Online privacy policy

Zurich Insurance Company Ltd (hereinafter also referred to as "we"; see section 2) process personal data and non-personal data in connection with our websites (e.g. zurich.ch, including their sub-pages), with our apps, our presences on social media (see section 7 below) and our other electronic offers (together "online service offer"). Further information on the data privacy policy can be found under section 2.

In this data privacy policy, you will find information about how we process your data (we use the term "data" here synonymously with "personal data"), when you make use of our online service offer. 

For our products, services and other offers ("services"), you will find further details on the corresponding data processing in separate data privacy policies and  information, which you can usually find at www.zurich.ch/datenschutz. If you request services from us, or communicate with us in this regard and use our online service offer, this online data privacy policy applies in addition to the privacy policies for our services.

Where this privacy policy makes use of the masculine form for the sake of improved legibility, this of course refers to people of all genders.

We would be happy to help you if you have any questions (section2).

As a rule, Zurich Insurance Company Ltd ("ZIC"), with its registered office at Mythenquai 2, 8002 Zurich, is the party responsible for data processing under this data privacy policy. ZIC is an incorporated company under Swiss law.

If another company of the Zurich Group refers to this online data privacy policy for an online service offer, this company is the party responsible for the corresponding data processing, and this processing is governed by this online data privacy policy.

If you wish to contact us in this regard, please write to the following address:

Zurich Insurance Company Ltd 
Data Privacy
P.O. Box
CH 8085 Zurich
Switzerland
datenschutz@zurich.ch

If another company is the data controller for a processing operation according to this online data privacy policy, you may also contact that company. However, the easiest way to have your request processed is to contact us in each case.

3.1. When do we process personal online data?

As a rule, you can also use our online service offer without disclosing any personal data such as your name or e-mail address to us (subject to certain functions or content, e.g. when communicating with us). In this case, we can clearly assign the data collected in connection with the use of our online service offer (you will find further information on this below; e.g. an IP address and information on accessed content; together "online data") to specific visitors, but not to persons known by name. In this sense, online data is not personal in any way. 

However, if you provide us with your name, an e-mail address or other personal data via an online service offer (see below), we will process this data. In addition to this processing, it would also allows us to link you to online data that would otherwise be non-personal. In this case, we may collect online data in connection with your continued use of the online service offer on a personal basis, and we will merge online data with other data about you in our systems and process it on a personal basis for additional purposes. Further information on this can be found in this section 3 and under section 4.

3.2. Log data

Every time you use the online service offer, certain data is generated, so-called log data. This data is stored automatically for technical reasons.

Log data, including IP addresses, are not in themselves usually personal. 

3.3. Other behavioral data 

We collect additional data about your behavior in connection with the use of our online service offer. We also use cookies for this purpose. These are small text files that are stored in the browser or in the end device and that are read when the online service offer is accessed again. Cookies usually contain an anonymous identification number so that we can recognize returning visitors as such, as well as further information about the visitor's behavior or settings in the online service offer. Depending on the purpose of use (see section 4), a distinction can be made between required cookies, performance cookies and marketing cookies.

If you do not agree to the use of cookies, you can configure your browser so that it generally does not accept cookies or no cookies from us, or so that you are informed when a cookie is saved. You can also delete existing cookies. You will find information on this in the help menu of your browser. Our online service offer will remain usable, but certain functions may not be available or only to a limited extent. You can also install a browser plug-in that tells you if and when third parties can access your browser.

Other technologies can also record behavior within the online service offering in similar way to cookies.

Please note that when visiting our online service offer from outside Switzerland, we only collect the online data that is needed to ensure the online service offer functions correctly. We do not collect further online data using cookies or other technologies, as long as as we can recognize the geographical origin of the access. To enable us to make this distinction, we also collect data about your approximate location.

3.4. Disclosed personal data

As a rule, you can use our online service offer without providing any personal information. However, if you provide us with personal data via an online service offer (e.g. via a contact form, an offer inquiry, a quote, a premium calculator, as part of an online conclusion process, a notification of claim, or in a chat), we process the data provided during the process. 

Above all, we process online data for the following purposes. Further information on specific purposes can be found under figure5 ff. Please note that when you visit our online service offer from outside Switzerland, we generally refrain from using online data insofar as this is not necessary for essential purposes, such as the operation of the online service offer, for security and purely statistical purposes, and insofar as we can identify the geographical origin of the access.

Operation of the online service offer: Log data is recorded automatically when using the online service offer, which is why they are necessary for the operation of the online offer. We also require other online data, in particular data collected via cookies, in order to be able to provide certain functions of the online service offer. 

Provision of certain contents and functions: If you use the content and functions of our online service offer and provide us with data in the process, e.g. if you use a premium calculator, submit an insurance application via a website or register for a newsletter, we process the online data you provide in the process in accordance with the respective purpose of the function or content, e.g. to accept an application or a notification of claim or to communicate with you. 

Security and stability: We use online data to improve the security and stability of our online service offer (e.g. to recognize whether data is entered by a human or a bot in a contact form). As a rule, we do not require any personal data for this purpose (see section 3.1). To the extent that we can personally match the online data to you, we may use it for security and stability purposes to the extent necessary, but also on a personal basis.

Statistics: We use non-personal and personal online data for statistical purposes, i.e. for evaluations with the aim of obtaining certain information. For example, information on variations in the use of our online service offer. This information is aggregated, which means it is no longer personalized. You will find further details on this under section 5.

Improving offers: We use online data to continuously improve our online service offers, as well as other offers (e.g. by reacting to different types of usage or adapting or developing new content). We use performance cookies for this purpose, among other things (section 3.3). However, we only use online data for this purpose in aggregated form.

Market research and marketing: We also use online data for market research and marketing purposes, e.g. to send newsletters or to display advertisements within our online service offering and on third-party sites. We can also personalize the relevant content. We use marketing cookies for this purpose, among other things, but only use the online data in aggregated form. You will find further details on this under section 6. 

Communication: We use online data to communicate with you through electronic channels. To do this, we process the content of the communication process, but also log data regarding the type and time of the communication.

Compliance with legal and regulatory requirements: We may process online data to comply with laws, directives and recommendations from authorities and internal regulations. This includes the prevention, detection and investigation of criminal offenses and other violations, internal and external investigations and the disclosure of online data to a public authorities. 

Defense and enforcement of claims: We may use online data for civil and criminal legal action or defense in such proceedings. Within the scope of such procedures, your IP address may also be used for identification by the competent authorities, even if this initially has no personal reference for us. 

Other purposes in the course of our business operations: Our online offering serves our business operations. In this sense, the aforementioned processing of online data generally has the indirect purpose of facilitating and promoting our business operations. As mentioned under section 3, we may associate the data collected in connection with the online service - including data that is not personal in itself - with your person if you provide us with personal data such as your name or an e-mail address via an online service offer, and in this case we store the online data together with the other data we have about you. We may therefore use online personal data for any purpose for which we may also process other data about you, including personalized marketing. You will find further details on this in our own data privacy policy and information, which you can usually find at www.zurich.ch/datenschutz.

We use service providers to analyze the behavior of visitors to our online service offer. They may receive log data and other online data from us, and may themselves use cookies and similar technologies to collect online data about our online service offering. However, we do not give them any directly personal data such as your name or e-mail address.

We and our advertising partners have an interest in targeting specific groups with our advertising, i.e. only displaying the advertising to people we want to address, if possible. 

For this purpose, we and our advertising partners also use cookies that can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think will interest you on our website, but also on other websites that display advertisements from us or our advertising partners. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see fewer adverts, just other adverts.

This means advertising can be displayed that is tailored to you - in our online offers and on third-party sites.

We operate our own sites on social networks and other platforms (e.g. on Facebook, Instagram, LinkedIn, TikTok, Snapchat, Pinterest and YouTube). If you communicate with us there or comment on or disseminate content, we collect information for this purpose, which we use primarily for communication with you, for marketing purposes and for statistical evaluations (see section 3). The platforms may collect further online data, e.g. log data (section 3.2) and other details. Based on this, these platforms can evaluate how you use our online service offers (e.g. what content you view, what you comment on, "like" or share, etc.), and they can combine this behavioral data with other information about you (e.g. information about age or gender), and thereby create profiles about you, as well as statistics on usage of the site. The platforms use this information to personalize advertising and content, for market and user research, and to provide us and third parties with statistical user information. The respective providers also collect and use online data for their own purposes, possibly together with other data known to them, e.g. for marketing purposes or to personalize content. Insofar as we are jointly responsible with the provider, we enter into a corresponding agreement, about which you can obtain information from the respective provider (see below for Facebook). 

We process the data we receive from the platforms for the purposes described under section 4, in particular for communication, marketing purposes and market research. Content published by you (e.g. comments on public profiles and posts) may be redistributed by us (e.g. in our advertising on the platform or elsewhere), and we and the provider may delete content in accordance with the usage policy.

We send electronic newsletters to our customers in Switzerland, which also contain advertising for our offers and offers from group companies in Switzerland, but also for offers from other companies with which we cooperate. We ask for your consent beforehand, except when we promote certain offers to existing customers. 

In this regard, in addition to your name and e-mail address, we also process online data and other information about you so that we can personalize the content of our newsletters, including, for example, information about whether and when you open a newsletter, and which links you click on and when. For this purpose, our e-mail service provider provides a function that essentially works with invisible image data, which is loaded from a server via an encoded link and thereby transmits the relevant information. This is a common method that helps us to assess the effect of newsletters and to optimize our newsletters. You can avoid this by configuring your e-mail program accordingly (e.g. by switching off the automatic loading of image files).

We may also offer applications for installation on mobile devices ("apps") as part of the online service offer. During installation, the operator of the respective app store (e.g. Apple or Google) processes certain data for itself and according to its own data protection rules. 

When you use the app, we process data that you provide to us in the process (including, as the case may be, direct personal data such as name or e-mail address) and other online data, such as a unique mobile device identification number, your IP address, device information such as operating system information, and behavioral data (e.g. search queries, pages viewed and session duration) for the purposes set out under section 4.

Our online services are provided and handled in cooperation with third parties and service providers who may consequently receive data about you. Below you will find an overview of the categories of recipients to whom we may disclose personal data, and in section 9 you will find details of the service providers we use for our online service offering. 

Companies of the Zurich Group: If necessary, we may pass on the online data to other companies belonging to the Zurich Group. 

Public authorities and agencies: Within the scope of exercising rights, defending against claims and fulfilling legal requirements, we may disclose online data to public authorities, agencies, courts and other public bodies, for example, in relation to official, legal and pre- and extra-judicial proceedings, and within the scope of legal obligations to provide information and to cooperate. Public authorities are responsible for processing data about you that they receive from us.

Service providers: We work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us within their own sphere of responsibility. For example, we procure IT services such as hosting, support and maintenance, shipping services and testing from service providers. Our service providers are each subject to contractual and/or statutory confidentiality and data protection obligations. They may use such data for their own purposes in justified, exceptional cases, for example, information on outstanding debts and your payment history in the case of credit agencies or anonymized information for the purpose of improving services. For further information on service providers in the area of evaluations and statistics, please see section 8.

As explained above, as well as us, third parties and service providers also process online data. For example, your data may be transferred abroad if personal data is transmitted to other companies within the Zurich Group or to service providers. Your data may therefore be processed worldwide, including outside the EU or the European Economic Area (i.e. also in third countries such as the US). Many third countries do not currently have laws that guarantee a level of data protection equivalent to that provided by Swiss law. We therefore take contractual precautions to contractually compensate for the weaker statutory protection.

Please also note that data exchanged over the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

We process online data for the purposes stated in section 4 and evaluate it automatically for this purpose. This also includes so-called "profiling", i.e. the automated processing of data for analysis and forecasting purposes. Profiling is primarily used for marketing and security purposes. We may also create profiles, i.e. combine online data and possibly other data already known to us (see section 3.1) to better understand you as a person with your different interests and personal needs. In both cases, we pay attention to the appropriateness and reliability of the results and take measures against misuse of these profiles or profiling. 

In order to ensure the efficiency and uniformity of our decision-making processes, we can also automate decisions with the aid of a computer according to certain rules and without review by an employee.

We store your data for as long as our processing purposes, any retention periods and our legitimate interests in processing for documentation and evidence purposes require, or for as long as the storage is technically necessary. Therefore, the period for which we retain data depends on legal and internal regulations and on the purposes of processing (see section 4), which also include the protection of our interests, for example, to enforce or defend claims, or for documentation and evidence purposes. For more information on the lifetime of cookies, see section 3.2. 

Insofar as we can link online data to a specific person and store it accordingly together with other data known about that person (see section 3), the online data may be stored for longer period of time. Please also see our own data privacy policy and  information, which you can usually find at www.zurich.ch/datenschutz.

We handle online data confidentially and take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental alteration, unauthorized disclosure or access. We utilize recognized security standards such as ISO 27001. However, security risks cannot generally be ruled out completely; certain residual risks are unavoidable. 

When your data is transmitted via our web pages or apps, we protect it during transmission using suitable encryption mechanisms. However, we can only secure areas that are under our control. If you contact us by e-mail, you do so at your own risk and agree that we may respond to you at the sender's address via the same channel. If you send us e-mails via the Internet in unencrypted form, third parties may be able to access, view and manipulate them, and data can be lost or intercepted and/or manipulated by third parties. What's more, we take appropriate technical and organizational security measures to reduce the risk on our web pages and in our apps. However, your end device is outside the security area that lies within our control. You are therefore required to learn about the necessary safety precautions and to take appropriate measures in this regard.

Applicable data protection law grants you the right to object to the processing of your data in certain circumstances, in particular for direct marketing purposes, profiling used for direct marketing and other legitimate interests.

In order to make it easier for you to maintain control over the processing of your personal data, you have various rights in connection with our data processing under applicable law: 

• the right to request information from us as to whether we are processing your data, and which data we are processing; 
• the right to have data corrected by us if it is inaccurate;
• the right to object to our processing for specific purposes and to request the restriction or deletion of data unless we are obliged or entitled to continue processing it;
• the right to obtain from us the disclosure of certain personal data in a commonly used electronic format or to request that we transfer this to another controller;
• the right to revoke consent, provided our processing is based on your consent. 

If we inform you about an automated decision (section 5), you have the right to express your position on this and request that the decision be reviewed by a natural person. 

Please note that certain conditions must be met in order to exercise these rights and that exceptions or restrictions may apply (e.g. to protect third parties or trade secrets). We will inform you accordingly where necessary.

If you wish to exercise any rights against us, please contact us in writing (see section 2). To enable us to rule out abuse, we must identify you (for example, with a copy of an identity card, if not otherwise possible). You also have these rights in relation to other bodies who work with us under their own responsibility – please contact them directly if you wish to exercise any rights in relation to their processing. 

If you do not agree with our handling of your rights or data protection, please let us know via the contact details listed under section 2. You can contact the Swiss supervisory authority here: www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html and the Liechtenstein Supervisory Authority at www.datenschutzstelle.li.

This privacy policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.