An individual's privacy is important to us
Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Life Limited ("Zurich"), as data controller, collects and deals with personal information.
Using this website
We collect the information you provide to us on this website. This may include your name, address, e-mail address, and other details.
Data Protection Statement
What personal information will we collect?
We will collect and process personal information given to us by phone, e-mail, filling in forms, including on our website, and if a problem is reported through our website. We may also collect information from appointed agents, such as a trustee, broker, intermediary or financial adviser in order to issue an insurance contract and any related services that have been requested. We may collect personal information for verification purposes, from other sources such as credit reference agencies, other insurance companies, claims service providers (including private investigators). We will also collect information which individuals volunteered to be in the public domain and other industry-wide sources.
For corporate savings plans or group insurance policies we may also collect personal information from: employers; or the corporate savings plan holder, or group insurance policy holder (if different to an individual’s employer); their appointed agent such as their broker, intermediary, financial adviser, or plan administrator. This information is required to enable us to set up and administer these contracts and provide insurance services.
The type of personal information we will collect includes; basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment and financial details; and where we receive a request that other individuals be included in the arrangement, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Where required, we may also collect sensitive information such as medical and health details to allow us to underwrite any insurance cover and augment claims information, including details of any incident giving rise to a claim, as well as financial, medical and health information relevant to the claim.
Zurich protects each individual’s privacy by:
- collecting information fairly and only collecting information that we need to provide insurance services
- explaining why we are collecting personal information and how we will be using it
- using personal information only for our business operations and to comply with the law
- ensuring the personal information we collect and hold is accurate
- holding personal information only for so long as necessary and keeping it secure
- sharing personal information only with companies and organisations that will keep it secure
- not sending personal information abroad without ensuring its security
- ensuring that all individual rights can be exercised under the Data Protection legislation
How do we use personal information?
We will collect and use personal information in the following manner (i) where the processing is necessary in connection with providing a quotation and /or contract of insurance and/or provision of related services that have been requested; and (ii) to meet our legal or regulatory obligations.
A non-exhaustive list of examples of our contractual and legal purposes for which we will collect and use personal information are:
- to provide a quotation and/or contract of insurance
- to identify individuals that contact us
- to set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy
- to arrange and maintain business relationships with service providers and representatives.
- to administer and renew policies
- to communicate with policyholders or their appointed in respect of insurance services
- to make and receive payments
- to assess, process and settle claims
- for fraud prevention and detection purposes
- to comply with tax reporting obligations such as Common Reporting Standards (CRS) /Foreign Account Tax Compliance Act (FATCA)
- to comply with regulatory requirements and international/economic or financial sanctions laws
We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our insurance services. Examples of where we do this are:
- to obtain feedback on our services
- to administer our website and for internal operations including trouble shooting, data analysis, testing, research, statistical and survey purposes
We will always ensure that we keep the amount of information collected for legitimate interest purposes and the extent of any use to the absolute minimum.
As a data controller we continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.
Who do we share personal information with?
Where necessary, we will share the personal information provided to us for the purposes of providing insurance products and any related services requested with the types of organisations (“Recipients”) described below:
- Zurich Insurance Group Ltd. or any of its affiliated companies
- involved broker, intermediary or financial adviser
- the employer; or the corporate savings plan holder, or group insurance policy holder (if different to the employer) or their appointed agent, such as a Trustee
- reinsurers, auditors, suppliers and service providers
- survey and research organisations
- healthcare professionals, social and welfare organisations
- other insurance companies in line with industry regulatory standards
Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:
- regulatory and legal bodies
- government or tax authorities
- law enforcement bodies, including investigators
The personal information provided will only be available to those people with a legitimate need to see it. For example, only those people involved in the management of claims will be able to see the sensitive information gathered and only for that purpose. Written consent will be requested before we share any medical reports or other underwriting evidence with an individual’s employer (for group insurance plans) or any other insurer or insurance intermediary.
How do we transfer personal information to other countries?
Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful. We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using 'standard contractual clauses' which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of European data protection laws. Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).
For how long do we keep personal data?
We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business.
What happens if you fail to provide personal information to us?
If we are not provided with required personal information, we will not be able to provide an insurance contract, policy coverage or assess future claims for the services that have been requested.
What data protection rights do individuals have?
All individuals have the following rights under data protection laws, namely:
- to access their personal data (by way of a subject access request)
- to have personal data rectified if it is inaccurate or incomplete
- in certain circumstances, to have personal data deleted or removed
- in certain circumstances, to restrict the processing of personal data
- a right of data portability, namely to obtain and reuse personal data for related purposes across different services
- to object to the processing of personal data
- not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
- to claim compensation for damages caused by a breach of data protection legislation
- if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal)
These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy individuals will be asked to provide suitable proof of identification before we can process rights related requests.
Data Protection Contact
Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below.
Data Protection Officer,
Zurich International Life Limited,
Isle of Man Business Park,
Isle of Man,
Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner's Office. Their address is:
Isle of Man,
This privacy notice is dated 4 October 2019