Depending on the occasion and purpose, we process different data from different sources. Information on the purposes of this processing can be found in sub-paragraph 4.
We primarily collect this data directly from you, for example, when you submit an insurance application to us, when you communicate with us, when you contact us through an intermediary, or when you report a claim. However, we may also obtain data from other sources (referred to as "third parties"). You will find further details on this in this sub-paragraph 3.
We primarily process the categories of data described below, although this list is not exhaustive. If data changes over time (for example, if an address changes or in the event of another modification), we may retain the previous status in addition to the current status.
Master data: We use the term "master data" to refer to the basic data that we require, in addition to the contractual data (see below), to process our contractual and other business relationships or for marketing and advertising purposes. We process your master data if, for example, you are a policyholder or an employee of another insurer or a supplier, or because we want to address you for our own purposes or the purposes of a contractual partner (such as in marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.; you will find further details on this in sub-paragraph 4 ).
Master data primarily includes information such as your name, address, email address, telephone number and other contact details, date and place of birth, age, gender, nationality and hometown, details from identification documents (such as from your passport or ID card), your customer number and other details such as your tax number or tax country.
This data also includes information about relationships with third parties who are also affected by the data processing. In the case of motor vehicle insurance, for example, this would be information (such as name, date of birth or nationality) on the most frequent driver; in the case of collective personal insurance, this would be information about on the insured employees or, in the case of life insurance, this would be information on the beneficiary or the beneficial owner, as well as correspondence recipients, premium payers and other persons involved in the contract and, if applicable, information about family members.
In the case of customers and other contractual partners who are companies, we process data concerning our contact persons, this may include name and address, details of titles, position in the company, qualifications and, where applicable, details of supervisors and employees. Depending on the area of activity, we are also required to check the company in question and its employees more closely, for example, by carrying out a security audit. In this case, we collect and process additional data, if necessary also from third party providers.
We often obtain master data from you, for example in application documents, but we may also obtain data from third parties such as providers of address updates or the commercial register.
Contract and claims data: This is information that accrues in connection with the conclusion or processing of a contract, such as details relating to the insured risk and in connection with settling of claims. This also includes health data and information about third parties such as injured parties and other involved parties. We may also obtain this kind of data from third parties such as intermediaries, public authorities and agencies, employers, other insurers, banks, medical providers and experts, Car Claims Info and the HIS information system or from external lawyers. By submitting an insurance application or notification of a claim or benefit, you release these offices from any non-disclosure obligations.
This data includes information about the conclusion of the contract (including consultations and our assessment of the risks), about your contracts, for example the type and date of contract conclusion and information stemming from the application process such as material risk factors and further information about the contract in question (such as insured risk, insured object, sum insured, salary amounts, premium, duration of contract, details of prior and additional insurance policies) as well as details of any previous claims and information stemming from the processing and administration of the contracts (such as details provided in the context of invoicing, advice and customer service). Contract data also includes information about complaints about and adjustments to a contract, as well as information about customer satisfaction, which we may collect, for example, by means of surveys.
When settling claims, we process additional data such as the notification of claims, claim number, amount of claims, details of third parties, for example, injured parties and persons involved such as co-drivers and other details in connection with the assessment of the claim, including particularly sensitive personal data such as health data. To do this, we cooperate with third parties such as experts, doctors and other service suppliers, from whom we also receive data – including health data – where applicable with your separate release declaration. We also participate in HIS, a notification and information system used by the insurance industry, and process information about certain circumstances in connection with claims reviews in the case of motor vehicle, liability, building, contents, technical and other property insurance, which we may report to and retrieve from HIS. In the event of a positive query result, we may share related data with other insurers with your separate consent. Further information on HIS can be found under sub-paragraph 4.
Depending on the insurance product, we process additional data in connection with the insurance contract, for example
- in the case of security deposit insurance and, in particular, rental security deposit insurance, this may include information on the deposit, on coinsured persons, correspondence recipients, landlords, property managers, rented property, previous insurance policies, material risk factors, outstanding debt enforcement proceedings and the companies involved, as well as data from any documents that may be attached, such as rental agreements, liability policies, business reports and business plans, and also information on surety recipients;
- in the case of construction insurance and contractor’s liability insurance, this may include details of the property under construction, material risk factors, the concerned activity, sureties, turnover, salary amounts, association memberships, as well as details of contact persons, correspondence recipients, surety and guarantee beneficiaries, joint venture partners and brokers;
- in the case of buildings insurance, this may include details of financing and ownership of land and residential property, location, type of building, construction type, purchase price, further details of the property including photographic documentation, as well as details of new owner if applicable;
- in the case of household contents insurance, this may include information concerning the livingand housing situation, such as number of rooms, canton of residence, value of household contents, ownership situation, number of persons in the same household;
- in the case of property and technical insurance, this may include details of the type of business, make, model, value and age of the items to be insured, photographs and proof of purchase for these items, information about their location, previous insurance policies, material risk factors, NOGA code, legal form, annual turnover, business inventory, main and secondary place of insurance, AHV annual salary sum, fee sum, fire extinguishing conditions, construction class, security devices for fire and theft, as well as details of coinsured persons, operators, property owners, suppliers, auditing companies and clients entrusted with audits, guarantee beneficiaries, assignees and brokers;
- in the case of liability insurance, this may include details of activity or event, previous insurances, material risk factors, living and residential situation and canton of residence. Where necessary, we also process company data such as salary amounts, turnover, turnover splits, personnel data and other data regarding operations, products and services, as well as information about contracts with customers, buyers and contractual partners, as well as data on training, coinsured persons, contact persons, operators, property owners and data from use, easement and cooperation contracts;
- in the case of accident and daily sickness benefits insurance, this may include information on the company, location, the persons to be insured, their workloads and salary amounts, information on their state of health and previous accidents or illnesses, as well as information on previous insurers, co-insurers and reinsurers, recipients of correspondence, involved doctors and brokers;
- in the case of motor vehicle insurance, this may include information on the license plate, vehicle and mileage (such as information on loss of driver's license), no-claims classes, events of a loss (bonus/penalty) and vehicle financing, as well as use in a private or commercial capacity. It may also include data from Car Claims Info, a system for combating abuse in the area of motor vehicle insurance (further information on Car Claims Info can be found under sub-paragraph 4), information about health status, date of birth, gender and nationality and information about the previous check as to whether a claim has already been paid by another insurance company;
- in the case of guarantee insurance for motor vehicles and real estate warranty, this may include information on the make, model, motorization, license plate, type certificate and chassis number in the case of motor vehicles or type of property, year of construction, age of the individual components as well as further details about the real estate including photo documentation and, if applicable, details of the new owner in the case of real estate;
- in the case of transport insurance, this many include details of transported annual turnover, means and routes of transport, previous insurances and material risk factors;
- in the case of life insurance, this may include information on family and financial situation (such as number of people in the same household, occupation and branch of activity), on health and capacity for work, as well as on material risk factors and previous insurance polices, information on the various parties involved in the contract, as well as contact details of attending physicians.
Financial data: This is data relating to financial circumstances, payments and the securing of claims.
This data may include information on income from employment, pensions and income from capital investments, additional details about assets and information about your risk and investment profile, your risk tolerance and your knowledge and experience in relation to financial products. It may also include information used to determine creditworthiness (i.e. information which allows conclusions to be drawn about the likelihood that claims will be settled) and information concerning the origin of assets, as well as data regarding the payment of premiums (including bank details, account numbers and credit card details), payment reminders and the collection of claims (e.g. premium claims).
We receive this data from you, for example, in the context of payments that you make, as well as from credit agencies and from publicly accessible sources.
Behavioral and preference data: Despite our large number of customers, we strive to get to know you better and to tailor our advice and offers to you in the best possible way. We therefore process certain data about you and your behavior. By ‘behavioral data’, we mean data about your behavior in the context of your interactions with us. We may combine this information with other information, including information from third parties, to determine whether you may have an interest in or need for certain Zurich products or services (preference data).
Behavioral data is information about certain actions, for example, payments, your use of electronic communications (such as whether and when you opened an email), your use of our websites (such as your location and other information when you use a website of ours; please see the relevant separate privacy policies), your purchases of products and services from us, your interaction with our social media profiles, contacts with intermediaries and your participation in events, competitions contests and similar events.
Preference data tells us, for example, what your likely needs are, what products or services might be of interest to you, or when and how you are likely to respond to messages from us; this helps us to get to know you better, tailor our advice and offers more accurately to you and generally improve our offers. We obtain this information from analysis of existing data such as behavioral data.... In order to improve the quality of our analyses, we may combine this data with other data that we also obtain from third parties such as address dealers, websites and government offices; this may include information on your household size, income class and purchasing power, shopping behavior, contact details of relatives and anonymous information from statistical offices.
Communication data: This is data relating to our communications with you and information concerning your use of our website (for further details of this, please see the separate privacy policy at www.zurich.ch/datenschutz). If you contact us via the contact form, email, telephone or chat, by letter or by any other means of communication, we record the data that is exchanged between you and us, your contact details and other information about the communication (metadata). If we record telephone conversations, we will draw your attention to this fact. If we want or need to establish your identity, for example, in the context of a request for information, application for media access, etc., we collect data to identify you (such as a copy of an identity document).
Communication data includes your name and contact details, the manner, place and time of the communication and its content, such as details in emails or letters from you or to you or from third parties or to third parties, if the latter also relate to you. We collect communication data, for example, when you contact us via our Customer Service or a Customer Consultant or via a website or app, or chatbot on the internet.
Other data: We also collect data from you in other situations, which we cannot exhaustively list in this Privacy Policy.
For example, data (such as files or evidence) accrues in connection with official or judicial proceedings, and some of this may also relate to you. We may also collect data for health protection reasons (for example, in the context of protection concepts). We may obtain or produce photographs, videos and audio recordings in which you may be identifiable (for example, at events, via security cameras etc.). We may also collect data about who enters certain buildings and when (including in the case of access controls, on the basis of registration data or visitor lists, etc.), who participates in events or campaigns (such as competitions) and when or who uses our infrastructure and systems .
We obtain the above information from you, but may also obtain it from third parties.
These third parties may include other Zurich Group companies and intermediaries, credit reporting agencies, media monitoring companies, financial service suppliers and banks from which you transfer assets to us or make transfers to us, address dealers, internet analysis services, public authorities, other insurers, parties to proceedings and publicly available sources such as the commercial register, media and sources on the Internet, public registers, media, etc.
The data we process in accordance with this Privacy Policy relates not only to our customers, but also partially to third parties (you will find information on this in sub-paragraph 1). If you provide us with information about third parties, we shall assume that you are authorized to do so and that the information is accurate. By transmitting data about third parties, you confirm this fact. Therefore, please inform these third parties about our processing of their data and provide them with a copy of this Privacy Policy or the Customer Information Sheet on Data Protection. If we refer you to a new version of these documents, please also hand over these new versions in each case.
With the exception of certain individual cases, such as in the context of binding protection concepts (legal obligations), you are not obliged to disclose data to us. However, for legal and operational reasons, we must process extensive data to establish and process the contractual relationship, inclusive of claims settlement. If you do not wish to provide us with this data (in particular master data, contract and claims data, financial data and general behavioral data), we will therefore not be able to review, enter into or continue a contractual relationship. When using our website, it is not possible to avoid technical data processing. If you wish to gain access to certain systems or buildings, you will need to provide us with registration details.
We only make certain offers available to you – such as the use of a Zurich online portal or that of one of our partners, online claims reporting or participation in a virtual event – when you provide us with registration data, because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically necessary or because we want to communicate with you. If you or someone you represent (such as your employer) wish to enter into or perform a contract with us, we need to collect relevant master, contract and communication data from you, and we process technical data when you use our website or other electronic offers. If you do not provide us with the data required to conclude and perform the contract, you must expect that we will refuse to conclude the contract, that you will be in breach of contract or that we will not be able to perform a contract. Likewise, we can only send you a response to a request you have made if we process the relevant communication data and, if you communicate with us online, technical data as well. It is not possible to use our website without us receiving technical data. And when you interact with us or we interact with you, behavioral data is generated.