Quality Management/Data Protection

Quality management

GastroSocial is the first joint social insurance company to have been awarded the ISO 9001 and GoodPriv@cy quality labels.

The auditors not only gave GastroSocial high marks, but were also impressed by how well the top-quality management system is being implemented and developed further in practice.

Our commitment to the maintenance of high quality standards not only serves the best interests of our customers and all our employees, but also ensures the continued existence of GastroSocial as a solid and successful company.

Data protection policy

In order to carry out its assigned tasks, GastroSocial has to capture the personal data of the affiliated companies and insured. Only the data required for its business operations and its dealings with customers and insured is captured.

GastroSocial only stores data for the time it is obliged to do so by law or for as long as it is relevant to the purpose for which it was captured.

GastroSocial does not release any of the data managed by it for the identification of persons without the explicit consent of its customers or insured, nor does it forward any data to other institutions or organisations. Exceptions: Data has to be released by force of law or under an official order, or if it is required for business purposes and the provision of services to customers.

GastroSocial undertakes to comply with the applicable law on the protection of data and to continuously improve data protection efficacy.

GastroSocial implements the technical and organisational security measures that are needed to protect the data managed by it from unauthorised or wrongful access as well as unintentional loss, destruction or damage.

EU General Data Protection Regulation (GDPR)

The EU‘s General Data Protection Regulation (GDPR) has been in force for all EU member states since 25 May 2018. If, among other things, personal data of individuals based in the European Union are processed in connection with offering them goods or services within the European Union, the GDRP also applies to Swiss companies under certain conditions. Because of the «place of performance» principle, the GDPR does not apply to GastroSocial.

Territorial scope Art. 3 GDPR: «Place of performance» principle

  • «Establishment» criterion:
    The regulation automatically applies if the establishment of the processor is located in the European Union.

  • «Target market» criterion:
    The regulation also applies if the establishment is located outside of the European Union (e.g. in Switzerland), but the processing activities relate to offering goods or services intended for persons in the European Union, or to observing the behaviour of a person that occurs in the European Union (in particular, observing the behaviour of internet users).

GastroSocial does not have any establishments in the European Union. For the target market criterion, the «place of performance» principle presupposes a clear intention to specifically target cross-border customers. This does not apply in GastroSocial‘s case, either.

GastroSocial provides social insurance products required under Swiss law. It does not offer insurance solutions tailored to the laws of any EU member states. Furthermore, no rented apartments in the European Union are offered, particularly within the context of investments relating to employee benefits. The export of benefits provided for under the relevant Swiss federal law (e.g. family allowances or pensions for children or pension recipients residing in the European Union) is not sufficient for the EU General Data Protection Regulation to apply. Furthermore, no personal data are processed by means of web tracking or profiling for the purpose of behaviour-based advertising.