polia

Privacy policy

Polia complies with the revised Swiss Data Protection Act (revDPA, in force since Sept. 2023) and the EU GDPR for users residing in the EU.

Version 1.0 — May 2026

1. Who we are (controller)

Vanguard Advice SA, Les Pâquis 1B, 1315 La Sarraz, Vaud (CHE-132.875.747). DPO: dpo@polia.ch.

2. Data we collect

  • • Data you provide: name, email, phone, postal code, date of birth, insurance type — only when you fill a form.
  • • Technical data: IP address (immediately hashed), browser, language, pages visited.
  • • Account data (optional): hashed password (bcrypt 12), language preferences, comparison history.
  • We do NOT collect: your AVS number, banking data, health data.

3. Purposes

  • • Provide the requested comparison service.
  • • Email your results on request.
  • • Contact you for quote requests (with your explicit consent).
  • • Improve service via aggregated, anonymised stats.
  • • Comply with legal obligations.

4. Legal bases

  • • Contract performance (your comparison request).
  • • Explicit consent (newsletter, marketing).
  • • Legitimate interest (security, anti-fraud).
  • • Legal obligation (accounting).

5. Retention

  • • Quote requests: 24 months after last interaction.
  • • User account: while active + 12 months after deactivation.
  • • Newsletter: until unsubscription.
  • • Technical logs: 12 months max.

6. Recipients

Internal at Vanguard Advice SA. Quote requests forwarded to specific insurers only with your explicit consent. Hosting: OVH Cloud (EU — France). No transfers outside EU/CH without standard contractual clauses.

7. Your rights

  • • Right to access your data.
  • • Right to rectification.
  • • Right to erasure (subject to legal obligations).
  • • Right to portability.
  • • Right to object to processing.
  • • Right to withdraw consent at any time.
  • • Right to complain to the Swiss FDPIC or your data protection authority.
  • To exercise these rights: dpo@polia.ch (response within 30 days).

8. Cookies

Essential cookies (authentication, security) and, with your consent, anonymised analytics. See our cookie banner for details and preferences manager.

9. Security

Passwords hashed with bcrypt cost 12, DB-stored sessions with rotation, IPs hashed with private salt, HTTPS only. In case of breach, you will be notified within 72 h per revDPA Art. 24.

10. Changes

This policy may evolve. Material changes will be notified by email (if subscribed) or via a banner on the site.

Audit gratuit