Korean Reinsurance Switzerland AG (KRSA) Privacy Notice
This Privacy Notice is designed to provide information about processing of personal data by Korean Reinsurance Switzerland AG ("KRSA") and, furthermore, to provide information about data protection rights. Personal data means any information relating to an identified or identifiable natural person ("data subject").
Korean Reinsurance Switzerland AG
Tel.: +41 43 336 2060
Fax: +41 43 336 2061
For all questions and concerns regarding personal data, please contact the data protection officer of KRSA: email@example.com
Purpose and legal basis for the processing of personal data
KRSA process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act and all other applicable national laws.
When KRSA, as a Reinsurer, enters into a Reinsurance Agreement or Treaty with a cedant (insurance and reinsurance companies) to provide reinsurance coverage, KRSA processes anonymized personal data to comply with the obligations under the reinsurance contract. The legal basis is therefore the fulfilment of the reinsurance contract.
KRSA receives and processes personal data of its employees and of job applicants. In case of employees, KRSA processes personal data in order to fulfil the obligations under the employment contract. In case of job applicants, the data subject has given consent of his or her data such that the processing of personal data is lawful in accordance with article 6 of GDPR.
Furthermore, KRSA processes personal data in an anonymized form in order to produce insurance-specific statistics necessary for setting new tariffs or meet regulatory requirements. Such statistical processing activities are based on our legitimate interest in compliance with article 6 of GDPR.
Categories of personal data
KRSA receives from their cedants (insurance and reinsurance companies) anonymized personal data. Data provided by job applicants to KRSA may include common personal data such as name, address, date of birth, nationality and occupation. In addition, the social security number and some financial information such as IBAN and bank information will be processed for employees of KRSA.
Categories of recipients of personal data
KRSA`s parent company Korean Reinsurance Company (Seoul, Korea) receives data from KRSA.
Data transmission to a third country outside EEA
KRSA`s parent company Korean Reinsurance Company (Seoul, Korea) receives employee data. Standard contractual clauses for the transfer of these personal data from KRSA to Korean Reinsurance Company (Seoul, Korea) are in place.
Data storage period
KRSA stores all personal data only for as long as required or permitted by law and regulations. Personal data shall be saved for the period in which legal claims can be asserted against KRSA. Record-retention requirements result from the legal provisions.
Data privacy rights of the data subjects
Within the framework of the GDPR the data subjects have in particular the following rights:
Right of access by the data subject (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Automated individual decision-making, including profiling (Art. 22)
If data subjects wish to exercise one of these rights or have further information about them, they can contact KRSA using the contact details above. In addition, data subjects have the right to lodge a complaint with a public supervisory authority in the European Union.