Last revision of this policy: October 2023
When you use our website, we collect certain data. This document describes when and why we collect data, how we use them, with whom we share them, the processing we do on them, and the measures we take to ensure their safety. Please read this policy carefully to find out what your rights are and what means are available to you to exercise them.
1. What personal data we collect
When using the website assicuro.ch your email is collected and stored in our servers to enable authentication with the website (login). We also collect your email address to maintain a yearly neswletter, if you decide to register to it.
When you use the comparison functionality, we collect for statistical purposes the search options that you insert in the search engine, limited to:
- The year of birth
- The postcode
- The franchise
- The accident coverage option
- The insurance models
Importantly, we do not store this information in connection to your email address, so we have no technical means to associate this anonymous information with you.
When you use the PDF letter generation functionality of this website, the data inserted in the forms never leave your browser. The name, surname, birthdate, address, phone number, and data of your insurer remains always within the memory of your browser, and we have no capability to collect such data by design.
2. The different types of cookies we use
- Site Usage: to help us recognize your browser as that of a previous visitor and to record the preferences you determined during your previous visit to the Site. For example, we may record your login information so that you do not have to log in each time you visit the Site.
3. How do we process your information?
We use your email address to enable the login functionality of the website. Your email is never shared with third parties.
We may use the anonymous data collected through our website for statistical purposes, or to provide other services or improvements to our website.
Your personal data may only be used with your express consent, which must be collected in advance. Insofar as we process your personal data based on your consent, you have the right to withdraw your consent at any time. However, the withdrawal of your consent does not compromise the lawfulness of the processing operation before your consent is withdrawn.
4. Who has access to your information
Our technical staff might access the database (which contains your email address) to improve our services, user experience, security, or performance of the website.
5. How we secure your information
When you provide us with personal data about yourself, we take steps to ensure its security. All the information you send us is encrypted in transit, meaning that when it is collected from one endpoint to another, the data remains confidential; and it is encrypted at rest, meaning that we store your data on an encrypted storage. Our website is designed to comply with the best production, physical security, and storage security practices. We strive to keep all our systems as up to date as possible with the latest security patches. The accounts you create with us are all protected by the security of your email address that is your responsibility. Despite all the measures taken to guarantee the security of your information, we draw your attention to the fact that there is no such thing as zero risk. We do our best to protect your information, but we cannot guarantee 100% flawless security.
6. The security of your data with our partners
We use Render to run the website and store its data. You can read more about the security and privacy of Render here: https://trust.render.com/
6. Transfer of your data
Our servers are in Germany, in Europe. No data is ever transferred outside Europe.
7. Your rights
The general data protection regulations grant you rights over your personal or health data. Your rights are applicable subject to local data protection laws. These rights may include:
- The right of access: access to your personal data that we hold.
- The right of rectification: The rectification of inaccurate personal data and, considering the purpose of the processing of personal data, to ensure that they are complete.
- The right to erase (the right to forget): the erasure/deletion of your personal data, to the extent that applicable data protection laws allow it.
- The right to limit processing: the limitation of our processing of your personal data, to the extent permitted by law (right to limit processing).
- The transfer of your personal data to another controller, if possible.
- The right to object: the objection to any processing of your personal data based on our legitimate interests. When we process your personal data for commercial prospecting purposes or share them with third parties for their own commercial prospecting purposes, you have the right to object to this processing at any time without having to invoke any reason.
- Automated decision: The right for the data subject not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects. No automated decisions are currently being implemented on our websites, services, or products; and
- The right to withdraw your consent: to the extent that we base the collection, processing and sharing of your personal data on your consent, you may withdraw your consent at any time, without compromising the lawfulness of the processing based on the consent given before the withdrawal. MindMaze will act on withdrawals of consent as soon as we can and will not penalise individuals who wish to withdraw consent. However, the withdrawal of your consent may have as a consequence that MindMaze or the relevant subsidiary of the MindMaze group will not be in a position to provide you with its services.
- The right to be duly informed of the purpose of collection and whether it will be shared with a third party.
8. How to exercise your rights?
To exercise your rights, please contact us using the email email@example.com. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you to satisfy your request. However, the deadline ma within one month of receiving your request. If your request concerns one of our third-party product suppliers, we recommend that you submit this request directly to that supplier. You can file a complaint with the competent supervisory authority, the Federal Data Protection and Information Commissioner https://www.edoeb.admin.ch/edoeb/en/home.html
10. Contact us
For any questions, do not hesitate to contact us at firstname.lastname@example.org!