Privacy Policy

This Privacy Policy informs you about how we collect and process your personal data when you use our website www.myright.ch (hereinafter: “Website”) and our services.

“Data processing” refers to all handling of personal data including the collection, storage, use, disclosure, altering, archiving, and erasure of data.

The Privacy Policy is constantly updated to reflect the latest statutory provisions as well as adjusted in line with specific data processing requirements. This Privacy Policy was last amended in March 2023.

Our Website may contain links to the websites of other providers who have no connection with us. After these links are clicked on, we no longer have any influence over the processing of any personal data transmitted to the third party by clicking on the link (such as the IP address or URL where the link is located), since the behavior of third parties is beyond our control. We can therefore accept no responsibility for the processing of such personal data by third parties.

Information about our Cookie Policy can be found here.

1. Who is responsible for data processing?

Responsibility for data processing lies with:

AXA-ARAG Legal Protection Ltd
Affolternstrasse 42
P.O. Box 6944
8050 Zurich

Email: datenschutzanliegen@axa-arag.ch (unencrypted)

2. What personal data do we process?

When you visit MyRight and/or make use of services via the Website, we collect and store personal data.

When you visit the Website we automatically store

• the IP address used,
• web pages you visited,
• volume of data sent in bytes,
• source/link that took you to the page,
• name and version of the browser used,
• operating system used, as well as
• the date, time, and duration of your visit.

In addition, we collect personal information which you provide to us when using the Website and our services. This includes the following data in particular: name, address, email address, telephone number, details of a legal case or legal matter.

When a service contract is taken out, additional information required for the fulfillment of the contract or legal obligations is collected and processed.

3. For what purpose do we process your data?

We use your data to provide and process services via the MyRight website as well as to respond to your questions and provide our advisory service (legal advice). In particular, your data is used to enable you to access and use the Website, including additional functions and offers related to the Website.

Data that is logged automatically during use of the Website is used by us to administer and optimize the Website as well as to improve the service offered through it. We also evaluate the data anonymously for statistical purposes.

In connection with the provision of legal advice, your consent may sometimes be necessary when querying sensitive data that requires particular protection, such as health information. In this case, we process the data solely based on the consent granted by you for the purpose of providing the legal advice.

4. Will my details be passed on to third parties?

We protect your data and do not sell it to third parties.

We forward your data to third parties only if this is necessary in order to provide our services, for billing/accounting purposes, to manage an existing contractual relationship, to operate and maintain the Website, or for statistical evaluation. However, prior to transmitting data to a country outside of Switzerland, the EU, or the EEA countries, we ensure that the country has an appropriate degree of data protection.

We are part of the AXA group of companies and therefore carry out some business processes in centralized service units and data processing systems belonging to the AXA Group. This data processing, which also involves the processing of data outside of the European Economic Area (EEA) and Switzerland, is permitted on the basis of our Binding Corporate Rules [BCR]. Furthermore, our Binding Corporate Rules also cover the transfer of data to data processors belonging to the AXA Group.

All data on legal advisory cases is treated by AXA-ARAG as confidential and is not exchanged with other AXA Group companies.

5. Will my details be used for marketing purposes?

Yes, we use your data for customer surveys and marketing purposes. “Marketing purposes” are any activities aimed at the acquisition of new customers or deepening of existing customer relationships. For example, we use data about your behavior, preferences, and contract for analysis purposes with the aim of upgrading existing products, offering them to you, as well as developing new products and services – whether insurance-related or not – within the AXA Group.

Specific marketing measures may be implemented by data processors and cooperation partners we have commissioned, and by common controllers or other third parties, or in cooperation with them.

You can object to direct marketing and personalized advertising at any time. You can either contact the AXA-ARAG Data Protection Consultant directly (see section 10 below) or call the AXA 24-hour helpline at 0800 809 809.

6. What about the creation of personality profiles?

We may process and evaluate your data on an automated (i.e. computer-supported) basis as well as create profiles for the specified purposes. For individualized and targeted advertising purposes, for example, as well as to provide you with offers and cater to your needs more effectively, we may also create personality profiles for you and assign you to a specific advertising group.

We do not use any sensitive data requiring particular protection, such as health data, for personality profiles.

In addition, we use profiling to identify security risks and any risks of misuse, to conduct statistical analyses, and for operational planning purposes.

7. Will my details be used for other purposes?

Yes, we process your information for other purposes including in the context of our internal procedures and for administration, for training and quality assurance purposes, for the protection of our customers, employees, and other persons, and to protect AXA’s data, secrets, and assets, as well as any data, secrets, and assets that have been entrusted to AXA.

8. How long will my data be kept for?

Personal data will be stored and processed for as long as the purpose giving rise to the data collection exists and we are required and authorized to do so under statutory or contractual provisions.

For example, we are required by law to keep data obtained in connection with the provision of legal advice (MyRight service) for at least 10 years after the legal advice has been provided. Your data will be erased once the relevant retention period has elapsed.

It will still remain possible to call up publicly accessible information on the platform (such as comments in forums).

9. What are my rights?

In accordance with the Swiss Federal Act on Data Protection, you can assert the following rights at any time and free of charge by emailing or writing to the AXA-ARAG Data Protection Consultant (see address below), enclosing a copy of your passport or official ID document.

• Right to informationas to whether we process your data and, if so, what data.
• Right to request the release and transfer of specific personal data in a common electronic format to you or to another controller.
• Right to rectification of your data if it is incorrect. If we have stored incorrect personal data about you, we will be pleased to rectify this based on the information you provide.
• Right to erasure exists for data
  • that is not essential to the performance of the contract, or
  • that we are not required to keep for statutory reasons, or
  • that is not being processed on account of overriding legitimate interests on our part.
  If erasure seems technically impossible or involves disproportionate effort, we may refuse your request for erasure.
• Right to the restriction of processing of your data in specific cases, e.g. if the accuracy of the data is disputed or unlawful processing is asserted.
• Right to object, e.g. if you do not want your data to be used for marketing purposes.
• Right to revoke your consent – where the processing of your data is based on consent that you have granted – to future processing with immediate effect. However, this is only possible if the data processing is not required in connection with contractual obligations, e.g. in connection with the receipt of legal advice.

10. Who should I contact?

For requests and inquiries in connection with the processing of your data by AXA-ARAG, please email or write to the following, enclosing a copy of your identity card or passport:

AXA-ARAG Data Protection Consultant
AXA-ARAG Legal Protection Ltd 
Affolternstrasse 42 
CH-8050 Zurich 

Email: datenschutzanliegen@axa-arag.ch (unencrypted)

If you believe we are failing to observe the applicable data protection regulations in our dealings with you, we recommend that in the first instance you contact our Data Protection Consultant (see above).

You can, however, also file a complaint directly with the relevant federal data protection supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern

11. What else needs to be taken into account?

We implement technical and organizational security measures to ensure that our users’ personal data is protected against loss, incorrect changes, or unauthorized access by third parties. Moreover – for our part – access to your personal data is restricted to authorized parties in all cases, and is permitted only to the extent necessary within the scope of the purposes stated above.

Where the GDPR applies, we proceed in application of the following legal bases:

1. Initiation or performance of a contract;
2. Existence of a statutory basis;
3. Consent from you or a person authorized by you;
4. Overriding or legitimate interests of AXA-ARAG, i.e. specifically in order to pursue the purposes described and associated objectives as well as implement corresponding measures.

As an AXA-ARAG customer, you can also obtain more information about data protection at AXA.ch/data-protection.