1. What is this data privacy statement about?
Comparis.ch AG, HypoPlus AG, Optimatis AG, advanti AG, Navisano AG, Decisis Services AG and Decisis Holding AG together form the Decisis Group (“Decisis”, hereinafter also referred to as “we” or “us”). We collect and process personal data, in particular personal data about visitors to our website, users of our services, affiliated persons, contracting parties, recipients of newsletters and other bodies or their respective contact persons and employees (hereinafter also referred to as "you"). In this data privacy statement, we inform you about the processing of data by the various Decisis companies. In addition to this data privacy statement, we can inform you separately about the processing of your data (e.g. in the case of forms or contractual conditions).
If you disclose information about other persons (e.g. family members) to us, we assume that you are authorized to do so and that this data is correct and that you have ensured that these persons are informed about this disclosure insofar as a legal obligation to provide information applies (e.g. by previously informing them of this data privacy statement). This data privacy statement is also available in German, French and Italian. If the content of these language versions differs, the German version shall apply in case of doubt.
2. Who is responsible for processing your data?
Each procurement and further processing of personal data has one or more (data protection) responsible bodies. In the case of the activities of Decisis, unless otherwise stated, the company of Decisis is responsible for the website in question or the area of a website in which this data privacy statement is found and is indicated as the operator (e.g. in linked contact information, by attribution or as indicated in the relevant documents). If a different independent body obtains personal data on such a website, we will provide this information. In addition, the company with which you communicate, to which you apply, which you visit, whose social media pages you interact with, whose apps you use or which addresses you is the body responsible for the associated collection of personal data (but not those companies that only act as a service provider for one of the other companies).
For example, comparis.ch AG is the responsible body for insurance comparisons on www.comparis.ch, while Optimatis AG is the responsible body for collecting personal data when requesting offers, even if this partly takes place on the comparis.ch AG website. In this case, the area under the responsibility of Optimatis AG is indicated as such. There, comparis.ch AG is only responsible for the technical operation and is not the body responsible for data protection.
The corresponding legal entities are one or more of the following:
comparis.ch AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
info@comparis.ch
HypoPlus AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
info@hypoplus.ch
Optimatis AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
info@optimatis.ch
advanti AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
info@benecasa.ch
Navisano AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
Decisis Services AG
Birmensdorferstrasse 108
8003 Zurich
Switzerland
Decisis Holding AG
Gubelstrasse 12
6300 Zug
Switzerland
3. For what purposes do we obtain and process which of your data?
If you use
https://www.comparis.ch
https://www.optimatis.ch
https://www.hypoplus.ch
https://www.benecasa.ch
https://www.topmovers.ch
https://www.navisano.ch
or other websites, apps or digital services (e.g. newsletters) from us (hereinafter collectively referred to as "digital services"), utilize our services or products or otherwise deal with us, we collect and process various categories of your personal data. In principle, we can obtain and otherwise process these data in particular for the following purposes, whereby the weighting of the individual purposes depends on your specific relationship with us:
Provision of requested services: When using our digital services, you have the opportunity to benefit from a variety of services (e.g. a comparison offer). In order to be able to provide you with this service, we collect relevant personal data (e.g. in the form of an input mask) and process this data particularly in order to fulfil and process your requests (e.g. forwarding a request to insurance companies, service providers and partner brokers selected by you). For this purpose, we may also collect personal data from third parties (e.g. credit reports).
Communication: In order to communicate with you and with third parties via e-mail, telephone, post or otherwise (e.g. to answer enquiries, as part of a consultation or to initiate or process a contract), we process in particular the content of the communication, your contact details and the peripheral data of the communication. This also includes audio recordings of telephone calls, for example for quality assurance purposes. In the case of an audio or video recording, we will inform you separately, and you are free to inform us if you do not want to be recorded or wish to end the communication. If we need or want to confirm your identity, we will collect additional data (e.g. a copy of an identity document).
Initiation and conclusion of contracts: When concluding a contract with you or your client or employer or mediating a contract between you and one of our partners, we may, in particular, obtain and otherwise process your name, contact details, photos, powers of attorney, declarations of consent, information about third parties (e.g. contact persons, family details), contract contents, date of conclusion, creditworthiness data or any other data that you provide to us (e.g. data that you provide to us through an input mask) or that we collect from third parties (e.g. creditworthiness data, HR extracts, information from your employer, information from publications).
Management and processing of contracts: We obtain and process personal data so that we can comply with our contractual obligations to our customers and other partners (e.g. insurance companies, intermediary service providers, IT providers, project partners) and, in particular, provide and request contractual services. This also includes data processing for customer service as well as the enforcement of contracts (debt collection, legal proceedings, etc.), accounting and public communication. For this purpose, we process data that we have received or collected as part of the initiation, conclusion or execution of a contract as well as, for example, data on contractual services and the provision of services, information on reactions (e.g. information on satisfaction) or financial and payment information.
Relationship management and marketing purposes: We also process your personal data for relationship management and marketing purposes, in particular to send or display personalized advertising (e.g. on our website, by e-mail or other channels) to our users, partners and other interested parties about services and other news from us and third parties (e.g. advertising partners). For this purpose, we process in particular the names, e-mail addresses, telephone numbers and other contact details that we receive in connection with concluding or processing a contract or as part of a registration (e.g. for a newsletter). You can refuse these transmissions at any time or refuse or revoke your consent to be contacted for advertising purposes by notifying us (see contact details in Section 2).
Market research, improvement of our services and operations as well as product development: In order to continuously improve our products and services (including digital services such as our website and our apps), we collect data about your behaviour and preferences, for example by analyzing how you navigate through our digital services, how you interact with our social media profiles or which products are used by which groups of people and in what way.
Operation of our digital services: In order to operate our digital services securely and reliably, we collect technical data, such as IP addresses, information about operating systems, device settings and the region, time and type of use. We also use cookies and similar technologies. For more information, see Section 9.
Registration: In order to use certain services (e.g. myComparis to save comparisons), you must register directly with us. For this purpose, we process the data provided in the respective registration. For further information on data collection in the context of a service, see the descriptions on the provision of requested services in this Section 3.
Security purposes and access controls: We obtain and process personal data in order to ensure the adequate security of our IT and our other infrastructure (e.g. buildings) and to continuously improve it. This includes, for example, the monitoring and examination of electronic access to our IT systems as well as physical access to our premises, analyses and tests of our IT infrastructure, system and error checks and the creation of backup copies.
Risk management and corporate management: We collect and process personal data as part of risk management (e.g. to protect against criminal activities) and corporate management. This includes, among other things, our operational organization (e.g. resource planning) and corporate development (e.g. purchase and sale of business units and companies).
Other purposes: Other purposes include administrative purposes (e.g. accounting).
4. What applies with regard to profiling and automated decision-making?
We evaluate certain personal characteristics automatically ("profiling") on the basis of your data for the purposes specified in Section 3 as well as if we want to determine preference data, carry out statistical evaluations or for operational planning purposes.
In certain situations, for reasons of efficiency and consistency of decision-making processes, it may be necessary for us to automate discretionary decisions that affect you (“Automated Individual Decisions”). If these have legal ramifications or any significant disadvantages, we will inform you and respond to your feedback, as required by law.
5. What is the source of the data?
From you: You (or your device) provide us with most of the data we process (e.g. in connection with our services, the use of our digital services or communication with us).
From third parties: We may also obtain data from sources that are accessible to the public or from authorities, provided that your work or client is in a relationship with us, as well as from other third parties (e.g. partners, credit agencies, address dealers, Internet analysis services). This includes, in particular, the data that we process in the context of initiating, concluding and processing contracts, but also all other data categories in accordance with Section 3.
6. To whom do we disclose your data?
In connection with the purposes listed in Section 3, we may transfer your personal data in particular to the following categories of recipients:
Companies of the Decisis Group: These include the companies mentioned in Section 2, which generally process the personal data provided to them by you under their own responsibility for the purposes mentioned in Section 3.
Service providers: We work with service providers in Switzerland and abroad who process data they have received from us or collected for us (i) on our behalf, (ii) in joint responsibility with us or (iii) under their own responsibility. These service providers include, for example, IT providers, advertising service providers, banks, insurance companies, debt collection companies, credit agencies, address verifiers and consulting companies. Other companies in the Decisis Group may also act as service providers. As a rule, we enter into contracts with these third parties regarding the use and protection of personal data.
Partners: We refer first of all to partners of ours to whom your data is transferred from a contract (for example, because it provides services for you). This category of recipients also includes partners with whom we cooperate or who advertise for us. In principle, the partners process the data under their own responsibility.
Other persons: This refers to other cases in which the involvement of third parties results from the purposes set out in Section 3. This applies, for example, to payment recipients specified by you, third parties in the context of representation (e.g. your lawyer or your bank), authorities or persons involved in official or legal proceedings. As part of the company's development, we may sell or acquire businesses, operating units, assets or companies or enter into partnerships, which may result in the disclosure of data (also from you, e.g. as a customer or service provider or as their representative) to the persons involved in these transactions. In the context of communication with industry organisations, associations and other bodies, there may also be an exchange of data that involves you.
All these categories of recipients can in turn involve third parties, such that your data can also be accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not those of other third parties (e.g. authorities, banks, etc.).
We also enable certain third parties of our digital services to collect personal data from you under their own responsibility (e.g. providers of tools that we have integrated in our website, etc.). We have listed these in Section 9 below.
7. Does your personal data get transferred abroad?
We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but in exceptional cases – for example via subcontractors of our service providers – potentially in every country in the world.
If a recipient is located in a country that does not have an adequate level of data protection, we contractually oblige the recipient to comply with a sufficient level of data protection (for this purpose we use the revised standard contractual clauses of the European Commission, including amendments necessary for Switzerland), insofar as they are not already subject to a legally recognized regulation to ensure data protection and we cannot rely on an exemption provision. An exemption may apply in particular to legal proceedings abroad but also in cases of overriding public interest, if the execution of a contract that is in your interest requires such disclosure, if you have given your consent or if it is not possible to obtain your consent within a reasonable period of time and the disclosure is necessary to protect your life or physical integrity or that of a third party, or if it concerns data that you have placed in the public domain that you have not objected to processing.
8. What are your rights?
You have certain rights in connection with our data processing. Under applicable law, you may, in particular, request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing or request the disclosure of certain personal data in a common electronic format or its transfer to other responsible parties.
If you wish to exercise your rights with us, please do not hesitate to contact us; our contact details can be found in Section 2.
9. How are cookies, similar technologies and social media plug-ins used with our digital services?
When using our digital services, data is generated that is stored in logs (in particular technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize users of our digital services, evaluate their behaviour or recognize preferences. A cookie is a small file that is transmitted between the server and your system and allows the recognition of a specific device or browser.
You can configure your browser to automatically reject, accept or delete cookies. You can also deactivate or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in your browser's help menu.
In general, neither technical data that we collect nor cookies contain any personal data. However, personal data from you that we or third-party providers commissioned by us store (e.g. if you have a user account with us or these providers) may be linked to the technical data or the information stored in cookies or obtained from them and thus possibly to your person.
We also use social media plug-ins, which are small software components that establish a connection between your use of our digital services and a third party. The social media plug-in informs the third party that you have used our digital services and may send the third party cookies that they have previously placed on your web browser. You can find more information on how these third parties use your personal data collected via their social media plug-ins in their respective data privacy statements.
In addition, we use our own tools as well as services of third parties (which may in turn use cookies) in our digital services, in particular to improve the functionality or content of these digital services, to generate statistics or to place advertisements.
At present, depending on the service used, we may use offerings particularly from the following service providers and advertising partners, whereby their contact details and further information on their individual data processing can be found in their respective data privacy statements:
Google Analytics
Provider: Google Ireland Ltd.
Data privacy statementGoogle Ads
Provider: Google Irland Ltd.
Data privacy statementLytics
Provider: Lytics, Inc.
Data privacy statementIterable
Provider: Iterable, Inc.
Data privacy statement
Some of the third parties we use may be located outside Switzerland. Information on data disclosure abroad can be found in Section 7. In terms of data protection law, some of them are "only" order processors of ours and some are responsible bodies. Further information on this can be found in the data privacy statements.
10. How do we process personal data on our pages in social networks?
We operate websites and other online presences on social networks and other platforms operated by third parties and process data about you in this context. We receive data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics). Platform providers may analyze your usage and process this data along with other data that they have about you. They also process this data for their own purposes (e.g. marketing and market research purposes and to manage their platforms) and act under their own responsibility for this purpose. For additional information on data processing by platform operators, please refer to the data privacy statements of the respective platforms.
Depending on the company, we currently use the following platforms in particular, whereby the identity and contact details of the platform operator can be found in the respective data privacy statement:
We are entitled, but not obliged, to review third-party content before or after its publication on our online presences, to delete content without notice and, as needed, to report it to the provider of the platform in question.
Some of the platform operators may be located outside of Switzerland. Information on the disclosure of data abroad can be found in Section 7.
11. What else should I be aware of?
We do not expect the EU General Data Protection Regulation (“GDPR”) to apply in our case. However, should this exceptionally be the case for certain data processing activities, this Section 11 shall apply exclusively for the purposes of the GDPR and the data processing activities subject to it.
We base the processing of your personal data in particular on the cases that
it is necessary for the initiation and conclusion of contracts and their administration and enforcement (Art. 6 para. 1 lit. b GDPR; see Section 3),
it is necessary for the legitimate interests of us or of third parties, in particular for the provision of requested services, communication with you or with third parties in order to operate our digital services, for the improvement of our electronic offering and registration of certain offers and services, for security purposes, for compliance with Swiss law and internal regulations, for our risk management and corporate governance (Art. 6 para. 1 lit. f GDPR; see Section 3) and for other purposes such as administration, verification, quality assurance and other legitimate interests (Section 3),
it is legally required or permitted under the law of the EEA or a member state,
you have separately consented to the processing, for example by means of a corresponding query of our digital services (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR).
We would like to point out that we generally process your data for as long as our processing purposes (cf. Section 3), the statutory retention periods and our legitimate interests, in particular for documentation and verification purposes, require it or storage is technically necessary (e.g. in the case of backups or document-management systems). If there are no legal or contractual obligations or technical reasons to the contrary, we will generally delete or anonymize your data after the end of the storage or processing period within the framework of our usual procedures and in accordance with our retention policy.
If you do not provide certain personal data, this may mean that the provision of the related services or the conclusion of a contract is not possible. We generally indicate which personal data requested by us is mandatory.
The right to object to the processing of your data set out in Section 8 applies particularly to data processing for the purpose of direct marketing.
If you are not in agreement with our handling of your rights or data protection, please let us know (see contact details in Section 2). If you are in the EEA, you also have the right to issue a complaint with your country's data protection supervisory authority. You can find a list of authorities in the EEA here:
Our representative in the EEA pursuant to Article 27 of the GDPR (if necessary) is: activeMind.legal, Rechtsanwaltsgesellschaft m.b.H., Potsdamer Strasse 3, 80802 Munich, Germany, e-mail: comparis@ActiveMind.Legal.
12. Can this data privacy statement be changed?
This data privacy statement is not part of a contract with you. We have the right to amend this data privacy statement at any time. The version published on this website is the most recent version.