Privacy Notice

    Personal data that is provided to us by you will be gathered, collected, processed and used in compliance with applicable data protection legislation. The following Privacy Notice of PERILS CRESTA AG (hereafter β€œCRESTA”, β€œwe”, β€œus” or β€œour”) describes for our clients, prospects, and users of our website (hereafter collectively β€œusers” or β€œyou”) how we collect and process personal data in connection with the use of our website or our services.
    CRESTA takes your privacy seriously and treats your personal data in accordance with the applicable data protection legislation. We understand that by using our services you may be entrusting us with personal information (β€œpersonal data”) and assure you that we take our duty seriously to protect this data thoroughly.

    1. Data Controller

    CRESTA is the data controller with respect to the processing activities described in this Privacy Notice. Should you have any questions regarding the processing of your personal data, you may reach out to us at:

    PERILS CRESTA AG
    Marktgasse 3/5
    8001 ZΓΌrich
    Switzerland
    dataprotection@perils.org

    2. Collection of Personal Data

    Personal data means all data relating to an identified or identifiable person. This can be information that directly identifies you or information that can be used to identify you when combined with other data.

    Use of Website

    If you only use the website for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. We collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security:

    • The fact that you have accessed this Site;
    • The name of your Internet Service Provider;
    • The IP address of the computer or other instrument (this could be a mobile telephone) requesting access;
    • The site from where you came to this Site;
    • The name and URL of the accessed file (URL means Uniform Resource Locator);
    • The pages of this Site that you visit;
    • Your browser in use when you visited the Site;
    • The transfer protocol used;
    • The date, time and duration of your access.

    The above data will be used by CRESTA for statistical purposes only. A user profile may be created, using a pseudonym. Cookies can be used for this purpose.

    Active transfer of data:

    When we ask you to input information about yourself, the data is transferred to us in encrypted form over the Internet using 128-bit SSL encryption (Secure Socket Layers) or higher, an internationally recognized security standard. SSL means the protocols used for establishing authenticated and encrypted links between networked computers.

    If you communicate with us using a contact form, we will collect the following data:

    • Your email address;
    • Your name;
    • The message that you send to us.

    Business Relationship:

    When entering a business relationship with you, we collect personal data to the extent permitted by the applicable data protection legislation, such as:

    • Personal details such as your name, identification number, date of birth, compliance related documents (including a copy of your national identity card or passport), phone number, address and domicile, email address;
    • Financial information, including payment and transaction records;
    • Where relevant, professional information about you, such as your job title and work experience;
    • Interactions with you and the services you use;
    • Identifiers we assign to you, such as your client, business relation, contract, partner, or account number, including identifiers for accounting purposes.

    3. Purposes of Processing Personal Data

    In accordance with applicable data protection legislation, CRESTA may process Personal Data namely for, but not limited to, the following purposes:

    • Performance of services, preparation, execution and performance of offers, contracts and transactions;
    • Maintenance and development of client and other business relations;
    • Preparation of events, promotions, advertisement and marketing;
    • Development, operation, management, and maintenance of our websites and other digital offerings;
    • Development, operation, management and maintenance of our infrastructure, such as IT infrastructure and other systems;
    • Compliance with legal and regulatory requirements and internal rules of CRESTA.

    Our website also enables users to quickly get in touch with us via email. If you contact CRESTA by email, the personal data you provide will be stored automatically. Such personal data transmitted on a voluntary basis will be stored for the purpose of processing your request or contacting you. This personal data is not passed on to third parties.

    4. Legal Bases

    Depending on the purpose of the processing, the use of your personal data is premised on the following legal bases:

    • Necessity for performance of a contract;
    • For compliance with legal obligations;
    • Based on a legitimate business interest; or
    • Based on your consent.

    5. Disclosure of Personal Data to Third Parties

    We may disclose your personal data for the purposes set out above within the framework of the applicable data protection legislation to the following categories of third parties (hereinafter "recipients") who process your personal data on our behalf for the purposes set out above or for their own purposes:

    • Service providers, e.g., IT companies that have access to IT systems, providers of external storage space or outsourcing partners;
    • Business partners and consultants of CRESTA;
    • Companies of the PERILS AG group;
    • Industry organizations, associations, organizations and other bodies;
    • Other third parties (lawyers, accountants, auditors);
    • Local and national authorities, offices, courts, banks and pension funds;
    • Parties in potential or actual legal proceedings.

    The recipients are obliged to fully comply with confidentiality and applicable data protection legislation at all times and to implement the appropriate technical and organizational measures to secure the personal data and to protect it against unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access.

    6. Transfers of Personal Data

    The personal data we collect about you is generally stored and processed by us within Switzerland, the European Union (EU) or the European Economic Area (EEA). Should it be necessary to transfer your personal data to a country outside of this area, we can only do so if this is necessary for the data processing described in this privacy notice and is in accordance with the applicable data protection legislation.

    Where we transfer your personal data outside Switzerland, the EU or EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in Switzerland. This can be done in a number of ways, for instance:

    • the country that we send the data to might be approved by the Federal Council offering a sufficient level of protection;
    • the recipient signed up to a contract based on the β€œStandard Contractual Clauses” approved by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and adjusted to the Swiss data protection regulation.

    In other circumstances the law may permit us to otherwise transfer your personal data outside Switzerland, the EU or EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

    Questions regarding such data transfers and about which guarantees apply in individual cases can be directed at the contact details mentioned above.

    7. Retention of Personal Data

    We will only retain personal data for as long as necessary to fulfil the purpose for which it was collected. How long we hold your personal data for will vary. The retention period will be determined by the following criteria:

    • the purpose for which we are using your personal data – we will need to keep the data for as long as is necessary for that purpose;
    • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data; and
    • legitimate business interests – these may justify the further retention of personal data, if higher ranking business interests are present (e.g., for use in legal proceedings).

    8. Further Functions and Offers on our Website

    In addition to the purely informational use of our website, we offer various services that you can use. To do this, additional personal data will need to be provided, which we use to provide the respective service and for which the aforementioned data processing principles apply.

    In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are assessed regularly.

    If our service providers or partners are based in a country outside of Switzerland, we will inform you of the consequences of this fact in the description of the offer.

    9. Use of Cookies

    In addition to the aforementioned data, we use cookies, which are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and more effective overall.

    You can configure your browser settings according to your wishes and e.g., reject third-party cookies or all cookies. So-called "Third Party Cookies" are cookies, that have been set by a third party, therefore not by the actual website you are currently visiting. We would like to point out that by deactivating cookies you may not be able to use all functions of this website.

    For more information, please refer to our Cookie Policy

    10. Your Rights

    If and insofar as this is provided for under applicable data protection law, you have the following privacy rights:

    • You have the right to ask CRESTA for copies of your personal information we have (Right of access). You can make a subject access request to find out what personal information we hold about you; how we are using it; who we are sharing it with; and where we got your data from.
    • You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete (Right to rectification).
    • You have the right to ask us to erase your personal information in certain circumstances (Right to erasure).
    • You have the right to ask us to restrict the processing of your information in certain circumstances (Right to restriction of processing).
    • You have the right to object to processing if we at CRESTA are able to process your information because the process forms are in our legitimate interests (Right to object the processing).
    • If applicable, you have the right to ask that we transfer the information you gave us from CRESTA to another organization or give it to you (Right to data portability). The right only applies if we are processing information based on your consent or in talks about entering into a contract and the processing is automated.
    • Should CRESTA make an automated individual decision which may have a legal effect for you, you may have the right to speak with a representative of CRESTA and to request a reconsideration of that decision.
    • You may also raise a complaint with the competent data protection authority, which for CRESTA in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch).

    11. Data Security

    CRESTA has taken technical and organizational measures to ensure the security of your personal data and to protect it from unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access. These measures are based on international standards and are regularly reviewed and adjusted if necessary.

    12. Amendment of our Privacy Notice

    We reserve the right to adapt, supplement or otherwise change this privacy notice at any time and without giving reasons. The up-to-date privacy policy is available on our website.

    Status: July 8 2024

    This website uses cookies, with the aim of ensuring that you have the best possible online experience. In using our website, you are giving your consent to the terms and conditions of our Privacy policy

    Your web browser is out of date

    Update your browser for more security, speed and the best experience.

    Update my browser Continue