Privacy Policy
Data controller
Personal data collected through the website OnlyHealth Insurance are processed by:
Suisscourtage SAM
Monegasque public limited company (Société Anonyme Monégasque)
Registered office:
12 Quai Antoine 1er
98000 Monaco
Principality of Monaco
Contact
Email: contact@suisscourtage.com
Phone: +377 93 30 42 43
SUISSCOURTAGE SAM acts as data controller within the meaning of Regulation (EU) 2016/679 (GDPR) and Monegasque Law No. 1.565 of 3 December 2024 relating to personal data protection. Full corporate information is available in the Legal Notice.
Scope of application
This Privacy Policy applies to all processing of personal data carried out through the OnlyHealth digital ecosystem, including the website, customer platforms, APIs, extranet services and connected digital interfaces, in particular for:
- information requests
- quotation requests
- underwriting processes
- online payments
- customer account management
- insurance contract management
- customer support
- claims management interfaces
- marketing and communication activities
- technical and security operations
It is established in accordance with GDPR, Monegasque data protection law and applicable international data protection frameworks. Where local regulations impose specific requirements, such local laws apply in addition to this policy.
Categories of personal data processed
| Category | Description | Examples of data | GDPR qualification |
| Identification data | Data enabling user identification | Surname, first name, date of birth, nationality, postal address, email address, telephone number, IP address, geolocation data (country, city) | Personal data |
| Contractual and administrative data | Data relating to contractual relationship and insurance services | Insurance needs, coverage requirements, contractual choices, policy numbers, subscription history, customer account data, administrative exchanges | Personal data |
| Financial data | Data related to payments and financial transactions | Payment transaction identifiers, payment status, billing data, commission and financial flow references | Personal data (financial) |
| Payment security data | Secure payment processing | Bank card data are not stored by SUISSCOURTAGE SAM. Payments are processed via secure payment providers | Sensitive financial data (not stored locally) |
| Health data | Data relating to health status and medical risk assessment | Medical history information, health questionnaires, health eligibility criteria, anthropometric data (height, weight), medical declarations, health risk indicators, exclusion criteria, underwriting assessment data | Special categories of personal data – Article 9 GDPR |
Health-related data constitute special categories of personal data within the meaning of Article 9 of the GDPR and are subject to reinforced legal, organisational and technical protection measures.
Purposes & Legal bases
| Processing purpose | Description | Legal basis (GDPR) |
| Provision of information and insurance offers | Responding to user requests and providing insurance information | Legitimate interest (Art. 6(1)(f)) |
| Quotation and pricing services | Generation of insurance quotations and pricing | Contractual necessity (Art. 6(1)(b)) |
| Eligibility and underwriting assessment | Risk analysis and underwriting evaluation | Contractual necessity (Art. 6(1)(b)) + Health data: Art. 9(2)(h) |
| Insurance subscription | Policy creation and onboarding | Contractual necessity (Art. 6(1)(b)) |
| Contract management | Policy administration and lifecycle management | Contractual necessity (Art. 6(1)(b)) |
| Customer relationship management | Customer communications and service management | Legitimate interest (Art. 6(1)(f)) |
| Payment processing | Transaction execution and payment management | Contractual necessity (Art. 6(1)(b)) + Legal obligation (Art. 6(1)(c)) |
| Fraud prevention | Detection and prevention of fraud | Legitimate interest (Art. 6(1)(f)) + Legal obligation (Art. 6(1)(c)) |
| Regulatory compliance | Compliance with legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
| Claims processing interfaces | Claims submission, processing and reimbursement | Contractual necessity (Art. 6(1)(b)) + Health data: Art. 9(2)(h) |
| Customer support | Assistance, support and complaints handling | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Sending commercial communications | Consent (Art. 6(1)(a)) |
| Website security | Protection of systems and platforms | Legitimate interest (Art. 6(1)(f)) |
| Analytics and performance monitoring | Website usage analysis and service optimisation | Consent (Art. 6(1)(a)) or Legitimate interest (Art. 6(1)(f))* |
| Technical operation of platforms and APIs | IT operation, APIs, extranet and infrastructure management | Legitimate interest (Art. 6(1)(f)) |
* depending on the nature of the analytics and applicable regulatory exemptions.
Health Data – Specific legal framwork
| Processing context | Legal basis |
| Insurance underwriting and risk assessment | Article 9(2)(h) GDPR |
| Healthcare-related insurance services | Article 9(2)(h) GDPR |
| Health questionnaires and declarations | Explicit consent – Article 9(2)(a) GDPR |
| Claims and reimbursements | Article 9(2)(h) GDPR |
Data recipients and partners
Personal data may be transmitted to the following categories of recipients, depending on the nature of the processing:
Insurance partner and underwriting
AWP Health & Life S.A. (Allianz Care) acts as the risk-bearing insurance undertaking and may receive personal data necessary for underwriting, policy administration and performance of the insurance contract. Corporate and legal information about the underwriting insurer is provided in the Legal Notice.
Insurance management and claims processing partner
Personal data, including health-related data where applicable, may be transmitted to A APRIL acts as insurance management and claims processing partner. Personal data, including health-related data, may be transmitted for insurance management, claims processing, reimbursements, medical expense processing and benefits administration.
APRIL acts either as an independent data controller or as a data processor, depending on the nature of the processing activities.
Two separate operational environments are implemented:
- a claims and reimbursements platform operated by APRIL,
- a contractual management platform operated by SUISSCOURTAGE SAM under the OnlyHealth brand.
Corporate and legal information about APRIL is provided in the Legal Notice.
Contractual management platform
OnlyHealth by SUISSCOURTAGE SAM for subscription, customer account management, contract administration and contractual services.
Payment service providers
MONETICO by Euro-Information and associated banking partners for secure payment processing.
Hosting providers
- Monaco Telecom SAM (health and personal data hosting)
- Hostinger International Limited (showcase website hosting)
Technical service providers
i2N SARL (website development and technical implementation), APIs, CRM platforms, extranet platforms and operational IT service providers.
Regulatory and supervisory authorities
Competent regulatory, supervisory and judicial authorities, where legally required.
Recipients may act as data processors, joint controllers or independent data controllers, depending on the nature of the processing.
International data transfers
Personal data may be transferred outside the European Union and Monaco, in particular in the context of international insurance coverage, technical infrastructures, cloud services, international service providers and global analytics services.
Such transfers are governed by appropriate safeguards in accordance with Articles 44 to 49 GDPR, including Standard Contractual Clauses (SCCs), adequacy decisions and contractual safeguards.
Data retention
Personal data are retained only for the periods strictly necessary for the purposes for which they are processed, including contractual duration, regulatory retention obligations, insurance legal obligations, accounting requirements, dispute management and archiving obligations.
Health data are subject to reinforced retention and security rules.
Data security
Users have the right of access, rectification, erasure, restriction of processing, objection, data portability, withdrawal of consent at any time, and the right not to be subject to automated decision-making.
To exercise these rights, users may contact:
SUISSCOURTAGE SAM – OnlyHealth
12 Quai Antoine 1er
98000 Monaco
Email: dpo@suisscourtage.com
Complaints and supervisory authority
Users have the right to lodge a complaint with the competent data protection authority.
For Monaco, this is the relevant data protection authority established under Monegasque Law No. 1.565 of 3 December 2024.
Users may also lodge a complaint with their local supervisory authority within the European Union where applicable.
Cookies and tracking technologies
The website uses cookies and similar technologies. Detailed information is available in the dedicated Cookies Policy.
Artificial intelligence
Artificial intelligence technologies, where used, are limited to content generation and informational purposes only and do not perform automated decision-making affecting users’ rights or insurance eligibility.
Changes to this Privacy Policy
This Privacy Policy may be updated at any time to reflect legal, regulatory, technical or operational changes. Users are invited to consult it regularly.