General Data Protection Regulation (GDPR)

Within the framework of the new European Rules and Regulations on data protection, Unicare, a member of the Group Swiss Risk & Care, applies the Group's personal data protection policy.

 

In the framework laid out by the Group Swiss Risk & Care, Unicare applies the seven principles relating to personal data treatment:

• Legality
• Loyalty and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Conservation limits
• Integrity, confidentiality and responsibility

In order to apply these principles and conform to the new rules and regulations, Unicare has established a roadmap to achieve the expected standards, both with regard to the supervisory authorities and with regard to the company's clients/partners.

 

• Step 1      To establish a register of the treatment of personal data
• Step 2      To analyse the treatment and make possible adjustments
• Step 3      To make contractual adjustments if necessary and documentation
• Step 4      Realization of PIA
• Step 5      Construction of actions to secure treatments for which the results of the PIA has shown a risk

In parallel with these various steps, and for the treatment of new projects, Unicare will implement data protection methods from the conception of the treatment and by default (collection minimisation, collection only of what is strictly necessary, etc.) and maintain proof of this (file including exchanges in all formats: e-mail, note, report, etc., meaning “privacy by design” and “privacy by default”). Also, in parallel, the management of Unicare will disseminate the GDPR culture to staff in order to raise their awareness on this subject, so that the new regulations are strictly applied at all levels of the company.

 

 

To ensure its policy of personal data protection, Unicare, a member of the Group Swiss Risk & Care, stores its data on a 100% Swiss cloud.

 

Mindful of its information security obligations, Unicare makes every effort to ensure an operating platform that meets its clients’ expectations, by focusing on:

 

• Storing its data in Switzerland, without delocalising it abroad;
• Working with a trusted Swiss partner;
• Having at its disposal a cloud system that is always available, with competent support;
• Being compatible with the provisions of FINMA, ISAE & ISO.
• Taking these elements into account, the Group Swiss Risk & Care has placed its trust in Swisscom, a long-established Swiss entity already recognised as a partner of reference in this field by several Swiss private banks, and stores its data in the Swisscom Enterprise Service Cloud (ESC).

This cloud provides the following guarantees:

• Hosting in Switzerland;
• Swisscom's highest level of security which is one of the highest in Switzerland
• 24/24 - 7/7 support ensured by Swisscom's competent security engineers;
• A technical team mobilised to respond and manage attempted attacks;
• Guaranteed availability (thirds 3 & 4), redundancy at sites separated by 100 km;
• A capacity for resumption of activity (HA), on a redundancy site, without interruption of service;
• An incremental and precise back-up plan with rapid access to data.
• Swisscom also meets the constraints of the expected provisions as the cloud ESC is certified ISO IEC 27001, FINMA & ISAE.