PRIVACY STATEMENT

General information

Based on Art. 13 BV and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG) and other provisions of data protection law that may be applicable, in particular the EU General Data Protection Regulation (GDPR), every person is entitled to protection of their privacy and protection against misuse of their personal data. The operators of the website The Toa 21st Century Reinsurance Company Ltd “www.toare.ch” (the “Website“) take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we endeavor to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can generally be visited without registration. Data such as pages called up or the name of the file called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Personal data, in particular name, address or e-mail address, is collected on a voluntary basis as far as possible. No data will be passed on to third parties without your consent.

 

Who we are

The Toa 21st Century Reinsurance Company Ltd, Kreuzplatz 16, CH-8008 Zurich ZH, is responsible for your personal data. References in this Privacy Policy (the “Policy”) to “Toa Re”, “we” or “us” are references to The Toa 21st Century Reinsurance Company Ltd..

We act exclusively as Reinsurer and offers reinsurance capacity to insurers and brokers mainly of the European, Middle-East and African markets. For some specialty line of business this capacity is allocated on a world-wide basis.

If you have any questions about data protection, you can contact us as follows:

privacy@toare.ch

Personal data that we process

Personal data that we process about you includes:

• Your name and contact details (for example, name, address, telephone number or email address), information about the company you work for, your position or title and/or your relationship with an individual and other basic information);
• Identification and background information that you provide to us or that is collected from you as part of our onboarding process;
• Information that is provided to us by or on behalf of our users or that we create as part of our services to users
• Information relating to documents and communications that we send to you electronically, such as your use of promotional emails.
• Any other information relating to you that you provide to us.

We collect and record this information when you interact with us, for example when you communicate with our staff to receive information by email or use the website and our services. We also collect or create personal data as part of our offering on the website and when we obtain personal data from other sources, for example by consulting publicly available sources to update your details.

 

How we process your personal data

We process your personal data:

• to communicate with you;
• to provide and improve our services to you, including personal data from third parties that is disclosed to us or that we collect on behalf of our clients, for example data relating to our administrative and marketing processes/work;
• to manage our business relationship with you
• to maintain, provide and improve our website, including monitoring and evaluating its use
• to comply with our legal, regulatory and risk management obligations, including the assertion, enforcement and defense of legal claims.

We process personal data for these purposes on the following basis: if it is necessary for us to perform a contract, such as contacting a person to offer services, to assert, enforce or defend legal claims or (in) legal proceedings; to comply with legal and regulatory obligations, to protect legitimate interests, including the interests mentioned and listed above; and/or based on consent.

 

Use of our website, communication

When you access and use our website, we automatically collect and store log data and device-specific information for a limited period of time. This information includes, among other things, specific information about how you use our website, the IP address, access data and times, hardware and software information as well as device-specific and other similar information. We process this data on this basis and to the extent necessary for us to operate, maintain and improve our website.

 

Use of cookies

This website uses cookies. These are small text files that make it possible to store specific user-related information on the user’s device while they are using the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyze the behavior of page use, but also to make our offer more customer-friendly. Cookies remain stored at the end of a browser session and can be called up again when you visit the site again. If you do not wish this to happen, you should set your Internet browser to refuse to accept cookies.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this website.

 

Use of SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Use of server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version;
• operating system used;
• referrer;
• Host name of the accessing computer;
• time of the server request.

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

 

Tracking and analytic tools

Google Maps

We use Google Maps, a GPS service from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Maps helps us to display locations. As a result, data is transmitted to Google. The following data is collected:

• Latitude and longitude coordinates.
• Start address for route planner function

This information is transferred to Google servers in the USA and stored there. The IP address is shortened by activating IP anonymization (“anonymizeIP”) on our website before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area, as well as in Switzerland. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, we ensure that Google complies with an adequate level of data protection by means of contractual guarantees, in particular by agreeing the EU standard contractual clauses and additional measures.

Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de

Social media plugins

We have integrated social media plugins from various social networks on our website. These social media plugins can be, for example, the “Like button” or other functionalities, e.g. the sharing of website content in social networks. You can recognize the social media plugins by the logos of the relevant social networks.

To ensure data protection on our website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plugins integrated on our website from transferring data to the respective provider the first time you visit the website.

A direct connection to the provider’s server is only established when you activate the respective plugin by clicking on the corresponding button (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to our website to your user account. If you want to prevent this, you should log out before clicking on the plugin. An assignment is made in any case if you log in to the relevant network after clicking on the plugin.

Activating the plugin constitutes consent to data processing. You can revoke this consent at any time with effect for the future.

We have integrated plugins from the following social networks into the website:

• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv

Who we share your personal data with

We may disclose your personal data to trusted third parties, including to:

• providers to whom we have outsourced certain support services;
• IT service providers;
• third parties who are also involved in the provision of our services, such as payment service providers or credit card issuers.

We may disclose personal data to courts, law enforcement agencies, regulatory and government authorities and law enforcement agencies for the purposes set out in this policy and where necessary. We may also be required to disclose your personal data to comply with legal and regulatory requirements.

 

Countries to which we transfer your personal data

We may transfer your personal data to recipients abroad, including to countries that do not guarantee an equivalent level of data protection to Swiss law (in particular the USA). We will normally make such a transfer if this is necessary for the performance of a contract with the data subject(s), for the performance of a contract with a data subject or for the performance of a contract concluded in their interest, as well as for the assertion, enforcement or defense of legal claims.

If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or so-called Binding Corporate Rules or rely on the legal exceptions of consent, contract performance, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects. You can obtain a copy of the aforementioned contractual guarantees from us at any time. However, we reserve the right to redact copies for reasons of data protection or confidentiality or to provide only excerpts.

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that there are surveillance measures in place in the USA by US authorities that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion that makes it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies available in the USA for data subjects from Switzerland or the EU that would allow them to obtain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out to users residing in Switzerland or a member state of the EU that the USA does not have an adequate level of data protection from the perspective of the European Union and Switzerland – partly due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners through contractual arrangements with these companies and any additional appropriate guarantees that may be required.

 

Use of contract processors

The controllers may arrange for the data to be passed on to one or more processors who also use the personal data exclusively for internal use attributable to the controllers. The following processors process personal data in third countries of the controller (partly outside Switzerland and outside the European Union):

 

How we store your personal data

We store your personal data for as long as it is necessary for the purpose for which it was collected and for as long as we have a legitimate interest in storing personal data, for example to implement or defend legal claims or for archiving purposes and IT security. We also store your personal data if and for as long as this is required in accordance with a statutory retention obligation.

 

Your rights

You are entitled to request detailed information about what personal data we have about you and how we process it, as well as to request a copy of your personal data and the disclosure of certain personal data for the purpose of transferring it to another location (so-called data portability). You can also have your data corrected or deleted, restrict our processing activities regarding this information and object to the processing of your personal data. You can also decide to withdraw your consent. Please note that even if you have decided to withdraw your consent, we may continue to process your personal data to the extent required or permitted by law. You may also lodge a complaint with a local supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner.

 

Amendments

We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the data protection declaration is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.

 

Questions about data protection

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization listed at the beginning of the privacy policy (who we are) directly.

Status: Mai 2024