IM privacy media banner

Zurich International Life Limited Privacy Notice

This Privacy Notice explains how Zurich International Life Limited, as data controller, manages your personal data. It describes what personal data we collect, how we handle it, why we need it and who we share it with.

We are Zurich International Life Limited (referred to as 'Zurich' or 'We'), a company incorporated under the laws of the Isle of Man with registered number 020126C whose registered office is at Zurich House, Isle of Man Business Park, Douglas, Isle of Man IM2 2QZ.

Zurich provides life assurance, investment and protection products and is authorised by the Isle of Man Financial Services Authority. Our website is www.zurichinternational.com

Zurich is a member of the global Zurich Insurance Group (‘Group’) and is ultimately owned by Zurich Insurance Company Ltd, a company incorporated in Switzerland. Their website is www.zurich.com

We operate through branches in multiple jurisdictions, including the UAE, Bahrain and Qatar ('Middle East') and Hong Kong. These branches are subject to local laws and regulations in addition to Isle of Man legislation.

Privacy statements on the regional branch sites should be read together with this Privacy Notice:

In this Privacy Notice, 'personal data' (also known as 'personal information' in some jurisdictions) refers to any information relating to an identifiable individual.

How We Collect Your Data

During the course of our business activities, we will need to collect, store, and process your personal data. This may be collected in a number of ways, including:

  • Directly from you (e.g. application forms, phone calls, emails, websites, online portals, and applications).
  • From third parties (e.g. brokers, joint policyholders, trustees intermediary, financial advisors, employers).
  • From public sources, credit reference agencies, other insurance companies, claim service providers, electronic service providers, or regulatory bodies.

If we are provided with personal data on other individuals in order to provide a quotation and/or contract of insurance and/or provision of related services, please ensure that any relevant individuals are made aware of this Privacy Notice prior to providing their information to us or our obtaining their information from another source. If you provide information on another individual to us, you must first ensure that you have the authority and appropriate legal basis to do so.

Please ensure that any data you give us or ask third parties to provide to us is up to date, accurate, and complete in all respects. Kindly inform us about any changes as soon as reasonably possible.

What Personal Data We Collect

Different types of personal data are required when carrying out our business activities. This includes identity data, contact details, financial information, policy and claims data, and where necessary, special category data such as health information. Further details on the types of data that we collect are listed below:

1. Personal Identification Information

These are data elements that can directly or indirectly identify you such as full name, date of birth, nationality, residential address, contact email address, IP address, contact telephone numbers and tax identification numbers.

2. Special Categories of Information

These are special categories of personal data that require higher protection such as biometric information, genetic information, racial or ethnic information, health information, medical history, and body mass index (BMI).

3. Financial Information

Includes data related to financial accounts and transactions such as credit card number, bank account information, International Bank Account Number (IBAN), transaction history, pension details, payment number, salary, and other income information.

4. Background Information

Lifestyle information, smoker status, family information, screening information – such as applicable sanctions or convictions and whether you are a Politically Exposed Person (PEP).

5. Employment Information

Includes data related to work and professional background such as employment information, education and skills information, background and qualification checks and workplace welfare information.

6. Business Information

Includes identifiers and data related to business operations and third parties such as Zurich business identifiers, interested parties’ information, policy number, claim number, broker information, and financial advisor information.

Lawful Basis

In order to process personal data lawfully, Zurich must ensure that there is a lawful basis for each purpose of processing. The following lawful bases as prescribed in data protection legislation apply to the processing of personal data by Zurich depending on circumstances and context of the processing.

  • Performance of Contract - activities relating to setting up and administration of policies/plans including claims and correspondence.
  • Legal Obligation - to abide by relevant legal obligations.
  • Consent - where you are informed of an activity and your consent is received.
  • Legitimate Interests - for our legitimate interests but only when those interests do not outweigh your rights and freedoms. Examples of the legitimate interests that apply to the processing of your data are as follows:
    • to administer our website and for internal operations including management of IT risk through troubleshooting, data analysis, testing, research and statistical review
    • to improve and develop our business, products and services, e.g. to ensure the accuracy of customer data and to develop our pricing and risk methods and models
    • to help us better understand you, to answer queries and obtain feedback on the service we provide to you including surveys and the use of analytics
    • to prevent, detect and investigate fraud and deal with legal claims and complaints
    • to carry out market research and product development, including surveys, which can include creating customer demographics and/or profiling.
    • to facilitate the purchase, sale, transfer or disposal of any part of our business
  • Public Interests - in limited circumstances processing personal data in the public interest such as processing of special category data for the following:
    • Prevention and detecting unlawful acts.
    • Protecting public against dishonesty.
    • Preventing fraud.
    • Suspicion of terrorist financing or money laundering.
    • Insurance purposes.
    • Third party data processing for group insurance policies and insurance on life of another.

Processing of sensitive ‘Special Category’ data.

Additional safeguards are applied when we collect and use Special Category data. We ensure that there is a valid legal basis for processing this information, which is typically your explicit consent or another condition permitted under data protection legislation.

Purposes of Processing

We collect your personal data, in order to provide you with our products, to market our products, to transact business, to develop or enhance our online service and to recruit staff.

Details on the purposes for processing your data and primary associated lawful bases are listed below:

 Purpose   Legal Basis
Provision of Insurance Services: To provide quotations, underwrite policies, issue contracts of insurance, administer and renew policies, and manage claims. Performance of Contract
Product Suitability: To assess your needs and assess product suitability, if a product is being directly sold to you by a financial advisor employed by or tied to Zurich which is necessary for compliance with our legal obligations. Legal Obligation and Legitimate Interests 
Identity Verification: To verify the identity of policyholders, beneficiaries, claimants, and other relevant parties, including the use of online verification services and biometrics.  Legal Obligation and Performance of Contract
Payments and Financial Transactions: To make and receive payments related to premiums, claims, and other policy-related transactions. Performance of Contract
Fraud Prevention: To prevent, detect, and investigate fraud. Legal Obligation and Legitimate Interests
Risk Management: To perform risk assessments and screening as required by law. Legal Obligation 
Regulatory and Legal Compliance: To comply with applicable laws and regulations, including in relation to Anti-Money Laundering (AML)/Countering the Financing of Terrorism (CFT), financial sanctions, tax reporting obligations [Common Reporting Standard (CRS)/Foreign Account Tax Compliance Act (FATCA)], and regulatory reporting requirements. This includes complying with requests to provide data including personal data to our regulators and tax authorities, which may be on an ad hoc or regular basis. Legal Obligation
Reporting to branch and group regulatory and supervisory authorities as required. In particular, reporting to the Central Bank of the United Arab Emirates (CBUAE), the Central Bank of Bahrain (CBB), and the Qatar Financial Centre Regulatory Authority (QFCRA), including their respective digital supervisory platforms or reporting systems to satisfy applicable regulatory and supervisory objectives. Such data sharing may relate to individual insurance policies, group insurance policies, and corporate savings plans issued by us in these jurisdictions and may include personal data of relevant parties to the above policies and plans (such as policy owners, claimants, lives insured, beneficiaries, and employees of such policy owners, claimants, and beneficiaries, as applicable). This data sharing may include requests for both historic and current data, in compliance with legal and regulatory obligations in each jurisdiction. Performance of Contract 
Special Categories of personal data: Use of health and lifestyle information in order to underwrite the policy, provide quotes and assess claims.  Explicit Consent and Public Interest
Legal Claims and Complaints: To manage and resolve legal claims, disputes, and complaints.  Legal Obligation, Performance of Contract and Legitimate Interests
Business Operations and Improvement: To administer our website, manage IT risk, conduct troubleshooting, data analysis, testing, research, and statistical review, and to ensure the accuracy of customer data and improve and develop our products and services.  Legitimate Interests
Marketing and Customer Insights: To provide marketing information about our products and services (where permitted by law), conduct surveys, obtain feedback, and carry out market research and product development, including creating customer demographics, profiling and analytics.  Consent and Legitimate Interests 
Corporate Transactions: To facilitate the purchase, sale, transfer, or disposal of any part of our business. Legitimate Interest 
Website and Application Analytics: To track visits and monitor patterns of customer traffic for operational and security purposes.  Consent and Legitimate Interests 

Automated Decision Making

For individual insurance policies we may use automated decision-making processes including profiling to provide a quotation for a potential client. This means that personal data, such as age, smoker status and BMI will be used to evaluate and predict the level of risk associated with providing the policy. Where required, additional health and lifestyle information will also be assessed as part of the process. The outcome of this process may influence whether or not we provide the product, the price of the premium, or the terms upon which we offer the product in the quotation. You have the right to ask for a person to review an automated decision.
Please contact us if you wish to exercise this right.

Websites, applications, email, and online portals

When you visit one of our websites, applications, and/or online portals, we may collect information from you such as your email address or IP address. This helps us to track unique visits and monitor patterns of customer website traffic, such as who visits and why they visit. We use cookies and/or pixel tags on some pages of our websites and applications. A cookie is a small text file sent to your computer. A pixel tag is an invisible tag placed on certain pages of our website but not on your computer. Pixel tags usually work together with cookies to assist us to provide you with a more tailored service. This allows us to monitor and improve our email communications and website. Choices over the use of cookies and pixel tags will be provided to you as applicable within the website/application.

Useful information about cookies, including how to remove them, can be found in our Cookies Policy at www.zurichinternational.com/im/legal/cookies

Data Security

We implement technical and organisational measures to protect your data against loss, misuse, or unauthorised access through strict security measures and robust governance.

We limit data access to only authorised employees and trusted third parties who must adhere to Zurich’s Data Protection standards. Comprehensive controls – including encryption, regular audits, and continuous monitoring – are in place to safeguard data against unauthorised access, loss, or misuse. Zurich also requires third parties to maintain equivalent security standards to protect personal data throughout its lifecycle. Our commitment to transparency and accountability underpins all data handling practices.

Further details on how Zurich protects personal data can be found at https://www.zurich.com/sustainability/governance-and-positions/data-privacy-and-protection

Given the global nature of our business, we may transfer personal data to other countries. Where we transfer personal data to countries that are outside of the Isle of Man and/or the European Union (EU) we will ensure that it is protected and that the transfer is lawful. We will do this by ensuring that there is either an adequacy decision relating to the safeguards for personal data from the European Commission, or that the personal data is given adequate safeguards by using ‘standard contractual clauses’ which have been adopted or approved by the Isle of Man and the EU, or other solutions that are in line with the requirements of applicable data protection laws. Equivalent protections are also applied when transferring data outside of our branch locations.

Requests for a copy of the template used for the ‘standard contractual clauses’ can be made by contacting our Data Protection Officer (see ‘Contact Details section below).

We will keep and process your personal data for as long as necessary to meet the purpose it was originally collected for. This includes if you or your appointed financial advisor or intermediary request a quote from us but do not take up the policy.

There are a number of factors influencing how long we will keep this information including:

  • Complying with applicable laws and regulations or with requirements of regulatory authorities or professional bodies.
  • Performing our business processes, associated with the type of product or service you have requested.
  • Whether your information relates to any ongoing, pending, threatened, imminent or likely dispute, litigation, or investigation.
  • To enable us to respond to any questions, complaints, claims, or potential claims.
  • If you or a regulatory authority require us to keep your information for a legitimate purpose.
  • To prevent and detect fraud.
  • Obligations to comply with any court order including a court approved Scheme of Transfer (transfer of insurance policies by us to another insurer).

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.

We are required to collect and process certain personal data such as your contact details, identity information, and, where applicable, health information. This is necessary to provide you with our products and services and to fulfil our legal and regulatory obligations.

If you choose not to provide the required personal or health information, we may be unable to offer you our services.

Where necessary, we may share the personal data provided to us with the types of recipients described below:

  • Zurich Insurance Group or any of its affiliated companies.
  • Insurance partners, employers, brokers, intermediaries, financial advisors, and auditors.
  • Claims handlers and legal representatives.
  • For claimants on Group Insurance policies that include the Critical Care benefit, claims will be processed by Further Underwriting International (FUI). FUI will act as a processor of this information, including personal and health information, and may engage its own sub-processors to assist in the processing of these claims.
  • Regulatory and tax authorities, such as HM Revenue and Customs (HMRC), the Isle of Man Income Tax Division, the Isle of Man Financial Services Authority (FSA), the Central Bank of the United Arab Emirates (CBUAE), the Central Bank of Bahrain (CBB) and the Qatar Financial Centre Regulatory Authority (QFCRA)
  • IT and service providers including services such as policy administration, electronic ID verification and biometric checks, screening, website and application analytics and underwriting assessment.
  • Healthcare professionals, social and welfare organisations.
  • Companies such as other life insurance providers when required for a proposed or actual sale, reorganisation, transfer, financial arrangement, asset disposal, or other transaction related to our business and/or assets held by our business.
  • Law enforcement bodies, including investigators.

You have the following rights under data protection laws, namely:

  • To access your personal data (by way of a subject access request).
  • To have personal data rectified if it is inaccurate or incomplete.
  • In certain circumstances, to have personal data deleted or removed.
  • In certain circumstances, to restrict the processing of personal data.
  • A right of data portability, namely, to obtain and reuse personal data for related purposes across different services.
  • To object to the processing of personal data.
  • Not to be subject to automated decision-making (including profiling), where it produces a legal effect or a similarly significant effect on an individual.
  • If we are processing personal data with consent, consent may be withdrawn at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal).

These rights may be exercised by contacting our Data Protection Officer (see ‘Contact Details section below).

In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Data Protection Officer (DPO) contact details:

Data Protection Officer, Zurich International Life Limited, Zurich House, Isle of Man Business Park, Douglas, Isle of Man, IM2 2QZ.
Email: ZILLPrivacy@zurich.com

The Isle of Man Information Commissioner Office (ICO) contact details:

The ICO can be contacted regarding the processing of personal data or dissatisfaction with our handling of any request in relation to any data protection rights. Escalation can be made directly with the Isle of Man Information Commissioner’s Office.

First Floor, Prospect House, Prospect Hill, Douglas, Isle of Man, IM1 1ET.
Email: ask@inforights.im

This Privacy Notice is dated January 2026.

We may make changes to this Privacy Notice from time to time, for example, as the result of government regulation, new technologies, changes to our business operations, or developments in data protection law or privacy generally. You can request a copy of the most up-to-date Privacy Notice at any time by contacting us using the details above.

We may also supplement this Privacy Notice with other Data Protection & Privacy Notices and Statements where appropriate. If Zurich introduces you to a company outside the group, that company will provide its own privacy notice, explaining how your personal data will be used.

Our websites, applications and online portals may contain links to other sites. We are not responsible for the content or privacy practices of such other sites. Pay attention when you leave our domains and read the privacy notices of any other site that collects personal data. Your data protection and privacy rights under these third-party platforms will be governed by their respective privacy practices.

In compliance with the Personal Information Protection Law of the People’s Republic of China, an Addendum to this Privacy Notice (Addendum), which supplements and forms part of the Privacy Notice is available here.

The Addendum applies to you if you are located in The People’s Republic of China.