4. The types of personal data we may obtain

We may collect and receive the following personal data from you:

• Name and contact details (such as name, address, email, country of residence and phone numbers),
• Account details (such as username and password), and
• Personal data included in your traffic data (such as your browser, the IP address of your computer or device, your internet service provider, the site from which you navigated to our online platform, the duration of your visit to our online platform and what type of device you are using (e.g. a computer, smart phone or tablet and the respective operating system)).

We may collect other types of personal data if required under applicable law or if necessary, for the purposes listed below:

5. Purposes and legal bases for processing

We may collect and process your personal data for the purposes and on the legal bases identified in the following:

Providing our online platform and delivering the services you have requested:

We may process your personal data to perform our contract with you for the use of our online platform and to fulfil our obligations under the applicable Terms of Use if we have not entered into a contract with you, we base the processing of your personal data on our legitimate interest to operate and administer our online platform and to provide you with content you access and request.

Managing account registrations:

If you have registered for an account with us, we process your personal data by managing your user account for the purpose of performing our contract with you according to the applicable Terms of Use. For this purpose, the provision of personal data is mandatory and in case of failure to provide personal data it will be impossible to manage your account registration and performing the contract.

Handling contact and user support requests:

If you fill out a “contact-us” forms (e.g. Sales Requests, Job & Careers, etc.) or request user support, or if you contact us by other means including via a phone call, we may process your personal data to perform our contract with you and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you. For this purpose, the provision of personal data is optional and in case of failure to provide personal data it will be impossible to contact you and give the support.

Developing and improving our online platform:

We may process your personal data to analyze trends and to track your usage of and interactions with our online platform to the extent it is necessary for our legitimate interest in developing and improving our online platform and providing our users with more relevant content and service offerings, or where we seek your consent.

Reviewing compliance with the applicable Terms of Use; ensuring the security of our business, preventing or detecting fraud or abuses of our online platform:

We may process your personal data by tracking the use of our online platform, verifying accounts and activity, investigating suspicious activity, and enforcing our Terms of Use to the extent it is necessary for our legitimate interest in promoting the safety and security of the online platform and in protecting our rights and the rights of others.

Defense and enforcement of claims:

We may use online data for civil and criminal legal action or defense in such proceedings. Within the scope of such procedures, your IP address may also be used for identification by the competent authorities, even if this initially has no personal reference for us.

Complying with legal obligations:

We may process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our online platform, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.

6. Data sharing

We may share personal data we collect and receive on a need-to-know basis with the following parties:

1.      Other affiliates of our Group or its agents,

2.     Third-party providers that perform services for us (we work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or receive data about you from us within their own sphere of responsibility. For example, we procure IT services such as hosting, support and maintenance, and testing from service providers. Our service providers are each subject to contractual and/or statutory confidentiality and data protection obligations),

3.     Competent public authorities or other third parties (if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others).

We may also transfer your personal data in the event that we sell or transfer all or a portion of our business or assets on a need to know basis. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal data you have provided to us in a manner that is consistent with applicable law and this privacy notice.

7.  Cross border transfers

We may transfer personal data we collected to third parties in countries outside of Switzerland and the European Economic Area (EEA). For example, your data may be processed worldwide if personal data is transmitted to other companies within our Group or to our service providers.

Many third countries may not offer an adequate level of data protection. When we transfer your personal data outside of Switzerland or the EEA, we will protect your personal data as described in this privacy notice and in accordance with applicable laws, such as by entering into Standard Contractual Clauses issued or recognized by the European Commission and the Swiss Data Protection and Information Commissioner (FDPIC).

The contractual provisions mentioned above can partially compensate for this weaker or missing legal protection, but they cannot eliminate all risks (namely of state access abroad). You should be aware of these residual risks, even though the risk may be low in individual cases and we have taken measures to minimize it.

11. Data retention

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. Typically, we will retain most of the personal data for the duration of your use of the online platform or until you have removed your account unless a longer applicable statutory retention period applies.

In connection with newsletter or similar subscription services you have signed up to this for example generally means that we keep your data up and until you notify us that you no longer want to obtain the respective newsletter.

After expiry of the applicable retention periods, all personal data will be destroyed, anonymized or deleted using secure technology. This technology depends on the application and storage media used. Expired records are identified based on their creation or last modification date, the current date and the retention period. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

12. Job seekers

You will be automatically navigated to an independent IT-infrastructure if you apply for a job vacancy over our website. The job application process is subject to separate privacy notices than those of our website. They are automatically displayed when you apply for a job online.

13. Your rights

You have various rights in connection with our data processing subject to applicable law:

• the right to request information from us as to whether we are processing your data, and which data we are processing,
• the right of data rectification (if your data is inaccurate),
• the right of erasure (if the retention of your data is no longer necessary in relation to the envisaged purpose of the processing),
• the right to object to our processing for specific purposes and to request the restriction or deletion of data unless we are obliged or entitled to continue processing it,
• the right to revoke consent, provided our processing is based on your consent (the right to withdraw your consent is not retroactive. Any processing operations which took place before you revoked your consent will not become illegal on withdrawal),
• the right to data portability, and
• the right to lodge a complaint with the competent supervisory authority.

To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence of your identity. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard sensitive interests, we may also reject your request in whole or in part (for example, by blacking out certain content relating to third parties or our trade secrets).

We will respond to your request within the applicable statutory term.

South Africa – PAIA rights

If you are located in South Africa the Promotion of Access to Information Act 2 of 2000, as amended (PAIA) is applicable. PAIA gives effect to South African residents the right to access to any information held by either a Private or Public body, subject to certain limitations. 

This right is extended in Protection of Personal Information Act, 2013 (POPIA) as it grants  the right to request access to information or records, in accordance with the provisions of PAIA from any Responsible Party. 

To exercise the right of access, requesters must use the following forms provided by PAIA: 

1) InfoRegSA-PAIA-Form02-Reg7.pdf (inforegulator.org.za)

2) Form-3-PAIA.pdf (inforegulator.org.za)

14. Contact details

If you have any comments or inquiries about the information in this privacy notice, or if you want to exercise your rights, please contact us by email at privacy@zurich.com.

Last modified 30 October 2023.