Version dated July 1, 2018
As a company active in Switzerland, Kessler is subject to Swiss data protection provisions.
1. Responsible party / data protection officer
The party responsible for processing data is Kessler & Co Inc., Forchstrasse 95, 8032 Zurich, registered office: Zurich. Should you have data privacy concerns, please contact us at the following address: Kessler & Co Inc., c/o Carole Fritz, Forchstrasse 95, 8032 Zurich; email@example.com.
2. Collection and processing of personal data
We primarily process personal data that we receive within the scope of our business relationships with our customers and other business partners, either directly from these parties or from other involved individuals, or which we collect by operating our website, our online customer portal KesslerOnline and/or the corresponding app (see separate factsheet and GTC), our online business partner portal “Network Partner Interface” and further applications of their users.
If permitted, we also obtain certain data from publicly accessible sources (such as debt collection registers, land registers, commercial registers, the press, the Internet) or from other companies within Kessler, from public authorities and from other third parties. In addition to the data you provide to us directly, the categories of personal data that we obtain about you from third parties in particular comprise data from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, credit reports, information about you which is provided to us by persons associated with you (family, advisors, legal representatives, suppliers, etc.) so that we may conclude or process contracts with your involvement or with you (such as references, your mailing address for correspondence, powers of attorney), information about compliance with legal requirements, information from banks, insurance companies or other contractual partners of ours for the utilization or provision of services by you (such as completed payments, information about you from the media and Internet, as far as this is indicated in the specific case, such as within the context of a job application, marketing, etc.), your residential or business addresses and, if applicable, interests and other sociodemographic data for the purpose of building new business relationships.
3. Purposes of data processing and legal bases
We mainly use the personal data we collect in order to execute contracts with our customers and business partners, for example, within the scope of risk, insurance and occupational pension advice and related activities with current or future business partners and in order to fulfill our statutory duties in Switzerland and abroad. If you work for one of these customers or business partners, your personal data may, of course, also be affected as a result of your function.
Moreover, we process personal data belonging to you and other individuals to the extent that this is permitted and appears appropriate to us, including for the following purposes in which we (and sometimes third parties) have a legitimate interest that corresponds with the purpose of data collection:
- The provision and further development of our risk, insurance and occupational pension advice and related activities;
- communication with third parties and the processing of their inquiries (such as applications, media inquiries);
- the review and optimization of requirements analysis processes for the purpose of contacting customers directly and the collection of personal data from publicly accessible sources for the purpose of acquiring customers;
- advertising and marketing (including the staging of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you may object to this at any time and we shall place you on a blocked list to prevent further advertising mailings);
- market and opinion research, media monitoring;
- asserting legal claims and defense in connection with legal disputes and regulatory proceedings;
- the prevention and resolution of criminal acts and other misconduct (such as the conducting of internal investigations, data analyses to fight fraud);
- warranties by our company, in particular by IT, our website and the online services offered through it and by other platforms;
- video monitoring to protect property rights and other measures for IT, building and equipment security and the protection of our employees and other individuals and the assets belonging or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone recordings);
- the purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the related transfer of personal data as well as measures for business management and compliance with legal and regulatory obligations and the internal requirements of Kessler.
If you have given us permission to process your personal data for specific reasons, we shall process your personal data within the scope of and based on this consent, provided we have no other legal basis and would require one. Once issued, consent may be withdrawn at any time, which, however, has no impact on data that has already been processed.
4. Cookies/tracking and social plug-ins in connection with the use of our website, KesslerOnline or the Network Partner Interface online platform: no personal data is transmitted.
We use Google Analytics services on our website (Google Analytics, Google LLC in the US, www.google.com) to measure and analyze traffic on our website (by means of data that is not traceable to any individual). We do not provide Google Analytics with any personal data. At best, we are able to determine the country or canton/region from which a user is visiting the Kessler website. No conclusions may be drawn about any identifiable natural person.
The IP addresses that are usually transmitted in connection with cookies for KesslerOnline and the cookies that are transmitted for the Network Partner Interface online portal are fully deleted, meaning that no personal data is transmitted. As a result, we are only able to determine if, how long and when an anonymous website user visits KesslerOnline and the Network Partner Interface. No conclusions may be drawn about any identifiable natural person. It is also no longer possible to identify the region in which the website user is located.
5. Forwarding of data and data transfer abroad
Within the scope of our business activities and the purposes listed in section 3, provided it is permitted and we deem it to be appropriate, we also share data with third parties, either because they process this data for us or because they wish to use the data for their own purposes.
In particular, this includes the following entities:
- Our internal and external service providers (such as insurance companies, pension schemes, banks, consulting firms, law firms), including providers that process orders (such as IT providers);
- network partners such as Marsh and Mercer, suppliers, sub-contractors and other business partners;
- customers and their legal representatives or contact persons;
- domestic and foreign authorities, agencies or courts;
- the public, including the visitors of websites and social media;
- competitors, industry groups, associations, organizations and other bodies;
- buyers or potential buyers of business divisions, companies or other parts of Kessler;
- other parties in potential or actual legal proceedings;
(hereinafter referred to jointly as the Recipients).
These Recipients are in some cases domestic, but may also be located abroad. In particular, they must expect their data to be transferred to our subsidiary Kessler & Co Inc. in Liechtenstein and our network partner Marsh or other brokers abroad. If we transfer data to a country without suitable statutory data protection, we shall, as provided for by the law, ensure an appropriate level of data security through the use of the corresponding contracts (in particular on the basis of the standard contractual clauses of the European Commission), or we shall rely on the statutory exceptions for consent, the processing of contracts, the identification, exercise or assertion of legal claims, overriding public interest and the disclosed personal data, because it is necessary to protect the integrity of the affected individuals or the affected individual has made the data generally accessible and has not expressly prohibited the data from being processed. You may obtain a copy of the aforementioned contractual guarantees at any time from the contact person stipulated in section 1. However, for reasons of data protection law or confidentiality, we reserve the right to redact or only provide excerpts of copies.
For the purpose of completeness, we would like to note that as a broker licensed in Switzerland, we exclusively serve Swiss customers. In order to fulfill our contractual duties, in exceptional cases the personal data of natural persons domiciled in Switzerland may be transmitted to the US in connection with the fostering of business relationships of our globally active customers. Moreover, please note that under US legislation, US authorities may undertake surveillance activities which allow for the general storage of all data transmitted from Switzerland to the US. This takes place without differentiation, restriction or exception on the basis of the stated aim and without objective criteria that would enable US authorities to limit access to personal data and their subsequent use to specific, strictly limited purposes which justify access to these data.
Furthermore, we would like to point out that there are no legal remedies in the US for affected individuals from Switzerland which would enable them to access, correct or delete the data related to them and that there is no effective legal protection against the general access rights of the US authorities. We are expressly notifying you of the law and facts in this situation so that you can make an informed decision about consenting to the use of your data.
6. Retention period for personal data
We process and store your personal data as long as is required to meet our contractual and legal duties or the intended purposes of the data processing, which means for the duration of the business relationship (from the initiation, processing and through to the termination of a policy) and beyond in accordance with statutory retention and documentation duties. In the process, it is possible that personal data is stored for the period in which claims can be asserted against our company and in the event that we are otherwise legally obligated to do so or legitimate business interests require it (such as for evidence and documentation purposes).
7. Data security
We implement suitable technical and organizational security measures to protect your personal data from unauthorized access and misuse, for example, physical and digital access controls and restrictions, the encryption of data carriers and transfers, guidelines for handling personal and business data, guidelines for using mobile devices, data protection and compliance training and the ongoing monitoring of these measures.
8. Duty to provide personal data
Within the scope of our business relationship, you must provide the personal data necessary to initiate and execute a business relationship and to fulfill the corresponding contractual duties (in general, you are not subject to a statutory duty to provide us with data). Generally speaking, we will not be able to conclude or process a policy with you (or an office or individual who represents you) without this data.
Kessler does not conduct profiling.
10. Rights of the affected individual
Under applicable data protection law and to the extent provided therein, you have the right of information, correction and deletion, the right to limit data processing and the right to object to our data processing and to the disclosure of certain personal data. However, please note that we reserve the right to assert the restrictions provided for by law, for example, if we are required to store or process certain data, have an overriding interest in doing so or require the data to assert claims. We shall notify you in advance should costs arise for you. Please note that the exercise of these rights may conflict with contractual agreements and this may result in early termination of the policy or costs. We shall notify you in advance whenever this has not been regulated in a contract.
The exercise of such rights usually requires that you provide clear proof of your identity (such as a copy of your ID, if your identity is otherwise not clear or cannot be verified). You may contact us at the address stated under section 1 in order to assert your rights.
Every affected individual also has the right to assert their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).