Privacy Notice
We take the privacy and security of personal data of participants of our insurance training programs very seriously. This Privacy Notice explains how we process your personal data when you sign up for membership in our digital Campus, and when you register for and attend a training program. The information applies in accordance with the applicable data protection law.
- Who is the data controller?
The Swiss Re Management Limited, Soodring 6, 8134 Adliswil, Switzerland
Email: SRI_Campus@swissre.com
If you have any questions, concerns or requests regarding this Privacy Notice or your personal data, including how it is processed, please contact us under the aforementioned address by adding Data Protection Officer to the address or via email: data_protection@swissre.com.
- What personal data do we collect about you?
We collect personal data about you when you interact with us, such as when you visit our website, register for an account, use our services, or contact us for support. "Personal data" refers to data relating to an identified or identifiable person. This includes in particular:
- Contact data and biographical information such as first name, last name, business email address and postal address, telephone number, language, and organization.
- Registration data when you create an account on our website or app such as username, user ID and password.
- Training program participation data such as training topic and level, registration, attendance, completion, and certifications.
- Payment data such as open and paid fees for training programs.
- Technical data such as IP address information about the operating system of your terminal device, the date, region and time of use and the type of browser that you use to access our online offerings, protocols («logs») created in our systems.
We normally collect your personal data directly from you. If you register for Campus membership as an employee of Swiss Re or as user of an onboarded partner, we may receive your contact and registration data directly form the Swiss Re user management system.
You are not required to provide us with any data. However, if you choose not to provide us with data, it could mean that we are unable to enter into or maintain a contractual relationship, interact with you, or provide you with access to sites and services.
- How do we use your personal data and what is the legal basis of the processing?
We use your personal data for the following purposes:
- Contract performance: We process your personal data to initiate and perform the contract with you, in particular to provide access to, manage and deliver Swiss Re Institute events and services such as onsite and online learning programs, conferences, webinars, executive programs or digital and printed learning material both on a paid and unpaid basis.
- Service quality and performance: We can process your personal data based on our legitimate interest to improve and develop the quality and the performance of our product and service offering as well as the user friendliness and usability of our site and user processes. For this purpose, we may analyze which trainings may be interesting for you and how you use our website and services to gain statistical insights. We do not create user profiles and we generally process data without your identity or in an anonymized form.
- Marketing: We may process your personal data in our legitimate interests to send you information about our trainings, events or other services that may be interesting for you. If we require your consent under applicable law, we will ask you for your separate prior consent. We only send you newsletter after you have subscribed to our mailing list.
- Compliance with legal obligations: We can also process your personal data to comply with legal obligations such as tax and record keeping obligations, the prevention, detection and investigation of criminal offences or other violations, and cooperation with authorities.
- Operational and Security purposes: We process your personal data for administrative purposes, for managing and improving IT infrastructure and for the purpose of the security of IT-systems and facilities as well as your security when participating in onsite events as well as for protection of our rights, for example to assert and defend legal claims.
We may also use your personal data for other purposes that are compatible with the original purpose for which it was initially collected.
- How long do we keep your personal data?
We keep your personal data only for as long as is necessary for the purposes of the processing or as required by law. After this period, your personal data will be deleted or processed in an anonymized way for legitimate business purposes.
The retention period for unpaid access to any of the Swiss Re Institute events ends 5 years after the data subject's last login to the platform.
The retention period for a transaction done for paid access to any of the Swiss Re Institutes events ends 10 years after that transaction date.
- Do we share your personal data?
We do not sell your personal data to third parties.
We may disclose your personal data to third parties in relation of our services, our legal obligations or otherwise to pursue our legitimate interests and the other purposes set forth in this Privacy Notice. These recipients are required to comply with applicable data protection laws as well as any applicable confidentiality requirements.
In order to provide our services and fulfill our contractual or legal obligations, we may work with data processors such as suppliers, IT and other service providers who process personal data on our behalf. These are contractually obligated to process the data only for the purposes of providing their service to us. Personal data will only be disclosed to third parties for their own purposes after appropriate notification and based on your consent, if required by law.
We reserve the right to disclose personal data, even if it is confidential. In many cases, the disclosure of confidential data is necessary for the performance of contracts or otherwise for the purposes described in this Privacy Notice. Non-disclosure agreements do not generally exclude such disclosures, including disclosure to service providers and you acknowledge that these disclosures do not conflict with any confidentiality obligations. Taking into account the sensitivity of the data and other factors, we always ensure that data recipients handle the data in an appropriate manner.
For the purposes set out in this Privacy Notice personal data may be disclosed to the following recipients:
- Our service providers and agents e.g., IT companies who support our technology. As for example, we process personal data (i.e., within our email system or other applications) with Microsoft`s Azure and Office 365. This externally hosted environment was found to be consistent with our privacy and security programs and is regularly assessed so it continuously meets our standards.
- Our course instructors or speakers at events.
- Our professional advisers, auditors, medical agencies and legal advisers, law enforcement agencies, regulators, government authorities.
- The employer of the participant who provided us with your data.
- Cross-border transfer of personal data?
Your personal data can be processed abroad. Personal data processed with Azure and Microsoft 365 service is stored in the data centers region 'West Europe' in the Netherlands. Your data can also be processed in other EEA countries or in countries where Swiss Re has offices.
If we transfer your personal data to countries that are not deemed to provide an adequate level of data protection by the competent authority in your jurisdiction we will ensure that appropriate safeguards are in place such as the European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
In exceptional cases we may transfer personal data to a country with an inadequate level of data protection if you have given your consent if this is necessary for the performance of the underlying contract with your or in case of legal proceedings abroad or in case of overriding public interests.
You have the right to obtain a copy of the safeguards we have put in place for cross-border transfers of your personal information.
- Use of cookies or similar technologies?
On our website and in our online services, we may use cookies and similar technologies. For information on how we use cookies and similar technologies, please see our Cookie Policy.
- What are your rights?
You have the following rights in relation to your personal data, depending on the applicable data protection law:
- Access: You have the right to request information from us as to whether and what personal data we hold
- Rectification: If any of your details are incorrect, inaccurate, or incomplete you can ask us to correct the data
- Object: You have the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing. For other processing done under legitimate interests we will after your objection re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may continue to use your information.
- Withdraw of consent: You have the right to withdraw your consent at any time, provided that our processing is based on your consent.
- Data portability: In some circumstances you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organization.
- Restrict processing: If you are uncertain about the accuracy or our use of your information, you can ask us to stop using your personal data until your query is resolved. We will inform you of the outcome before we take any further action in relation to this information.
- Erasure: You can ask us to delete your personal data, if deleting your data is not in conflict with our legal and regulatory obligations. If we are using your consent to process your information and you withdraw it, you can ask us to erase your personal data.
If you do not agree with the way we handle your rights or with our data protection practices, please inform us or our Data Protection Officers. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country:
- You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
- You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/
- You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
- How can we change this Privacy Notice?
This Privacy Notice is not part of any contract you may have with us. We may amend this Privacy Notice at any time.
Last updated: 24 April 2024