Privacy Policy

Introduction
Silenccio AG attaches a great deal of importance to responsibly handling your personal data. In this privacy policy, we describe how and why we process personal data.

‘Personal data processing’ is hereinafter understood to mean the likes of the collection, storage, retention, use, modification, disclosure, archiving, erasure or destruction of personal data.

‘Personal data’ hereinafter refers to all information relating to an identified or identifiable person (e.g. first and last name, date of birth, email address).

If you disclose personal data that belongs to other people to us, please inform them of our privacy policy or hand it over to them. Only share personal data that belongs to third parties if you are authorised to do so and if the information is correct.

This privacy policy does not contain an exhaustive description of our data processing activities. If we process your data in ways other than those specified in this privacy policy, we will inform you separately of how your data is protected. In addition, the statutory exceptions and restrictions to the obligation to provide information on data processing activities (Article 20 of the FADP) apply.

Where the generic masculine form is used to improve legibility, it will refer to people who identify as male, female and non-binary in equal measure.

Purpose of the privacy policy, responsibility for data processing, the data protection officer’s contact details
In this privacy policy, we explain how we collect and process personal data on our website www.silenccio.axa.ch and on our platform https://silenccioapp.axa.ch, what purpose we collect and process personal data for, who has access to your personal data, how long we process your data for, what rights you are entitled to in this regard, and how you can contact us.

Data processing on this website is carried out by Silenccio AG, Weinbergstrasse 111, 8006 Zurich.

You can contact our controller by post or directly by email (datenschutz@silenccio.ch).

The contract is concluded with AXA Versicherungen AG, General Guisan-Strasse 40, 8400 Winterthur, and the benefits arising from the insurance contract are provided by Silenccio AG, Weinbergstrasse 111, 8006 Zurich, in cooperation with AXA Versicherungen AG, General Guisan-Strasse 40, 8400 Winterthur, and AXA-ARAG Rechtsschutz AG, Affolternstrasse 42, 8050 Zurich.

Legal bases
When processing your personal data, Silenccio AG complies with all of the applicable data protection regulations, in particular the revised Swiss Federal Act on Data Protection (FADP), the implementing ordinance (FADP-O) and, if applicable, other data protection laws applicable on a case-by-case basis (e.g. the European Union’s General Data Protection Regulation (GDPR)).

Amending the privacy policy
We may amend our privacy policy at any time, in particular when changes are made to the law or jurisdiction or where necessary for business reasons. The current version published on our website is the valid version. Please check this page regularly to ensure that you are aware of any changes.

Confidentiality
We undertake to treat all information entrusted to us in the course of our professional activities as confidential. This confidentiality extends to all personal data, business information and other confidential content that our customers or partners send to us. We use all personal data, business information and other confidential content that our customers or partners send to us exclusively for the agreed purposes and only disclose the same to third parties in accordance with this privacy policy. Our employees are obligated to maintain this confidentiality and have received relevant training.

Data collection
Personal data is primarily collected directly from you (e.g. by means of online forms).
If you provide us with other people’s personal data, please ensure that these people are aware of our privacy policy. Only provide us with correct data and ensure that you are authorised to disclose the data to us. The exceptions pursuant to Article 20 of the FADP remain reserved.

Insofar as doing so is permitted, we receive data from partners / group companies such as AXA Versicherungen AG and AXA-ARAG Rechtsschutz AG. This includes the following data in particular: the policy number, the policyholder’s first name and surname, the email address, the policyholder’s or the insured person’s telephone number.

Purpose of data processing
We process personal data that you disclose to us or that we lawfully receive from companies, partners or other third parties for the purposes and underlying objectives listed below or agreed with them.

We process your data in the course of the agreed prevention and intervention services. For example, we use the data you send us, such as your email address or telephone number, to provide our prevention services and to contact you directly by telephone or electronically by email to provide our intervention consulting services and the supplementary documents you send us to process the problem you have reported.
Data processing is permitted based on the contract as part of AXA’s Cyber Insurance Plus.

Your online application with regard to the conclusion of the contract is submitted to AXA Versicherungen AG in accordance with the privacy policy available at: https://www.axa.ch/en/information/data-protection.html.

Your personal data will also be processed in the context of customer surveys, in particular for sending emails with the link to the survey. The purpose of the customer surveys is to enable us to further develop our services. They are completely anonymous, so no conclusions can be drawn about you as a person. If you nevertheless voluntarily provide information about yourself or your case in a text box, we will anonymise or pseudonymise your data in the course of the evaluation process. Your consent to data processing is obtained in the survey form. This consent includes data processing by Silenccio AG and AXA Versicherungen AG. Data processing by AXA Versicherungen AG is carried out in accordance with its privacy policy (https://www.axa.ch/en/information/data-protection.html).

Silenccio AG can be contacted directly for individual enquiries by means of the www.silenccio.axa.ch / https://silenccioapp.axa.ch website using the contact form, email address or telephone number. Personal contact details are requested. These are required for feedback and processing enquiries. We therefore have a legitimate interest in storing the data to process the enquiries.

When you apply for a vacancy with us, we process your data for the purpose of carrying out the application process. Your application data will only be shared with individuals who are involved in the application process. The data will generally be deleted six months after completion of the application process. If your application is followed by the conclusion of an employment contract, we will continue to store your data and use it for the purposes of the employment relationship.

We also process your data as part of our internal processes, for administrative matters, for training and for quality assurance purposes. Data processing is permitted based on our overriding legitimate interest, which consists of sensible management and development of the company.

Disclosing the data
We do not sell your data to third parties. Your data will only be disclosed to contract data processors (e.g. suppliers, IT service providers and other service providers) and third parties to the extent necessary or requested by you, in particular if doing so is necessary for the conclusion or processing of the contract, to fulfil legal obligations or for other purposes specified in this privacy policy.

In addition to statutory data protection, these recipients are also contractually obligated wherever possible to use the data exclusively for the intended purposes and to maintain confidentiality.

If the contract data processors themselves call in third parties, we may permit this on a case-by-case basis, provided that it is contractually ensured that the latter also only process the data to the same extent and that the provisions set out in data protection legislation are complied with.

In connection with business activities, personal data may be disclosed in Switzerland, member states of the EEA and, under certain circumstances, worldwide. Personal data may be disclosed abroad if the Federal Council has determined that the legislation of the country in question or the international body guarantees adequate protection (Article 16 (1) of the FADP). The exceptions under Article 16 (2) of the FADP and Article 17 of the FADP remain reserved.

Insofar as doing so is legally permissible and appropriate and one of the above-mentioned purposes of data processing justifies doing so, we disclose data to the third parties listed below so that they can process it for us for service provision purposes.

Such data particularly includes your first name, your surname, your username (‘handle’) on social networks and your email address.

AXA (Switzerland): Exchanging contract data for allocating claims and transferring personal data for the provision of insurance benefits. Please read AXA’s privacy policy at: https://www.axa.ch/en/information/data-protection.html

BREVO (France and the USA): For automatically sending emails. This involves sending links for using our application. Please read BREVO’s privacy policy at: https://www.brevo.com/en/gdpr/

EyeonID (Sweden): You enter your credit card and telephone numbers directly into EyeonID. We only store a reference number so that notifications from EyeonID can be assigned to our customers. Please read EyeonID’s privacy policy: https://a.storyblok.com/f/97758/x/8e3b24b229/eyeonid-privacy-policy_web_2021-11-19.pdf

HaveIbeenpwned (Australia): Exchanging personal data (first name, surname, email address, telephone number) exclusively for service provision purposes, in particular for checking for data leaks. Please read HaveIbeenpwned’s privacy policy at: https://haveibeenpwned.com/Privacy

Meta / Facebook (Ireland, the USA, Sweden, Denmark): Exchanging personal data (first name and surname, name by which you are generally known if applicable) exclusively for service provision purposes. Please read Meta’s / Facebook’s privacy policy at: https://www.facebook.com/privacy/explanation

Microsoft (the USA): Exchanging personal data exclusively for service provision purposes. Please read Microsoft’s privacy policy at: https://privacy.microsoft.com/en-us/privacystatement

Salesforce (the USA): Exchanging personal data for efficient company management purposes. Please read Salesforce’s privacy policy at: https://www.salesforce.com/uk/company/privacy/

Sendgrid / Twilio (the USA, the United Kingdom): For automatically sending emails. This involves sending links for using our application. Please read Sendgrid’s / Twilio’s privacy policy at: https://sendgrid.com/en-us/resource/general-data-protection-regulation-2

X / Twitter (the USA, Ireland): Exchanging personal data (surname, first name, username / ‘handle’) exclusively for service provision purposes. Please read X’s (Twitter’s) privacy policy at: https://twitter.com/en/privacy

The legal basis for exchanging data with the above-mentioned service providers is your consent in the insurance contract.

Storage period
We store your personal data for as long as we are legally obligated to do so (e.g. retention periods) or for as long as we have a legitimate interest in storing your data to provide our services and/or operate our websites.

Your rights with respect to your personal data
Right of access:
You have the right to request information from us as to whether we process your personal data and, if so, which aspects of your personal data we process, for what purpose, where we obtained your personal data from, which recipients we disclose your personal data to and how long we store it for (see Article 25 of the FADP).

Right to rectification:
You have the right to have us correct incorrect data or complete incomplete data (Article 32 of the FADP). If we have stored incorrect or incomplete personal data about you, we will be happy to correct or complete it based on your notification. If the accuracy or inaccuracy of the personal data is unclear, you can request that a confirmation note be attached. Article 32 (1) (a) and (b) of the FADP remain reserved.

Right to erasure:
In accordance with Article 17 of the GDPR, you have the right to request the erasure or anonymisation of data that is not absolutely necessary for the performance of the contract or that is not processed based on legal bases (e.g. retention requirements) or an overriding legitimate interest on the part of Silenccio AG. If erasure proves to be technically impossible or involves disproportionate effort, we may reject your erasure request.

Right to restriction of processing:
In accordance with Article 18 of the GDPR, you have the right to restrict processing (e.g. if you dispute the accuracy of the data or assert that your data is being processed unlawfully).

Right to objection:
You have the right to object (as per Article 30 (2) (b) of the FADP, Article 21 of the GDPR) with immediate effect for the future to any processing of your personal data that is not absolutely necessary for the performance of the contract, does not have to be carried out on a legal basis or is carried out when an overriding or legitimate interest on the part of Silenccio AG does not exist.

Right to data release and portability:
Under the conditions set out in Article 28 of the FADP, you have the right to request that we provide you with the personal data you have disclosed to us in a commonly used electronic format or that we transfer your personal data to another controller. This is always done free of charge.

Please note that there are legal exceptions to the rights listed (Article 25 et seq. of the FADP). To the extent permitted by law, we may refuse your request to exercise these rights.

To assert your rights, please send your request to the following address, enclosing a copy of your identity card or passport (unless your identity is otherwise clear or you can be identified):

Contact for data protection matters:
Silenccio AG
Weinbergstrasse 111
8006 Zurich
Switzerland
Email: datenschutz@silenccio.com

You further have the right to lodge a complaint with the competent supervisory authority. The supervisory authority is the Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, Switzerland.

The competent supervisory authority in the Principality of Liechtenstein is: Data Protection Authority of the Principality of Liechtenstein, Städtle 38, P.O. Box 684, 9490 Vaduz, Principality of Liechtenstein.

External hosting
The Silenccio AG website and web application are hosted in the Google Cloud. The servers are located in Switzerland, the European Union and the USA. Personal data collected on this website is stored on Google Cloud servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data.

Please read Google’s privacy policy at: https://cloud.google.com/privacy/gdpr?hl=en.

SSL and TLS encryption
For security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the website operator, both the website and the web application use SSL and TLS encryption. You can recognise an encrypted connection when the address bar in your browser changes from ‘http://’ to ‘https://’ and a padlock symbol appears in your browser bar. When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Server and application log file
When you access and use our website and web application, our web servers collect certain technical data about your visit, which is recorded in logs. This information includes the likes of:

• The browser type and browser version
• The operating system used
• The referrer URL
• The host name of the accessing computer
• The time of the server request
• The IP address

Technical data alone does not normally allow any conclusions to be drawn about your identity. Although we know your provider and therefore the region you are accessing the site from based on your IP address, we are generally unable to work out your identity – provided that you have never logged in with a user account. However, if you identify yourself on our website with your name or an email address, we collect the technical data on a personal basis.
We use this data for technical troubleshooting purposes to prevent and investigate attacks on our systems.
We reserve the right to subsequently check the log data if there is legitimate suspicion of unlawful use based on concrete evidence.
Data processing is based on our legitimate interest in providing you with a secure user experience.

Analytics tools and tools from third-party providers
When you visit the website www.silenccio.axa.ch and our platform https://silenccioapp.axa.ch, your surfing behaviour may undergo statistical analysis.
This is carried out mainly using cookies and ‘analytics programs’. Your surfing behaviour is generally analysed anonymously: the surfing behaviour cannot be traced back to you. You can object to this analysis in the cookie settings or prevent it by not using certain tools.

General information on Google’s and Facebook’s services
In connection with our website, we use services provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) and Facebook / Meta (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin D02 X525, Ireland).
We have no influence over the scope and further use of the data by Google / Facebook and accept no responsibility or liability for the same. So please read Google’s privacy policy at https://policies.google.com/privacy and Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

If you have a Google or Facebook account or have registered for a service from these companies, they will, for example, match your clicks on paid adverts in a Google search with other data. Google / Facebook may also link the data to your account and your web and app browser history across devices.
Google / Facebook may transfer the data it collects to countries outside of Switzerland and the EEA, in particular to the USA. If you have a Google / Facebook account, you can adjust the corresponding data protection settings in your account.

Cookies
The website and the web application sometimes use what are known as ‘cookies’. A cookie is a small file that is automatically stored on your device or computer by your web browser when you visit our website. Cookies do not damage your computer in any way and do not contain any viruses. They provide information about website or app usage.

As a user, you initially have the option of blocking or deleting cookies in your browser. As a second step, you will be asked for your consent to set cookies in the browser. Without cookies, you may only be able to use the website to a limited extent.

The visitor data collected by the cookies is pseudonymised and stored separately from other personal data. The data can only be assigned to a person if they have clearly identified themselves for use of the website (e.g. by logging in). In this case, the information can be used for targeted advertising purposes.

The stored cookies can also be processed by our cooperation and advertising partners. However, they only receive data based on an identification number (what is known as the ‘cookie ID’). Personal data is not transmitted.
You can determine how cookies are used yourself by making appropriate settings in your browser. Depending on the settings you make, your use of certain websites may be restricted.

Essential cookies
These cookies serve to optimise how the website works, help to make use secure and cannot be disabled in our systems. They are necessary for navigation on the website and for using certain functions (e.g. email contact form). This saves certain actions you have carried out. These cookies also make it easier for you to use our website and ensure that you can make optimum use of different areas. These cookies are generally only set in response to actions you take where you request a service (e.g. when setting your privacy preferences, filling out the contact form or calculating a premium). Only first-party cookies are used.

Performance cookies
We use these cookies to count visits and recognise access sources. They help us to analyse and improve our website’s performance. We see on an anonymised basis how visitors move around our website and which content attracts how much interest. This enables us to further optimise our online presence and to provide you with a user experience that is tailored to your needs. This information is collected anonymously. We cannot draw any direct conclusions about you as a person. We use first-party cookies and Google Analytics.

Google Analytics
Google Analytics uses cookies that enable analysis of your use of our website and our online services. The information generated by the cookie is generally transferred to and stored on a Google server in the USA.
IP anonymisation is enabled on our website so that Google truncates the IP address of users located within Switzerland or the EEA beforehand.
Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information for the purpose of evaluating users’ use of this website, compiling reports on website activities and providing the website operator with other services relating to website and internet use. We only receive anonymous analyses from Google. The IP address transferred by your browser in the context of Google Analytics is not merged with any other data held by Google.

Please read Google’s privacy policy at: https://policies.google.com/privacy.

The legal basis is your consent in the cookie banner.

Functional cookies
These cookies enable enhanced functionality and personalisation, such as the playback of videos stored on the websites. This allows us to customise our website to the personal preferences of each and every user. The cookies may be set by us or by third-party providers whose services we use on our site. We save your entries and your selection of the pages viewed (e.g. viewing an agency page by means of the agency / consultant search). We may also use cookies, for example, to save your login credentials for forms or logging in so that you do not have to re-enter your login credentials each time you visit our website. If you do not allow these cookies, some or all of these functions may not work properly.
We use performance cookies from Github.com and YouTube.

YouTube
Both the website and the web application have videos from YouTube integrated in them. The operator of YouTube is Google Ireland Limited (hereinafter referred to as ‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our web pages featuring an integrated YouTube video, a connection to YouTube’s servers is established. During this process, the YouTube server is made aware of which of our pages you have visited. Furthermore, YouTube can store cookies on your terminal device. These cookies enable YouTube to obtain information about visitors to this website. To name but a few examples, this information is used to collect video statistics, improve user friendliness and prevent attempted fraud. The cookies remain on your terminal device until you delete them. If you are logged into your YouTube account, you are enabling YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this from happening by logging out of your YouTube account.

Please read YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en.

Cookie Settings

Integrating third-party services
Websites and services provided by other providers that are linked to from our website or web application are designed and provided by third parties. We have no influence over the content and function of these third-party services. Please note that the linked third-party services may install their own cookies or collect personal data. We have no influence over this.