Privacy Notice

Zurich International Life Limited Privacy Notice

Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Life Limited (Zurich), as data controller, collects and deals with personal information.

What personal information will we collect?

We will collect and process personal information given to us by phone, e-mail, filling in forms, including on our website, and if a problem is reported through our website. We may also collect information from appointed agents, such as a trustee, broker, intermediary or financial adviser in order to issue an insurance contract and any related services that have been requested. We may collect personal information for verification purposes, from other sources such as credit reference agencies, other insurance companies, claims service providers (including private investigators) and electronic verification service providers. We will also collect information which individuals volunteered to be in the public domain and other industry-wide sources.

For corporate savings plans or group insurance policies we may also collect personal information from: employers or the corporate savings plan holder, or group insurance policy holder (if different to an individual’s employer); their appointed agent such as their broker, intermediary, financial adviser, or plan administrator. This information is required to enable us to set up and administer these contracts and provide insurance services.

The type of personal information we will collect includes: basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment and financial details; and where we receive a request that other individuals be included in the arrangement, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Where required, we may also collect sensitive information such as medical and health details to allow us to underwrite any insurance cover and augment claims information, including details of any incident giving rise to a claim, as well as financial, medical and health information relevant to the claim.

If we are provided with personal information on other individuals in order to provide a quotation and/or contract of insurance and/or provision of related services it is understood that in doing so all necessary permissions and consents have been received, and, where necessary, all affected persons have been informed about the content of our Privacy Notice. 

Zurich protects each individual’s privacy by:

• collecting information fairly and only collecting information that we need to provide insurance services
• explaining why we are collecting personal information and how we will be using it
• using personal information only for our business operations and to comply with the law
• ensuring the personal information we collect and hold is accurate
• holding personal information only for so long as necessary and keeping it secure
• sharing personal information only with companies and organisations that will keep it secure
• not sending personal information abroad without ensuring its security
• ensuring that all individual rights can be exercised under the Data Protection legislation
• ensuring that we comply with the Zurich Data Commitment pledge.

How do we use personal information?

We will collect and use personal information in the following manner (i) where the processing is necessary in connection with providing a quotation and/or contract of insurance and/or provision of related services that have been requested; and (ii) to meet our legal or regulatory obligations.

A non-exhaustive list of examples of our contractual and legal purposes for which we will collect and use personal information are:

• to provide a quotation and/or contract of insurance
• to identify individuals that contact us
• to set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy
• to arrange and maintain business relationships with service providers and representatives
• to administer and renew policies
• to communicate with policyholders or their appointed representatives in respect of insurance services
• to make and receive payments
• to assess, process and settle claims
• for fraud prevention and detection purposes
• to comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act (FATCA)
• to comply with applicable legal and regulatory requirements such as anti-money laundering, financial sanctions, tax or regulatory reporting. This includes complying with requests to provide data including personal information to our regulators, which may be on an adhoc or regular and daily basis, such as with the Central Bank of the United Arab Emirates (“CB UAE”) digital supervisory platform to satisfy the regulatory and supervisory objectives of the CB UAE. Such data sharing could be in respect of individual insurance policies, group insurance policies and corporate savings plans issued by us in the UAE and may include personal information of relevant parties of the above policies and plans (such as policy owners, claimants, lives insured and beneficiaries (and employees of such policy owners, claimants and beneficiaries as the case may be)). This data sharing may include requests for historic as well as current data.
• for individual insurance policies we may use automated decision making processes including profiling in order to provide a quotation for a potential client. This means that personal information, such as age, smoker status and body mass index will be used to evaluate and predict the level of risk associated with providing the policy. Where required, additional health and lifestyle information will also be assessed as part of the process. The outcome of this process may influence whether or not we provide the product, the price of the premium, or the terms upon which we offer the product in the quotation. We may also use the information to provide business intelligence to support the development of new products and improve functionality.

We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our insurance services. Examples of where we do this are:

• to administer our website and for internal operations including trouble shooting, data analysis, testing, research and statistical purposes
• to conduct surveys and obtain feedback on our services.

We will always ensure that we keep the amount of information collected for legitimate interest purposes and the extent of any use to the absolute minimum.

As a data controller we continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.

Who do we share personal information with?

Where necessary, we will share the personal information provided to us for the purposes of providing insurance products and any related services requested with the types of recipients described below:

• Zurich Insurance Group Ltd. or any of its affiliated companies
• involved broker, intermediary or financial adviser
• the employer or the corporate savings plan holder, or group insurance policy holder (if different to the employer) or their appointed agent, such as a Trustee
• reinsurers and auditors
• suppliers that provide relevant services such as policy administration, electronic ID verification and underwriting assessment
• survey and research organisations
• healthcare professionals, social and welfare organisations
• other insurance companies in line with industry regulatory standards.

Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:

• regulatory and legal bodies, including requests made by our regulators for supervisory purposes, where we must share data whether on an adhoc or regular and daily basis to remain compliant to our regulatory obligations
• government or tax authorities
• law enforcement bodies, including investigators.

The personal information provided will only be available to those people with a legitimate need to see it. For example, only those people involved in the management of claims will be able to see the sensitive information gathered and only for that purpose. Written consent will be requested before we share any medical reports or other underwriting evidence with an individual’s employer (for group insurance plans) or any other insurer or insurance intermediary.

How do we transfer personal information to other countries?

Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful. We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of European data protection laws.

Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).

For how long do we keep personal data?

We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. These time periods may also apply to the retaining of your personal information following a court approved Scheme of Transfer (transfer of insurance policies by us to another insurer).

What happens if you fail to provide personal information to us?

If we are not provided with required personal information, we will not be able to provide an insurance contract, policy coverage or assess future claims for the services that have been requested.

What data protection rights do individuals have?

All individuals have the following rights under data protection laws, namely:

• to access their personal data (by way of a subject access request)
• to have personal data rectified if it is inaccurate or incomplete
• in certain circumstances, to have personal data deleted or removed
• in certain circumstances, to restrict the processing of personal data
• a right of data portability, namely to obtain and reuse personal data for related purposes across different services
• to object to the processing of personal data
• not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
• to claim compensation for damages caused by a breach of data protection legislation

if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy, individuals will be asked to provide suitable proof of identification before we can process rights-related requests.

Data Protection Contact

Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below.

ZILLPrivacy@Zurich.com

Data Protection Officer, Zurich International Life Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man, IM2 2QZ.

Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner’s Office. Their address is: First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET.

This Privacy Notice is dated November 2023.

In compliance with the Personal Information Protection Law of the People’s Republic of China, an Addendum to Privacy Notice (Addendum), which supplements and forms part of the Privacy Notice is available here.

The Addendum applies to you if you are located in The People’s Republic of China.