LiveWell privacy notice
This privacy notice informs you how Zurich LiveWell Services and Solutions Ltd (“LiveWell”, “we”, “our”, or “us”) collect, use, share, retain and dispose personal data received through the livewell.zurich.com family of websites (“website”) and our branded social media pages (such as our LinkedIn, Facebook, Instagram and Twitter pages) (“social media”). Our website and social media are hereinafter jointly referred to as “online platform”.
LiveWell, a company of the Zurich Insurance Group Ltd (“Group”), is responsible for the online platform. Our online platform is not designed to offer any information about the insurance business of the Group. Detailed information about the insurance products the members of the Group offer are only available on the local websites of the Group, such as zurich.ch for Switzerland or zurich.com.au for Australia. These sites are operated by the local insurance carriers for the purposes of the insurance business they carry out. Many of these local sites (and corresponding apps, if provided) allow (prospective) customers to interact online with the local insurance carriers, e.g. to obtain a quote or to file a claim. Such interaction invariably requires that different types of personal data are processed over to the local websites (or apps). However, this privacy notice only governs instances of data processing on our online platform. For the data processing in connection with the websites, apps etc. of the local insurance carriers of the Group, please visit the privacy notice/policy on the respective website (app).
We may occasionally update this privacy notice. We encourage you to periodically review this privacy notice to be informed of how we process your information.
2. Data controller and contact details
Zurich LiveWell Services and Solutions Ltd, with its registered office at Gerbergasse 5, 8001 Zurich, Switzerland, is the data controller of our online platform and responsible for its operation.
For any data protection related comment or question you may have in connection with our online platform you can reach us by email at firstname.lastname@example.org.
3. Details of processing
You can use our online platform without disclosing any personal data to us. Personal data means any information relating to an identified or identifiable natural person.
If you nevertheless voluntarily provide us with e.g., your name, e-mail address, country of residence or other personal data, we will process this personal data.
4. The types of personal data we may obtain
We may collect and receive the following personal data from you:
- Name and contact details (such as name, address, email, country of residence and phone numbers),
- Account details (such as username and password), and
- Personal data included in your traffic data (such as your browser, the IP address of your computer or device, your internet service provider, the site from which you navigated to our online platform, the duration of your visit to our online platform and what type of device you are using (e.g. a computer, smart phone or tablet and the respective operating system)).
We may collect other types of personal data if required under applicable law or if necessary, for the purposes listed below:
5. Purposes and legal bases for processing
We may collect and process your personal data for the purposes and on the legal bases identified in the following:
Providing our online platform and delivering the services you have requested:
Managing account registrations:
Handling contact and user support requests:
If you fill out a “contact-us” forms (e.g. Sales Requests, Job & Careers, etc.) or request user support, or if you contact us by other means including via a phone call, we may process your personal data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you. For this purpose, the provision of personal data is optional and in case of failure to provide personal data it will be impossible to contact you and give the support.
Developing and improving our online platform:
We may process your personal data to analyze trends and to track your usage of and interactions with our online platform to the extent it is necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your consent.
Defense and enforcement of claims:
We may use online data for civil and criminal legal action or defense in such proceedings. Within the scope of such procedures, your IP address may also be used for identification by the competent authorities, even if this initially has no personal reference for us.
Complying with legal obligations:
We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our online platform, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
6. Data sharing
We may share personal data we collect and receive on a need-to-know basis with the following parties:
1. Other affiliates of our Group or its agents,
2. Third-party providers that perform services for us (we work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us within their own sphere of responsibility. For example, we procure IT services such as hosting, support and maintenance, and testing from service providers. Our service providers are each subject to contractual and/or statutory confidentiality and data protection obligations),
3. Competent public authorities or other third parties (if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others).
We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.
7. Cross border transfers
We may transfer personal data we collected to third parties in countries outside of Switzerland and the European Economic Area (EEA). For example, your data may be processed worldwide if personal data is transmitted to other companies within our Group or to our service providers.
Many third countries may not offer an adequate level of data protection. When we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as by entering into Standard Contractual Clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC).
The contractual provisions mentioned above can partially compensate for this weaker or missing legal protection, but they cannot eliminate all risks (namely of state access abroad). You should be aware of these residual risks, even though the risk may be low in individual cases and we have taken measures to minimize it.
Our online platform may contain links to other sites. We are not responsible for the content or privacy practices of such other sites. Pay attention when you leave our online platform and read the privacy notices of any other site that collects personal data. Your data protection and privacy rights under these third-party platforms will be governed by their respective privacy practices.
10. Security of processing
We handle our online platform data securely and take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risk of loss, accidental alteration, unauthorized disclosure or access. We utilize recognized security standards such as ISO 27001. However, security risks cannot generally be ruled out completely; certain residual risks are unavoidable.
When your data is transmitted via our online platform, we protect it during transmission using suitable encryption mechanisms. However, we can only secure areas that are under our control. If you contact us by e-mail, you do so at your own risk and agree that we may respond to you at the sender's address via the same channel. If you send us e-mails via the Internet in unencrypted form, third parties may be able to access, view and manipulate them, and data can be lost or intercepted and/or manipulated by third parties. What's more, we take appropriate technical and organizational security measures to reduce the risk on our online platform. However, your end device is outside the security area that lies within our control. You are therefore required to learn about the necessary safety precautions and to take appropriate measures in this regard.
11. Data retention
We retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. Typically, we will retain most of the personal data for the duration of your use of the online platform or until you have removed your account unless a longer applicable statutory retention period applies.
In connection with newsletter or similar subscription services you have signed up to this for example generally means that we keep your data up and until you notify us that you no longer want to obtain the respective newsletter.
After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
12. Job seekers
You will be automatically navigated to an independent IT-infrastructure if you apply for a job vacancy over our website. The job application process is subject to separate privacy notices than those of our website. They are automatically displayed when you apply for a job online.
13. Your rights
You have various rights in connection with our data processing subject to applicable law:
- the right to request information from us as to whether we are processing your data, and which data we are processing,
- the right of data rectification (if your data is inaccurate),
- the right of erasure (if the retention of your data is no longer necessary in relation to the envisaged purpose of the processing),
- the right to object to our processing for specific purposes and to request the restriction or deletion of data unless we are obliged or entitled to continue processing it,
- the right to revoke consent, provided our processing is based on your consent (the right to withdraw your consent is not retroactive. Any processing operations which took place before you revoked your consent will not become illegal on withdrawal),
- the right to data portability, and
- the right to lodge a complaint with the competent supervisory authority.
To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard sensitive interests, we may also reject your request in whole or in part (for example, by blacking out certain content relating to third parties or our trade secrets).
We will respond to your request within the applicable statutory term.
South Africa – PAIA rights
If you are located in South Africa the Promotion of Access to Information Act 2 of 2000, as amended (PAIA) is applicable. PAIA gives effect to South African residents the right to access to any information held by either a Private or Public body, subject to certain limitations.
This right is extended in Protection of Personal Information Act, 2013 (POPIA) as it grants the right to request access to information or records, in accordance with the provisions of PAIA from any Responsible Party.
To exercise the right of access, requesters must use the following forms provided by PAIA:
14. Contact details
If you have any comments or inquiries about the information in this privacy notice, or if you want to exercise your rights, please contact us by email at email@example.com.
Last modified 30 October 2023.