Path
legal_2

Privacy Notice

An individual’s privacy is important to us

Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Life Limited (Zurich), as data controller, collects and deals with personal information.

What personal information will we collect?

We will collect and process personal information given to us by phone, e-mail, filling in forms, including on our website, and if a problem is reported through our website. We may also collect information from appointed agents, such as a trustee, broker, intermediary or financial adviser in order to issue an insurance contract and any related services that have been requested. We may collect personal information for verification purposes, from other sources such as credit reference agencies, other insurance companies, claims service providers (including private investigators) and electronic verification service providers. We will also collect information which individuals volunteered to be in the public domain and other industry-wide sources.

For corporate savings plans or group insurance policies we may also collect personal information from: employers or the corporate savings plan holder, or group insurance policy holder (if different to an individual’s employer); their appointed agent such as their broker, intermediary, financial adviser, or plan administrator. This information is required to enable us to set up and administer these contracts and provide insurance services.

The type of personal information we will collect includes: basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment and financial details; and where we receive a request that other individuals be included in the arrangement, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Where required, we may also collect sensitive information such as medical and health details to allow us to underwrite any insurance cover and augment claims information, including details of any incident giving rise to a claim, as well as financial, medical and health information relevant to the claim.

If we are provided with personal information on other individuals in order to provide a quotation and/or contract of insurance and/or provision of related services it is understood that in doing so all necessary permissions and consents have been received, and, where necessary, all affected persons have been informed about the content of our Privacy Notice.

Zurich protects each individual’s privacy by: 

  • collecting information fairly and only collecting information that we need to provide insurance services
  • explaining why we are collecting personal information and how we will be using it
  • using personal information only for our business operations and to comply with the law
  • ensuring the personal information we collect and hold is accurate
  • holding personal information only for so long as necessary and keeping it secure
  • sharing personal information only with companies and organisations that will keep it secure
  • not sending personal information abroad without ensuring its security
  • ensuring that all individual rights can be exercised under the Data Protection legislation
  • ensuring that we comply with the Zurich Data Commitment pledge.

How do we use personal information?

We will collect and use personal information in the following manner (i) where the processing is necessary in connection with providing a quotation and/or contract of insurance and/or provision of related services that have been requested; and (ii) to meet our legal or regulatory obligations.

A non-exhaustive list of examples of our contractual and legal purposes for which we will collect and use personal information are: 

  • to provide a quotation and/or contract of insurance
  • to identify individuals that contact us
  • to set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy
  • to arrange and maintain business relationships with service providers and representatives
  • to administer and renew policies
  • to communicate with policyholders or their appointed representatives in respect of insurance services
  • to make and receive payments
  • to assess, process and settle claims
  • for fraud prevention and detection purposes
  • to comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act (FATCA)
  • to comply with applicable legal and regulatory requirements such as anti-money laundering, financial sanctions, tax or regulatory reporting. This includes complying with requests to provide data including personal information to our regulators, which may be on an adhoc or regular and daily basis, such as with the Central Bank of the United Arab Emirates (“CB UAE”) digital supervisory platform to satisfy the regulatory and supervisory objectives of the CB UAE. Such data sharing could be in respect of individual insurance policies, group insurance policies and corporate savings plans issued by us in the UAE and may include personal information of relevant parties of the above policies and plans (such as policy owners, claimants, lives insured and beneficiaries (and employees of such policy owners, claimants and beneficiaries as the case may be)). This data sharing may include requests for historic as well as current data.
  • for individual insurance policies we may use automated decision making processes including profiling in order to provide a quotation for a potential client. This means that personal information, such as age, smoker status and body mass index will be used to evaluate and predict the level of risk associated with providing the policy. Where required, additional health and lifestyle information will also be assessed as part of the process. The outcome of this process may influence whether or not we provide the product, the price of the premium, or the terms upon which we offer the product in the quotation. We may also use the information to provide business intelligence to support the development of new products and improve functionality.

We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our insurance services. Examples of where we do this are:

  • to administer our website and for internal operations including trouble shooting, data analysis, testing, research and statistical purposes
  • to conduct surveys and obtain feedback on our services.

We will always ensure that we keep the amount of information collected for legitimate interest purposes and the extent of any use to the absolute minimum.

As a data controller we continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.

Who do we share personal information with?

Where necessary, we will share the personal information provided to us for the purposes of providing insurance products and any related services requested with the types of recipients described below:

  • Zurich Insurance Group Ltd. or any of its affiliated companies
  • involved broker, intermediary or financial adviser
  • the employer or the corporate savings plan holder, or group insurance policy holder (if different to the employer) or their appointed agent, such as a Trustee
  • reinsurers and auditors
  • suppliers that provide relevant services such as policy administration, electronic ID verification and underwriting assessment
  • survey and research organisations
  • healthcare professionals, social and welfare organisations
  • other insurance companies in line with industry regulatory standards.

Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:

  • regulatory and legal bodies, including requests made by our regulators for supervisory purposes, where we must share data whether on an adhoc or regular and daily basis to remain compliant to our regulatory obligations
  • government or tax authorities
  • law enforcement bodies, including investigators.

The personal information provided will only be available to those people with a legitimate need to see it. For example, only those people involved in the management of claims will be able to see the sensitive information gathered and only for that purpose. Written consent will be requested before we share any medical reports or other underwriting evidence with an individual’s employer (for group insurance plans) or any other insurer or insurance intermediary.

How do we transfer personal information to other countries?

Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful. We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of European data protection laws.

Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).

For how long do we keep personal data?

We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business.

What happens if you fail to provide personal information to us?

If we are not provided with required personal information, we will not be able to provide an insurance contract, policy coverage or assess future claims for the services that have been requested.

What data protection rights do individuals have?

All individuals have the following rights under data protection laws, namely:

  • to access their personal data (by way of a subject access request)
  • to have personal data rectified if it is inaccurate or incomplete
  • in certain circumstances, to have personal data deleted or removed
  • in certain circumstances, to restrict the processing of personal data
  • a right of data portability, namely to obtain and reuse personal data for related purposes across different services
  • to object to the processing of personal data
  • not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
  • to claim compensation for damages caused by a breach of data protection legislation
  • if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy, individuals will be asked to provide suitable proof of identification before we can process rights-related requests.

Data Protection Contact

Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below.

ZILLPrivacy@Zurich.com

Data Protection Officer, Zurich International Life Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man, IM2 2QZ.

Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner’s Office. Their address is: First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET. 

This Privacy Notice is dated July 2021.

Zurich International Personal Pension Scheme
Data Protection Notice

Everyone has rights with regard to the way in which their personal information is handled. During the course of our business activities, we will collect, store and process personal information. This notice explains how Zurich International Pensions Administration Limited (“Zurich”), as data controller, collects and deals with personal information.

Personal Information we use

We will collect and process personal information given to us by phone, e-mail or filling in forms. We may also collect information from your employer or appointed agents, such as a trustee, broker, intermediary, other pension provider or financial adviser in order to set up and issue a pension product and to provide any related services that have been requested.

The type of personal information we will collect includes: basic personal information (i.e. name, address, email address, telephone number, date and place of birth, gender, marital status, nationality, country of residence, and photographic identification); employment, financial and tax information; and where we are instructed to add beneficiaries to your pension plan, personal information about those individuals. We may also record the content of telephone calls for quality and training purposes. Occasionally, for example for some claims we may ask you to provide your health information.

How do we use personal information?

We use personal information to undertake the activities relating to setting up and administering our pension products and services.

For the majority of our business we will rely on the performance of our contractual arrangements with you as the legal basis for processing.

This includes:

  • processing applications, allocating contributions and processing pension transfers in and out with your other pension providers
  • providing annual benefit statements
  • handling pension benefit payments and tax payments and reporting for these payments.
  • We will also use your personal information as necessary to meet our legal or regulatory obligations. Examples include:
  • for prevention and detection of Financial Crime (e.g. fraud and money laundering)
  • to comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act  FATCA) and relevant HMRC and IOM Income Tax Division requirements
  • to comply with regulatory requirements and international/economic or financial sanctions laws.

We also collect and process information for more general legitimate interests, such as enabling us to continually review and improve our services. Examples of where we do this are:

  • to obtain direct feedback on our services
  • for internal operations including trouble shooting, data analysis, testing, research, statistical and survey purposes.
  • Where we wish to market services or products to you, we will only do so having obtained your explicit consent to do so.

As a data controller we will always ensure that we keep the amount of information collected and the extent of use to an absolute minimum.

We continually assess the personal information we collect and ensure that if we seek to use personal information that is not completely in keeping with the original purpose, prior to using personal information in such a way, we will provide additional information on the proposed use and obtain consent where required.

Who do we share personal information with?

Where necessary, we will share the personal information provided to us for the purposes of providing pension products and any related services requested with the types of organisations (“Recipients”) described below:

  • Zurich Insurance Group Ltd. or any of its affiliated companies
  • involved broker, intermediary or financial adviser
  • your employer
  • your other pension providers for transfers in or out
  • auditors, suppliers and service providers, such as those who will process benefit payments
  • survey and research organisations
  • healthcare professionals, social and welfare organisations.

Or, in order to meet our legal or regulatory requirements, with the types of organisations described below:

  • regulatory and legal bodies
  • government or tax authorities
  • law enforcement bodies, including investigators.

How do we transfer personal information to other countries?

Given the global nature of our business, we may transfer personal information to other countries. Where we transfer personal information to countries that are outside of the Isle of Man and the European Union (EU) we will ensure that it is protected and that the transfer is lawful.

We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal information from the European Commission, or that the personal information is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of data protection laws. Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see details below).

For how long do we keep personal data?

We will retain and process personal information for as long as necessary to meet the purposes for which it was originally collected. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business.

What happens if you fail to provide personal information to us?

If we are not provided with required personal information for the issuance or administration of the pension product, we will not be able to issue or assess future claims for the services that have been requested.

What data protection rights do individuals have?

All individuals have the following rights under data protection laws, namely:

  • to access their personal data (by way of a subject access request)
  • to have personal data rectified if it is inaccurate or incomplete
  • in certain circumstances, to have personal data deleted or removed
  • in certain circumstances, to restrict the processing of personal data
  • a right of data portability, namely to obtain and reuse personal data for related purposes across different services
  • to object to the processing of personal data
  • not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on an individual
  • to claim compensation for damages caused by a breach of data protection legislation
  • if we are processing personal information with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) 

    These rights may be exercised by contacting our Data Protection Officer. In order to protect privacy, individuals may be asked to provide suitable proof of identification before we can process rights related requests.

Data Protection Contact

Any questions about the use of personal information should be made to our Data Protection Officer, using the contact details below. 

ZIPALPrivacy@Zurich.com

Data Protection Officer, Zurich International Pensions Administration Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man IM2 2QZ.

Concerns regarding the processing of personal information or dissatisfaction with our handling of any request in relation to any data protection rights can be escalated by making a complaint to the Information Commissioner’s Office. Their address is: First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET. 

This Privacy Notice is dated July 2019.