At CSS, the data of the insured person is always processed in compliance with the law and used only for the prescribed purposes. We only process those items of data about the insured person which are necessary to perform our work.
Thanks to regular, thorough employee training for its employees and data processing which is optimised on an ongoing basis, CSS guarantees a high level of data protection and data security.
Where European law (and especially Regulation (EU) 2016/679 (the General Data Protection Regulation)) applies to data processing, reference is made to this fact at the appropriate point.
Revised Data Protection Act
- Information and record-keeping duties: amendments to the General Insurance Conditions and regulations
- Duty to report data security breaches
- Record of processing activities
- Data protection impact assessment
- Privacy by design and by default
- More extensive powers for the FDPIC.
The data on our systems is protected against loss, misuse, fraud and unauthorised access. The security of our systems is under constant review, both internally and externally. CSS IT systems have been certified in accordance with ISO standard 27001:2013 since 1 July 2015. This international standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving an information security management system.
Data protection quality seal
The certifications awarded to CSS underscore the importance of data protection at CSS. They guarantee that CSS will treat the data of its insured persons with care.
- Since 2007, the Medical Advisory Service (MAS) has held the GoodPriv@cy* seal of quality and, since 2010, has also been certified under the Ordinance on Data Protection Certification (VDSZ).
- Since 2013, CSS has had a certified (in accordance with the Ordinance on Data Protection Certification (VDSZ) and GoodPriv@cy*) data collection office in accordance with Art. 59a of the Swiss Health Insurance Ordinance. Its standardised regulations guarantee data privacy for every person insured with CSS, while at the same time paving the way for quick and client-oriented invoicing with hospitals. This permits CSS to settle DRG invoices from inpatient service providers efficiently and in conformity with the law.
- CSS meets high information security standards. Its IT systems are certified in accordance with ISO standard 27001:2013. This international standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving an information security management system.
- The process for receiving and digitalising paper documents by email, app and portal has been certified in accordance with the Ordinance on Data Protection Certification (VDSZ) and awarded the international "GoodPriv@cy*" certificate.
*The international GoodPriv@cy certificate is awarded by the independent Swiss Association for Quality and Management Systems (SQS) and confirmed by means of an annual audit.
Data Protection Officer and requests for information
If you have any questions about how your personal data is processed, or if you wish to have your personal data corrected or deleted, or restrict the way in which it is processed, or you would like to make a request for information, please contact us by post, enclosing a copy of an official identity document:
Representative for matters under data protection law in the EU
Where CSS is subject to the EU's General Data Protection Regulation, the data protection officer as defined by Art. 37 of the Regulation, and representative in the sense of Art. 27 of the Regulation is:
Where CSS is subject to the EU's General Data Protection Regulation, you also have the right to transfer your data to another processor (‘data portability’).