Privacy Policy | Zurich Ireland

Privacy Policy

  • This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate.

    We have separate Privacy Policies for the different countries in which we sell business. If you wish to see a privacy Policy in your own language, you can contact us at the following email addresses:

    Italy: privacy@it.zurich.com

    Germany: datenschutz@zurich.com

    UK: GBZ.General.Data.Protection@uk.zurich.com

    Spain: dataprotectionofficer@zurich.ie

    Sweden: dataprotectionofficer@zurich.ie

    Zurich Life Assurance plc (‘Zurich Life’) processes Personal Data and Special Categories of Personal Data to provide and administer its life insurance and pension products and to provide related services. Depending on your relationship with us (e.g. as a policyholder, a claimant, a candidate for a role with Zurich Life, etc.), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.

    Who are we?

    We are Zurich Life Assurance plc (referred to as ‘Zurich Life’), a public limited company incorporated in Ireland and registered under company number 58098. Our registered office is at Zurich House, Frascati Road, Blackrock, Co. Dublin. Zurich Life is a member of the global Zurich Insurance Group (‘Group’). Zurich Life is ultimately owned by Zurich Insurance Company Ltd. a company incorporated in Switzerland. Zurich Life is regulated by the Central Bank of Ireland.

    Zurich Life sells life (protection and investment) and pension products (together, Products) to its customers in the Republic of Ireland. Zurich Life also sells life (investment) products to its customers in Italy through its Italian branch on a Freedom of Establishment basis. Zurich Life also sells life (protection) products to its customers in Germany, on a Freedom of Services (‘FOS’) basis. Zurich Life also administers closed books of business with respect to life (investment) products in the UK, Spain, Sweden and Italy, on a FOS basis.

    Data Protection Definitions

    We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.

    Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

    Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data. Zurich Life is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.

    This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.

    When you become our customer, the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our products (e.g. contact information). In those circumstances, if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.

    If you have any queries on data protection, our Data Protection Officer may be contacted at: dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 01 799 2711.

    What personal data do we collect from you?

    You may give us Personal Data and Special Categories of Personal Data:

    • By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our Websites, our Products or our customer service;
    • By applying for, or taking out, one or more of our Products as a policyholder or a life insured, either directly from us or via a financial broker, advisor or another third party (e.g. your employer if you are a member of a group scheme);
    • By corresponding with us in relation to one or more of your Policies (e.g. with respect to a claim);
    • By setting up profiles or logging onto your profile on www.zurich.ie (our “Website”);
    • By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
    • When you supply us with goods or services;
    • By applying to work with us. The type of information you may provide includes your CV, a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. nationality, gender, height, weight, medical information, religion, philosophical or political beliefs) or financial data in your application;
    • By visiting our offices your image may be captured on the CCTV cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.

    For all our Products we collect the following classes of Personal Data:

    • Contact details (including name, address, email address and telephone number);
    • Identification details (including gender, marital status, date of birth);
    • Occupation details;
    • PPS number;
    • Nationality and country of residence;
    • Photographic identification (necessary for performance of anti-money laundering checks);
    • Bank details, debit/credit card details (where needed);
    • Income details (where needed);
    • Information relating to criminal convictions or civil litigation history, where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with this Privacy Policy. Less commonly, we may use information relating to criminal convictions or civil litigation history where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public;
    • PEP (politically exposed person) status (for compliance with anti-money laundering legislation);
    • In certain cases, we may receive sensitive information from which it is possible to infer your trade union membership, religious or political beliefs (e.g. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).

    If you have a Pension Product, we also collect the following classes of Personal Data:

    • Income details;
    • Employer name and address (executive and group schemes only).

    If you have a Pension Product, we will also collect the following Special Category of Personal Data:

    • Disability information (if you apply for early retirement on the grounds of ill health)

    If you have an Investment Product, we also collect the following classes of Personal Data (necessary for compliance with Revenue laws):

    • US citizen status;
    • Tax Identification Numbers from other countries (if applicable).

    If you have a Protection Product, we also collect the following class of Personal Data:

    • Income details (group schemes only).

    If you have a Product that includes a form of insurance e.g. Protection and some Pension and Investment Products, which also offer life and serious illness benefits, we also collect the following Special Categories of Personal Data:

    • Medical history (personal and relevant family members), personal habits (e.g. smoking and alcohol consumption), prescription information.

    Your duty to inform us of changes

    It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

    What personal data do we collect about you, from third parties?

    We may obtain Personal Data and/or Special Categories of Personal Data about you from the following third parties:

    • Medical professionals (including doctors, nurses and dentists) where medical information is necessary in order to underwrite or administer a policy, including the processing of a claim;
    • Private investigators appointed by us in connection with the investigation of a claim;
    • Your financial broker, advisor or investment manager;
    • Your legal or tax advisor;
    • Your employer and/or scheme Trustee and/or Registered Administrator (for group schemes).

    What personal data do we collect from you, about other people?

    We may collect Personal Data and/or Special Categories of Personal Data from you that relates to people other than the policyholder, life insured or group scheme member:

    • We may collect Personal Data from you relating to trustees, beneficiaries, assignees, persons exercising a power of attorney, your medical professionals (e.g. GP), financial broker or advisor, investment manager, legal advisor, tax advisor, or a referee (in the event of a job application). The Personal Data collected by us with respect to such people is limited to name, address and, where relevant, identifier number, and is used only for identification purposes.
    • When we receive documentary evidence from you (e.g. for the purpose of conducting anti-money laundering checks), the documentation may contain Personal Data belonging to other people, not related to your Product (e.g. a co-addressee on a bill or a partner’s name on a Marriage Certificate). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your policy records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
    • For Protection Products, we collect information relating to relevant family medical history. However, we do not collect, nor do we expect to receive, family members’ names and do not consider the information received as being sufficient to identify those family members. Therefore, it is not considered to be Personal Data or Special Categories of Personal Data.

    If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.

    Why do we collect this personal data?

    We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our Products, to market our Products, to transact business, to develop or enhance our online service and to recruit staff.

    We will use this information:

    To assess your needs and assess Product suitability (if a Product is being directly sold to you by a financial advisor employed by or tied to Zurich Life) which is necessary for compliance with our legal obligations;

    To set you up as a policyholder, life insured or member of a group scheme (or a third party where the Personal Data relates to a trustee, beneficiary, assignee, person exercising a power of attorney, named medical professional, financial broker or advisor, investment manager, legal advisor or tax advisor) so that we can fulfil our contract with you;

    To communicate with you as part of our business relationship with you so that we can fulfil our contract with you;

    To administer and renew your policies so that we can fulfil our contract with you;

    To communicate with your financial broker, advisor or investment manager as part of our business relationship with you and in order to help us fulfil our contract with you;

    To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;

    As part of our efforts to keep our Websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;

    To administer and improve our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interest. For further information please see our Cookie Policy;

    For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;

    To assess whether to provide insurance and the level of premium to be paid which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;

    To process your premium and other payments;

    For claims management including investigating, processing, undertaking dispute resolution and settling claims which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;

    To make suggestions and recommendations to you and other users of our Website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;

    To deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;

    To prevent, detect and investigate crimes, including fraud and money laundering;

    To carry out research and analysis including analysis of our policyholders and others whose Personal Data we collect as set out in this Privacy Policy;

    To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;

    To comply with regulatory requirements.

    The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:

    Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;

    Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (e.g. in providing you with quotes and proposals about our services) and post contract (for further details, see the section entitled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;

    Processing based on your consent which we obtained from you when you purchased your product, for example, if necessary in order to process a Special Category of Personal Data;

    Processing data concerning health where necessary and proportionate for the provision of insurance or pension policies;

    Processing necessary for compliance with a legal obligation to which we are subject; and

    Processing that you have provided consent for with respect to processing for one or more specific purposes (e.g. subscribing to a mailing list, entering a competition, submitting a request for information or communication).

    Who might we share your personal data with?

    We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group such as branches, subsidiaries, affiliates within the Group, partners of the Group, coinsurance and reinsurance companies located in Ireland and abroad, including outside the European Economic Area (’EEA’).

    If you apply for or purchase one of our Products through a financial broker, advisor, or other third party (e.g. your employer if you are a member of a group scheme), we will, as appropriate, correspond with that financial broker, advisor, or other third party relating to your Products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that financial broker, advisor, or other third party.

    We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, suppliers and sub-contractors, for example, to provide you with our Products and for the performance of any contract we enter into with them or you. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.

    In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:

    • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets at an appropriate time;
    • If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
    • If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

    We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.

    How long do we keep hold of your personal data and special categories of personal data?

    The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

    All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.

    In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.

    Do we transfer your information outside the European Union or European Economic Area?

    Yes. Given the global nature of our business, our data is transferred to other countries.

    The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored in, Switzerland, which is outside the European Economic Area (‘EEA’) and for which there is an adequacy decision relating to the safeguards for Personal Data from the European Commission.

    The Personal Data and Special Categories of Personal Data that we collect from you may also be transferred to, and stored in India, which is outside the EEA and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Accordingly, appropriate safeguards have been put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 01 799 2711.

    What are your rights with respect to your personal data and special categories of personal data?

    You have the following rights:

    • To access the Personal Data and Special Categories of Personal Data we hold about you.
    • To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
    • To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
    • To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for profiling or direct marketing.
    • To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
    • To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
    • In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.

    You may exercise any of the above rights by writing to us at our registered office at: Data Protection Officer, Zurich House, Frascati Road, Blackrock, Co. Dublin or by emailing us at dataprotectionofficer@zurich.ie

    In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.

    You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.

    Automated decision making and profiling

    Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention. We are allowed to use automated decision making in the following circumstances:

    1. 1.Where we have notified you of the decision and given you 21 days to request a re-consideration.
    2. 2.Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
    3. 3.In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

    If we make an automated decision on the basis of any Special Categories of Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

    You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.

    We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

    Data security

    We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.

    Details of these measures are available upon request.

    Third parties will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

    We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

    What will happen if we change our privacy policy?

    This Privacy Policy may change from time to time, and any changes will be posted on our Website and will be effective when posted. Please review this Privacy Policy each time you use our Website or our services. The date this Privacy Policy was last updated is shown next to the opening title.

    How can you contact us about data protection?

    You can contact us:

    By phone: Zurich Life Customer Services team on 01 799 2711

    By post addressed to: Data Protection Officer, Zurich Life Assurance plc, Zurich House, Frascati Road, Blackrock, Co. Dublin.

    By email:dataprotectionofficer@zurich.ie

    Schedule One - Zurich Life Privacy Policy

  • Last updated: May 2018

    There are a number of factors influencing how long we will hold your Personal Data and Special Categories of Personal Data, including but not limited to the following:
    • The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
    • The type of product that we have provided to you.
    • The type of data that we hold about you.
    • If your data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
    • If you or a regulatory authority require us to keep your data for a legitimate purpose.
    • If we use your data for long-term statistical modelling, provided that such modelling does not impact decisions that we may make about you.
    As a general rule, we hold your data for the periods set out below:
    Category Retention
    Quotation information: 12 months
    Policy Information 7 years from when a contract has ceased
    Claims information 7 years from when a claim has been settled
    Group Pension Policies 7 years after a group scheme has wound up
    Employment Applications 2 years

    Following the expiration of the retention periods outlined above, we will ensure that your data is securely deleted, anonymised or put beyond use in a separate secure archive system with highly restricted access.

  • This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate.

    Zurich Insurance plc (‘Zurich’) processes Personal Data and Special Categories of Personal Data to provide and administer its insurance products and to provide related services. Depending on your relationship with us (for example, as a proposer, a policyholder, an insured person, a claimant or a candidate for a role with Zurich), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.

    Who are we?

    We are Zurich Insurance plc (referred to as ‘Zurich’), a public limited company incorporated in Ireland and registered under company number 13460. Our registered office is at Zurich House, Ballsbridge Park, Dublin 4.  Zurich is a member of the global Zurich Insurance Group (‘Group’). Zurich is ultimately owned by Zurich Insurance Company Ltd a company incorporated in Switzerland. Zurich is regulated by the Central Bank of Ireland.

    Zurich sells insurance products (‘Products’) on a Freedom of Services (‘FOS’) basis and a Freedom of Establishment (‘FOE’) basis through branches in a number of European countries. This Privacy Policy relates to Products that are underwritten and administered in the Republic of Ireland.

    Data Protection Definitions

    We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.

    Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

    Data Controller means the entity which, by itself or jointly with others, determines the purpose and means of processing Personal Data. Zurich Life is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.

    This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or that you (or others) provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.

    When you become our customer, the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our products (e.g. contact information). In those circumstances, if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.

    If you have any queries on data protection, our Data Protection Officer may be contacted at:

    • Customer Services on +353 (0)53 915 7775
    • dataprotectionofficer@zurich.ie
    • Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.

    What personal data do we collect from you?

    You may give us Personal Data and Special Categories of Personal Data:

    • By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
    • By applying for, or purchasing, one or more of our Products, either directly from us or via an authorised intermediary, advisor or another third party (e.g. your employer if you are a member of a group scheme);
    • By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
    • By corresponding with us if you are a third party claimant or beneficiary/claimant under a policy;
    • By setting up profiles or logging onto your profile on www.zurich.ie (our “website”);
    • By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
    • When you supply us with goods or services;
    • By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
    • By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.

     

    Where appropriate, we may collect the following classes of Personal Data and/or Special Categories of Personal Data from and/or about you or any other person who may benefit from insurance coverage taken out or sought by you:

    • Contact and identifying information such as title, name, address (including Eircode), email address, telephone number, policy number, date and place of birth, gender, relationship status, VAT number, IP address, country of residence, years of residency, driving licence/permit details and passport details.
    • Financial information such as bank account details, credit/debit card details, credit history, records of payments and arrears and income details.
    • Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
    • Medical and health details including information related to personal habits (such as smoking or consumption of alcohol), medical history, details of any disability, injuries sustained (including any relevant pre-existing health conditions and any subsequent injuries) and prognosis for recovery. 
    • Other Personal Data such as telephone recording, CCTV recording, audio visual images and recordings, photographic images, marketing preferences, insurance history, premium and renewal dates of policies with other insurers, and website usage information.
    • Other sensitive information such as details of any criminal convictions and offences (including penalty points), civil litigation history as well as pending prosecutions.  We may also, in certain cases, receive information from which it may be possible to infer your trade union membership, religious or political beliefs (for example. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
    • Information pertaining to the risk insured such as description of the risk, value of the risk, premium, renewal date, location information (including geocoding information), motor tax and National Car Test (NCT)/Certificate of Road Worthiness (CRW) status, driving history and claims history. 
    • Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, details of any other claims that you have made, as well as financial, medical, health and other lawfully obtained information relevant to your claim including PPS number and social welfare information.

    Your duty to inform us of changes

    It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

    What personal data do we collect about you, from third parties?

    Where appropriate, we may obtain Personal Data and/or Special Categories of Personal Data about you from the following third party sources:

    1. Your broker, advisor, or any other third party acting on your behalf (for example, your employer if you are a member of a group scheme), other insurance companies, financial institutions or anybody else insured under your policy of insurance;
    2. Without limitation:
    • The insurance industry’s claims database known as InsuranceLink (for more information see www.inslink.ie).
    • The Integrated Information Data Service (‘IIDS’) which allows members of Insurance Ireland to verify information including penalty points and no-claims discount information provided by their customers.
    • The National Vehicle and Driver File, maintained and supported by the Department of Transport, Tourism and Sport, containing details of all registered vehicles in the State.
    • The Motor Insurance Anti-Fraud and Theft Register (MIAFTR) operated by the Association of British Insurers in the UK to log all insurance claims relating to written-off and stolen vehicles in the UK.
    • Third party vendors who provide data enrichment services (such as vehicle and claims history) to the insurance industry.
    • Geocoding databases to determine location based risk factors.
    • The Companies Registration Office and other business search tools.
    3. Distribution and affinity partners such as banks and mobile network operators through whom we distribute our Products or who introduce business to us;
    4. In the event of a claim or any incident that may give rise to a claim:
    • Any third parties involved in or witnesses to the incident.
    • Emergency services such as ambulance or fire services.
    • An Garda Síochána or other law enforcement agencies.
    • Experts or professionals (such as brokers, claim management companies, legal representatives, medical professionals, tradesmen, loss assessors, loss adjustors, accident investigators, other insurance companies, motor repairers, motor engineers, car hire providers and salvage providers) acting on your behalf as the claimant or on behalf of a third party entitled to indemnity under the policy.
    • The Personal Injuries Assessment Board.
    • Claims service providers and experts appointed by us during the handling of the claim (such as legal representatives, medical professionals, tradesmen, loss adjustors, accident investigators, motor repairers, motor engineers, car hire providers, salvage providers, consulting engineers, forensic engineers, architects and surveyors).
    • Private investigators in connection with the investigation of a claim.
    • Department of Employment Affairs and Social Protection in connection with the Recovery of Benefits and Assistance scheme.
    5. From searches of publicly available information, whether obtained online or through various media outlets or State and/or industry registers.

    What personal data do we collect from you, about other people?

    Where appropriate, we may collect Personal Data and/or Special Categories of Personal Data from you that relate to people other than you, such as:

    • Employees, other persons entitled to indemnity under your policy (e.g. named drivers under a motor policy or family members covered under a travel policy), your broker or advisor, other claimants, any third parties involved in or witnesses to the incident giving rise to a claim, persons exercising a power of attorney, legal representatives, your medical professionals (e.g. GP), tradesmen, loss assessors, loss adjustors, accident investigators, motor repairers, or a referee (in the event of a job application).
    • When we receive documentary evidence from you, the documentation may contain Personal Data belonging to other people, not related to your policy or claim (e.g. a co-addressee on a bill). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.

    Note: If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.

     

    Why do we collect this personal data?

    We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our Products, to market our Products, to transact business, to develop or enhance our online service and to recruit staff.

    We will use this information:

    • To assess your needs and assess Product suitability (if a Product is being directly sold to you by a financial advisor employed by or tied to Zurich Life) which is necessary for compliance with our legal obligations;
    • To set you up as a policyholder, life insured or member of a group scheme (or a third party where the Personal Data relates to a trustee, beneficiary, assignee, person exercising a power of attorney, named medical professional, financial broker or advisor, investment manager, legal advisor or tax advisor) so that we can fulfil our contract with you;
    • To communicate with you as part of our business relationship with you so that we can fulfil our contract with you;
    • To administer and renew your policies so that we can fulfil our contract with you;
    • To communicate with your financial broker, advisor or investment manager as part of our business relationship with you and in order to help us fulfil our contract with you;
    • To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
    • As part of our efforts to keep our Websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;
    • To administer and improve our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interest. For further information please see our Cookie Policy;
    • For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
    • To assess whether to provide insurance and the level of premium to be paid which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
    • To process your premium and other payments;
    • For claims management including investigating, processing, undertaking dispute resolution and settling claims which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
    • To make suggestions and recommendations to you and other users of our Website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
    • To deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
    • To prevent, detect and investigate crimes, including fraud and money laundering;
    • To carry out research and analysis including analysis of our policyholders and others whose Personal Data we collect as set out in this Privacy Policy;
    • To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
    • To comply with regulatory requirements.
    • The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
    • Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
    • Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (e.g. in providing you with quotes and proposals about our services) and post contract (for further details, see the section entitled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
    • Processing based on your consent which we obtained from you when you purchased your product, for example, if necessary in order to process a Special Category of Personal Data;
    • Processing data concerning health where necessary and proportionate for the provision of insurance or pension policies;
    • Processing necessary for compliance with a legal obligation to which we are subject; and
    • Processing that you have provided consent for with respect to processing for one or more specific purposes (e.g. subscribing to a mailing list, entering a competition, submitting a request for information or communication).

    Who might we share your personal data with?

    We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group such as branches, subsidiaries, affiliates within the Group, partners of the Group, coinsurance and reinsurance companies located in Ireland and abroad, including outside the European Economic Area (’EEA’).

    If you apply for or purchase one of our Products through a financial broker, advisor, or other third party (e.g. your employer if you are a member of a group scheme), we will, as appropriate, correspond with that financial broker, advisor, or other third party relating to your Products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that financial broker, advisor, or other third party.

    We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, suppliers and sub-contractors, for example, to provide you with our Products and for the performance of any contract we enter into with them or you. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.

    In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:

    • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets at an appropriate time;
    • If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
    • If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

    We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.

    Please note, information about claims (whether by our customers or third-parties) is collected by us when a claim is made under a policy and placed on InsuranceLink. This information may be shared with other insurance companies, self-insurers or statutory authorities.

    The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect customers. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.

    Finally, where you have consented to our doing so, we may share information that you provide to companies within the Group and with other companies that we establish commercial links with so we and they may contact you (by email, SMS, telephone or other appropriate means) in order to tell you about carefully selected products, services or offers that we believe will be of interest to you.

    How long do we keep hold of your personal data and special categories of personal data?

    The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

    All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.

    In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.

    Do we transfer your information outside the European Union or European Economic Area?

    Yes. Given the global nature of our business, our data is transferred to other countries.

    The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored in, Switzerland, which is outside the European Economic Area (‘EEA’) and for which there is an adequacy decision relating to the safeguards for Personal Data from the European Commission.

    The Personal Data and Special Categories of Personal Data that we collect from you may also be transferred to, and stored in India, which is outside the EEA and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Accordingly, appropriate safeguards have been put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 053 915 7775.

    What are your rights with respect to your personal data and special categories of personal data?

    You have the following rights:

    • A. To access the Personal Data and Special Categories of Personal Data we hold about you.
    • B. To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.
    • C. To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
    • D. To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances, e.g. processing for profiling or direct marketing.
    • E. To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
    • F. To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.
    • G. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.

    You may exercise any of the above rights by writing to us at our registered office at: Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland or by emailing us at dataprotectionofficer@zurich.ie

    In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.

    You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.

    Automated decision making and profiling

    Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention. We are allowed to use automated decision making in the following circumstances:

    1. 1.Where we have notified you of the decision and given you 21 days to request a re-consideration.
    2. 2.Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
    3. 3.In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

    If we make an automated decision on the basis of any Special Categories of Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

    You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.

    We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

    Data security

    We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.

    Details of these measures are available upon request.

    Third parties will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

    We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

    What will happen if we change our privacy policy?

    This Privacy Policy may change from time to time, and any changes will be posted on our Website and will be effective when posted. Please review this Privacy Policy each time you use our Website or our services. The date this Privacy Policy was last updated is shown next to the opening title.

    How can you contact us about data protection?

    You can contact us:

    • Zurich Customer Services on +353 (0)53 915 7775
    • dataprotectionofficer@zurich.ie
    • Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.

     

    Schedule One - Zurich Insurance Privacy Policy

  • Last updated: May 2018

    There are a number of factors influencing how long we will hold personal data, including but not limited to the following:
    • The regulatory rules set out in applicable laws and regulations or set out in codes issued by regulatory authorities.
    • The type of product that we have provided to you.
    • The type of data that we hold about you.
    • Whether the data relates to any ongoing, pending, threatened, imminent or likely litigation or investigation.
    As a general rule, we hold your information for the periods set out below:
    Category Retention
    Quotation information: 15 months for personal insurances and 3 years for commercial insurances
    Policy and Claims information 20/40 years after your policy has ceased or 20/40 years from the date of settlement of a claim under that policy, whichever is the later date *
    Employment applications 2 years

    *For non-motor policies that provide liability insurance cover (for example, household policies) we retain data for 40 years to enable us to deal with latent claims (situations where a claimant does not become aware of the damage or injury until a long time after it was caused). For all other policies we retain data for 20 years to enable us to deal with claims reported within the statute of limitations.

    After the above periods have been reached, we will anonymise your personal data. "Anonymisation" of data means processing it with the aim of irreversibly preventing the identification of the individual to whom it relates. Data can be considered anonymised when it does not allow identification of the individuals to whom it relates, and it is not possible that any individual could be identified from the data by any further processing of that data or by processing it together with other information which is available or likely to be available.