Privacy policy
md GmbH, Obertor 35, 8400 Winterthur, Switzerland, is responsible for the data processing activities described in this Privacy Policy (hereinafter also referred to as “we”, “us” and “our”).
In this privacy policy, we describe which personal data we process in connection with our website(www.mdgmbh.ch) and our other services. In particular, you will learn which personal data we process for what purpose, how and where, and which rights you have in this regard.
With regard to the data protection on websites of third parties which are linked to our website – and which lie outside our area of responsibility and liability (see the separate terms of use of this website) – we refer to the data protection declaration on the respective websites.
We process personal data in accordance with the requirements of the relevant regulations, primarily the Swiss Data Protection Act (DSG).
We may amend this privacy policy at any time. The version published on this website is the current version.
Personal data that we process
In connection with the data processing mentioned at the beginning, we process various categories of personal data about you, the most important of which are as follows:
- Technical data: When you use our website, we collect the IP address of your terminal device and other technical data to ensure the functionality and security of these offerings. This data also includes logs recording the use of our systems. As part of the technical data, in addition to the IP address, we also collect information about the operating system of your terminal device, the date, region and time of use, and the type of browser you use to access our website. This can help us to transmit the correct formatting of the website and serves to promote a smooth connection, the comfortable use of the website, the evaluation of system security and stability, as well as other administrative purposes. In order to ensure the functionality of these offers, we may also assign an individual code to you or your end device (e.g. in the form of a cookie, see section 3 below). The technical data in itself does not allow any conclusions to be drawn about your identity. For example, based on the IP address, we know through which provider you access our offers (and thus also the region), but we can usually not deduce who you are from this. We usually keep technical data for 7 days. Technical data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
- Communication Data: When you are in contact with us (e.g., via e-mail, telephone, fax or letter), we collect the data exchanged between you and us, including your contact information and the boundary data of the communication. This includes your name and contact information, the manner and place and time of communication, and usually its content (i.e., the content of emails, letters, etc.). This data may also contain information about third parties. If we want or need to establish your identity, e.g. in the case of a request for information submitted by you (see section 7 below), we collect data to identify you (e.g. a copy of an ID). We use this data for the processing of your request. We usually keep this data for 12 months from the last exchange with you. This period may be longer insofar as this is necessary for reasons of proof or to comply with legal or contractual requirements or is technically required. E-mails in personal mailboxes and written correspondence are generally retained for the duration of the business relationship and for at least 10 years beyond its end.
- Mandate-related data: We refer to client-related data as data that we collect in connection with the processing of your inquiry, other business relationships or for marketing and advertising purposes, and which is not communication data. This includes information about contracts and policies and the services to be provided or rendered, as well as data from the run-up to the conclusion of a contract, information required or used for processing, e.g. gender, date of birth, nationality, information about related persons, employer, position, title, billing and payment information, customer history and customer service, information that you or the other persons named below have disclosed to us in connection with order processing (which may also include information relating to medical treatment) or which we generate as part of our services to you. We receive this data partly from you (e.g. if you are a customer or other business contact or work for one), but also from third parties (e.g. pension funds, employers), from public registers (e.g. debt collection registers, credit reports, land registers, commercial registers, press, Internet), from official and court proceedings, from correspondence and meetings with third parties and from people in your environment (family, consultants, legal representatives, doctors, banks, insurance companies, etc.). We generally retain this data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer insofar as this is necessary for reasons of proof or to comply with legal or contractual requirements or is technically required.
- Other data: We also collect data from you in other situations, such as in connection with recruiting processes and to promote our services and maintain relationships.
Purpose of data processing
- to communicate with you, in particular to respond to inquiries and to contact you in case of queries;
- for the establishment, administration and settlement of contractual relationships, primarily in order to offer, broker or conclude and settle contracts, in particular insurance and pension contracts, with existing or interested customers, insured persons, business partners and other persons involved;
- to assert legal claims and defense in connection with legal disputes and official proceedings;
- to carry out the recruiting process in the context of applications for advertised positions;
- to comply with laws, directives and recommendations from authorities and internal regulations (“Compliance”);
- for safety purposes;
- for the purposes of our risk management and as part of prudent corporate governance, including operational organization and corporate development;
- To provide and improve our services to you and our clients;
- to maintain, provide and improve our website, including monitoring it;
- to advertise our services and maintain relationships (advertising and marketing, including holding events);
- for other purposes, e.g. as part of our internal processes and administration, purchase and sale of business units, companies or parts of companies and other transactions under company law.
If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time with future effect by written notification (by post) or, where not otherwise specified or agreed, by e-mail to us; our contact details can be found under section. 8 below. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Where we do not ask you for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, so in particular to pursue the purposes and related objectives described above and to be able to implement appropriate measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by the respective applicable data protection law. But this also includes the marketing of our services, the interest in better understanding our markets, and the safe and efficient management and further development of our company, including its operations.
If we receive sensitive data (e.g. health data), we may also process your personal data based on other legal grounds, e.g. in case of disputes due to the necessity of processing for a possible lawsuit or the enforcement or defense of legal claims. In individual cases, other legal grounds may come into play, which we will communicate to you separately where necessary.
Online tracking services (cookies), which are collected by third parties.
We use technology on our website that allows us and third parties we engage to recognize you when you use it and, in some circumstances, to track you across multiple visits. In essence, this is so that we can distinguish accesses by you (via your system) from accesses by other users, so that we can ensure the functionality of the website and carry out evaluations and personalizations. We do not want to infer your identity in the process. Even without registration data, however, the technologies used are designed in such a way that you are recognized as an individual visitor each time you access the site, for example by our server (or the servers of third parties) assigning you or your browser a specific recognition number (so-called “cookie”). Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful.
You can program your browser to block certain cookies or alternative techniques, deceive or delete existing cookies. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the keyword “Privacy”). On the following pages you will find explanations on how to configure the processing of cookies in the most popular browsers:
In addition, a general objection to the use of cookies can be declared for a large number of services – especially in the case of tracking – via Your Online Choices (European Interactive Digital Advertising Alliance, EDAA), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or AdChoices (Digital Advertising Alliance Of Canada).
Only necessary cookies are currently used on our website, i.e. cookies that are necessary for the functioning of the website as such or certain functions. These cookies exist only temporarily (“session cookies”). If you block them, the website may not work or display properly. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one visit to the website) if you request this function (e.g. selected language). These cookies have an expiration date of up to 12 months.
Data transfer and data transmission abroad
In connection with the Website, our contracts, services and products, our legal obligations or otherwise to protect our legitimate interests and the other interests set out in para. 2 listed purposes, we also transfer your personal data (which may include health data) to third parties, in particular to the following categories of recipients:
- Service providers: We work with service providers who process personal data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g. insurers and reinsurers, banks, debt collection companies, credit agencies, IT providers, advertising service providers);
- Business partners including customers: First of all, this refers to customers and other contractual partners of ours, because this data transfer arises from these contracts, in particular insurance companies, pension and vested benefits institutions. The recipients also include contractual partners with whom we cooperate or who advertise on our behalf and to whom we therefore transfer data about you for analysis and marketing purposes (these may in turn be service recipients, but also, for example, sponsors and providers of online advertising). We require these partners to only send you advertising or play advertising based on your data if you have consented to this;
- Authorities: We may disclose personal data to offices, courts and other authorities in Germany and abroad if this is necessary for the performance of a contract or if we are legally obligated or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us on their own responsibility;
- Other persons: This refers to other cases where the inclusion of third parties arises from the purposes pursuant to para. 2 results, e.g. industry organizations, associations, organizations and other bodies, other parties in potential or actual legal proceedings, as well as acquirers or parties interested in acquiring business units, companies or other parts of us.
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).
The third parties to whom we transfer your personal data may also be located abroad. If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with the applicable data protection law, unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have given your consent or if it is a matter of data made generally available by you, the processing of which you have not objected to.
Data security
Duration of the retention of personal data
Your rights
Right of information, access and rectification. You have a right of access as well as the right to review and correct any of your personal data that we hold if you believe it is inaccurate or incomplete. You also have the right to object to the processing, to restrict the processing, to have the data deleted or to have the data transferred. Please note that prerequisites, exceptions or restrictions apply to these rights under the applicable data protection law (e.g., to protect third parties or trade secrets); in individual cases, the right to deletion may be excluded, e.g., if legal reporting, archiving or retention obligations conflict. We will inform you accordingly if necessary. Also, the collection of data for the provision of the website (website accessibility/session cookies) and the storage of data in log files is mandatory for the operation of the website, which is why there is no possibility to object in this respect.
In order for us to exclude misuse, we must identify you (e.g. with a copy of your ID card, if this is not possible otherwise). If there are any costs for you, we will inform you in advance.
Right to withdraw your consent. You are entitled to revoke your consent to the use of your personal data at any time with effect for the future (see also section 2 above).
Right of appeal. If you do not agree with our data processing, you can report this to the federal and/or cantonal data protection officer.