Web-data policy

Data privacy is an important issue for Baloise in the light of the rapid progress of digitalisation in the world today. Your personal information is processed with strict confidentiality and in compliance with the latest laws on data protection. Protecting your privacy and your data against unauthorised third-party access, loss and misuse is a top priority for us.

The body responsible for the data processing described herein:

Bâloise Assurances, 23, rue du Puits Romain, Bourmicht, L-8070 Bertrange, dataprotection@baloise.lu (hereinafter “Baloise” or “we”).

If you have any questions please contact our data protection officer at dataprotection@baloise.lu. He is also at your disposal if you have an information request, suggestion or complaint.

Your data is used only for the purpose that is specified when it is collected, for which you have given your consent or that is provided for by law. We oblige our employees to maintain confidentiality, observe the data protection law and – in the case of banking services – to maintain professionnal insurance secrecy.

Personal data means any information relating to an identified or identifiable natural person. A natural person is deemed to be identifiable if they can be identified directly or indirectly, particularly by means of assignment to a characteristic, e.g. their name, email address or telephone number. Data on an individual’s predilections such as hobbies or club memberships, or on their preferred websites, also counts as personal data. Data that is anonymised or aggregated and can no longer be used to identify a particular person is not deemed to be personal data. “Processing” refers to any handling of personal data, regardless of the means and procedures used, including, in particular, the acquisition, retention, use, alteration, disclosure, archiving or destruction of data.

Baloise uses server logfiles to capture data about your visit to the website. This access data includes:

name of the website you accessed,
file name,
the date and time of your visit,
the volume of data transferred,
notification of successful access,
your browser type and version,
your operating system,
the referrer URL (the previous page visited),
the IP address and the requesting provider.

Baloise uses this logged data for analytical purposes only to ensure the operation and security of our IT systems, and to optimise the website within the meaning of Art. 6 (1) (f) GDPR in order to provide you with a secure and trouble-free user experience at all times. Baloise does, however, reserve the right to verify logged data subsequently, should it have concrete grounds to suspect that the website has been used unlawfully. The server logfiles are deleted after a period of 30 days.

When you contact us using the online form, we capture your contact details transmitted to us so that we can process your enquiry and follow up on any queries that may arise. During the sending procedure your consent is obtained to process the data and you are referred to this privacy policy. The legal basis for this processing of your data is Art. 6 (1) (a) GDPR. You have the right to revoke your consent at any time. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent.

The legal basis for the processing of your data when you contact us by email is Art. 6 (1) (f) GDPR. We only process your personal data in order to process your enquiry. This is where our required legitimate interest in processing the data lies.

If the aim of the email contact is to enter into a contract, Art. 6 (1) (b) GDPR provides an additional legal basis for processing the data.

On the Baloise web pages you have the option to subscribe to our newsletter. If you do so, the data you provide (title, last name, first name and email address) is transmitted to us from the data entry screen. We then send you a confirmation email to verify your consent (double opt-in process). The legal basis for this processing of data is Art. 6 (1) (a) GDPR. For the purpose of customised and targeted advertising, the data you transferred when registering for the newsletter may be passed on within the Group companies.

You have the right to revoke your consent at any time. If you no longer wish to receive our newsletter you may unsubscribe via the link provided in each issue of the newsletter. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent.

Cookies are small text files that are stored locally on your device (PC, smartphone, etc.) and allow data specific to that device to be captured. We use cookies on our web pages. You can learn more about our cookies in our cookie policy and can amend your cookie settings as required in the Cookie Preference Center at any time.

We would also like to make you aware that you can adjust cookies on an individual basis in your browser settings. However, blocking all cookies there may result in this and other websites no longer being displayed correctly. If you want a comprehensive and up-to-date overview of all third-party access to your internet browser, we recommend that you install a browser plugin created for this purpose. You can also configure your computer to issue a warning whenever a cookie is sent. Alternatively, you may elect to disable all cookies. To do this, you can change the browser settings in any browser you use and on any device you use. Each browser is slightly different in its handling of these settings. You can consult the Help menu in your browser to find out how to change your cookie settings. If you disable cookies, the result may be that you do not have access to numerous applications that make the pages and apps more efficient, and some of our services may no longer work for you.

Our website content consists, to some extent, of third party content such as YouTube videos, maps from Google Maps, RSS feeds or images from other websites. This always requires that the providers of such content (hereinafter referred to as “Third-Party Providers”) identify your IP address. Without this IP address, the third-party providers cannot send the content to your browser. We only integrate this content into our web page to provide you with useful information, or to make a process easier for you without additional data processing. The legal basis for this data processing can thus be found in Art. 6 (1) (f) GDPR. Our legitimate interest lies in the fact that we are able to offer you this content as a service. In addition, certain services are only activated as described above when you actively select them. In these cases data processing is based on Art. 6 (1) (a) GDPR. If you do not want this content, you can select the appropriate settings in your browser settings. We make every effort to use content from providers that use the IP address only for the delivery of such content. However, we cannot influence whether or not third-party providers use the IP address for statistical purposes, for example. We notify users if we become aware of any such usage.

10.1 Google Analytics and Tag Manager

On our website we use Google Analytics and Tag Manager, a web analytics service and an associated support tool provided by Google Inc. (“Google”). Google Analytics and Tag Manager use cookies to facilitate these services. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there. IP anonymization is standard on the Baloise website, which means that your IP address is abbreviated before being transmitted to Google. In exceptional cases only, your full IP address will be transmitted to a Google server in the USA and abbreviated there. The IP address transmitted from your browser in the context of Google Analytics will not be matched with other data held by Google. On our behalf, Google will use this information in order to evaluate your use of the website within the scope of your consent or for technical reasons, to prepare reports on website activity and to provide other services to us in connection with website and internet usage. The legal basis in the case of strictly necessary cookies is Art. 6 (1) (f) GDPR. Our legitimate interest lies in ensuring as best we can that the web page functions correctly. For all other cookies our processing is based on your consent in the Cookie Preference Center in accordance with Art. 6 (1) (a) GDPR.

The following data may be stored and analysed anonymously and exclusively for statistical purposes:

the pages visited and the sequence in which they are accessed,
the operating system and browser used,
the date and time of the page views,
the address of the website visited directly beforehand, if your visit has been made via a direct link to us from there, and
information about the origin.

10.2 Google Places API

On certain websites we use Google Places API to make it easier for our users to perform place-related searches and to fill in address details automatically. The data that is collected through a search using Google Places API is subject to Google’s terms of use. Google processes data on the user’s use of Places. For further information, please visit: https://developers.google.com/maps/terms?hl=de#section_9.

10.3 Google AdWords Conversion Tracking and Google Remarketing

We use Google AdWords Conversion Tracking and Google Remarketing for advertising purposes.

With Google Conversion Tracking, Google AdWords will place a cookie on your computer, provided you have reached one of our web pages via a Google ad. These cookies expire after 30 days and cannot be used for personal identification. If you visit certain pages on our websites and the cookie has not yet expired, we and Google can recognise that you have clicked on the advert and then been forwarded to this page. Every AdWords customer, which includes us, is given a unique cookie. Cookies cannot, therefore, be traced beyond the websites of the AdWords customer. The information acquired by means of the conversion cookie helps produce conversion statistics for AdWords customers. AdWords customers find out the total number of users who have clicked on their adverts and who have been forwarded to a page with a conversion tracking tag. However, we do not receive any information with which to identify users personally. If you do not wish to take part in the tracking process, you can reject the setting of a cookie that is required – such as by deactivating the “Targeting Cookies” category in our Cookie Preference Center. The legal basis for our use of Adwords is your consent in accordance with Art. 6 (1) (a) GDPR. With Google Remarketing, cookies are used to record your browsing behaviour in an anonymous manner for marketing purposes and to adapt advertising offers to your interests. These technologies never record or store personal data that allows your identity to be determined. DoubleClick by Google (Pixel TAG) also uses cookies to enable remarketing for products like AdWords in the Google Display Network. The cookies store information such as the time of your visit, whether or not it is your first visit, and information about the website from which you were referred. These cookies can also be set individually in the Cookie Preference Center.

10.4 DoubleClick by Google

DoubleClick by Google is a service provided by Google Inc. that uses cookies to present relevant advertising to you. To this end, a pseudonym identification number (ID) is assigned to your browser in order to check which ads have been displayed in your browser and which ads were accessed. The cookies do not contain any personal information. The use of Facebook “like” buttons for DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the internet. The information generated by the cookies is transmitted by Google for evaluation to a server in the USA and stored there. Transfer of the data by Google to third parties takes place only subject to legal regulations or in the context of contracted data processing. Under no circumstances will Google combine your data with other data collected by Google. By using our websites, you agree to the processing of the data collected about you by Google and the above-described manner of data processing as well as the stated purpose. You can adjust the way cookies are stored by selecting the appropriate setting in our Cookie Preference Center. Your consent provides us with the legal basis here too in accordance with Art. 6 (1) (a) GDPR.

Social media cookies give us the opportunity to connect to your social networks and share content from our sites via social networking channels. Further information can be found in the Cookie Preference Center and in the cookie policy.

11.1 Facebook Remarketing / Retargeting

Our pages have remarketing tags from the social media network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, integrated into them. When you visit our pages, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook is thereby informed that you, and your IP address, have visited our website and/or made a purchase. This allows Facebook to associate the visit to our pages and any purchase with your Facebook user account. The information obtained in this way can be used by us to display Facebook Ads and further used for marketing analyses and/or other targeting measures. We would like to point out here that we do not receive any details of the content of the data that is transmitted, or its use by Facebook. Further information about this is available in Facebook's data policy at https://www.facebook.com/about/privacy/. If you do not want to have data collected via Custom Audience, you can deactivate this feature here.

11.2 Twitter

Buttons for the Twitter service are integrated into the pages of our website. The buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognisable by the use of terms such as “Twitter” or “Follow”, accompanied by the “blue bird” icon. These buttons can be used to share a post or page on Twitter, or to follow us on Twitter.

Pressing these buttons results in your browser establishing a direct connection with the Twitter servers. The content of the Twitter buttons is sent directly from Twitter to your browser. We would like to point out here that we do not receive any details of the content of the data that is transmitted, or its use by Twitter.

Further information about this is set out in Twitter's privacy policy at http://twitter.com/privacy.

11.3 Youtube

YouTube, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States is integrated into our web pages (“YouTube”). The link to YouTube’s privacy policy is here: Privacy policy of YouTube

By using this website, you agree to the processing of the data collected about you in the manner described and for the stated purposes.

With regard to revoking consent to the collection and storage of data, we refer you to your rights pursuant to Section 15 below and to the deactivation options listed under the individual services or in general with regard to browser settings in Section 8 above.

Please note that the internet is a global, open network. When you transmit data over the internet, you always do so at your own risk.

Any personal data transmitted by you is protected by means of state-of-the-art encryption mechanisms using the latest security standards (Secure Socket Layer). Despite comprehensive technical and organisational security measures being taken, data may be lost, intercepted by unauthorised persons and/or manipulated. Baloise has implemented appropriate technical and organisational security measures to prevent such occurrences within the Baloise systems. Your computer, however, is beyond the reach of the Baloise IT security measures. It is therefore your responsibility, as the user, to obtain information about the necessary security precautions and to take appropriate measures. Baloise is under no circumstances liable for any damage that may result from loss or manipulation of data.

Secure Socket Layer (SSL) is a protocol for enabling secure data transmission via the internet. Most browsers support this procedure. SSL uses the public key method, in which data encrypted using a publicly accessible key can only be decrypted using a specific private key. Most browsers use a key or padlock symbol at the top of the screen to indicate whether the current connection is secure or not.

If you wish to receive information about your personal data that is processed by us, you can do so by submitting to us your written request for information with an enclosed copy of your identity card or passport.

You may demand that we rectify inaccurate data or complete incomplete data at any time.

You may also demand the deletion of your data, provided we are not required or authorised by applicable law or regulation to retain your data.

You have the right to demand that the processing of your data is restricted under statutory requirements. In this case we shall not process your data further with the exception of storing it and subject to the assertion of legal claims.

In all cases where data processing is based on your consent you have the right to revoke this consent at any time. The revoking of your consent does not affect the legality of the data processing carried out up until the revocation based on your former consent. In our Cookie Preference Center you can amend your cookie settings at any time

In addition, you have the right to complain to the competent data protection supervisory authority.

You have the right to receive your data from Baloise in a structured, commonly used and machine-readable format provided your data is processed using automated procedures and this processing is based on your consent or a contract.

You may inform us of your objection to the processing of your data, which we carry out on the basis of Art. 6 (1) (f) GDPR for legitimate interest.

You can submit your relevant requests to our data protection officer at dataprotection@baloise.lu

This data privacy policy applies to all Baloise websites, services and applications unless they have their own policy. Our websites may contain links to other providers that do not fall under the scope of this data protection declaration.

We reserve the right to amend or supplement these data protection provisions at any time.

If we process your data for any purpose other than that for which your data was collected, we will inform you beforehand in an appropriate manner about this other purpose.