Change date: August 2023
Atlanto Data Protection Policy
Atlanto Data Protection Policy
Privacy and personality rights are of particular importance to Atlanto. This also applies to the handling of personal data. The following provides detailed information on the collection and further processing of personal data.
“Processing” of personal data means all handling of data, e.g. the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data. The term “personal data” refers to data that relates to a specific or identifiable person, i.e. inferences may be drawn as regards their identity on the basis of the data itself or in combination with certain additional data. In the following, the term “personal data” is used synonymously with “data”. “Sensitive personal data” is a category of personal data for which data protection law provides for stricter requirements. Sensitive personal data includes, for example, health data, data revealing racial and ethnic origin, information on religious or ideological convictions, biometric data for identification purposes or information on trade union membership.
Atlanto as the data controller
Atlanto AG, Dufourstrasse 40, 9001 St. Gallen (hereinafter ‘Atlanto’), is the author of this Data Protection Policy and as data controller processes personal data when interested parties, customers or other persons (collectively the “Data Subjects”) apply for and/or acquire services or products and use Atlanto’s services under this Data Protection Policy.
Legal basis for the processing of personal data
This information on data protection is designed to comply with the requirements of the Swiss Federal Act on Data Protection (“FADP”).
Atlanto may process your personal data in accordance with the applicable data protection law.
Data processing entails all handling of personal data regardless of the tools and procedures used, particularly the procurement, saving, storage, use, modification (incl. pseudonymization and anonymization), disclosure, archiving, deletion/erasure or destruction of data.
The processing must not unlawfully infringe the personality rights of data subjects, and any processing may be based on the following legal basis under data protection law:
Existence of a contract with Atlanto
Legitimate interests of Atlanto
Law
Consent
Purposes of processing personal data
The processing of your personal data is essential for Atlanto’s business purposes or the provision of services and the fulfilment of contracts.
Atlanto processes data in particular for the following purposes (list is continuously completed):
- Customer acquisition
- Manage use and desired access to our applications, products and information
- Compliance with legal and regulatory requirements and internal rules
- Combating misconduct, abuse, misdemeanours and crimes
- Conduct of legal proceedings or cooperation
- Cooperation with authorities
- Establishment, administration and processing of contractual relationship
- Marketing purposes and in order to provide pertinent advice, support and relationship management
- Market research, to improve services, operations, products, to track behaviour, activities, preferences and needs, including analysis and evaluation of the use of the Atlanto services
- Product and company development
- Customer management, customer profiling and contact management including outside of contract processing
- Risk management and as part of prudent corporate governance, including operational organization and corporate development
- Prevention and protection against insurance fraud
- Providing protection for data, secrets, assets, persons, systems and buildings (e.g. video surveillance)
- Security purposes and system access control
- Other purposes
Categories of personal data
The personal data processed by Atlanto includes data that has been provided by or collected about data subjects or is publicly accessible. Data categories include:
- Communication data
- Contract data
- Special categories of data (e.g. health data, religion etc.)
- Banking, financial and asset-related data
- Claims data
- Registration data
- Technical data
- Data regarding behaviour and preferences
- Security, warranty and compliance dataData from contracts
- Data from reference requests
- Data concerning beneficial owners
- Copies of official documents
- Other data
This also includes any data derived from the above.
Profiling and automated individual decision-making
Profiling refers to any kind of automated processing of personal data to analyse specific personal aspects, such as economic situation, health, interests, reliability, behaviour, or relocation.
Atlanto uses profiling to analyse certain personal aspects (interests and preferences) of data subjects to allow Atlanto to provide individualized adverts or offers, but also to identify risks of improper use and security risks. The use of data analysis processes enables Atlanto to compile additional statistical information.
If a fully-automated individual decision is made which leads to a negative legal consequence or significantly affects the data subject, Atlanto will notify the data subject accord-ingly and they have the option of contacting Atlanto to request that the decisions in question are reviewed by a human being. Any fully-automated decisions are, however, always based on rules for weighing the information as laid down by Atlanto in advance. For further details, please refer to Atlanto’s “Information on data protection” in the section “Special information on data protection”.
Business partners and services
The following processes are particularly relevant when using Atlanto’s services as they are part of the business relationship with business partners which may comprise groups of persons such as instructing parties, cooperation partners, contractors, service providers, suppliers, or their representatives:
- When using the Atlanto cloud software (with login)
Access to the protected area of the website is free of charge, although charges may be incurred if you use the Atlanto software located there. When logging into this area, all data entered or submitted during the login process and while using the software is stored. This is particularly the case when you sign in, place orders, fill in online forms, take part in surveys or competitions, correspond with us online or off-line, or contact us via social media, blogs or other interactive media. In such cases we collect your personal master data (name, address, e-mail address) and the required settings for the service in question.
- When using Atlanto cloud software functionalities (with log-in)
When using Atlanto cloud software functionalities, information (‘content data’) is processed outside the scope of application of this Data Protection Policy. For contract processing of such content data associated with use of the Atlanto cloud software, the Contract ProcessingAgreement applies. The user indemnifies Atlanto against any potential claims of third-parties againstAtlanto in connection with contract processing of content data. The user is aware that they bear the sole responsibility for contract processing of contact data by Atlanto. During use of Atlanto cloud software functionalities, data and content data that is needed to use the functionalities is exchangedwith the provider of the functionality. Further processing of data or content data by the provider of thefunctionality is governed by the particular provider’s provisions. For further information on this, please refer to the “List of recipients and countries“.
- When using the Atlanto App (with login)
When using the Atlanto App and its associated functionalities, personal master data is collected for profile creation, and processed and stored in the Atlanto App and in the Atlanto Cloud Software. In addition, so-called access and activity logs are created. Processing is carried out within the scope of fulfillment of purposes listed in this Data Protection Policy. Furthermore, when using the Atlanto App and functionalities provided therein, additional information provided by you in the App (hereinafter “content data”) will be processed outside the scope of this Data Protection Policy. For contract processing of such content data associated with the use of the Atlanto App, the Contract Processing Agreement or further terms and conditions provided by any third-party providers accordingly applies. In connection with commissioned processing of content data, the user shall indemnify Atlanto against any possible claims of third-parties against Atlanto. The user is aware that he/she is solely responsible for the commissioned processing of content data by Atlanto. When using functionalities of the Atlanto App, data, and content data necessary for the operation of such functionalities will be exchanged with its provider. In this case, the functionality’s provider’s identity becomes immediately apparent through its use. For further processing and handling of content data by the provider, respective provisions of the provider apply.
Atlanto processes the above-mentioned personal data for the pruposes mentioned under “Purposes of processing personal data”.
For further information on this, please refer to the “List of recipients and countries“.
Exchange of personal data with third parties
In order to optimize the discharge of business processes and the conclusion of contracts, or the processing of contracts and the provision of services, Atlanto or any parties engaged by Atlanto may collect relevant personal data from third parties if this is necessary.
In addition to obtaining the relevant information, the processing of the conclusion of the contract or the provision of services may require the transmission of personal data to third parties involved in the contract (such as service providers, authorities, etc.). Atlanto is therefore not subject to a duty of confidentiality pursuant to the FADP when disclosing data. Moreover, Atlanto places third parties under an obligation to handle the data appropriately according to their sensitivity and other circumstances. The data may be passed on to recipients in Switzerland and abroad if the circumstances of the data processing so require. For further details, please refer Atlanto’s “List of recipients and countries“.
Disclosure of personal data to countries outside of Switzerland
Your personal data will only be passed on to data processors outside of Switzerland if they are subject to adequate data protection laws. If data is transmitted to a country without adequate data protection, the Lender ensures adequate protection by means of EU standard contractual clauses, of sufficient contractual guarantees or relies on the exception of consent, contract performance or the establishment, exercise and enforcement of legal rights.
The schedule “List of recipients and countries” contains further information regarding recipients of personal data and lists countries to which Atlanto transmits data.
Storage period
Atlanto processes personal data for as long as this is necessary for the fulfilment of the processing purposes, the statutory retention periods, legitimate interests – such as for purposes of documentation or by way of evidence – or as long as claims can be asserted against Atlanto companies or the data must be stored for technical reasons, as is the case, for example, with backup copies.
If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage period has expired as part of our usual procedures whenever possible.
Data provision
Customers shall provide all the data required for the performance of the contract. If they fail to meet that obligation, it will not be possible for the contract to be concluded or performed.
Data security
With regard to the processing of personal data, Atlanto takes adequate technical and organizational measures to prevent unauthorized access and otherwise unauthorized processing. These are based on the international standards in this area and are checked regularly and adjusted when necessary.
Rights of the data subject
The applicable data protection law as amended from time to time grants certain rights to Data Subjects provided certain conditions are met, e.g. the right to request information about the personal data that Atlanto processes about a data subject, to object to the processing under certain circumstances or to lodge a complaint with an authority.
Right of access
The right to request information as to whether and which data Atlanto processes and to receive a copy of this personal data.
Right to rectification
The right to have inaccurate data rectified.
Right to erasure
The right to request the erasure of personal data if Atlanto is no longer obliged or entitled to retain such personal data under the applicable laws and regulations.
Right to restriction of processing
The right to object to the processing of personal data at any time with effect for the future, unless the data processing is absolutely necessary for the performance of the contract and/or Atlanto is obliged or entitled to process the data under the applicable laws and regulations.
The right to object to data processing and revoke consent
The right to object to the processing of personal data, in particular insofar as processing is based on legitimate interests or where data is processed for purposes of direct marketing, and the right to revoke consent insofar as data processing is based on consent.
Right to data portability
The right to request that Atlanto transfer certain personal data.
Rights in the case of automated individual decision-making
The right of the data subject to express their point of view in the case of exclusively automated decisions and to request that the decision be reviewed by a human being.
Contact details of supervisory authority
- Please click here for contact details of the Swiss supervisory authority.
Data Subjects also have these rights vis-à-vis other independent data controllers that cooperate with Helvetia – Data Subjects are requested to contact them directly if they wish to exercise rights in connection with data processing carried out by such data controllers. For details regarding Helvetia’s main cooperation partners and services providers, please refer to the “List of recipients and countries“.
Data Subjects should note that, in accordance with the applicable data protection law, conditions, exceptions and restrictions apply to these rights. In particular, Atlanto may need to process and store personal data in order to fulfil a contract, to protect its own legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other Data Subjects and to safeguard legitimate interests, Helvetia may also reject a data subject request in whole or in part (e.g. by redacting certain content relating to third parties or business secrets). Helvetia will notify Data Subjects separately in such cases.
Contact detail for data protection concerns
If data subjects have questions about data protection and the rights of data subjects, they can contact Atlanto using the subject line “data protection”. This will direct them to Atlanto’s data protection advisor or company data protection officer.
Atlanto Ltd
Dufourstrasse 40
9001 St. Gallen Switzerland
Tel.: +41 58 280 59 80
Send an e-mail
Data processing in connection with Atlanto’s online services and other offers
Atlanto processes data in connection with services as well as other offers primarily for the purpose of processing requests when Atlanto has been contacted. In addition, data is also processed for the purpose of improvement and optimization, operation, and security as well as the preservation of evidence in connection with the websites, the services and online services and the other offers. Moreover, data is also used to make individual offers, for purposes of marketing, market research and for statistical evaluations, such as customer surveys following the use of the online services. In all other cases, express reference is made to other purposes when the data is being collected.
Websites
“Atlanto as the data controller” is responsible for the websites and online services as well as other the offers that are clearly recognisable as belonging to Atlanto and where nothing else is stated. In other cases, specific information on data protection (e.g. for mobile apps of companies affiliated with Atlanto that are not explicitly listed as controllers on this website) may take precedence over the general information on data protection below and may define other controllers.
Atlanto’s websites and online services may contain links to the websites and online services of other providers (e.g. in the form of social plugins) to which this information on data protection does not apply. The respective data protection notices of the other providers apply.
Data Subjects can visit Atlanto’s websites anonymously; metadata such as the browser, type of terminal device, duration of interaction, type of interaction, the Atlanto website visited or the IP address are collected. This metadata may be combined with other data from Atlanto (e.g. regarding newsletter subscribers or distribution lists). Service providers and other third parties in Switzerland or abroad that are contractually bound to Atlanto are used to process the data received. For further information on this, please refer to the “List of recipients and countries” and the “Cookie settings”. Individual “Cookie settings” and the desired browser configurations can also be made there.
Personal data will be processed if it is provided when using online services (e.g. via a contact form, a request for an offer, a premium calculator, taking out a policy online, a claims notification, live chats, a competition, etc.).
Data exchanged over the Internet is often transmitted via third countries. Website content can be transmitted via servers around the world in order to optimize the performance and security of the websites. Data may therefore be transferred abroad even if the sender and recipient are located in the same country.
Data transmitted to Atlanto via the Atlanto websites are transferred in an encrypted format. However, Atlanto will not be held liable for any damage suffered due to loss or manipulation of data. Visitors to the websites must ensure that their own system is secured at all times by an appropriate means of protection (e.g. virus protection) and that their own systems and browsers are up to date.
Contractually bound service providers and other third parties in Switzerland or abroad are used in the operation of the “Communication, online services and other offers”. For further information on this, please refer to the “List of recipients and countries“.
Cookies and tracking/analysis tools
Web server technologies, or Cookies, help make your visit to our websites easier, more pleasant and more meaningful. Cookies are information files stored automatically by your web browser on your computer’s hard drive when you visit our website and use our services. The purpose of cookies is in particular to analyse the use of this website for statistical evaluation as well as for continuous improvements. Web server technology provides information about your online presence and serves to optimise our service. It is possible that it is provided by a third party. The following technologies are used for the purposes mentioned:
Own cookies:
- We use a cookie for the user’s currently selected language
- We use a cookie for the user’s access token.
Third-party cookies:
- LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland You can prevent interestbased recommendations and an analysis of your previous usage by LinkedIn under https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Facebook Pixel, a user action tracking function supplied by Facebook Inc., 1601 S.California Ave, Palo Alto, CA 94304, USA. You can choose to opt out of the remarketing function for good by deactivating the “custom audiences” remarketing function in the ad preferences section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
- Google Analytics Remarketing together with the cross-device functions of Google AdWords and Google DoubleClick which are supplied by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you do not want your website activity to be available to Google Analytics, you can install the browser addon to disable Google Analytics https://support.google.com/analytics/answer/181881?hl=en. You can stop cross-device remarketing permanently by deactivating personalized advertising in your Google account under https://www.google.com/settings/ads/onweb/. It is possible that anonymised information may be transmitted to servers in the USA and stored there. If complete IP addresses are transferred to such a server and shortened in exceptional cases, standard contractual clauses and additional measures ensure a sufficient level of data protection. They may also be transferred to third parties by the technology providers if required by law or processed on behalf of providers. According to providers, IP addresses are never associated with other data. You can manage your security settings independently in the browser or follow the links provided and thereby block or deactivate cookies used by us, in which case certain Atlanto services may no longer be used (in full).
Tracking and analysis tools / social media: Various technical systems are employed, mainly by third-party providers, to measure and analyse use of our digital offerings. The measurement data can be either anonymous or personal. In this context, it is possible that the collected data is passed on, either by us or by the third-party providers of the technical systems, to other third parties for processing
Communication via e-mail
Atlanto would like to remind data subjects that the Internet is an open, global network that is accessible to everyone. Communication via e-mail is not usually encrypted and only takes place during regular office hours. It is possible that data can be lost or intercepted and/or manipulated by third parties, for example, to make it appear authentic. Atlanto takes appropriate technical and organizational security measures to prevent this from happening within the Atlanto system. Nevertheless, the confidentiality of data transmitted by e-mail cannot be guaranteed. This applies, in particular, with regard to the transmission of particularly sensitive personal data (such as health data). E-mails can be delayed, deleted, misrouted or shortened during transmission due to transmission errors, technical defects or other malfunctions. External access devices (end users’ PC, smartphone, etc.) and parts of the infrastructure used for transmission between the sender and Atlanto are located outside of the security area under the control of Atlanto. It is the responsibility of each Internet user to find out about the necessary security precautions and to take appropriate measures (e.g. up-to-date anti-virus software, etc.). Atlanto is not liable for any damage or consequences arising from the electronic exchange of information, particularly from the misuse of the e-mail system, which it did not cause itself. Atlanto reserves the right to seek redress from the data subject for any intentional damage it suffers as a result of business transactions with the data subject via the electronic exchange of information. Atlanto reserves the right in individual cases not to reply by e-mail or to additionally require a different form (e.g. a form with a signature) for the order or information received by e-mail.
Newsletter
Newsletters are used to provide interested parties and customers with up-to-date information about Atlanto’s products and services and, where applicable, its cooperation partners. Atlanto assumes that there is an interest in receiving the promotional content. In addition, newsletters provide information about current developments and other useful information. When registering for newsletters from Atlanto, the pseudonymized IP address of the receiving end device, as well as the date and time of registration are collected in addition to the personal data entered in the dialog box. When the newsletter is sent, anonymized link tracking is performed for statistical purposes. This data is not passed on to third-parties for any other purposes in connection with sending the newsletter, except in the event that competitions are entered and in the event that subscribers are explicitly notified. Subscribers can unsubscribe from the newsletters at any time via specially provided links in the newsletters.
Linked websites
On a Marketplace and as part of offered functionalities and payment options, the website and the App contain connections and hyperlinks to third-party websites and services that are not or only partially operated or controlled by Atlanto. Atlanto is not responsible for data transfer over such connections, subsequent data processing, the content of the websites, or the general data protection practices of the third-party provider.
Amendments
Atlanto reserves the right to modify this information on data protection at any time without prior notice. The published version or the version valid for the respective period, as amended from time to time, shall apply. In the event that one of the following conditions is or becomes null and void, this will not affect the validity of the agreement as a whole.