Privacy Policy
Zurich Life Assurance plc - Privacy Policy
Last updated: June 2020
- Who are we?
- What personal data do we collect from you?
- What personal data do we collect about you, from third parties?
- What personal data do we collect from you, about other people?
- Why do we collect this personal data?
- Who might we share your personal data with?
- How long do we keep hold of your personal data and special categories of personal data?
- Do we transfer your information outside the European Union or European Economic Area?
- What are your rights with respect to your personal data and special categories of personal data?
- Automated decision making and profiling
- Data security
- What will happen if we change our privacy policy?
- How can you contact us about data protection?
This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate.
We have separate Privacy Policies for the different countries in which we sell business. If you wish to see a Privacy Policy in your own language, you can contact us at the following email addresses:
Italy: privacy@it.zurich.com
Germany: datenschutz@zurich.com
UK: GBZ.General.Data.Protection@uk.zurich.com
Spain:dataprotectionofficer@zurich.ie
Sweden:dataprotectionofficer@zurich.ie
Zurich Life Assurance plc (‘Zurich Life’) processes Personal Data and Special Categories of Personal Data to provide and administer its life insurance and pension products and to provide related services. Depending on your relationship with us (e.g. as a policyholder, a claimant, a candidate for a role with Zurich Life, etc.), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.
Who are we?
We are Zurich Life Assurance plc (referred to as ‘Zurich Life’), a public limited company incorporated in Ireland and registered under company number 58098. Our registered office is at Zurich House, Frascati Road, Blackrock, Co. Dublin. Zurich Life is a member of the global Zurich Insurance Group (‘Group’). Zurich Life is ultimately owned by Zurich Insurance Company Ltd. a company incorporated in Switzerland. Zurich Life is regulated by the Central Bank of Ireland.
Zurich Life sells life (protection and investment) and pension products (together, Products) to its customers in the Republic of Ireland. Zurich Life also sells life (investment) products to its customers in Italy through its Italian branch on a Freedom of Establishment basis. Zurich Life also sells life (protection) products to its customers in Germany, on a Freedom of Services (‘FOS’) basis. Zurich Life also administers closed books of business with respect to life (investment) products in the UK, Spain, Sweden and Italy, on a FOS basis.
Data Protection Definitions
We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data. Zurich Life is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.
This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.
When you become our customer, the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our products (e.g. contact information). In those circumstances, if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.
If you have any queries on data protection, our Data Protection Officer may be contacted at: dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 01 799 2711.
What personal data do we collect from you?
You may give us Personal Data and Special Categories of Personal Data:
- By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
- By applying for, or purchasing, one or more of our Products, either directly from us or via an authorised intermediary, advisor or another third party (e.g. your employer if you are a member of a group scheme);
- By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
- By corresponding with us if you are a third party claimant or beneficiary/claimant under a policy;
- By setting up profiles or logging onto your profile on www.zurich.ie (our “website”);
- By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
- When you supply us with goods or services;
- By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
- By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.
For all our Products we collect the following classes of Personal Data:
- Contact details (including name, address, email address and telephone number);
- Identification details (including gender, marital status, date of birth);
- Occupation details;
- PPS number;
- Nationality and country of residence;
- Photographic identification (necessary for performance of anti-money laundering checks);
- Bank details, debit/credit card details (where needed);
- Income details (where needed);
- Information relating to criminal convictions or civil litigation history, where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with this Privacy Policy. Less commonly, we may use information relating to criminal convictions or civil litigation history where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public;
- PEP (politically exposed person) status (for compliance with anti-money laundering legislation);
- In certain cases, we may receive sensitive information from which it is possible to infer your trade union membership, religious or political beliefs (e.g. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
If you have a Pension Product, we also collect the following classes of Personal Data:
- Income details;
- Employer name and address (executive and group schemes only).
If you have a Pension Product, we will also collect the following Special Category of Personal Data:
- Disability information (if you apply for early retirement on the grounds of ill health)
If you have an Investment Product, we also collect the following classes of Personal Data (necessary for compliance with Revenue laws):
- US citizen status;
- Tax Identification Numbers from other countries (if applicable).
If you have a Protection Product, we also collect the following class of Personal Data:
- Income details (group schemes only).
If you have a Product that includes a form of insurance e.g. Protection and some Pension and Investment Products, which also offer life and serious illness benefits, we also collect the following Special Categories of Personal Data:
- Medical history (personal and relevant family members), personal habits (e.g. smoking and alcohol consumption), prescription information.
Your duty to inform us of changes:
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from third parties?
We may obtain Personal Data and/or Special Categories of Personal Data about you from the following third parties:
- Medical professionals (including doctors, nurses and dentists) where medical information is necessary in order to underwrite or administer a policy, including the processing of a claim;
- Private investigators appointed by us in connection with the investigation of a claim;
- Your financial broker, advisor or investment manager;
- Your legal or tax advisor;
- Your employer and/or scheme Trustee and/or Registered Administrator (for group schemes).
What personal data do we collect from you, about other people?
We may collect Personal Data and/or Special Categories of Personal Data from you that relates to people other than the policyholder, life insured or group scheme member:
- We may collect Personal Data from you relating to trustees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor, tax advisor, or a referee (in the event of a job application). The Personal Data collected by us with respect to such people is limited to name, address and, where relevant, identifier number, and is used only for identification purposes.
- When we receive documentary evidence from you (e.g. for the purpose of conducting anti-money laundering checks), the documentation may contain Personal Data belonging to other people, not related to your Product (e.g. a co-addressee on a bill or a partner’s name on a Marriage Certificate). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your policy records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
- For Protection Products, we collect information relating to relevant family medical history. However, we do not collect, nor do we expect to receive, family members’ names and do not consider the information received as being sufficient to identify those family members. Therefore, it is not considered to be Personal Data or Special Categories of Personal Data.
If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our Products, to market our Products, to transact business, to develop or enhance our online service and to recruit staff.
We will use this information:
- To assess your needs and assess Product suitability (if a Product is being directly sold to you by a financial advisor employed by or tied to Zurich Life) which is necessary for compliance with our legal obligations;
- To set you up as a policyholder, life insured or member of a group scheme (or a third party where the Personal Data relates to a trustee, beneficiary, assignee, person exercising a power of attorney, named medical professional, financial broker or advisor, investment manager, legal advisor or tax advisor) so that we can fulfil our contract with you;
- To communicate with you as part of our business relationship with you so that we can fulfil our contract with you;
- To administer and renew your policies so that we can fulfil our contract with you;
- To communicate with your financial broker, advisor or investment manager as part of our business relationship with you and in order to help us fulfil our contract with you;
- To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
- As part of our efforts to keep our Websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;
- To administer and improve our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interest. For further information please see our Cookie Policy;
- For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
- To assess whether to provide insurance and the level of premium to be paid which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
- To process your premium and other payments;
- For claims management including investigating, processing, undertaking dispute resolution and settling claims which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
- To make suggestions and recommendations to you and other users of our Website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
- To deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
- To prevent, detect and investigate crimes, including fraud and money laundering;
- To carry out research and analysis including analysis of our policyholders and others whose Personal Data we collect as set out in this Privacy Policy;
- To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
- To comply with regulatory requirements.
- The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
- Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (e.g. in providing you with quotes and proposals about our services) and post contract (for further details, see the section entitled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
- Processing based on your consent which we obtained from you when you purchased your product, for example, if necessary in order to process a Special Category of Personal Data;
- Processing data concerning health where necessary and proportionate for the provision of insurance or pension policies;
- Processing necessary for compliance with a legal obligation to which we are subject; and
- Processing that you have provided consent for with respect to processing for one or more specific purposes (e.g. subscribing to a mailing list, entering a competition, submitting a request for information or communication).
Who might we share your personal data with?
We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group such as branches, subsidiaries, affiliates within the Group, partners of the Group, coinsurance and reinsurance companies located in Ireland and abroad, including outside the European Economic Area (’EEA’).
If you apply for or purchase one of our Products through a financial broker, advisor, or other third party (e.g. your employer if you are a member of a group scheme), we will, as appropriate, correspond with that financial broker, advisor, or other third party relating to your Products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that financial broker, advisor, or other third party.
We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, suppliers and sub-contractors, for example, to provide you with our Products and for the performance of any contract we enter into with them or you. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.
In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets at an appropriate time;
- If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
- If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.
How long do we keep hold of your personal data and special categories of personal data?
The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.
In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.
Do we transfer your information outside the European Union or European Economic Area?
Yes. Given the global nature of our business, our data is transferred to other countries.
The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored, outside the European Union or European Economic Area (‘EEA’) and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Examples of such transfers include India, Philippines, Brazil, Mexico, USA, Australia, Israel, Canada, Argentina (and shall also include the UK from the point at which it ceases to be a member of the European Union). In such instances, appropriate safeguards are put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ieor you can contact our Customer Services team on 01 799 2711.
What are your rights with respect to your personal data and special categories of personal data?
You have the following rights:
- To access the Personal Data and Special Categories of Personal Data we hold about you.
- To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
- To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
- To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for profiling or direct marketing.
- To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by writing to us at our registered office at: Data Protection Officer, Zurich House, Frascati Road, Blackrock, Co. Dublin or by emailing us at dataprotectionofficer@zurich.ie
In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.
You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.
Automated decision making and profiling
Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention. We are allowed to use automated decision making in the following circumstances:
1. Where we have notified you of the decision and given you 21 days to request a re-consideration.
2. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
3. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision on the basis of any Special Categories of Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Data security
We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What will happen if we change our privacy policy?
This Privacy Policy may change from time to time, and any changes will be posted on our Website and will be effective when posted. Please review this Privacy Policy each time you use our Website or our services. The date this Privacy Policy was last updated is shown next to the opening title.
How can you contact us about data protection?
You can contact us:
By phone: Zurich Life Customer Services team on 01 799 2711
By post addressed to: Data Protection Officer, Zurich Life Assurance plc, Zurich House, Frascati Road, Blackrock, Co. Dublin.
By email:dataprotectionofficer@zurich.ie
Zurich Life Assurance plc - Data Retention Policy
Last updated: August 2021
- The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
- The type of product that we have provided to you.
- The type of data that we hold about you.
- If your data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
- If you or a regulatory authority require us to keep your data for a legitimate purpose.
- If we use your data for long-term statistical modelling, provided that such modelling does not impact decisions that we may make about you.
Category | Retention |
---|---|
Quotation information | 12 months |
Applications Withdrawn or Declined | 2 years from when the application is withdrawn or declined |
Policy Information | 7 years from when a contract has ceased |
Claims information | 7 years from when a claim has been settled |
Group Pension Policies | 7 years after a group scheme has wound up |
Employment Applications | 2 years |
Following the expiration of the retention periods outlined above, we will ensure that your data is securely deleted, anonymised or put beyond use in a separate secure archive system with highly restricted access.
Zurich Ireland Master Trust DAC - Data Retention Policy
Last updated: January 2023
- The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
- The type of pension scheme benefits that are provided to you
- The type of data that we hold about you.
- If your data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
- If you or a regulatory authority require us to keep your data for a legitimate purpose.
- If we use your data for long-term statistical modelling, provided that such modelling does not impact decisions that we may make about you.
Category | Retention |
---|---|
Quotation information: | 12 months |
Information relating to membership of a pension scheme | 7 years after the scheme has wound up |
Following the expiration of the retention periods outlined above, we will ensure that your data is securely deleted, anonymised or put beyond use in a separate secure archive system with highly restricted access.
Zurich Ireland Master Trust DAC - Privacy Policy
Last updated: January 2023
Who are we?
We are Zurich Ireland Master Trustee DAC (referred to as ‘ZIMT’), a wholly owned subsidiary of Zurich Life, incorporated in Ireland and registered under company number 724488. Our registered office is at Zurich House, Frascati Road, Blackrock, Co. Dublin. ZIMT is a member of the global Zurich Insurance Group (‘Group’). ZIMT is ultimately owned by Zurich Insurance Company Ltd, a company incorporated in Switzerland.
Data Protection Definitions
We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data. ZIMT is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.
This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.
We require certain information in order to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee (e.g. contact information). Therefore, when you become a member of a pension scheme, or a claimant or beneficiary of benefits under a pension scheme , the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of your membership of the scheme. Accordingly , if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.
If you have any queries on data protection, our Data Protection Officer may be contacted at: dataprotectionofficer@zurich.ie or you can contact the Zurich Life Customer Services team on 01 799 2711.
What personal data do we collect from you?
You may give us Personal Data and Special Categories of Personal Data:
By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our service;
By appointing us to act as trustee of a pension scheme or by becoming a member, claimant or beneficiary of a pension scheme, either directly or via a third party (e.g. your employer if you are a member of a pension scheme);
By corresponding with us in relation to a pension scheme;
By logging onto www.zurich.ie (our “Website”);
By posting on social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
As Trustee of a pension scheme we collect the following classes of Personal Data:
Contact details (including name, address, email address and telephone number);
Identification details (including gender, marital status, date of birth);
Occupation details;
PPS number;
Nationality and country of residence;
Photographic identification (where necessary for performance of anti-money laundering checks);
Bank details, debit/credit card details (where needed);
Income details;
Information relating to criminal convictions or civil litigation history, where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with this Privacy Policy. Less commonly, we may use information relating to criminal convictions or civil litigation history where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public;
PEP (politically exposed person) status (for compliance with anti-money laundering legislation);
In certain cases, we may receive sensitive information from which it is possible to infer your trade union membership, religious or political beliefs (e.g. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
Employer name and address (executive and group schemes only).
If you are a member of a pension scheme, we will also collect the following Special Category of Personal Data:
Disability information (if you apply for early retirement on the grounds of ill health)
If you are a member of a pension scheme which includes life cover and/or serious illness benefits, we also collect the following Special Categories of Personal Data:
Medical history (personal and relevant family members), personal habits (e.g. smoking and alcohol consumption), prescription information.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from third parties?
We may obtain Personal Data and/or Special Categories of Personal Data about you from the following third parties:
Your employer, a Trustee or Registered Administrator of a pension scheme of which you were formerly a member;
Your financial broker, advisor or investment manager;
Your legal or tax advisor;
Zurich Life Assurance plc (as the insurer of a pension scheme) and other Zurich Group companies;
Medical professionals (including doctors, nurses and dentists) where medical information is necessary in order to assess entitlement to, administer a benefit under a pension scheme and/or a benefit including the processing of a claim;
Pensions Authority;
The Revenue;
Your spouse/partner, children or dependants, nominees, beneficiaries, assignees, or persons exercising a power of attorney.
What personal data do we collect from you, about other people?
We may collect Personal Data and/or Special Categories of Personal Data from you that relates to other people:
We may collect Personal Data from you relating to your spouse/partner, children or dependants, nominees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor or tax advisor under your pension scheme. We will process this Personal Data only to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee, including obligations under Pensions law, regulation and practice and Revenue requirements.
We may collect Personal Data from you relating to other people. The Personal Data collected by us with respect to such people is limited to name, address and, where relevant, identifier number, and is used only for identification purposes.
When we receive documentary evidence from you (e.g. for the purpose of confirming identity), the documentation may contain Personal Data belonging to other people, not related to your pension scheme (e.g. a co-addressee on a bill or a partner’s name on a Marriage Certificate). The Personal Data collected by us with respect to such people is not used by us but is retained as part of the pension scheme records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
For pension schemes which provide life cover, we may collect information relating to relevant family medical history. However, we do not collect, nor do we expect to receive, family members’ names and do not consider the information received as being sufficient to identify those family members. Therefore, it is not considered to be Personal Data or Special Categories of Personal Data.
If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee including obligations under Pensions law, regulation and practice and Revenue requirements.
For example, we will use this information to enable us:
To record you as life insured or member of a pension scheme (or a third party where the Personal Data relates to your spouse/partner, children or dependants, nominees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor or tax advisor under your pension scheme);
To administer and, if applicable, update or renew a pension scheme and to provide associated benefits;
To fulfil all legal and regulatory obligations placed on us;
To communicate with you so that we can fulfil our legal and regulatory obligations and where it is in our legitimate interests to do so (for example, using your Personal Data may help us to derive an appropriate investment strategy or range of investment options);
To communicate with your financial broker, advisor or investment manager and your professional advisers;
For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
To prevent, detect and investigate crimes, including fraud and money laundering;
To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
To comply with regulatory requirements.
The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
Processing necessary in order to operate your pension scheme, administer the benefits due under it and to discharge our legal and regulatory obligations including obligations under Pensions law, regulation and practice and Revenue requirements;
Processing necessary for the performance of the contract which you (or your representative e.g. your employer) has entered into with us or to take steps at your (or your representatives) request prior to entering into a contract;
Processing necessary for the purposes of the legitimate interests which we pursue prior to you or your representative entering into a contract with us (e.g. in providing you proposals about our services) and post contract (for further details, see the section entitled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
Processing based on your consent which we obtained from you when you became a member of a pension scheme or you (or your representative) entered into a contract with us, for example, if necessary in order to process a Special Category of Personal Data;
Processing data concerning health where necessary and proportionate for the provision of insurance or pension benefits.
Who might we share your personal data with?
We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with Zurich Life and with other companies in the Group such as branches, subsidiaries, affiliates within the Group and partners of the Group, located in Ireland and abroad, including outside the European Economic Area (’EEA’).
If we act as trustee for your pension scheme and have been appointed by you or through a financial broker, advisor, or other third party (e.g. your employer), we will, as appropriate, correspond with that financial broker, advisor, or other third party relating to your pension scheme; this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that financial broker, advisor, or other third party.
We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties and contractors involved in the running of your pension scheme, for the purposes of the administration of the pension scheme or the business of the Group as it relates to the pension scheme. This includes service providers who carry out administration functions, actuaries, investment managers who carry out periodic reviews of the investment options and strategies for your pension product, the auditor and other professional advisers’ who are retained to advise on the pension scheme. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.
In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties where they have a legitimate interest in processing it, or if we are required by law to provide the information, including:
Zurich Life and other Zurich Group companies (e.g. to provide administration, investment or actuarial support);
Any buyer or prospective buyer of ZIMT or another Zurich Group company involved in the running of pension schemes;
Pension schemes and insurance companies to whom transfer payments may be made or benefits secured;
The Revenue Commissioners, Pensions Authority and other statutory bodies.
We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.
How long do we keep hold of your personal data and special categories of personal data?
The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.
Do we transfer your information outside the European Union or European Economic Area?
Yes. Given the global nature of our business, our data is transferred to other countries.
The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored, outside the European Union or European Economic Area (‘EEA’) and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Examples of such transfers include India, Philippines, Brazil, Mexico, USA, Australia, Israel, Canada, Argentina (and shall also include the UK from the point at which it ceases to be a member of the European Union). In such instances, appropriate safeguards are put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 01 799 2711.
What are your rights with respect to your personal data and special categories of personal data?
You have the following rights:
To access the Personal Data and Special Categories of Personal Data we hold about you.
To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for profiling or direct marketing.
To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by writing to us at our registered office at: Data Protection Officer, Zurich House, Frascati Road, Blackrock, Co. Dublin or by emailing us at dataprotectionofficer@zurich.ie
In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.
You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.
Automated decision making and profiling
Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention. We are allowed to use automated decision making in the following circumstances:
Where we have notified you of the decision and given you 21 days to request a re-consideration.
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision on the basis of any Special Categories of Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Data security
We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What will happen if we change our privacy policy?
This Privacy Policy may change from time to time, and any changes will be posted on the Zurich Ireland Website and will be effective when posted. Please review this Privacy Policy each time you use the Zurich Ireland Website or our services. The date this Privacy Policy was last updated is shown next to the opening title.
How can you contact us about data protection?
You can contact us:
By phone: Zurich Life Customer Services team on 01 799 2711
By post addressed to: Data Protection Officer, Zurich Ireland Master Trustee, Zurich House, Frascati Road, Blackrock, Co. Dublin.
By email: dataprotectionofficer@zurich.ie
Schedule One – Zurich Ireland Master Trustee DAC Privacy Policy
Zurich Trustee Services Ltd - Privacy Policy
Last updated: June 2020
- Who are we?
- What personal data do we collect from you?
- What personal data do we collect about you, from third parties?
- What personal data do we collect from you, about other people?
- Why do we collect this personal data?
- Who might we share your personal data with?
- How long do we keep hold of your personal data and special categories of personal data?
- Do we transfer your information outside the European Union or European Economic Area?
- What are your rights with respect to your personal data and special categories of personal data?
- Automated decision making and profiling
- Data security
- What will happen if we change our privacy policy?
- How can you contact us about data protection?
Zurich Trustee Services Limited (‘ZTSL’) processes Personal Data and Special Categories of Personal Data in its capacity as trustee of certain pension schemes insured by Zurich Life Assurance plc (“Zurich Life”), namely an individual member scheme or a group scheme, with/without life cover, which are each referred to as a “pension scheme”). Depending on your relationship with us (e.g. as a member of a pension scheme, an employer, a broker, a claimant, an annuitant or a beneficiary), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.
Who are we?
We are Zurich Trustee Services Limited (referred to as ‘ZTSL’), a wholly owned subsidiary of Zurich Life, incorporated in Ireland and registered under company number 202905. Our registered office is at Zurich House, Frascati Road, Blackrock, Co. Dublin. ZTSL is a member of the global Zurich Insurance Group (‘Group’). ZTSL is ultimately owned by Zurich Insurance Company Ltd, a company incorporated in Switzerland.
Data Protection Definitions
We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data. ZTSL is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.
This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.
We require certain information in order to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee (e.g. contact information). Therefore, when you become a member of a pension scheme, or a claimant or beneficiary of benefits under a pension scheme , the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of your membership of the scheme. Accordingly , if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.
If you have any queries on data protection, our Data Protection Officer may be contacted at: dataprotectionofficer@zurich.ie or you can contact the Zurich Life Customer Services team on 01 799 2711.
What personal data do we collect from you?
You may give us Personal Data and Special Categories of Personal Data:
- By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our service;
- By appointing us to act as trustee of a pension scheme or by becoming a member, claimant or beneficiary of a pension scheme, either directly or via a third party (e.g. your employer if you are a member of a pension scheme);
- By corresponding with us in relation to a pension scheme;
- By logging onto www.zurich.ie (our “Website”);
- By posting on social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
As Trustee of a pension scheme we collect the following classes of Personal Data:
- Contact details (including name, address, email address and telephone number);
- Identification details (including gender, marital status, date of birth);
- Occupation details;
- PPS number;
- Nationality and country of residence;
- Photographic identification (where necessary for performance of anti-money laundering checks);
- Bank details, debit/credit card details (where needed);
- Income details;
- Information relating to criminal convictions or civil litigation history, where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with this Privacy Policy. Less commonly, we may use information relating to criminal convictions or civil litigation history where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public;
- PEP (politically exposed person) status (for compliance with anti-money laundering legislation);
- In certain cases, we may receive sensitive information from which it is possible to infer your trade union membership, religious or political beliefs (e.g. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
- Employer name and address (executive and group schemes only).
If you are a member of a pension scheme, we will also collect the following Special Category of Personal Data:
- Disability information (if you apply for early retirement on the grounds of ill health)
If you are a member of a pension scheme which includes life cover and/or serious illness benefits, we also collect the following Special Categories of Personal Data:
- Medical history (personal and relevant family members), personal habits (e.g. smoking and alcohol consumption), prescription information.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from third parties?
We may obtain Personal Data and/or Special Categories of Personal Data about youfrom the following third parties:
- Your employer, a Trustee or Registered Administrator of a pension scheme of which you were formerly a member;
- Your financial broker, advisor or investment manager;
- Your legal or tax advisor;
- Zurich Life Assurance plc (as the insurer of a pension scheme) and other Zurich Group companies;
- Medical professionals (including doctors, nurses and dentists) where medical information is necessary in order to assess entitlement to, administer a benefit under a pension scheme and/or a benefit including the processing of a claim;
- Pensions Authority;
- The Revenue;
- Your spouse/partner, children or dependants, nominees, beneficiaries, assignees, or persons exercising a power of attorney.
What personal data do we collect from you, about other people?
We may collect Personal Data and/or Special Categories of Personal Data from you that relates to other people:
- We may collect Personal Data from you relating to your spouse/partner, children or dependants, nominees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor or tax advisor under your pension scheme. We will process this Personal Data only to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee, including obligations under Pensions law, regulation and practice and Revenue requirements.
- We may collect Personal Data from you relating to other people. The Personal Data collected by us with respect to such people is limited to name, address and, where relevant, identifier number, and is used only for identification purposes.
- When we receive documentary evidence from you (e.g. for the purpose of confirming identity), the documentation may contain Personal Data belonging to other people, not related to your pension scheme (e.g. a co-addressee on a bill or a partner’s name on a Marriage Certificate). The Personal Data collected by us with respect to such people is not used by us but is retained as part of the pension scheme records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
- For pension schemes which provide life cover, we may collect information relating to relevant family medical history. However, we do not collect, nor do we expect to receive, family members’ names and do not consider the information received as being sufficient to identify those family members. Therefore, it is not considered to be Personal Data or Special Categories of Personal Data.
If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to operate your pension scheme, administer the benefits due under it and to discharge our obligations as Trustee including obligations under Pensions law, regulation and practice and Revenue requirements.
For example, we will use this information to enable us:
- To record you as life insured or member of a pension scheme (or a third party where the Personal Data relates to your spouse/partner, children or dependants, nominees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor or tax advisor under your pension scheme);
- To administer and, if applicable, update or renew a pension scheme and to provide associated benefits;
- To fulfil all legal and regulatory obligations placed on us;
- To communicate with you so that we can fulfil our legal and regulatory obligations and where it is in our legitimate interests to do so (for example, using your Personal Data may help us to derive an appropriate investment strategy or range of investment options);
- To communicate with your financial broker, advisor or investment manager and your professional advisers;
- For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
- To prevent, detect and investigate crimes, including fraud and money laundering;
- To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
- To comply with regulatory requirements.
The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
- Processing necessary in order to operate your pension scheme, administer the benefits due under it and to discharge our legal and regulatory obligations including obligations under Pensions law, regulation and practice and Revenue requirements;
- Processing necessary for the performance of the contract which you (or your representative e.g. your employer) has entered into with us or to take steps at your (or your representatives) request prior to entering into a contract;
- Processing necessary for the purposes of the legitimate interests which we pursue prior to you or your representative entering into a contract with us (e.g. in providing you proposals about our services) and post contract (for further details, see the section entitled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
- Processing based on your consent which we obtained from you when you became a member of a pension scheme or you (or your representative) entered into a contract with us, for example, if necessary in order to process a Special Category of Personal Data;
- Processing data concerning health where necessary and proportionate for the provision of insurance or pension benefits.
Who might we share your personal data with?
We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with Zurich Life and with other companies in the Group such as branches, subsidiaries, affiliates within the Group and partners of the Group, located in Ireland and abroad, including outside the European Economic Area (’EEA’).
If we act as trustee for your pension scheme and have been appointed by you or through a financial broker, advisor, or other third party (e.g. your employer), we will, as appropriate, correspond with that financial broker, advisor, or other third party relating to your pension scheme; this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that financial broker, advisor, or other third party.
We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties and contractors involved in the running of your pension scheme, for the purposes of the administration of the pension scheme or the business of the Group as it relates to the pension scheme. This includes service providers who carry out administration functions, actuaries, investment managers who carry out periodic reviews of the investment options and strategies for your pension product, the auditor and other professional advisers’ who are retained to advise on the pension scheme. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.
In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties where they have a legitimate interest in processing it, or if we are required by law to provide the information, including:
- Zurich Life and other Zurich Group companies (e.g. to provide administration, investment or actuarial support);
- Any buyer or prospective buyer of ZTSL or another Zurich Group company involved in the running of pension schemes;
- Pension schemes and insurance companies to whom transfer payments may be made or benefits secured;
- The Revenue Commissioners, Pensions Authority and other statutory bodies.
We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.
How long do we keep hold of your personal data and special categories of personal data?
The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.
Do we transfer your information outside the European Union or European Economic Area?
Yes. Given the global nature of our business, our data is transferred to other countries.
The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored, outside the European Union or European Economic Area (‘EEA’) and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Examples of such transfers include India, Philippines, Brazil, Mexico, USA, Australia, Israel, Canada, Argentina (and shall also include the UK from the point at which it ceases to be a member of the European Union). In such instances, appropriate safeguards are put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 01 799 2711.
What are your rights with respect to your personal data and special categories of personal data?
You have the following rights:
- To access the Personal Data and Special Categories of Personal Data we hold about you.
- To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
- To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
- To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for profiling or direct marketing.
- To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
- In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by writing to us at our registered office at: Data Protection Officer, Zurich House, Frascati Road, Blackrock, Co. Dublin or by emailing us at dataprotectionofficer@zurich.ie
In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.
You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.
Automated decision making and profiling
Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention. We are allowed to use automated decision making in the following circumstances:
- Where we have notified you of the decision and given you 21 days to request a re-consideration.
- Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
- In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
If we make an automated decision on the basis of any Special Categories of Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Data security
We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
What will happen if we change our privacy policy?
This Privacy Policy may change from time to time, and any changes will be posted on the Zurich Ireland Website and will be effective when posted. Please review this Privacy Policy each time you use the Zurich Ireland Website or our services. The date this Privacy Policy was last updated is shown next to the opening title.
How can you contact us about data protection?
You can contact us:By phone: Zurich Life Customer Services team on 01 799 2711
By post addressed to: Data Protection Officer, Zurich Trustee Services Limited, Zurich House, Frascati Road, Blackrock, Co. Dublin.
By email: dataprotectionofficer@zurich.ie
Schedule One – Zurich Trustee Services Limited Privacy Policy
Zurich Trustee Services Ltd - Data Retention Policy
Last updated: September 2018
- The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
- The type of pension scheme benefits that are provided to you
- The type of data that we hold about you.
- If your data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
- If you or a regulatory authority require us to keep your data for a legitimate purpose.
- If we use your data for long-term statistical modelling, provided that such modelling does not impact decisions that we may make about you.
Category | Retention |
---|---|
Quotation information: | 12 months |
Information relating to membership of a pension scheme | 7 years after the scheme has wound up |
Following the expiration of the retention periods outlined above, we will ensure that your data is securely deleted, anonymised or put beyond use in a separate secure archive system with highly restricted access.
Zurich Insurance Europe AG, Ireland Branch - Privacy Policy
Last updated: January 2024
- Who are we?
- What personal data do we collect from you?
- What personal data do we collect about you, from third parties?
- What personal data do we collect from you, about other people?
- Why do we collect this personal data?
- Who might we share your personal data with?
- How long do we keep hold of your personal data and special categories of personal data?
- Do we transfer your information outside the European Union or European Economic Area?
- What are your rights with respect to your personal data and special categories of personal data?
- Automated decision making and profiling
- Data security
- What will happen if we change our privacy policy?
- How can you contact us about data protection?
This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate.
Zurich Insurance Europe AG (‘Zurich’) processes Personal Data and Special Categories of Personal Data to provide and administer its insurance products and to provide related services. Depending on your relationship with us (for example, as a proposer, a policyholder, an insured person, a claimant or a candidate for a role with Zurich), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.
Who are we?
We are Zurich Insurance Europe AG (referred to as ‘Zurich’),
a non-life insurance company registered in Frankfurt, Germany (registration
number 133359) with its registered seat at Platz der Einheit 2, 60327,
Frankfurt A.M. and in Ireland as a branch (registration number 910127) with
registered branch office at Zurich House, Frascati Road, Blackrock, Co. Dublin,
A94X9Y3. Zurich is a member of the global Zurich Insurance
Group (‘Group’) and is ultimately owned by Zurich Insurance
Company Ltd a company incorporated in Switzerland. Zurich is
authorised by the Federal Financial Supervisory Authority (BaFin) in Germany
and is regulated by the Central Bank of Ireland for conduct of business
rules (firm reference number C529842).
Zurich sells insurance products (‘Products’) on a Freedom of Services (‘FOS’) basis and a Freedom of Establishment (‘FOE’) basis through branches in a number of European countries. This Privacy Policy relates to Products that are underwritten and administered in the Republic of Ireland.
Data Protection Definitions
We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data Controller means the entity which, by itself or jointly with others, determines the purposes and means of processing Personal Data. Zurich is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.
This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or others provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.
When you become our customer, the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our products (e.g. contact information). In those circumstances, if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.
If you have any queries on data protection, our Data Protection Officer may be contacted at:
-
Zurich Customer Services on +353 (0)53 915 7775.
-
Data Protection Officer, Zurich Insurance Europe AG, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.
What personal data do we collect from you?
You may give us Personal Data and Special Categories of Personal Data:
- By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
- By applying for, or purchasing, one or more of our Products, either directly from us or via an authorised intermediary, advisor or another third party (e.g. your employer if you are a member of a group scheme);
- By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
- By corresponding with us if you are a third party claimant or beneficiary/claimant under a policy;
- By setting up profiles or logging onto your profile on www.zurich.ie (our “website”);
- By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
- When you supply us with goods or services;
- By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
- By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.
Where appropriate, we may collect the following classes of Personal Data and/or Special Categories of Personal Data from and/or about you or any other person who may benefit from insurance coverage taken out or sought by you:
- Contact and identifying information such as title, name, address (including Eircode), email address, telephone number, policy number, date and place of birth, gender, relationship status, VAT number, IP address, country of residence, years of residency, driving licence/permit details and passport details.
- Financial information such as bank account details, credit/debit card details, credit history, records of payments and arrears and income details.
- Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
- Medical and health details including information related to personal habits (such as smoking or consumption of alcohol), medical history, details of any disability, injuries sustained (including any relevant pre-existing health conditions and any subsequent injuries) and prognosis for recovery.
- Other Personal Data such as telephone recording, CCTV recording, audio visual images and recordings, photographic images, marketing preferences, insurance history, premium and renewal dates of policies with other insurers, and website usage information.
- Other sensitive information such as details of any criminal convictions and offences (including penalty points), civil litigation history as well as pending prosecutions. We may also, in certain cases, receive information from which it may be possible to infer your trade union membership, religious or political beliefs (for example. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
- Information pertaining to the risk insured such as description of the risk, value of the risk, premium, renewal date, location information (including geocoding information), motor tax and National Car Test (NCT)/Certificate of Road Worthiness (CRW) status, driving history and claims history.
- Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, details of any other claims that you have made, as well as financial, medical, health and other lawfully obtained information relevant to your claim including PPS number and social welfare information.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from third parties?
Where appropriate, we may obtain Personal Data and/or Special Categories of Personal Data about you from the following third party sources:
- The insurance industry’s claims database known as InsuranceLink (for more information see www.inslink.ie).
- The Integrated Information Data Service (‘IIDS’) which allows members of Insurance Ireland to verify information including penalty points and no-claims discount information provided by their customers.
- The National Vehicle and Driver File, maintained and supported by the Department of Transport, Tourism and Sport, containing details of all registered vehicles in the State.
- The Motor Insurance Anti-Fraud and Theft Register (MIAFTR) operated by the Association of British Insurers in the UK to log all insurance claims relating to written-off and stolen vehicles in the UK.
- Third party vendors who provide data enrichment services (such as vehicle and claims history) to the insurance industry.
- Geocoding databases to determine location based risk factors.
- The Companies Registration Office and other business search tools.
- Any third parties involved in or witnesses to the incident.
- Emergency services such as ambulance or fire services.
- An Garda Síochána or other law enforcement agencies.
- Experts or professionals (such as brokers, claim management companies, legal representatives, medical professionals, tradesmen, loss assessors, loss adjustors, accident investigators, other insurance companies, motor repairers, motor engineers, car hire providers and salvage providers) acting on your behalf as the claimant or on behalf of a third party entitled to indemnity under the policy.
- The Personal Injuries Assessment Board.
- Claims service providers and experts appointed by us during the handling of the claim (such as legal representatives, medical professionals, tradesmen, loss adjustors, accident investigators, motor repairers, motor engineers, car hire providers, salvage providers, consulting engineers, forensic engineers, architects and surveyors).
- Private investigators in connection with the investigation of a claim.
- Department of Employment Affairs and Social Protection in connection with the Recovery of Benefits and Assistance scheme.
What personal data do we collect from you, about other people?
Where appropriate, we may collect Personal Data and/or Special Categories of Personal Data from you that relate to people other than you, such as:
- Employees, other persons entitled to indemnity under your policy (e.g. named drivers under a motor policy or family members covered under a travel policy), your broker or advisor, other claimants, any third parties involved in or witnesses to the incident giving rise to a claim, persons exercising a power of attorney, legal representatives, your medical professionals (e.g. GP), tradesmen, loss assessors, loss adjustors, accident investigators, motor repairers, or a referee (in the event of a job application).
- When we receive documentary evidence from you, the documentation may contain Personal Data belonging to other people, not related to your policy or claim (e.g. a co-addressee on a bill). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
Note: If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our Products, to market our Products, to transact business, validate and settle any claims, to develop or enhance our online service and to recruit staff.
Where appropriate, we will use this information:
- To assess your needs and assess Product suitability (if a Product is being sold to you directly), undertake a risk assessment and evaluation in line with our underwriting protocols, determine the premium requirement and/or provide a quotation, in order to comply with our legal obligations and to enter into a contract with you;
- To set you up as a policyholder or record you as a party entitled to indemnity under the policy so that we can fulfil our contract with you;
- To communicate with you as part of our business relationship with you so that we can fulfil our contract with you;
- To administer and renew your policy so that we can fulfil our contract with you;
- To communicate with your broker, advisor or any third party acting on your behalf as part of our business relationship with you and in order to help us fulfil our contract with you;
- To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
- As part of our efforts to keep our websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;
- To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interests. For further information please see our Cookie Policy;
- For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
- To process your premium and other payments;
- For claims management including investigating, assessing, processing, undertaking dispute resolution, settling claims and bringing and/or defending legal proceedings, which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
- To make suggestions and recommendations to you and other users of our Website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
- To deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
- To prevent, detect and investigate insurance fraud, as well as other offences including money laundering, and to assist An Garda Síochána or any other authorised investigatory body or authority with any inquiries or investigations;
- To carry out research and analysis including analysis of our policyholders and others whose Personal Data we collect as set out in this Privacy Policy in accordance with our legitimate business interests;
- For staff training and quality assurance purposes;
- To manage and investigate complaints;
- To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
- To comply with legal and regulatory requirements.
- For reinsurance purposes;
- To check against international/economic or financial sanctions laws or regulated listings to comply with legal obligations or otherwise to protect our legitimate business interests and/or the legitimate interests of others.
The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
- Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (e.g. in providing you with quotations and proposals about our services) and post contract (for further details, see the section titled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
- Processing based on your consent where you have provided us with same, for example, if necessary in order to process a Special Category of Personal Data;
- Processing data concerning health where necessary and proportionate for the provision of insurance policies;
- Processing necessary for compliance with a legal obligation to which we are subject; and
- Processing that you have provided consent for with respect to one or more specific purposes (e.g. subscribing to a mailing list, entering a competition, submitting a request for information or communication).
Who might we share your personal data with?
We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group, partners of the Group and coinsurance and reinsurance companies, located in Ireland and abroad, including outside the European Economic Area (’EEA’).
If you apply for or purchase one of our Products through a broker, advisor, or other third party, we will, as appropriate, correspond with that broker, advisor, or other third party relating to your Products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that broker, advisor, or other third party.
We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, and suppliers and sub-contractors, located in Ireland and abroad, including outside the EEA (for example, to provide you with our Products and for the performance of any contract we enter into with you or them). Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.
In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets, as appropriate;
- If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
-
If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations (including private investigators, where appropriate) for the purposes of fraud protection and credit risk reduction;
We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.
Please note, information about claims (whether by our customers or third-parties) is collected by us when a claim is made under a policy and placed on InsuranceLink. This information may be shared with other insurance companies, self-insurers or statutory authorities.
The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect customers. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.
Finally, where you have consented to our doing so, we may share information that you provide to companies within the Group and with other companies that we establish commercial links with so we and they may contact you (by email, SMS, telephone or other appropriate means) in order to tell you about carefully selected products, services or offers that we believe will be of interest to you.
How long do we keep hold of your personal data and special categories of personal data?
The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.
In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.
Do we transfer your information outside the European Union or European Economic Area?
Yes. Given the global nature of our business, our data is transferred to other countries.
The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored, outside the European Union or European Economic Area (‘EEA’) and for which there may be no adequacy decision relating to the safeguards for Personal Data from the European Commission. Examples of such transfers include India, Philippines, Brazil, Mexico, USA, Australia, Israel, Canada, Argentina and the UK. In such instances, appropriate safeguards are put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on +353 (0)53 915 7775.
What are your rights with respect to your personal data and special categories of personal data?
You have the following rights:
- A. To access the Personal Data and Special Categories of Personal Data we hold about you.
- B. To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
- C. To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data (see our data retention policy).
- D. To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for direct marketing.
- E. To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- F. To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
- G. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of the above rights by writing to us at: Data Protection Officer, Zurich Insurance Europe AG, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland or by emailing us at dataprotectionofficer@zurich.ie
In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.
You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.
Automated decision making and profiling
Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention.
We use automated decision making, including profiling, in the following situations:
We use the information provided by you and obtained from third party sources about you, including your claims history and other factors relating to the risk proposed such as your address, your age and the type of vehicle you drive in order to undertake a risk assessment and to determine the appropriate premium.
During the underwriting process we may send some of your personal data to third party contractors in order to validate and obtain additional information relevant to the risk being proposed. We may also send your address details to a third party contractor to determine information about the area in which you live in order to assess any environmental risks (such as the potential flood risk).This is done in order to properly assess your risk profile which determines your premium and the insurance cover to be provided to you.
Underwriting is the process by which an insurance company assesses, accepts or rejects risks and classifies those selected, in order to charge an appropriate premium. The underwriting factors that must be evaluated to complete the underwriting process depend on the insurance product the customer is interested in; each product requires different categories of information to assess the risk profile of the proposer. We use an algorithm or internal model, which uses complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. The algorithm and internal models are Zurich confidential intellectual property. As a result we cannot provide any further details of how they work in this Privacy Policy.
Where we base a decision on solely automated decision making, you will always be entitled to have a person review the decision so that you can contest it and to elaborate on your specific circumstances and make a personal representation.
Data security
We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties acting on our behalf will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How can you contact us about data protection?
You can contact us:
-
Zurich Customer Services on +353 (0)53 915 7775.
-
Data Protection Officer, Zurich Insurance Europe AG, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.
Schedule One – Zurich Insurance Privacy Policy
Zurich Insurance Europe AG, Ireland Branch - Data Retention Policy
Last updated: January 2024
- The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
- The type of product that we have provided to you.
- The type of data that we hold about you.
- Whether the data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
Category | Retention |
---|---|
Quotation information: | 15 months for personal insurances and 3 years for commercial insurances |
Policy and Claims information | 20/40/60 years after your policy has ceased or 20/40/60 years from the date of settlement of a claim under that policy, whichever is the later date * |
Employment applications | 2 years |
*For non-motor policies that provide liability insurance cover (for example, household policies) we retain data for 40 or 60 years to enable us to deal with latent claims (situations where a claimant does not become aware of the damage or injury until a long time after it was caused). For all other policies we retain data for 20 years to enable us to deal with claims reported within the statute of limitations.
After the above periods have been reached, we will anonymise your personal data. "Anonymisation" of data means processing it with the aim of irreversibly preventing the identification of the individual to whom it relates. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.