, we contractually oblige the Recipient to comply with the applicable standard of data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?) and – if appropriate – obtain a Transfer Impact Assessment from a local law firm, insofar as the Recipient is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular to legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure (e.g. in the event of a car accident abroad), if you have consented or if the data is generally accessible by you and you have not objected to the processing of the same. Furthermore, significant outsourcings of ours are still under review by the Financial Market Authority.
6.2 Simpego FlexDrive
The Simpego FlexDrive app (hereinafter referred to as the “App”) incorporates cloud-based technology to measure the driving behaviour and dynamically reflect it in the insurance premium without the need for a device to be permanently installed in the vehicle. This cloud-based technology, as well as the App, is provided and maintained by our third-party provider. Simpego is the data controller of the personal data processed by the App, and our third-party provider is the data processor.
Data collection. If you use the App, the following categories of personal data in particular will be collected from you.
- Data provided by you: when you download and use the App (after signing up for the App), you can provide personal data such as your name and contact details (e.g. e-mail, phone number and address) and other data you provide when using the App.
- Data collected through use of the App: in addition, we may also collect high-frequency data relating primarily to your driving habits and activities during your journeys (hereinafter referred to as “Driving Data”). This high-frequency sensor- and GPS-assisted Driving Data is generated on the basis of detailed trip files and includes location, trip duration (start and end time), odometer reading, routes, braking, rapid acceleration, hard stopping, rapid turning, cornering, speeding, mobile device information, information about travel outside the vehicle, mobile interactions while driving (e.g. phone activity, phone calls and phone handling activity) and potential collisions.
Simpego only receives the data collected by the processor in the App and/or the processor evaluation in condensed or aggregated form.
Data use. In addition to the purposes set out in section 3, we use the data collected through the App for the following purposes in particular:
- Facilitating, operating and providing the App and, in particular, profiling users based on their driving behaviour to ensure the evaluation of users and support the conclusion of insurance contracts for the user
- Authenticating the identity of users and allowing them to access the App
- Automatic detection of collisions and subsequent notification of us
- Providing help and support to users
- Further developing, adapting and improving the App and the user experience based on common or personal preferences, experiences and difficulties
- Contacting users with general or personalised service-related messages (e.g. requests for schedules, information on the use of services, etc.)
- Supporting and improving our data security measures, including the prevention and mitigation of fraud, errors or illegal or prohibited activity
- Compiling aggregated statistical data, derived non-personal data or anonymised or pseudonymised data (that is non-personal) that we or our business partners may use to provide and improve our respective services
Evaluation in particular:
The data processor can use all data mentioned above under “Data collection” to evaluate your driving behaviour within the App. You can view your current rating transparently in the App. The App also gives you feedback on which events during your journeys were considered bad for your rating.
The data processor has locations in various countries. However, your personal data in regard to your use of the App will only be processed in countries that provide adequate data privacy in accordance with the GDPR. The high-frequency Driving Data collected by the App is erased or anonymised one year after collection.
From the moment the contract is activated, the following data is exchanged between autoSense Ltd and Simpego:
- Simpego notifies autoSense Ltd of contract status, insurance cover, status of insurance cover, information about the insured vehicle, premium to be charged for the previous month.
- autoSense Ltd notifies Simpego of adapter status (disconnect/connect), kilometres driven within the local coverage area according to the General Terms & Conditions of Insurance, transaction code of the payment.
No information about your driving behaviour, your location, the vehicle location or any claims will be shared between Simpego and autoSense Ltd.
6.4 Pet insurance
7 Duration of storage of personal data
We process your personal data for as long as necessary to fulfil our contractual and statutory obligations or other purposes for which we are processing the data, i.e. for the term of the entire business relationship (from the initiation to the performance and termination of a contract), as well as in line with the statutory regulations on storage and documentation. It is possible that personal data might be stored for the period of time in which claims can be filed against our company and if we are otherwise legally obligated to do so or if our legitimate interests require it (e.g. for the purposes of evidence and documentation). Retention periods are determined by Simpego internally. In principle your personal data will be erased or anonymised as soon as they are no longer required for the purposes above.
8 Data security
We have implemented reasonable technical and organisational measures, such as the adoption of guidelines, staff training, IT and network security solutions, IT as well as access controls and restrictions, to protect your personal data from being accessed by unauthorised parties and misused.
9 Your obligation to make personal data available
As part of our business relationship, you are required to provide the personal data necessary for the initiation and execution of a business relationship and for the fulfilment of the related contractual obligations (you are not normally legally obliged to provide us with data). Without such data, we will not normally be able to enter into or execute a contract with you (or the body or person you represent). The website cannot be used either if certain information for securing data transmission (such as IP address) is not disclosed.
10 Rights of the data subject
Within the framework of data protection law, you have the right to access, rectification, erasure, the restriction of data processing and the right to otherwise object to our data processing, in particular for direct marketing purposes and other legitimate interests in the processing as well as to the surrender of certain personal data for the purpose of transfer to another entity (data portability).
However, please note that we reserve the right to utilise the statutory restrictions on our part if, for instance, we are obliged to store or process certain data, have an overriding interest in doing so (provided that we are permitted to cite it) or need to do so in order to exercise legal rights. We shall notify you in advance if you will incur costs. We have already made you aware of your option to withdraw your consent in section 3.
Please note that exercising these rights might conflict with contractual agreements and might have consequences such as the premature dissolution of the contract or additional costs. In this case, we shall notify you in advance unless contractual provisions already apply to the matter.
The exercise of such rights requires that you clearly prove your identity (by providing a copy of your identity document). You can contact us at the address provided in section 1 in order to exercise your rights.
Furthermore, every data subject has the right to enforce their claims in a court of law and to lodge a complaint with a supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).