This policy reflects the practices and standards we apply to processing personal data. This version has been amended to comply with the most recent Swiss statutory requirements, which entered into force on 1 September 2023. It applies wherever we act as the controller of personal data of natural persons (individuals), such as customers, employees, partners or visitors to our websites.
Who we are
This website is owned and operated by TSM Insurance Company, a cooperative company under Swiss law, with its registered office in La Chaux-de-Fonds (Canton of Neuchâtel), Switzerland.
Our mission is to provide specialised insurance solutions for our customers across our specialty risk products.
We strive to build relationships based on respect and personal contact, and these attributes underpin our ability to deliver a truly tailored service. We promote transparency in dealings with our customers, while ensuring the confidentiality required with regard to third parties.
Risk management is our business. We have a customer-focused mindset and strive to align our products with their evolving needs. This ethos is brought to bear in our commitment to deliver flexible and effective outcomes. We seek to achieve mutual trust in the customer-insurer relationship, an agile approach to problem solving, and professionalism and rigour in dealings with all our stakeholders.
If TSM processes your personal data, you are legally entitled to exercise the following rights at any time and generally free of charge. We will respond in accordance with legal requirements, which may mean that we are unable to comply with specific requests in certain cases. You are entitled to:
- obtain information on TSM's processing of your personal data;
- request that we correct any inaccurate personal data;
- request that your personal data be destroyed or that its processing be restricted if it is not essential for the performance of the contract, does not result from a legal obligation, or is not justified by TSM's legitimate interest;
- object to any further processing of your personal data, with immediate effect;
- request that your personal data be sent to you in a commonly used electronic format or that it be transferred and/or handed over to another data controller.
You may exercise your rights or send us any queries you may have about this policy by emailing us at firstname.lastname@example.org or by post to our registered office, TSM Insurance Company, Rue Jaquet-Droz 43b, 2301 La Chaux-de-Fonds.
If you think that our processing of your personal data is in breach of the law, you can contact the competent supervisory authority at the Federal Data Protection and Information Commissioner (FDPIC).
What personal data we process and why
The personal data we process depends on the type of relationship we have with you. Personal data means any information relating to an identified or identifiable individual.
The lawful basis and primary purpose for processing your data is the establishment and/or performance of the insurance contract. We also process data if we are entitled to do so by virtue of other lawful bases, because we have legal obligation to do so, because we have your consent or the consent of a person acting on your authority, and/or because it is justified on the basis of TSM's legitimate overriding interests (in particular for the described purposes and related objectives and to be able to implement measures accordingly).
If you are a customer, an insured person or a business partner, or if you express an interest in our services
We may process data related to our business relationship, including your first and last name, gender, date of birth, civil status, language, nationality, email addresses, telephone numbers, powers of attorney, signing authorities and any information you consent to us using. We process this data in order to provide you with the service you require and to communicate with you. The lawful basis for this processing is the contract between us or any steps involved in its conclusion.
We may also process personal data we collect in connection with managing a claim. In addition to the above business relationship data, we may collect sensitive data related to health or life events, as well as financial information or information concerning the family of persons involved in the insurance case. Claims data is processed for the purpose of providing the agreed service and maintaining a record of transactions. In general, the lawful basis for processing your data is the performance of the contract between us and your express consent to the processing of your personal data when it is required for the purposes of performing that contract. In some cases, the lawful basis may be to safeguard the vital interests of the data subject. We are also entitled to archive this data in order to document and prove our contractual relationship.
If you visit our websites or view any other information available online
We may process your usage data including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths and pattern of use. The source of the usage data is via our tracking systems provided by Google-analytics and MailChimp. This usage data is processed for the purposes of analysing the use of our websites and services. The lawful basis for this processing is our legitimate interest in securing and improving the content of our websites.
If you are a job applicant, an employee, or a former employee
If you apply for a job, we process the personal data you provide to us in relation to your work experience, educational background or professional qualifications, contact details, nationality, civil status and any other information contained in your CV, covering letter and attachments. The lawful basis for this processing is the consent that you implicitly give us by applying for a job, or that you have given to a service provider that we use for recruitment purposes.
If you are a TSM employee, we process the above personal data, as well as information relating to your remuneration, social insurance, identity documents, extracts from the register of debt proceedings and the Swiss Criminal Records, photographs, bank details, self-evaluations, professional development plan, disciplinary measures, correspondence, user accounts and system logs, and private and professional telephone numbers.
Processing is based either on the performance of the contract between us or on our legitimate interest as an employer. If your employment contract ends, we will process the information necessary for the performance of your contract until it ends. Your personal file is then cleared and archived in accordance with legal requirements in force and, in particular, in order to document our contractual relationship.
How we share your data
We may share your personal data with our network of service providers to the extent necessary for the performance of the contract between us in accordance with the lawful bases and objectives mentioned in this policy.
We may also transfer information about you to insurance intermediaries (agents and brokers) for the purpose of obtaining or maintaining insurance cover, managing risks, and fulfilling our legal obligations.
If necessary, we will ask for your express consent.
How long we keep your data
We will only keep the personal data we process as long as required for the purposes for which it was collected. If we have a contract with you, we will apply the statutory retention periods applicable to that type of contract and required for its performance and documentation. We may keep some data or records for longer periods in order to comply with applicable law, or for financial or other purposes, particularly research, planning or statistical purposes.
How we protect your data
We take appropriate security measures to protect your personal data against theft, unauthorised use, disclosure or accidental destruction. We have also implemented measures to guarantee the confidentiality of your data, in terms both of our processes and technical processing systems.
Profiling and automated individual decision-making
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
"High risk profiling" means profiling that poses a high risk to the data subject's personality or fundamental rights, by matching data that allow an assessment to be made of essential aspects of the personality of an individual.
TSM does not engage in profiling under any circumstances, whether it be profiling as defined above or high-risk profiling.
An "automated individual decision" is a decision based solely on automated personal data processing which has a legal consequence for or a considerable adverse effect on the data subject.
We do not generally take automated individual decisions. However, should we do so, we will specifically inform you that this is the case. Where appropriate, we will, on request, give the data subject the opportunity to express their point of view. The data subject may also request that the automated individual decision be reviewed by a person (human intervention). However, these processes do not apply to automated individual decisions that are directly connected with the conclusion or performance of a contract between the data controller and the data subject, and if the data subject's request is granted. Furthermore, they do not apply when the data subject has explicitly consented to the decision being automated.