Zurich.com privacy policy
Last modified 18 August 2023
1. General
This privacy notice informs you how Zurich Insurance Company Ltd (“we”, “our”, or “us”) collect, use, share, retain and dispose personal data received through the zurich.com family of websites (“website”) and our branded social media pages (such as our LinkedIn, Facebook, Instagram and Twitter pages) (“social media”). Our website and social media are hereinafter jointly referred to as “online platform”.
We operate our website on behalf of the listed top holding company Zurich Insurance Group Ltd (“Group”). Accordingly, our website is primarily designed for investors and other persons (e.g., journalists) that are interested in our Group.
We may occasionally update this privacy notice. We encourage you to periodically review this privacy notice to be informed of how we process your information.
2. Data controller and contact details
Zurich Insurance Company Ltd, with its registered office at Mythenquai 2, 8002 Zurich, Switzerland, is the data controller of our online platform and responsible for its operation.
For any data protection related comment or question you may have in connection with our online platform you can reach us by email at privacy@zurich.com.
3. Details of processing
You can use our online platform without disclosing any personal data to us. Personal data means any information relating to an identified or identifiable natural person.
If you nevertheless voluntarily provide us with e.g., your name, e-mail address, country of residence or other personal data, we will process this personal data.
4. The types of personal data we may obtain
We may collect and receive the following personal data from you:
- Name and contact details (such as name, address, email, country of residence and phone numbers),
- Your image, audio and likeness (such as photographs and video recordings), and
- Personal data included in your traffic data (such as your browser, the IP address of your computer or device, your internet service provider, the site from which you navigated to our online platform, the duration of your visit to our online platform and what type of device you are using (e.g. a computer, smart phone or tablet and the respective operating system)).
We may collect other types of personal data if required under applicable law or if necessary, for the purposes listed below.
5. Purposes and legal bases for processing
We may collect and process your personal data for the purposes and on the legal bases identified in the following:
Providing our online platform and delivering the services you have requested:
We may process your personal data to perform our contract with you for the use of our online platform and to fulfil our obligations under the applicable Terms of Use; if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and administer our online platform and to provide you with content you access and request.
Handling contact and user support requests:
If you fill out a “contact-us” form or request user support, or if you contact us by other means including via a phone call, we may process your personal data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.
Sharing photographs and/or audio-visual footage taken and/or live streamed during our event:
We may process your image, audio and likeness taken and/or live-streamed during our event. These recordings can be published on our online platform as well as on the co-organizer’s online platforms. Your image, audio and likeness may also be reproduced in various media including our publications, online platform and press to the extent it is necessary for our legitimate interest in connection with in a specific event as well as for our promotional activities.
Developing and improving our online platform:
We may process your personal data to analyze trends and to track your usage of and interactions with our online platform to the extent it is necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your consent.
Managing our relationship with you:
We may process your personal data to send you marketing information, product recommendations and other non-transactional communications about us and our partners, including information about our products, promotions, or events to the extent you have provided your prior consent.
Reviewing compliance with the applicable Terms of Use; ensuring the security of our business, preventing or detecting fraud or abuses of our online platform:
We may process your personal data by tracking the use of our online platform, verifying accounts and activity, investigating suspicious activity, and enforcing our Terms of Use to the extent it is necessary for our legitimate interest in promoting the safety and security of the online platform and in protecting our rights and the rights of others.
Defense and enforcement of claims:
We may use online data for civil and criminal legal action or defense in such proceedings. Within the scope of such procedures, your IP address may also be used for identification by the competent authorities, even if this initially has no personal reference for us.
Complying with legal obligations:
We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our online platform, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
6. Data sharing
We may share personal data we collect and receive on a need-to-know basis with the following parties:
- Other affiliates of our Group or its agents,
- Third-party providers that perform services for us (we work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us within their own sphere of responsibility. For example, we procure IT services such as hosting, support and maintenance, and testing from service providers. Our service providers are each subject to contractual and/or statutory confidentiality and data protection obligations),
- Competent public authorities or other third parties (if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others).
We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.
7. Cross border transfers
We may transfer personal data we collected to third parties in countries outside of Switzerland and the European Economic Area (EEA). For example, your data may be processed worldwide if personal data is transmitted to other companies within our Group or to our service providers.
Many third countries may not offer an adequate level of data protection. When we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as by entering into Standard Contractual Clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC).
The contractual provisions mentioned above can partially compensate for this weaker or missing legal protection, but they cannot eliminate all risks (namely of state access abroad). You should be aware of these residual risks, even though the risk may be low in individual cases and we have taken measures to minimize it.
8. Links
Our online platform may contain links to other sites. We are not responsible for the content or privacy practices of such other sites. Pay attention when you leave our online platform and read the privacy notices of any other site that collects personal data. Your data protection and privacy rights under these third-party platforms will be governed by their respective privacy practices.
9. Use of cookies and similar technologies
We collect certain personal data by using cookies and similar technologies when you visit our online platform. The use of cookies is governed by a separate cookie policy.
10. Security of processing
We handle our online platform data securely and take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental alteration, unauthorized disclosure or access. We utilize recognized security standards such as ISO 27001. However, security risks cannot generally be ruled out completely; certain residual risks are unavoidable.
When your data is transmitted via our online platform, we protect it during transmission using suitable encryption mechanisms. However, we can only secure areas that are under our control. If you contact us by e-mail, you do so at your own risk and agree that we may respond to you at the sender's address via the same channel. If you send us e-mails via the Internet in unencrypted form, third parties may be able to access, view and manipulate them, and data can be lost or intercepted and/or manipulated by third parties. What's more, we take appropriate technical and organizational security measures to reduce the risk on our online platform. However, your end device is outside the security area that lies within our control. You are therefore required to learn about the necessary safety precautions and to take appropriate measures in this regard.
11. Data retention
We retain your personal data for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
In connection with newsletter or similar subscription services you have signed up to this for example generally means that we keep your data up and until you notify us that you no longer want to obtain the respective newsletter.
After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
12. Job seekers
You will be automatically navigated to an independent IT-infrastructure if you apply for a job vacancy over our website. The job application process is subject to separate privacy notices than those of our website. They are automatically displayed when you apply for a job online.
13. Your rights
You have various rights in connection with our data processing subject to applicable law:
- the right to request information from us as to whether we are processing your data, and which data we are processing,
- the right of data rectification (if your data is inaccurate),
- the right of erasure (if the retention of your data is no longer necessary in relation to the envisaged purpose of the processing),
- the right to object to our processing for specific purposes and to request the restriction or deletion of data unless we are obliged or entitled to continue processing it,
- the right to revoke consent, provided our processing is based on your consent (the right to withdraw your consent is not retroactive. Any processing operations which took place before you revoked your consent will not become illegal on withdrawal.),
- the right to data portability, and
- the right to lodge a complaint with the competent supervisory authority.
To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard sensitive interests, we may also reject your request in whole or in part (for example, by blacking out certain content relating to third parties or our trade secrets).
We will respond to your request within the applicable statutory term.
14. Contact details
If you have any comments or inquiries about the information in this privacy notice, or if you want to exercise your rights, please contact us by email at privacy@zurich.com.