Data Processing Controller
Squarelife Insurance AG (‚Squarelife‚)
Entered in the Liechtenstein public register.
You may contact our Data Protection Officer by post at the address above. Please mark your correspondence “FAO Data Protection Officer”. Or you can send an email to: firstname.lastname@example.org
Purposes & Legal Grounds for Data Processing
We process your personal data in accordance with the EU General Data Protection Regulation (GDPR), country-specific data protection regulations, relevant data protection regulations of the Insurance Contract Act and all other relevant laws.
If you apply for insurance cover, we will need to make use of the information you provide us to conclude the contract and to estimate the risk we are to assume. If an insurance contract is drawn up, we will process this data to carry out contractual relationships such as issuing the policy or invoicing. We will need details of damages, e.g. to be able to check if an insurance claim can be made and how much damage has been done.
We cannot to enter into or carry out an insurance contract without processing your personal data.
Furthermore, we need your personal data to create insurance-specific statistics, e.g. for developing new tariffs or to fulfil regulatory requirements. We use the data resulting from all Squarelife contracts to monitor our customer relationships, e.g. to provide advice on contractual adjustments or extensions, for making decisions based on goodwill, or for providing extensive information.
The legal basis for this processing of personal data for pre-contractual and contractual purposes is Article 6 (1) (b) GDPR. Insofar as special categories of personal data are required (e.g. data concerning your health at time of taking out a life insurance policy), we will obtain your consent according to Article 9 (2) (a) in conjunction with Article 7 GDPR. If we create statistics using these data categories, this will be carried out based on Article 9 (2) (j) GDPR in conjunction with country-specific data protection regulations.
We also process your data to protect our legitimate interests or those of third parties (Article 6 (1) (f) GDPR). This may be necessary in the following cases:
– to guarantee IT security and operation,
– to prevent and explain offences; we particularly use data analyses to detect any indications of insurance fraud.
In addition to this, we also process your personal data to fulfil legal obligations such as regulatory requirements, retention requirements regulated by commercial and taxation laws and our duty to advise. The legal basis for this processing is the respective legal regulations in conjunction with Article 6 (1) (c) GDPR. If we wish to process your personal data for a purpose that is not mentioned above, we will inform you in advance within the scope of the legal provisions.
Categories of Personal Data Recipients
We insure our risks with special insurance companies called reinsurers. To do this, it may be necessary to pass on your contractual and/or damage details to the reinsurer so that they can form their own impression of the risk or the insurance claim. Furthermore, it is possible that the reinsurer will support our company with their specialist expertise in the area of risk or performance testing as well as in evaluating procedure processes. We transfer data to the reinsurer only if it is absolutely necessary to fulfil our insurance contract with you or as is necessary to protect our legitimate interests. You can request more information about the reinsurer that we use by contacting us at the address above.
If your insurance contracts are being handled by an agent, they will process the application, contractual and damage data required to enter into and carry out the contract. Our company will also pass this data on to the agent assigned if they need it to handle and advise you on your insurance and financial service matters.
Data processing within the corporate group:
Specialist divisions of our corporate group perform certain data processing tasks centrally for group-affiliated companies. Insofar as an insurance contract exists between you and Squarelife, your data may be processed centrally by a group-affiliated company for central address data admin, telephone customer support, policy and claims processing, collection and disbursement or collective mail handling.
The corporate group consists of the following companies:
• Squarelife Insurance AG, Liechtenstein
• Lifeware SA, Switzerland
• Lifeware GmbH, Germany
• Lifeware SA, Luxemburg
External service providers:
To fulfil our contractual and legal obligations, we make use of external service providers to a certain extent. You can request more information about the contractors and service providers that we use by contacting us at the address above.
We also transfer your personal data to additional recipients such as authorities to fulfil our legal reporting obligations (e.g. social insurance agencies, financial authorities or law enforcement authorities).
Duration of Data Retention
We delete your personal data as soon as they are no longer required for the above named purposes. This means that personal data may be retained for the period in which claims can be made against our company (e.g. statutory limitation periods between three and thirty years). Furthermore, we retain your personal data for as long as we are required to do so by law. The corresponding proof and retention obligations stem from taxation laws and the Money Laundering Act, among others. The retention period here is up to ten years.
Rights of Those Affected
You can request information on your personal data by contacting us at the address above. Furthermore, in certain cases, you can also request that your data be corrected or deleted. You may still be entitled to exercise your right to limit the processing of your data and the right to disclose your data in a structured, conventional, machine-readable format.
Right to Object
You have the right to object to the processing of you data for the purposes of direct advertising. If we process your data to protect legitimate interests, you may object to this processing if there are reasons arising from your particular situation that oppose the data processing.
Right to Lodge a Complaint
You are entitled to complain to the above named Data Protection Officer or the responsible data protection supervisory authority. You can request information regarding the responsible data protection supervisory authority by contacting us at the address above.
Data Exchange with Your Previous Insurer
In order to check your details or, if necessary, to supplement them when entering into an insurance contract or when making an insurance claim, it may be necessary to exchange personal data with the previous insurer given on your application.
Transferring Data to Third Countries
If we need to transfer personal data to service providers outside the European Economic Area (EEA), we will only do so if the EU commission can confirm that the third country has an appropriate level of data protection or if other data protection guarantees exist (e.g. binding, intra-corporate data protection regulations or EU standard contract clauses).
Automated Case-by-Case Decisions
In certain cases, based on the details you provide us, we make fully automated decisions when it comes to application and contract processing as well as damage and claims processing. The decision is based particularly on your details regarding personal risk characteristics. These fully automated decisions are mainly based on the contractual terms and conditions and the rules and processing guidelines derived from them.
Squarelife, Leaflet for data processing 05.18