9.1 What personal information will We collect?
We will collect and process personal information given to us by phone, e-mail, filling in forms, Our website including on ZurichPro, and if a problem is reported through Our website or ZurichPro.
We may also collect information from appointed agents, such as a trustee, broker, intermediary or financial adviser in order to issue an insurance contract and any related services that have been requested.
We may collect personal information for verification purposes, from other sources such as credit reference agencies, other insurance companies, claims service providers (including private investigators).
We will also collect information which individuals volunteered to be in the public domain and other industry-wide sources.
The type of personal information we will collect includes; basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment and financial details; and where We receive a request that other individuals be included in the arrangement, personal information about those individuals.
Where required, We may also collect sensitive information such as medical and health details to allow us to underwrite any insurance cover and augment claims information, including details of any incident giving rise to a claim, as well as financial, medical and health information relevant to the claim.
9.1.2 We protect each individual’s privacy by:
- Collecting information fairly and only collecting information that We need to provide insurance services
- Explaining why We are collecting personal information and how We will be using it
- Using personal information only for Our business operations and to comply with the law
- Ensuring the personal information We collect and hold is accurate
- Holding personal information only for so long as necessary and keeping it secure
- Sharing personal information only with companies and organisations that will keep it secure
- Not sending personal information abroad without ensuring its security ensuring that all individual rights can be exercised under applicable data protection laws.
9.2 How do we use personal information?
We will collect and use personal information in the following manner (i) where the processing is necessary in connection with providing a quotation and /or contract of insurance and/or provision of related services that have been requested; and (ii) to meet Our legal or regulatory obligations.
A non-exhaustive list of examples of Our contractual and legal purposes for which We will collect and use personal information are:
- To provide a quotation and/or contract of insurance
- To identify individuals that contact us
- To set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy
- To administer and renew policies
- To communicate with policyholders or their appointed in respect of insurance services
- To make and receive payments
- To assess, process and settle claims
- For fraud prevention and detection purposes
- To comply with tax reporting obligations such as Common Reporting Standards (CRS) /Foreign Account Tax Compliance Act (FATCA)
- To comply with regulatory requirements and international/economic or financial sanctions laws
9.2.1We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve Our insurance services. Examples of where we do this are:
- To obtain feedback on Our services
- To administer Our website and ZurichPro Software for internal operations including trouble shooting, data analysis, testing, research, statistical and survey purposes
- We will always ensure that We keep the amount of information collected for legitimate interest purposes and the extent of any use to the absolute minimum.
9.2.2 As a data controller We continually assess the personal information We collect and ensure that if We seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.
9.3 Who do We share personal information with?
Where necessary, We will share the personal information provided to Us for the purposes of providing insurance products and any related services requested with the types of organisations (“Recipients”) described below:
- Zurich Insurance Group Ltd. or any of its affiliated companies
- Involved broker, intermediary or financial adviser
- The employer; or the corporate savings plan holder, or group insurance policy holder (if different to the employer) or their appointed agent, such as a Trustee
- Reinsurers, suppliers and service providers
- Survey and research organisations
- Healthcare professionals, social and welfare organisations.
- Other insurance companies in line with industry regulatory standards
- Or, in order to meet Our legal or regulatory requirements, with the types of organisations described below:
- Regulatory and legal bodies
- Government or tax authorities
- Law enforcement bodies, including investigators
9.3.1The personal information provided will only be available to those people with a legitimate need to see it. For example, only those people involved in the management of claims will be able to see the sensitive information gathered and only for that purpose. Written consent will be requested before we share any medical reports or other underwriting evidence with an individual’s employer (for group insurance plans) or any other insurer or insurance intermediary.
9.4 How do we transfer personal information to other countries?
Given the global nature of Our business, We may transfer personal information to other countries. Where We transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) We will ensure that it is protected and that the transfer is lawful.
We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using 'standard contractual clauses' which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of European data protection laws.
Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting Our Data Protection Officer (see details below).
9.5 For how long do we keep personal data?
We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable Us to manage Our business.
9.6 What happens if you fail to provide personal information to Us?
If We are not provided with required personal information, We will not be able to provide an insurance contract, policy coverage or assess future claims for the services that have been requested.
9.6.1 What data protection rights do individuals have?
All individuals have the following rights under data protection laws, namely:
- To access their personal data (by way of a subject access request)
- To have personal data rectified if it is inaccurate or incomplete
- In certain circumstances, to have personal data deleted or removed
- In certain circumstances, to restrict the processing of personal data
- A right of data portability, namely to obtain and reuse personal data for related purposes across different services
- To object to the processing of personal data
- Not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
- To claim compensation for damages caused by a breach of applicable data protection laws
- If we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal)
These rights may be exercised by contacting Our Data Protection Officer. In order to protect privacy individuals will be asked to provide suitable proof of identification before we can process rights related requests.
By agreeing to these Terms and Conditions, you acknowledge that we will use personal information as set out in this Privacy Statement.
If We decide to change the Privacy Statement, you will need to agree to the changes as part of these Terms and Conditions when you next log on to your ZurichPro Account so that you are always aware of the information we collect, how We use it and under what circumstances it is disclosed.
9.7 Data Protection Contact
9.7.1 Any questions about the use of personal information should be made to Our Data Protection Officer, using the contact details below.
ZILLPrivacy@Zurich.com Data Protection Officer, Zurich International Life Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man, IM2 2QZ,
9.7.2 Concerns regarding the processing of personal information or dissatisfaction with Our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner's Office. Their address is:
First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET.
9.8 Secure Sockets Layer (SSL) Protocol
SSL Protocol ensures that data cannot be read by other computers as it travels between your browser and Our server. Digital certificates allow you to verify that your browser is communicating with Our server and not another server posing as Our server.
If you receive SSL certificate warning messages presented by the browsers (e.g. invalid date, entrusted certifying authority, name mismatch, failed to retrieve revocation list and so on), please do not continue with the application and contact firstname.lastname@example.org for further instructions.