Data Protection Notice

Introduction 

MS Amlin AG (“MS Reinsurance”) is committed to protecting your personal data. This Data Protection Notice applies to personal data relating to clients, insured persons, policy holders, beneficiaries, claimants, witnesses and complainants, as well as to users of our website. This Data Protection Notice outlines how we as a reinsurance business collect, process, and share any personal data about you in compliance with applicable data protection laws, including the Swiss Federal Act on Data Protection, the Bermudian Personal Information Protection Act, the Malaysian Personal Data Protection Act and other relevant regulations. Where you provide us with personal data about other individuals, you must provide this notice to them.

Responsible Data Controller 

MS Amlin AG (MS Reinsurance)

Kirchenweg 5

8008 Zurich, Switzerland

For data protection inquiries, you can contact our Data Protection Officer at the following address.

The Data Protection Officer for MS Amlin AG

MS Amlin Corporate Services

The Leadenhall Building

122 Leadenhall Street

London EC3V 4AG, United Kingdom

Email: DataProtectionOfficer@msamlin.com

Reinsurance - Context, Type of Data, Purposes and Legal Basis of Processing

Insurance companies may cede a part of their risks from insurance contracts to reinsurers such as MS Reinsurance in order to manage their portfolio and be able to fulfil their indemnity payment obligations at all times. If you wish to conclude or have concluded an insurance policy with an insurance company, or if you have claims against an insurance company as an insured person, beneficiary or injured party, and we are a reinsurer for such insurance company, it is possible that this insurance company or its broker will provide to us your application, contract and/or claims data if this is necessary for the proper establishment, performance (including claims settlement) or termination of the reinsurance contract. This can also be the case if another reinsurance company passes on a portion of the risk to us (retrocession).

We seek to comply with principles of "data minimization". This means we try to ensure that we avoid collecting or processing personal data other than the types and volume required to achieve the purposes set out in this Data Protection Notice. Often, the data we receive from the insurance company is anonymized. Where this is not sufficient or possible for the purposes of processing, the data may be pseudonymized; as a rule, only the insurance company or its broker is able to associate the pseudonym (e.g. a policy or claim number) with you. Sometimes the data may also include your name, especially in the case of life or high-sum personal injury insurance, and of insurance claims. If you work at an insurance company, broker or agent working with us, we may receive your professional contact details.

In this context, we may process various types of personal data, including but not limited to:

  • Personal identification information (e.g., name, date of birth, gender, driver license)
  • Contact information (e.g., domicile, email address, phone number)
  • Insurance-related information (e.g., policy number, coverage details, claims history)
  • Health information (e.g., medical history, health status as necessary for underwriting)
  • Financial information (e.g., payment details, financial status)
  • Risk-related information (e.g., fraud detection data, claims-related insights)

We process personal data for the following purposes:

  • To underwrite our business with clients, including defining the scope of the reinsurance contract
  • To provide services and perform our contractual obligations related to reinsurance
  • To review, manage and process claims as part of our reinsurance services
  • To conduct data analysis for assessing risk, pricing and improving our services
  • To comply with legal and regulatory obligations
  • To protect our legitimate business interests, including preventing fraud, complying with sanctions and ensuring IT security

The legal basis for our processing activities include:

  • Necessity for the performance of our reinsurance contract with the insurance company, including contract administration, risk management, claims handling, business analysis and accounting
  • Necessity for the performance of the insurance contract between the insurance company and you, where reinsurance is required, or for the legitimate interests of the insurance company where the reinsurance helps it to satisfy its obligations under the insurance contract
  • The consent you have given to your insurance company to the extent it also covers us as the reinsurer
  • Compliance with legal and regulatory obligations, e.g. data retention requirements and sanctions compliance
  • Our legitimate interests, such as identifying risk accumulation, preventing fraud and ensuring IT security.

Website Use - Context, Type of Data, Purposes and Legal Basis of Processing[as1] 

When you use our Website, we collect certain personal data. For example, by using cookies and similar technologies, we may process your IP address and the geographic location it indicates, the content you access, the website from which you navigate to our Website, the search terms you enter on our Website, information about the type of device you use to access our Website, the operating system and your browser type.

In addition, if you fill out our contact form, send us an e-mail or another form of electronic message (or hardcopy message, e.g. a letter), we may collect such personal data as your name, e-mail address (or other form of communication identifier, e.g. messenger nickname), phone number, subject matter, corresponding message content, related metadata and any other information you choose to disclose in your communication to us.

We process this personal data for the following purposes:

  • To operate and improve this website, which is in our legitimate interest and/or based on your consent
  • To answer your inquiries, which is in our legitimate interest to provide information and services that you have requested in relation to our services
  • To comply with legal and regulatory obligations which we are subject to
  • To protect our legitimate interests, such as protecting of property, information and system security, fraud prevention and detection, protecting of our legal position in legal proceedings, conducting checks as permitted by applicable law.

For more details on our use of cookies, please see our Cookie Consent Management.

Our website may contain links to websites of third-party organizations. These websites have their own privacy notices, which you should review prior to sharing personal data. We do not accept any responsibility for these notices.

Sources of Personal Data 

We primarily obtain personal data from:

  • Primary insurance companies or brokers or agents, who may pass on information necessary for reinsurance purposes, as well as other reinsurance companies that cede part of the risk to us (retrocession).
  • Third-party databases and publicly available sources, as permitted under applicable law, especially for risk accumulation control and for evaluating large loss events.
  • Directly from individuals, their representatives, claims handlers, or from court proceedings as part of claims handling.
  • Directly from you and your devices, when you access our website.

Data Sharing 

We may share personal data with:

  • The insurance company that provided us with your data. If an insurance company works with us through a broker, agent or external manager, we may share the personal data back via that channel.
  • Our service providers who assist in fulfilling our contractual and legal obligations, including professional advisors as well as IT and cloud service providers.
  • Our branches, subsidiaries and affiliated companies who assist in fulfilling our contractual and legal obligations, specifically our affiliate performing the internal audit function for us and the affiliates providing centralized IT systems and services.
  • Other reinsurers (retrocessionaires) as necessary for risk management and reduction.
  • Regulators and other authorities, courts, or other parties when required by law or necessary for the performance of the reinsurance contract.

We do not sell personal data to third parties. All sharing of data is conducted in accordance with applicable laws and with appropriate safeguards.

International Data Transfers 

We may transfer personal data to countries outside of Switzerland, especially to our branches in Bermuda and Labuan (Malaysia) and our subsidiary MS Amlin Reinsurance Managers Inc in the United States, as well as our affiliated companies in the United Kingdom. Service providers may be located in other countries. Such transfers will only occur if the recipient country provides adequate protection for personal data, or if other legal safeguards are in place (e.g. recognized standard contractual clauses). Please contact us for more information on the safeguards put in place. We may also transfer your personal data back to the insurance company that initially provided it to us as part of contractual performance.

Data Retention 

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy or as required by law. This may include varying retention periods to comply with legal obligations; under Swiss law this is generally up to ten years. We may also retain personal data until claims can no longer be asserted against us, which may be a longer period.

Data Subject Rights 

You have the right to:

  • Obtain a copy of your personal data held by us
  • Have any incorrect personal data updated
  • Request the erasure of any of your personal data
  • Restrict the use of your personal data
  • Object to the use of your personal data
  • Request the personal data you provided to us to be moved to another organisation

If you wish to exercise any of these rights please contact us stating your request, verifying your identity and providing your contact details. In order for us to respond to your requests effectively and efficiently, contact the Data Protection Officer using the details above. We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. We may also ask you to provide more details about what you want to receive or are concerned about. We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request.

Right to complain

You have the option to complain to our Data Protection Officer at the contact details provided above, or to the Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Berne, Switzerland. You may also have the right to complain to your local data protection authority; please contact us or our Data Protection Officer for more details.

Changes to this Data Protection Notice

This Privacy Notice is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it is as transparent as possible.

Last updated: June 2025