Woman at the computer

Online privacy policy

In the online privacy statement, you will find information on how and for what purpose your personal data is collected and processed when you visit us on zurich.ch or on social media or contact us via chat.

1.

What does this privacy policy concern?

Zurich Insurance Company Ltd (hereinafter also referred to as "we"; see section 2) process personal data and non-personal data in connection with our websites (e.g. zurich.ch, including their sub-pages), with our apps, our presences on social media (see section 7 below) and our other electronic offers (together "online service offer"). Further information on the data privacy policy can be found under section 2.

Details

"Personal data" is data relating to an identified or identifiable person, in other words, the data or corresponding additional data can be used to make inferences about their identity. "Sensitive personal data" (also "special categories of personal data") is a category of personal data whose processing may be subject to special requirements. Sensitive personal data may include data from which ethnic origin can be discerned, data relating to health, data concerning religious or philosophical beliefs, biometric data for identification purposes and data concerning trade union membership. Under section 3, you will find details of the data that we process within the scope of this Privacy Policy. 

"Editing" (also "processing") means any handling of personal data, e.g. obtaining, storing, using, disclosing and deleting.

In this data privacy policy, you will find information about how we process your data (we use the term "data" here synonymously with "personal data"), when you make use of our online service offer. 

For our products, services and other offers ("services"), you will find further details on the corresponding data processing in separate data privacy policies and  information, which you can usually find at www.zurich.ch/datenschutz. If you request services from us, or communicate with us in this regard and use our online service offer, this online data privacy policy applies in addition to the privacy policies for our services.

Where this privacy policy makes use of the masculine form for the sake of improved legibility, this of course refers to people of all genders.

We would be happy to help you if you have any questions (section2).

2.

Who is responsible for processing your data?

As a rule, Zurich Insurance Company Ltd ("ZIC"), with its registered office at Mythenquai 2, 8002 Zurich, is the party responsible for data processing under this data privacy policy. ZIC is an incorporated company under Swiss law.

If another company of the Zurich Group refers to this online data privacy policy for an online service offer, this company is the party responsible for the corresponding data processing, and this processing is governed by this online data privacy policy.

Details

For each data processing operation, there are one or more bodies who bear primary responsibility for ensuring that the data processing complies with the requirements of data privacy law. This body is referred to as the "data controller". It is responsible, among other things, for responding to requests for information (section 10) or for ensuring that personal data is secure and not used in a way that deviates from what we tell you or from what is permitted by law. Details of third parties with whom we cooperate and who are responsible for their own processing can be found in section 3 and under section 6.

If you wish to contact us in this regard, please write to the following address:

Zurich Insurance Company Ltd 
Data Privacy
P.O. Box
CH 8085 Zurich
Switzerland
datenschutz@zurich.ch

If another company is the data controller for a processing operation according to this online data privacy policy, you may also contact that company. However, the easiest way to have your request processed is to contact us in each case.

3.

What data do we process in connection with the online service offer?

3.1. When do we process personal online data?

As a rule, you can also use our online service offer without disclosing any personal data such as your name or e-mail address to us (subject to certain functions or content, e.g. when communicating with us). In this case, we can clearly assign the data collected in connection with the use of our online service offer (you will find further information on this below; e.g. an IP address and information on accessed content; together "online data") to specific visitors, but not to persons known by name. In this sense, online data is not personal in any way. 

However, if you provide us with your name, an e-mail address or other personal data via an online service offer (see below), we will process this data. In addition to this processing, it would also allows us to link you to online data that would otherwise be non-personal. In this case, we may collect online data in connection with your continued use of the online service offer on a personal basis, and we will merge online data with other data about you in our systems and process it on a personal basis for additional purposes. Further information on this can be found in this section 3 and under section 4.

3.2. Log data

Every time you use the online service offer, certain data is generated, so-called log data. This data is stored automatically for technical reasons.

Details

This includes, in particular, the following data:

  • IP address of the PC, tablet, smartphone etc. used ("end device");
  • Details of the Internet service provider;
  • Information about the operating system of the end device and the browser used;
  • Details of the referring URL (origin);
  • Date and time of access; 
  • Content accessed.

Log data, including IP addresses, are not in themselves usually personal. 

3.3. Other behavioral data 

We collect additional data about your behavior in connection with the use of our online service offer. We also use cookies for this purpose. These are small text files that are stored in the browser or in the end device and that are read when the online service offer is accessed again. Cookies usually contain an anonymous identification number so that we can recognize returning visitors as such, as well as further information about the visitor's behavior or settings in the online service offer. Depending on the purpose of use (see section 4), a distinction can be made between required cookies, performance cookies and marketing cookies.

Details
  • Required cookies: Certain cookies are required for the online service offer to function correctly. These cookies have an expiry date of up to 12 months. 
  • Performance cookies: We use cookies to collect and analyze information about the use of our online services so that we can improve the content and presentation of our online services and tailor them to the needs of users (see section 5). These cookies can also remain stored after a website visit. Performance cookies have an expiry date of up to 12 months. 
  • Marketing cookies: We and our advertising partners use marketing cookies to record the content accessed and other actions within the online service offering (see section6). These cookies usually have an expiry date of a few days and up to 18 months.

If you do not agree to the use of cookies, you can configure your browser so that it generally does not accept cookies or no cookies from us, or so that you are informed when a cookie is saved. You can also delete existing cookies. You will find information on this in the help menu of your browser. Our online service offer will remain usable, but certain functions may not be available or only to a limited extent. You can also install a browser plug-in that tells you if and when third parties can access your browser.

Other technologies can also record behavior within the online service offering in similar way to cookies.

Details

With "pixels", invisible image files are loaded in a web page or an e-mail via a coded link from a server that records the corresponding access and the data transmitted with the link. This can also be used to record behavior within the online service offer.

Please note that when visiting our online service offer from outside Switzerland, we only collect the online data that is needed to ensure the online service offer functions correctly. We do not collect further online data using cookies or other technologies, as long as as we can recognize the geographical origin of the access. To enable us to make this distinction, we also collect data about your approximate location.

3.4. Disclosed personal data

As a rule, you can use our online service offer without providing any personal information. However, if you provide us with personal data via an online service offer (e.g. via a contact form, an offer inquiry, a quote, a premium calculator, as part of an online conclusion process, a notification of claim, or in a chat), we process the data provided during the process. 

4.

For what purposes do we process online data?

Above all, we process online data for the following purposes. Further information on specific purposes can be found under figure5 ff. Please note that when you visit our online service offer from outside Switzerland, we generally refrain from using online data insofar as this is not necessary for essential purposes, such as the operation of the online service offer, for security and purely statistical purposes, and insofar as we can identify the geographical origin of the access.

Operation of the online service offer: Log data is recorded automatically when using the online service offer, which is why they are necessary for the operation of the online offer. We also require other online data, in particular data collected via cookies, in order to be able to provide certain functions of the online service offer. 

Details

For example, we may store information about your settings (e.g. language selection) in cookies and read it out on your next visit, and we may cache data you enter (e.g. information in a premium calculator or as part of an online purchase) for the duration of your visit so that it is not lost when you use different parts of the online service offer. We do not require any personal data for the purpose of operating the online service offer.

Provision of certain contents and functions: If you use the content and functions of our online service offer and provide us with data in the process, e.g. if you use a premium calculator, submit an insurance application via a website or register for a newsletter, we process the online data you provide in the process in accordance with the respective purpose of the function or content, e.g. to accept an application or a notification of claim or to communicate with you. 

Security and stability: We use online data to improve the security and stability of our online service offer (e.g. to recognize whether data is entered by a human or a bot in a contact form). As a rule, we do not require any personal data for this purpose (see section 3.1). To the extent that we can personally match the online data to you, we may use it for security and stability purposes to the extent necessary, but also on a personal basis.

Statistics: We use non-personal and personal online data for statistical purposes, i.e. for evaluations with the aim of obtaining certain information. For example, information on variations in the use of our online service offer. This information is aggregated, which means it is no longer personalized. You will find further details on this under section 5.

Improving offers: We use online data to continuously improve our online service offers, as well as other offers (e.g. by reacting to different types of usage or adapting or developing new content). We use performance cookies for this purpose, among other things (section 3.3). However, we only use online data for this purpose in aggregated form.

Market research and marketing: We also use online data for market research and marketing purposes, e.g. to send newsletters or to display advertisements within our online service offering and on third-party sites. We can also personalize the relevant content. We use marketing cookies for this purpose, among other things, but only use the online data in aggregated form. You will find further details on this under section 6. 

Communication: We use online data to communicate with you through electronic channels. To do this, we process the content of the communication process, but also log data regarding the type and time of the communication.

Compliance with legal and regulatory requirements: We may process online data to comply with laws, directives and recommendations from authorities and internal regulations. This includes the prevention, detection and investigation of criminal offenses and other violations, internal and external investigations and the disclosure of online data to a public authorities. 

Defense and enforcement of claims: We may use online data for civil and criminal legal action or defense in such proceedings. Within the scope of such procedures, your IP address may also be used for identification by the competent authorities, even if this initially has no personal reference for us. 

Other purposes in the course of our business operations: Our online offering serves our business operations. In this sense, the aforementioned processing of online data generally has the indirect purpose of facilitating and promoting our business operations. As mentioned under section 3, we may associate the data collected in connection with the online service - including data that is not personal in itself - with your person if you provide us with personal data such as your name or an e-mail address via an online service offer, and in this case we store the online data together with the other data we have about you. We may therefore use online personal data for any purpose for which we may also process other data about you, including personalized marketing. You will find further details on this in our own data privacy policy and information, which you can usually find at www.zurich.ch/datenschutz.

 
5.

How do we obtain evaluations and statistics?

We use service providers to analyze the behavior of visitors to our online service offer. They may receive log data and other online data from us, and may themselves use cookies and similar technologies to collect online data about our online service offering. However, we do not give them any directly personal data such as your name or e-mail address.

Details

Two of the most important service providers are Google and Hotjar. You will find further details below. Other service providers usually process online data in a similar way:

  • Google Analytics: We use the "Google Analytics" analysis service operated by a Google company in Ireland ("Google"). During this process, data about visitor behavior in our online service offer (duration and frequency of page views, content retrieved, geographical origin of access, etc.) is recorded by performance cookies (section 3.3), and based on this Google creates evaluations regarding the utilization of our online service offer for us. Google uses Google LLC in the USA as an order processor, whereby IP addresses (which are the most likely way to identify individual persons) are shortened before being forwarded to Google LLC. We have deactivated the settings "Data forwarding" and "Signals". Nevertheless, we cannot rule out the possibility that Google may draw conclusions about the identity of visitors for its own purposes from the online data collected, create personal profiles and link this data to Google accounts. Information on Google Analytics data privacy can be found at https://support.google.com/analytics/answer/6004245, and if you have a Google account, you can find details of Google's processing at https://policies.google.com/technologies/partner-sites?hl=en. You can deactivate Google Analytics by installing a browser extension via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
  • Another example of a service for the statistical analysis of our users' needs is Contentsquare, a service provided by Contentsquare GmBH Munich, Germany. Contentsquare works with cookies and other technologies (sub-paragraph 3.3) to collect data about the behavior of users of our online offering. Among other things, the IP address of the end device (which is shortened directly and only used to identify the geolocation, not as precise as a city. The IP address is not stored), screen size, device type, information about the browser used and the location (only the country) and language setting of the browser are collected. Contentsquare stores this information in a pseudonymized user profile (IP address is not stored) and uses it for evaluations with which we can better understand the needs of the users of the online offer, improve the online offer and better align it to the needs of our users. Further information can be found on Contentsquare’s Privacy Engagement help page (https:/contentsquare.com/de-de/privacy-center/).
6.

How do we carry out online marketing?

We and our advertising partners have an interest in targeting specific groups with our advertising, i.e. only displaying the advertising to people we want to address, if possible. 

For this purpose, we and our advertising partners also use cookies that can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think will interest you on our website, but also on other websites that display advertisements from us or our advertising partners. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will not see fewer adverts, just other adverts.

This means advertising can be displayed that is tailored to you - in our online offers and on third-party sites.

7.

How do we appear on social networks?

We operate our own sites on social networks and other platforms (e.g. on Facebook, Instagram, LinkedIn, TikTok, Snapchat, Pinterest and YouTube). If you communicate with us there or comment on or disseminate content, we collect information for this purpose, which we use primarily for communication with you, for marketing purposes and for statistical evaluations (see section 3). The platforms may collect further online data, e.g. log data (section 3.2) and other details. Based on this, these platforms can evaluate how you use our online service offers (e.g. what content you view, what you comment on, "like" or share, etc.), and they can combine this behavioral data with other information about you (e.g. information about age or gender), and thereby create profiles about you, as well as statistics on usage of the site. The platforms use this information to personalize advertising and content, for market and user research, and to provide us and third parties with statistical user information. The respective providers also collect and use online data for their own purposes, possibly together with other data known to them, e.g. for marketing purposes or to personalize content. Insofar as we are jointly responsible with the provider, we enter into a corresponding agreement, about which you can obtain information from the respective provider (see below for Facebook). 

We process the data we receive from the platforms for the purposes described under section 4, in particular for communication, marketing purposes and market research. Content published by you (e.g. comments on public profiles and posts) may be redistributed by us (e.g. in our advertising on the platform or elsewhere), and we and the provider may delete content in accordance with the usage policy.

Details

You can find further information on the processing activities of the platform operators (e.g. to which countries data is disclosed or which data subject rights you have) in the privacy policies of the providers:

8.

How do we process data for newsletters?

We send electronic newsletters to our customers in Switzerland, which also contain advertising for our offers and offers from group companies in Switzerland, but also for offers from other companies with which we cooperate. We ask for your consent beforehand, except when we promote certain offers to existing customers. 

In this regard, in addition to your name and e-mail address, we also process online data and other information about you so that we can personalize the content of our newsletters, including, for example, information about whether and when you open a newsletter, and which links you click on and when. For this purpose, our e-mail service provider provides a function that essentially works with invisible image data, which is loaded from a server via an encoded link and thereby transmits the relevant information. This is a common method that helps us to assess the effect of newsletters and to optimize our newsletters. You can avoid this by configuring your e-mail program accordingly (e.g. by switching off the automatic loading of image files).

9.

How do we process data in apps?

We may also offer applications for installation on mobile devices ("apps") as part of the online service offer. During installation, the operator of the respective app store (e.g. Apple or Google) processes certain data for itself and according to its own data protection rules. 

When you use the app, we process data that you provide to us in the process (including, as the case may be, direct personal data such as name or e-mail address) and other online data, such as a unique mobile device identification number, your IP address, device information such as operating system information, and behavioral data (e.g. search queries, pages viewed and session duration) for the purposes set out under section 4.

Details

Our processing of online data generally corresponds with the information above (cf. section 3 on the data processed, section 4 on the processing purposes, and section 5 on evaluations and statistics), even if the technologies used differ to a certain extent. For example, we use Google Analytics for Firebase, an analysis service from Google, which essentially works like Google Analytics described in section 5.

10.

Who else do we disclose your information to?

Our online services are provided and handled in cooperation with third parties and service providers who may consequently receive data about you. Below you will find an overview of the categories of recipients to whom we may disclose personal data, and in section 9 you will find details of the service providers we use for our online service offering. 

Companies of the Zurich Group: If necessary, we may pass on the online data to other companies belonging to the Zurich Group. 

Public authorities and agencies: Within the scope of exercising rights, defending against claims and fulfilling legal requirements, we may disclose online data to public authorities, agencies, courts and other public bodies, for example, in relation to official, legal and pre- and extra-judicial proceedings, and within the scope of legal obligations to provide information and to cooperate. Public authorities are responsible for processing data about you that they receive from us.

Service providers: We work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us within their own sphere of responsibility. For example, we procure IT services such as hosting, support and maintenance, shipping services and testing from service providers. Our service providers are each subject to contractual and/or statutory confidentiality and data protection obligations. They may use such data for their own purposes in justified, exceptional cases, for example, information on outstanding debts and your payment history in the case of credit agencies or anonymized information for the purpose of improving services. For further information on service providers in the area of evaluations and statistics, please see section 8.

11.

Do we disclose personal data abroad?

As explained above, as well as us, third parties and service providers also process online data. For example, your data may be transferred abroad if personal data is transmitted to other companies within the Zurich Group or to service providers. Your data may therefore be processed worldwide, including outside the EU or the European Economic Area (i.e. also in third countries such as the US). Many third countries do not currently have laws that guarantee a level of data protection equivalent to that provided by Swiss law. We therefore take contractual precautions to contractually compensate for the weaker statutory protection.

Details

For this purpose, we generally use the standard contractual clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC) (for further details and a copy of these clauses, please see www.edoeb.admin.ch), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply, in particular, in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have granted your consent or if it is a matter of data that you have made generally accessible and whose processing you have not objected to.

The contractual provisions mentioned above can partially compensate for this weaker or missing legal protection, but they cannot eliminate all risks (namely of state access abroad). You should be aware of these residual risks, even though the risk may be low in individual cases and we have taken measures, such as pseudonymization or anonymization to minimize it.

Please also note that data exchanged over the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

12.

What applies in the case of profiling and automated individual decisions?

We process online data for the purposes stated in section 4 and evaluate it automatically for this purpose. This also includes so-called "profiling", i.e. the automated processing of data for analysis and forecasting purposes. Profiling is primarily used for marketing and security purposes. We may also create profiles, i.e. combine online data and possibly other data already known to us (see section 3.1) to better understand you as a person with your different interests and personal needs. In both cases, we pay attention to the appropriateness and reliability of the results and take measures against misuse of these profiles or profiling. 

In order to ensure the efficiency and uniformity of our decision-making processes, we can also automate decisions with the aid of a computer according to certain rules and without review by an employee.

Details

In each individual case, we will inform you if an automated decision creates negative legal consequences or a comparable significant impairment. In this case, you shall have the rights set out in section 10 if you do not agree with the outcome of the decision.

13.

How long do we process your data for?

We store your data for as long as our processing purposes, any retention periods and our legitimate interests in processing for documentation and evidence purposes require, or for as long as the storage is technically necessary. Therefore, the period for which we retain data depends on legal and internal regulations and on the purposes of processing (see section 4), which also include the protection of our interests, for example, to enforce or defend claims, or for documentation and evidence purposes. For more information on the lifetime of cookies, see section 3.2. 

Insofar as we can link online data to a specific person and store it accordingly together with other data known about that person (see section 3), the online data may be stored for longer period of time. Please also see our own data privacy policy and  information, which you can usually find at www.zurich.ch/datenschutz.

14.

How do we protect your data?

We handle online data confidentially and take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental alteration, unauthorized disclosure or access. We utilize recognized security standards such as ISO 27001. However, security risks cannot generally be ruled out completely; certain residual risks are unavoidable. 

When your data is transmitted via our web pages or apps, we protect it during transmission using suitable encryption mechanisms. However, we can only secure areas that are under our control. If you contact us by e-mail, you do so at your own risk and agree that we may respond to you at the sender's address via the same channel. If you send us e-mails via the Internet in unencrypted form, third parties may be able to access, view and manipulate them, and data can be lost or intercepted and/or manipulated by third parties. What's more, we take appropriate technical and organizational security measures to reduce the risk on our web pages and in our apps. However, your end device is outside the security area that lies within our control. You are therefore required to learn about the necessary safety precautions and to take appropriate measures in this regard.

15.

What are your rights?

Applicable data protection law grants you the right to object to the processing of your data in certain circumstances, in particular for direct marketing purposes, profiling used for direct marketing and other legitimate interests.

In order to make it easier for you to maintain control over the processing of your personal data, you have various rights in connection with our data processing under applicable law: 

  • the right to request information from us as to whether we are processing your data, and which data we are processing; 
  • the right to have data corrected by us if it is inaccurate;
  • the right to object to our processing for specific purposes and to request the restriction or deletion of data unless we are obliged or entitled to continue processing it;
  • the right to obtain from us the disclosure of certain personal data in a commonly used electronic format or to request that we transfer this to another controller;
  • the right to revoke consent, provided our processing is based on your consent. 

If we inform you about an automated decision (section 5), you have the right to express your position on this and request that the decision be reviewed by a natural person. 

Please note that certain conditions must be met in order to exercise these rights and that exceptions or restrictions may apply (e.g. to protect third parties or trade secrets). We will inform you accordingly where necessary.

Details

In particular, we may need to process and store your personal data in order to perform a contract with you, to protect our legitimate interests, such as the assertion, exercise or defense of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard sensitive interests, we may therefore also reject a data subject’s request in whole or in part (for example, by blacking out certain content relating to third parties or our trade secrets).

If you wish to exercise any rights against us, please contact us in writing (see section 2). To enable us to rule out abuse, we must identify you (for example, with a copy of an identity card, if not otherwise possible). You also have these rights in relation to other bodies who work with us under their own responsibility – please contact them directly if you wish to exercise any rights in relation to their processing. 

If you do not agree with our handling of your rights or data protection, please let us know via the contact details listed under section 2. You can contact the Swiss supervisory authority here: www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html and the Liechtenstein Supervisory Authority at www.datenschutzstelle.li.

16.

Can this data privacy policy be changed?

This privacy policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.