Path
legal_2

Privacy Notice

An individual’s privacy is important to us
  • Zurich International Life Limited Privacy Notice​
  • Addendum to Zurich International Life Limited Privacy Notice
  • Zurich International Pensions Administration Limited Data Protection Notice

Zurich International Life Limited Privacy Notice

Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Life Limited (Zurich), as data controller, collects and deals with personal information.

What personal information will we collect?

We will collect and process personal information given to us by phone, e-mail, filling in forms, including on our website, and if a problem is reported through our website. We may also collect information from appointed agents, such as a trustee, broker, intermediary or financial adviser in order to issue an insurance contract and any related services that have been requested. We may collect personal information for verification purposes, from other sources such as credit reference agencies, other insurance companies, claims service providers (including private investigators) and electronic verification service providers. We will also collect information which individuals volunteered to be in the public domain and other industry-wide sources.

For corporate savings plans or group insurance policies we may also collect personal information from: employers or the corporate savings plan holder, or group insurance policy holder (if different to an individual’s employer); their appointed agent such as their broker, intermediary, financial adviser, or plan administrator. This information is required to enable us to set up and administer these contracts and provide insurance services.

The type of personal information we will collect includes: basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment and financial details; and where we receive a request that other individuals be included in the arrangement, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Where required, we may also collect sensitive information such as medical and health details to allow us to underwrite any insurance cover and augment claims information, including details of any incident giving rise to a claim, as well as financial, medical and health information relevant to the claim.

If we are provided with personal information on other individuals in order to provide a quotation and/or contract of insurance and/or provision of related services it is understood that in doing so all necessary permissions and consents have been received, and, where necessary, all affected persons have been informed about the content of our Privacy Notice. 

Zurich protects each individual’s privacy by:

  • collecting information fairly and only collecting information that we need to provide insurance services
  • explaining why we are collecting personal information and how we will be using it
  • using personal information only for our business operations and to comply with the law
  • ensuring the personal information we collect and hold is accurate
  • holding personal information only for so long as necessary and keeping it secure
  • sharing personal information only with companies and organisations that will keep it secure
  • not sending personal information abroad without ensuring its security
  • ensuring that all individual rights can be exercised under the Data Protection legislation
  • ensuring that we comply with the Zurich Data Commitment pledge.

How do we use personal information?

We will collect and use personal information in the following manner (i) where the processing is necessary in connection with providing a quotation and/or contract of insurance and/or provision of related services that have been requested; and (ii) to meet our legal or regulatory obligations.

A non-exhaustive list of examples of our contractual and legal purposes for which we will collect and use personal information are:

  • to provide a quotation and/or contract of insurance
  • to identify individuals that contact us
  • to set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy
  • to arrange and maintain business relationships with service providers and representatives
  • to administer and renew policies
  • to communicate with policyholders or their appointed representatives in respect of insurance services
  • to make and receive payments
  • to assess, process and settle claims
  • for fraud prevention and detection purposes
  • to comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act (FATCA)
  • to comply with applicable legal and regulatory requirements such as anti-money laundering, financial sanctions, tax or regulatory reporting. This includes complying with requests to provide data including personal information to our regulators, which may be on an adhoc or regular and daily basis, such as with the Central Bank of the United Arab Emirates (“CB UAE”) digital supervisory platform to satisfy the regulatory and supervisory objectives of the CB UAE. Such data sharing could be in respect of individual insurance policies, group insurance policies and corporate savings plans issued by us in the UAE and may include personal information of relevant parties of the above policies and plans (such as policy owners, claimants, lives insured and beneficiaries (and employees of such policy owners, claimants and beneficiaries as the case may be)). This data sharing may include requests for historic as well as current data.
  • for individual insurance policies we may use automated decision making processes including profiling in order to provide a quotation for a potential client. This means that personal information, such as age, smoker status and body mass index will be used to evaluate and predict the level of risk associated with providing the policy. Where required, additional health and lifestyle information will also be assessed as part of the process. The outcome of this process may influence whether or not we provide the product, the price of the premium, or the terms upon which we offer the product in the quotation. We may also use the information to provide business intelligence to support the development of new products and improve functionality.

We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our insurance services. Examples of where we do this are:

  • to administer our website and for internal operations including trouble shooting, data analysis, testing, research and statistical purposes
  • to conduct surveys and obtain feedback on our services.

We will always ensure that we keep the amount of information collected for legitimate interest purposes and the extent of any use to the absolute minimum.

As a data controller we continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.

Who do we share personal information with?

Where necessary, we will share the personal information provided to us for the purposes of providing insurance products and any related services requested with the types of recipients described below:

  • Zurich Insurance Group Ltd. or any of its affiliated companies
  • involved broker, intermediary or financial adviser
  • the employer or the corporate savings plan holder, or group insurance policy holder (if different to the employer) or their appointed agent, such as a Trustee
  • reinsurers and auditors
  • suppliers that provide relevant services such as policy administration, electronic ID verification and underwriting assessment
  • survey and research organisations
  • healthcare professionals, social and welfare organisations
  • other insurance companies in line with industry regulatory standards.

Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:

  • regulatory and legal bodies, including requests made by our regulators for supervisory purposes, where we must share data whether on an adhoc or regular and daily basis to remain compliant to our regulatory obligations
  • government or tax authorities
  • law enforcement bodies, including investigators.

The personal information provided will only be available to those people with a legitimate need to see it. For example, only those people involved in the management of claims will be able to see the sensitive information gathered and only for that purpose. Written consent will be requested before we share any medical reports or other underwriting evidence with an individual’s employer (for group insurance plans) or any other insurer or insurance intermediary.

How do we transfer personal information to other countries?

Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful. We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of European data protection laws.

Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).

For how long do we keep personal data?

We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. These time periods may also apply to the retaining of your personal information following a court approved Scheme of Transfer (transfer of insurance policies by us to another insurer).

What happens if you fail to provide personal information to us?

If we are not provided with required personal information, we will not be able to provide an insurance contract, policy coverage or assess future claims for the services that have been requested.

What data protection rights do individuals have?

All individuals have the following rights under data protection laws, namely:

  • to access their personal data (by way of a subject access request)
  • to have personal data rectified if it is inaccurate or incomplete
  • in certain circumstances, to have personal data deleted or removed
  • in certain circumstances, to restrict the processing of personal data
  • a right of data portability, namely to obtain and reuse personal data for related purposes across different services
  • to object to the processing of personal data
  • not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
  • to claim compensation for damages caused by a breach of data protection legislation

if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy, individuals will be asked to provide suitable proof of identification before we can process rights-related requests.

Data Protection Contact

Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below.

ZILLPrivacy@Zurich.com

Data Protection Officer, Zurich International Life Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man, IM2 2QZ.

Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner’s Office. Their address is: First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET.

This Privacy Notice is dated November 2023.

In compliance with the Personal Information Protection Law of the People’s Republic of China, an Addendum to Privacy Notice (Addendum), which supplements and forms part of the Privacy Notice is available here.

The Addendum applies to you if you are located in The People’s Republic of China.

Addendum to Privacy Notice (Addendum)

This Addendum applies to you if you are located in The People’s Republic of China (PRC). These terms are set out in addition to and form part of the Privacy Notice for Zurich International Life Limited (the Company, herein also referred to as we, us or our). If there is any conflict or inconsistency between the terms of this Addendum and any terms set forth in the Company’s Privacy Notice, the terms of this Addendum shall prevail.

The Company is the “personal information processor” of your personal information, and you may contact us via ZILLPrivacy@Zurich.com. In accordance with the Personal Information Protection Law of the PRC (PIPL), we will only process your personal information with your consent, unless the processing is:

  1. necessary for the conclusion or performance of a contract to which you are a contracting party; or
  2. necessary for fulfilling statutory responsibilities or obligations; or
  3. necessary for responding to public health emergencies; or
  4. necessary for protecting an individual’s life, health, and property safety in an emergency; or
  5. reasonable to carry out news reporting, media supervision and other activities conducted in the public interest; or
  6. in relation to personal information publicly disclosed by you or otherwise legally disclosed and processed within a reasonable scope.

Your personal information is collected, stored, and processed for purposes as set out in the Company’s Privacy Notice. We will only retain your information for the period as we require to fulfil the purposes stated in the Company’s Privacy Notice and this Addendum, or for the period as we are required under applicable laws and regulations, whichever is longer. The categories of personal information processed by the Company are also set out in the Company’s Privacy Notice.

Sensitive personal information

Certain personal data that we collect and process may include sensitive personal information, which is personal information that, if leaked or used illegally, may easily cause harm to the dignity of natural persons, or the safety of individuals and properties. Sensitive personal information includes information relating to biometric identification, religious belief, specific identity, medical and health, financial accounts, and individual location tracking, as well as personal information of minors under the age of 14.

We will collect and process your sensitive personal information with your consent when necessary to provide you with insurance services or to fulfil the purposes as set out in the Company’s Privacy Notice; for instance, to process, investigate, and determine insurance applications, insurance claims and provide ongoing services. We will not be able to provide you with the relevant product(s) and/or service(s) if you do not provide the Company with your consent to process your sensitive personal information. We adopt and implement strict security policies to protect the confidentiality and privacy of your sensitive personal information.

Data transfer

With your consent, we may provide your personal information to other personal information processors, as stated in the Privacy Notice including but not limited to companies within the Zurich Insurance Group, for the purposes stated in the Company’s Privacy Notice and this Addendum. You may find a list of recipients below:

Zurich Insurance Group Recipients Categories of personal information Purpose and method Contact details
Zurich International Life Limited

Zurich Insurance Company Ltd 		All personal information specified in the Company’s Privacy Policy Purpose and method specified in the Company’s Privacy Policy ZILLPrivacy@Zurich.com

Your rights

Under the PIPL, you are entitled to the following rights:

  1. Right to access and obtain a copy of your personal information;
  2. Right to request a transfer of your personal information to your designated information processors who meet the conditions prescribed by law and regulation to which we are subject to;
  3. Right to correct and supplement your personal information if you discover that it is inaccurate or incomplete;
  4. Right to require an explanation of our rules for the processing of personal information;
  5. Right to withdraw consent;
  6. Right to restrict or deny processing of your personal information by others;
  7. Right to request us to delete your personal information under one of the following situations:
    • the purpose of processing has been fulfilled, cannot be fulfilled or the personal information is no longer necessary for fulfilling the purpose of processing;
    • we have ceased to provide products or services;
    • the retention period has come to an end;
    • you have withdrawn your consent;
    • we have violated the laws, regulations or agreements which we are subject to when processing personal information.

You may exercise the above rights by making a request in writing to the Company’s Data Protection Officer at the address below:

Data Protection Officer 
Zurich House 
Isle of Man Business Park 
Douglas Isle of Man 
IM2 2QZ

Email: ZILLprivacy@zurich.com

Your consent

In circumstances where you have not signed the Personal Information Protection Law Consent Form, or if one of the Legal Basis does not apply to the processing, by purchasing, renewing or continuing your corporate or retail policy (as applicable) with the Company or continuation of your membership of a corporate policy issued by the Company to a corporate customer which is your employer with the Company, you confirm that you have read and understood this Addendum and consent to the Company’s use and transfer of your personal data and sensitive personal data as set out in this Addendum.

We may not be able to provide you with the relevant product(s) and/or service(s) if you do not consent to this Addendum or if you subsequently withdraw your consent. This would also include our inability to provide the relevant products and/or services to a corporate customer which is your employer if you (as an employee and member of a corporate policy) do not consent to this Addendum or if you later withdraw your consent.

We reserve the right to change or update this Addendum at any time without prior notice. We will notify you of the changes or updates by posting it on our website or in writing (which may include electronic format) and any such change or update will be effective immediately upon posting.

This addendum’s effective date is May 2023

Zurich International Personal Pension Scheme

Data Protection Notice

Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Pensions Administration Limited (“Zurich”), as data controller, collects and deals with personal information.

Personal Information we use

We will collect and process personal information given to us by phone, e-mail or filling in forms. We may also collect information from your employer or appointed agents, such as a trustee, broker, intermediary, other pension provider or financial adviser in order to set up and issue a pension product and to provide any related services that have been requested.

The type of personal information we will collect includes: basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment, financial and tax information; and where we are instructed to add beneficiaries to your pension plan, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Occasionally, for example for some claims we may ask you to provide your health information.

How do we use personal information?

We use personal information to undertake the activities relating to setting up and administering our pension products and services.

For the majority of our business we will rely on the performance of our contractual arrangements with you as the legal basis for processing.

This includes:

  • processing applications, allocating contributions and processing pension transfers in and out with your other pension providers
  • providing annual benefit statements
  • handling pension benefit payments and tax payments and reporting for these payments.
  • We will also use your personal information as necessary to meet our legal or regulatory obligations. Examples include:
  • for prevention and detection of Financial Crime (e.g. fraud and money laundering)
  • to comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act  FATCA) and relevant HMRC and IOM Income Tax Division requirements
  • to comply with regulatory requirements and international/economic or financial sanctions laws.

We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our services. Examples of where we do this are:

  • to obtain direct feedback on our services
  • for internal operations including trouble shooting, data analysis, testing, research, statistical and survey purposes.
  • Where we wish to market services or products to you, we will only do so having obtained your explicit consent to do so. 

As a data controller we will always ensure that we keep the amount of information collected and the extent of use to an absolute minimum.

We continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.

Who do we share personal information with?

Where necessary, we will share the personal information provided to us for the purposes of providing pension products and any related services requested with the types of organisations (“Recipients”) described below:

  • Zurich Insurance Group Ltd. or any of its affiliated companies
  • involved broker, intermediary or financial adviser
  • your employer
  • your other pension providers for transfers in or out
  • auditors, suppliers and service providers, such as those who will process benefit payments
  • survey and research organisations
  • healthcare professionals, social and welfare organisations.

Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:

  • regulatory and legal bodies
  • government or tax authorities
  • law enforcement bodies, including investigators.

How do we transfer personal information to other countries?

Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful.

We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of data protection laws. Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).

For how long do we keep personal data?

We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business.

What happens if you fail to provide personal information to us?

If we are not provided with required personal information for the issuance or administration of the pension product, we will not be able to issue or assess future claims for the services that have been requested.

What data protection rights do individuals have?

All individuals have the following rights under data protection laws, namely:

  • to access their personal data (by way of a subject access request)
  • to have personal data rectified if it is inaccurate or incomplete
  • in certain circumstances, to have personal data deleted or removed
  • in certain circumstances, to restrict the processing of personal data
  • a right of data portability, namely to obtain and reuse personal data for related purposes across different services
  • to object to the processing of personal data
  • not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
  • to claim compensation for damages caused by a breach of data protection legislation
  • if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal)

These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy, individuals may be asked to provide suitable proof of identification before we can process rights related requests.

Data Protection Contact

Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below.

ZIPALPrivacy@Zurich.com

Data Protection Officer, Zurich International Pensions Administration Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man IM2 2QZ.

Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner’s Office. Their address is: First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET.

This Privacy Notice is dated July 2019.