Data protection at Swiss Risk & Care
In the implementation framework of the new European Rules and Regulations for data protection, the Group Swiss Risk & Care, a member of the Group SCIACI SAINT HONORE, applies the personal data protection policy determined by the Group.
Within the limits defined by the Group SCIACI SAINT HONORE, the Group Swiss Risk & Care applies the seven principles applicable to the treatment of personal data:
- Loyalty and transparency
- Purpose limitation
- Data minimization
- Limits on retention
- Integrity, confidentiality et responsability
In order to apply these principles and to conform to the new Rules and Regulations, Swiss Risk & Care SA has established a road map to enable the expected standards to be reached, not only for the surveillance authorities but also for the company's clients/partners.
Step 1 : Setting up a register of data treatments of a personal nature
Step 2 : Analysis of treatments and possible adjustments
Step 3 : Contractual adjustments if necessary and documentation
Step 4 : Implementation of Privacy Impact Assessment (PIA)
Step 5 : Construction of actions to safeguard treatments when the results of the PIA have shown a risk
In parallel with these various steps and for new projects for treatments, Swiss Risk & Care will set up data protection methods when the treatment is designed and by default (minimisation of the collection, collecting only what is strictly necessary, etc.) and by retaining the proof (file with data exchanges in all formats: e-mail, note, report, etc., meaning "privacy by design" and "privacy by default"). Also, in parallel, the Direction of Swiss Risk & Care will disseminate the culture of GDPR to its staff in order to heighten their awareness of this subject, and to ensure that the new Rules and Regulations are applied strictly at every level of the company.
The Group Swiss Risk & Care's environnement of personal data protection
To ensure its policy of personal data protection, the Group Swiss Risk & Care, a member of the Group SIACI SAINT HONORE, stores its data on a 100% Swiss cloud.
Mindful of its obligations concerning IT security, the Group Swiss Risk & Care does everything in its power to provide an operating platform in conformity with its clients' expectations by focusing on:
- Stocking its data in Switzerland and not delocalizing them abroad
- Working with a trusted Swiss partner
- Having of a secure cloud system which is available and backed by competent support
- Being compatible with the provisions of FINMA, ISAE & ISO
Taking these elements into account, the Group Swiss Risk & Care has placed its trust in Swisscom, the long-standing Swiss player, who has already been recognised by several private Swiss banks as a partner known as an authority on the subject, by storing its data in the ESC cloud (Enterprise Service Cloud) by Swisscom.
This cloud offers the following guarantees:
- Storage in Switzerland
- Swisscom's highest level of security is one of the highest in Switzerland
- Support 24/24 - 7/7, ensured by competent security engineers at Swisscom
- A technical team mobilised to meet and manage any attempted attacks
- Guaranteed availability (levels 3 & 4), redundancy on sites 100 km apart
- A capacity to resume activity (HA), on the redundancy site, with no interruption to service
- A backup plan that is incremental, precise, providing rapid access to data
Swisscom also meets the constraints of the expected provisions as the ESC cloud is certified ISO IEC 27001, FINMA & ISAE.