By continuing to use the site you consent to use the cookies in accordance with our cookie policy

X

Zurich Insurance plc – Privacy Policy


Who are we?

What personal data do we collect from you?

What personal data do we collect about you, from third parties?

What personal data do we collect from you, about other people?

Why do we collect this personal data?

Who might we share your personal data with?

How long do we keep hold of your personal data and special categories of personal data?

Do we transfer your information outside the European Union or European Economic Area?

What are your rights with respect to your personal data and special categories of personal data?

Automated decision making and profiling

Data security

What will happen if we change our privacy policy?

How can you contact us about data protection?



This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate.

Zurich Insurance plc ('Zurich') processes Personal Data and Special Categories of Personal Data to provide and administer its insurance products and to provide related services. Depending on your relationship with us (for example, as a proposer, a policyholder, an insured person, a claimant or a candidate for a role with Zurich), we may collect different types of data relating to you. Further information is set out in this Privacy Policy.


Who are we?


We are Zurich Insurance plc (referred to as 'Zurich'), a public limited company incorporated in Ireland and registered under company number 13460. Our registered office is at Zurich House, Ballsbridge Park, Dublin 4. Zurich is a member of the global Zurich Insurance Group ('Group'). Zurich is ultimately owned by Zurich Insurance Company Ltd a company incorporated in Switzerland. Zurich is regulated by the Central Bank of Ireland.

Zurich sells insurance products ('Products') on a Freedom of Services ('FOS') basis and a Freedom of Establishment ('FOE') basis through branches in a number of European countries. This Privacy Policy relates to Products that are underwritten and administered in the Republic of Ireland.

Data Protection Definitions

We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.

Personal Data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Data Controller means the entity which, by itself or jointly with others, determines the purposes and means of processing Personal Data. Zurich is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.

This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or others provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.

When you become our customer, the processing of your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, will become a condition of the contract between us as we require certain information in order to be able to provide you with our products (e.g. contact information). In those circumstances, if you do not wish us to process your Personal Data and, in accordance with legal requirements, Special Categories of Personal Data, we may be unable to provide our services to you.

    If you have any queries on data protection, our Data Protection Officer may be contacted at:

  • Zurich Customer Services on +353 (0)53 915 7775
  • dataprotectionofficer@zurich.ie
  • Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.

Back to Top


What personal data do we collect from you?


    You may give us Personal Data and Special Categories of Personal Data:

  • By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
  • By applying for, or purchasing, one or more of our Products, either directly from us or via an authorised intermediary, advisor or another third party (e.g. your employer if you are a member of a group scheme);
  • By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
  • By corresponding with us if you are a third party claimant or beneficiary/claimant under a policy;
  • By setting up profiles or logging onto your profile on www.zurich.ie (our “website");
  • By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
  • When you supply us with goods or services;
  • By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
  • By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.
    Where appropriate, we may collect the following classes of Personal Data and/or Special Categories of Personal Data from and/or about you or any other person who may benefit from insurance coverage taken out or sought by you:

  • Contact and identifying information such as title, name, address (including Eircode), email address, telephone number, policy number, date and place of birth, gender, relationship status, VAT number, IP address, country of residence, years of residency, driving licence/permit details and passport details.
  • Financial information such as bank account details, credit/debit card details, credit history, records of payments and arrears and income details.
  • Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
  • Medical and health detailsincluding information related to personal habits (such as smoking or consumption of alcohol), medical history, details of any disability, injuries sustained (including any relevant pre-existing health conditions and any subsequent injuries) and prognosis for recovery.
  • Other Personal Data such as telephone recording, CCTV recording, audio visual images and recordings, photographic images, marketing preferences, insurance history, premium and renewal dates of policies with other insurers, and website usage information.
  • Other sensitive information such as details of any criminal convictions and offences (including penalty points), civil litigation history as well as pending prosecutions. We may also, in certain cases, receive information from which it may be possible to infer your trade union membership, religious or political beliefs (for example. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
  • Information pertaining to the risk insured such as description of the risk, value of the risk, premium, renewal date, location information (including geocoding information), motor tax and National Car Test (NCT)/Certificate of Road Worthiness (CRW) status, driving history and claims history.
  • Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, details of any other claims that you have made, as well as financial, medical, health and other lawfully obtained information relevant to your claim including PPS number and social welfare information.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.


Back to Top


What personal data do we collect about you, from third parties?


    Where appropriate, we may obtain Personal Data and/or Special Categories of Personal Data about you from the following third party sources:

  1. Your broker, advisor, or any other third party acting on your behalf (for example, your employer if you are a member of a group scheme), other insurance companies, financial institutions or anybody else insured under your policy of insurance;
  2. Without limitation:
    • The insurance industry's claims database known as InsuranceLink (for more information see www.inslink.ie).
    • The Integrated Information Data Service ('IIDS') which allows members of Insurance Ireland to verify information including penalty points and no-claims discount information provided by their customers.
    • The National Vehicle and Driver File, maintained and supported by the Department of Transport, Tourism and Sport, containing details of all registered vehicles in the State.
    • The Motor Insurance Anti-Fraud and Theft Register (MIAFTR) operated by the Association of British Insurers in the UK to log all insurance claims relating to written-off and stolen vehicles in the UK.
    • Third party vendors who provide data enrichment services (such as vehicle and claims history) to the insurance industry.
    • Geocoding databases to determine location based risk factors.
    • The Companies Registration Office and other business search tools.
  3. Distribution and affinity partners such as banks and mobile network operators through whom we distribute our Products or who introduce business to us;
  4. In the event of a claim or any incident that may give rise to a claim:
    • Any third parties involved in or witnesses to the incident.
    • Emergency services such as ambulance or fire services.
    • An Garda Síochána or other law enforcement agencies.
    • Experts or professionals (such as brokers, claim management companies, legal representatives, medical professionals, tradesmen, loss assessors, loss adjustors, accident investigators, other insurance companies, motor repairers, motor engineers, car hire providers and salvage providers) acting on your behalf as the claimant or on behalf of a third party entitled to indemnity under the policy.
    • The Personal Injuries Assessment Board.
    • Claims service providers and experts appointed by us during the handling of the claim (such as legal representatives, medical professionals, tradesmen, loss adjustors, accident investigators, motor repairers, motor engineers, car hire providers, salvage providers, consulting engineers, forensic engineers, architects and surveyors).
    • Private investigators in connection with the investigation of a claim.
    • Department of Employment Affairs and Social Protection in connection with the Recovery of Benefits and Assistance scheme.
  5. From searches of publicly available information, whether obtained online or through various media outlets or State and/or industry registers.

Back to Top


What personal data do we collect from you, about other people?


    Where appropriate, we may collect Personal Data and/or Special Categories of Personal Data from you that relate to people other than you, such as:

  • Employees, other persons entitled to indemnity under your policy (e.g. named drivers under a motor policy or family members covered under a travel policy), your broker or advisor, other claimants, any third parties involved in or witnesses to the incident giving rise to a claim, persons exercising a power of attorney, legal representatives, your medical professionals (e.g. GP), tradesmen, loss assessors, loss adjustors, accident investigators, motor repairers, or a referee (in the event of a job application).
  • When we receive documentary evidence from you, the documentation may contain Personal Data belonging to other people, not related to your policy or claim (e.g. a co-addressee on a bill). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.

Note: If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.


Back to Top


Why do we collect this personal data?


    We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our Products, to market our Products, to transact business, validate and settle any claims, to develop or enhance our online service and to recruit staff.

    Where appropriate, we will use this information:

  • To assess your needs and assess Product suitability (if a Product is being sold to you directly), undertake a risk assessment and evaluation in line with our underwriting protocols, determine the premium requirement and/or provide a quotation, in order to comply with our legal obligations and to enter into a contract with you;
  • To set you up as a policyholder or record you as a party entitled to indemnity under the policy so that we can fulfil our contract with you;
  • To communicate with you as part of our business relationship with you so that we can fulfil our contract with you;
  • To administer and renew your policy so that we can fulfil our contract with you;
  • To communicate with your broker, advisor or any third party acting on your behalf as part of our business relationship with you and in order to help us fulfil our contract with you;
  • To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
  • As part of our efforts to keep our websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;
  • To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interests. For further information please see our Cookie Policy
  • For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
  • To process your premium and other payments;
  • For claims management including investigating, assessing, processing, undertaking dispute resolution, settling claims and bringing and/or defending legal proceedings, which is necessary for compliance with our legal obligations and to help us fulfil our contract with you;
  • To make suggestions and recommendations to you and other users of our website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
  • To deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
  • To prevent, detect and investigate insurance fraud, as well as other offences including money laundering, and to assist An Garda Síochána or any other authorised investigatory body or authority with any inquiries or investigations;
  • To carry out research and analysis including analysis of our policyholders and others whose Personal Data we collect as set out in this Privacy Policy in accordance with our legitimate business interests;
  • For staff training and quality assurance purposes;
  • To manage and investigate complaints
  • To establish and defend legal rights, to protect our operations or those of our Group companies or business partners;
  • To comply with regulatory requirements;
  • For reinsurance purposes;
  • To check against international/economic or financial sanctions laws or regulated listings to comply with legal obligations or otherwise to protect our legitimate business interests and/or the legitimate interests of others.
    The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:

  • Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
  • Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (for example, in providing you with quotations and proposals about our services) and post contract (for further details, see the section titled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
  • Processing based on your consent where you have provided us with same, for example, if necessary in order to process a Special Category of Personal Data;
  • Processing data concerning health where necessary and proportionate for the provision of insurance policies;
  • Processing necessary for compliance with a legal obligation to which we are subject; and
  • Processing that you have provided consent for with respect to one or more specific purposes (for example, subscribing to a mailing list, entering a competition, submitting a request for information or communication).

Back to Top


Who might we share your personal data with?


We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group, partners of the Group and coinsurance and reinsurance companies, located in Ireland and abroad, including outside the European Economic Area ('EEA').

If you apply for or purchase one of our Products through a broker, advisor, or other third party, we will, as appropriate, correspond with that broker, advisor, or other third party relating to your Products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that broker, advisor, or other third party.

We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, and suppliers and sub-contractors, located in Ireland and abroad, including outside the EEA (for example, to provide you with our Products and for the performance of any contract we enter into with you or them). Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.


    In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets, as appropriate;
  • If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
  • If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations (including private investigators, where appropriate) for the purposes of fraud protection and credit risk reduction.

We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.

Please note, information about claims (whether by our customers or third-parties) is collected by us when a claim is made under a policy and placed on InsuranceLink. This information may be shared with other insurance companies, self-insurers or statutory authorities.

The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect customers. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.

Finally, where you have consented to our doing so, we may share information that you provide to companies within the Group and with other companies that we establish commercial links with so we and they may contact you (by email, SMS, telephone or other appropriate means) in order to tell you about carefully selected products, services or offers that we believe will be of interest to you.


Back to Top


How long do we keep hold of your personal data and special categories of personal data?


The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.

In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.


Back to Top


Do we transfer your information outside the European Union or European Economic Area?


Yes. Given the global nature of our business, our data is transferred to other countries. The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored in, Switzerland, which is outside the European Economic Area ('EEA') and for which there is an adequacy decision relating to the safeguards for Personal Data from the European Commission.

The Personal Data and Special Categories of Personal Data that we collect from you may also be transferred to, and stored in India, which is outside the EEA and for which there is no adequacy decision relating to the safeguards for Personal Data from the European Commission. Accordingly, appropriate safeguards have been put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer at dataprotectionofficer@zurich.ie or you can contact our Customer Services team on 053 915 7775.


Back to Top


What are your rights with respect to your personal data and special categories of personal data?


    You have the following rights:

  1. To access the Personal Data and Special Categories of Personal Data we hold about you.
  2. To require us to rectify any inaccurate Personal Data and Special Categories of Personal Data relating to you without undue delay.
  3. To have us erase any Personal Data and Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data and Special Categories of Personal Data (see our data retention policy).
  4. To object to us processing your Personal Data and Special Categories of Personal Data in specific circumstances, e.g. processing for direct marketing.
  5. To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
  6. To request a restriction of the processing of your Personal Data and Special Categories of Personal Data .
  7. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data and Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.

You may exercise any of the above rights by writing to us at: Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland or by emailing us at dataprotectionofficer@zurich.ie.

In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.

You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.


Back to Top


Automated decision making and profiling


Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention.

We use automated decision making, including profiling, in the following situations:

We use the information provided by you and obtained from third party sources about you, including your claims history and other factors relating to the risk proposed such as your address, your age and the type of vehicle you drive in order to undertake a risk assessment and to determine the appropriate premium.

During the underwriting process we may send some of your personal data to third party contractors in order to validate and obtain additional information relevant to the risk being proposed. We may also send your address details to a third party contractor to determine information about the area in which you live in order to assess any environmental risks (such as the potential flood risk).This is done in order to properly assess your risk profile which determines your premium and the insurance cover to be provided to you.

Underwriting is the process by which an insurance company assesses, accepts or rejects risks and classifies those selected, in order to charge an appropriate premium. The underwriting factors that must be evaluated to complete the underwriting process depend on the insurance product the customer is interested in; each product requires different categories of information to assess the risk profile of the proposer. We use an algorithm or internal model, which uses complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. The algorithm and internal models are Zurich confidential intellectual property. As a result we cannot provide any further details of how they work in this Privacy Policy.

Where we base a decision on solely automated decision making, you will always be entitled to have a person review the decision so that you can contest it and to elaborate on your specific circumstances and make a personal representation.


Back to Top


Data security


We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.

Details of these measures are available upon request.

Third parties acting on our behalf will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


Back to Top


What will happen if we change our privacy policy?


This Privacy Policy may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this Privacy Policy each time you use our website or our services.


Back to Top


How can you contact us about data protection?


    You can contact us:

  • Zurich Customer Services on +353 (0)53 915 7775
  • dataprotectionofficer@zurich.ie
  • Data Protection Officer, Zurich Insurance plc, FREEPOST, Zurich Insurance, PO Box 78, Wexford, Ireland.

Back to Top


SCHEDULE ONE

Third Parties with whom we may share your Personal Data and/or Special Categories of Personal Data.

Agents, Tied Agents, Managing General Agents, Brokers and Advisors
Electronic Data Interchange (EDI) Service Providers
Actuarial Consultants
Claims Handling Administrators
Claims Investigators(including Private Investigators)
Claims Service Providers (including Loss Adjustors, Motor Engineers, Motor Damage Repairers and Car Hire Providers)
Fraud Detection Service Providers
Law Enforcement Agencies and Fraud Prevention Agencies
Legal Advisors
Medical Professionals ( including Doctors, Nurses and Dentists)
Personal Representatives
Relatives and Guardians
Third party claimants and/or their representatives where legally required
Credit Check Companies
Financial Institutions
Other companies in the Zurich Insurance Group
Direct Marketing and Marketing Service Providers
Archive/Shredding Companies
Courier Delivery Service Providers
Document Management Providers (including Web-Scanning Service Providers)
External Printing and Posting Service Providers
IT Cloud Hosting and Cloud Service Providers
IT Service and Support Providers (including Back-up Providers, Data Centre Providers, Consultants, Web-Hosting Providers, Email Providers, Outsourced Service Providers)
Operations Support Service Providers
Outsourced Service Providers
Industry and trade bodies
Internal and External Auditors
Relevant government departments and statutory bodies such as the Personal Injuries Assessment Board
Revenue Authorities
Motor Insurers Bureau of Ireland
Regulators and competent authorities such as the Data Protection Commission, the Revenue Commissioners, the Central Bank of Ireland, and the Financial Services Ombudsman;
Third Party Support Providers for Regulatory, Sanctions and Anti-Money Laundering Law Compliance
Data Enrichment services providers
Other insurance companies and/or their agents
Reinsurance companies