Privacy Policy

The purpose of this Privacy Policy is to provide information on how Deutsche Rückversicherung Switzerland Ltd (hereinafter “DR Swiss”) collects and processes personal data. The information provided here is not exhaustive and other data protection declarations or similar documents may regulate specific matters. The term “personal data” refers to all information relating to an identified or identifiable person. 

If you provide DR Swiss with other people’s personal data (e.g. data relating to family members or work colleagues), please ensure that these people are familiar with this Privacy Policy and only provide their personal data to DR Swiss if you have permission to do so and if this data is correct.

This Privacy Policy has been designed to meet the requirements of the Swiss Act on Data Protection ("ADP") and the EU General Data Protection Regulation (“GDPR”). However, whether and to what extent these laws are applicable depends on the specific case. 

1. Data controller and representative in the EEA

The data controller responsible for the data processing as described in this policy is Deutsche Rückversicherung Schweiz AG, Schweizergasse 21, 8001 Zurich. If you have any concerns relating to the protection of your data, you may send these to the above address or to info@drswiss.ch. Alternatively, you may also phone +41 44 215 76 66.

Our representative in the EEA, in accordance with Art. 27 GDPR, is: Deutsche Rückversicherung AG, Hansaallee 177, 40549 Düsseldorf, Tel.: +49 211 4554-01, Email: info@deutscherueck.de.

2. Personal data collection and processing

DR Swiss primarily processes personal data which it receives from clients and business partners in the course of business relationships with them and from other persons involved in these relationships or which it collects from users when using its website or other applications.

Insofar as is permitted, we also obtain some data from publicly accessible sources (e.g. the commercial register, the press or the internet) and receive some data from other companies within the Deutsche Rück Group, authorities and other third parties. In addition to the data that you provide to us directly, the categories of personal data that we receive from third parties concerning you include, in particular, the data we receive from your insurance provider under the conditions provided for below; information concerning your professional offices and activities (e.g. so that, with your help, we are able to enter into and execute transactions with your employer); information about you in correspondence and meetings with third parties; information about you that people with a connection to you (doctors, legal representatives, etc.) provide to us so that we can enter into or execute agreements with you or with your assistance (e.g. references, medical reports or information from your insurer or other contractual partners of ours regarding the claiming of benefits [claims payments]); and data relating to the use of our website (e.g. cookies, date and time of access and pages and content accessed).

Insurance companies may pass a proportion of the risk resulting from their insurance agreements onto reinsurers to ensure that they are always able to fulfil their obligations arising from these agreements. To properly establish, execute and terminate a reinsurance agreement we often only require anonymous data from your insurer. If anonymous data is insufficient for the purposes referred to above, we then receive insurance application or relationship data (e.g. policy number, premium amount, type and amount of cover and risk as well as any additional premiums). This information is subject to pseudonymization or – as is the case with life insurance in particular – may be provided alongside your name.

As a reinsurer, we only obtain your personal data insofar as is necessary for providing reinsurance and provided that there is no reason to assume that an overriding protected interest of the data subject conflicts with the interests of the company. This may be the case when personal data is provided to the reinsurer within the framework of a specific reinsurance relationship for one of the following purposes:

• Benefit and risk assessment in individual cases (e.g. in the event of high agreement amounts or if a risk is particularly difficult to categorise)
• Supporting your insurer with risk and claims assessment and process evaluation
• Determining the scope of reinsurance agreements including verifying whether and for what amount we are participating in one and the same risk (accumulation control) and obtaining lists of the insurance policies covered by the reinsurance for accounting purposes
• Random or individual verification operations relating to your insurer’s risk and benefit assessment so as to be able to assess our obligation to provide benefits to your insurer

3. Cookies/tracking and other technologies relating to the use of our website

So as to analyse our website with regard to trends and statistics, we use Matomo – an open source software for statistically analysing user access. Only anonymised data is collected and this is collected on the basis of the website visitor’s agreement, which is obtained via a cookie consent manager. This data is not used for any other purpose nor is it passed onto third parties.

With the exception of technically essential cookies, other types of cookies which are deployed when a user visits the website may be deselected (to do this, please go to the “My cookie preferences” section). You may withdraw your consent to the use of cookies at any time.

The integration of other services from external providers, such as YouTube, Facebook, X, LinkedIn or Xing, may also involve other cookies being deployed if the website visitor has consented to this. Your data will then be processed under the responsibility of this operator and according to their data protection provisions. We receive no information concerning you from these external providers.

4. Purposes of data processing

We use the personal data we collect primarily in order to enter into and execute agreements with our clients and business partners, in particular within the framework of providing reinsurance for our clients (cf. Point 2) and in order to fulfil our legal obligations both within Switzerland and internationally. If you work for one of these clients or business partners, you and your personal data may also be impacted, on the basis of your role.

In addition, provided this is permitted and deemed appropriate by us, we also process your personal data and the personal data of other people for the following purposes, in which we (and sometimes third parties) have a legitimate interest:

• Providing and developing our services and website as well as any other platforms we are active on (e.g. for generating insurance-specific statistics for the development of new pricing models)
• Communicating with external parties and processing their queries (e.g. for applications and press inquiries)
• Verifying and optimising needs analysis procedures for direct client communications purposes and collecting personal data from publicly accessible sources for the purposes of acquiring new clients 
• Advertising and marketing, unless you have objected to the use of your data for this purpose (if, as an existing client, we send advertising to you, you may object to this at any time and we will exclude you from the list for receiving advertising in the future) 
• Fulfilling legal obligations such as regulatory requirements or retention obligations under commercial and tax law
• Asserting legal claims and defence in relation to legal disputes and official proceedings 
• Preventing and investigating criminal offences and other misconduct (e.g. conducting internal investigations and data analyses in an attempt to combat fraud) 
• Ensuring continued operation, in particular with regard to IT, our website and other platforms 
• Implementing measures for IT, building and system security and for protecting our employees, other persons and assets belonging or entrusted to us (e.g. access controls, network and mail scanning) 

If you have provided us with your consent to the processing of your personal data for specific purposes (e.g. by registering to receive our newsletter or for carrying out a background check), we will process your personal data within the framework of and on the basis of this consent, provided we have no other legal basis and we require one. You may withdraw your consent at any time. However, this will have no impact on any data processing that has already been carried out.

5. Data transfer and data transmission outside of Switzerland

Within the course of our business activities and for the purposes set out under Point 3, we also disclose personal data to third parties to the extent permitted and deemed appropriate, either because these third parties are responsible for processing the data on our behalf or because they wish to use it for their own purposes. Third parties include, in particular, the following:

• Other reinsurers: It may be the case that we insure the risks assumed by us with other reinsurers (retrocessionaires) to spread out this risk. For this, it may be necessary to submit your policy and, if applicable, claims data to the retrocessionaire so that this company is able to carry out its own assessment of the risk or claim event.
• Data processing within the Group: Specialist companies or departments belonging to our Group carry out specific data processing tasks centrally on behalf of companies affiliated with the Group.
• External providers: To fulfil our contractual and legal obligations, we sometimes use the services of external providers.
• Other data recipients: In addition, your personal data may be sent to other data recipients such as authorities for the purpose of fulfilling our legal reporting obligations.

Some of these data recipients are based in Switzerland but may also be based in other countries too. In particular, you must be prepared that your data will be transferred to all countries in which the Deutsche Rück Group is represented by Group companies, subsidiaries or other offices as well as to other European countries and the USA, where the providers we use are based (e.g. Microsoft).

If a data recipient is based in a country which does not have in place sufficient statutory data protection regulations, we contractually oblige the data recipient to comply with applicable data protection regulations, unless the data recipient is already subject to a legally recognised set of data protection assurance regulations or we are able to apply an exemption clause. An exemption may apply, in particular, in the event of legal proceedings abroad; in cases of overriding public interests; if the execution of an agreement requires such a disclosure of data; if you have given your consent; or if the data in question has been made generally accessible by you and you have not objected to the processing of it.

6. Data retention period

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or for as long as processing is required for the specified purposes. For example, for the length of the entire business relationship (from initiation, execution and through to the termination of the agreement) and beyond, in accordance with our legal retention and documentation obligations. It is possible that personal data may be retained for the period during which claims may be asserted against our company (the statutory limitation period of three or up to 20 years) and if we are otherwise legally bound to retain this data or if legitimate business interests require us to do so (e.g. for evidential or documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will, where possible, be deleted or anonymised.

7. Data security

We apply appropriate technical and organisational security measures to protect your personal data against unauthorised access and misuse. These include the application of a data protection policy, data protection training, IT and network security solutions, access controls and restrictions, the encryption of data carriers and transfers, pseudonymization and other controls. Our security measures are designed to correspond to the latest technical standards.

8. Obligation to provide personal data

Within the scope of our business relationship, you must provide the personal data that is required for the establishment and execution of a business relationship and the fulfilment of any contractual obligations that arise therefrom (however, as a rule, you do not have a legal obligation to provide us with data). Nevertheless, without this data we are generally unable to enter into and execute an agreement with you (or the person you represent).

9. Data subject rights

Under the applicable data protection regulations and to the extent provided for therein, you have a right to information, the right to rectification, the right to erasure, the right to restrict data processing, the right to object to our data processing and the right to request the disclosure of specific personal data (known as the right to data portability).

However, please note that we reserve the right to assert the restrictions provided for by law in the event that we have a legal obligation to retain or process certain data, have an overriding interest in doing so (provided we are authorised to apply this) or in the event that we require this data in order to assert claims. If you incur any costs, we will inform you in advance. We have informed you of your right to withdraw consent under Point 3. Please note that exercising these rights may conflict with contractual agreements and may result in premature termination of the agreement or financial consequences. If this has not already been provided for in an agreement, we will inform you about this in advance.

In order to exercise these rights, you are usually required to provide substantial evidence as to your identity (e.g. a copy of an ID document, in the event that your identity is otherwise unclear or unable to be verified). To exercise these rights, please contact us via the address listed under Point 1.

In addition, data subjects also have the right to submit a claim to the courts or file a complaint to the responsible data protection authority.  The responsible data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

10. Amendments

We may adjust this Privacy Policy at any time without prior notice. The applicable version is the latest version published on our website. If this Privacy Policy constitutes part of an agreement with you, we will inform you of any amendments via email or other suitable means in the event that this policy has been updated.