LiveWell - Privacy Notice

 

Privacy Notice

 

We take the privacy and security of your personal data very seriously which is why we only process and share your personal data in accordance with applicable privacy laws.

This Privacy Notice is intended to assist you in making informed decisions when using our Platform and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms and Conditions available on the Platform and our Cookie Policy.

Reference to “Platform” means the LiveWell app and web portal provided by ZLW and reference to “Service” or “Services” means the services provided in the context of the Platform.

With this Privacy Notice, we would like to inform you about the following topics:

  1. Who is processing your personal data?
  2. Who is your Data Protection Officer and contact(s)?
  3. How is your personal data collected?
  4. What type of personal data is collected and processed?
  5. For what purposes is your personal data processed?
  6. Who do we share your personal data with?
  7. What are your rights?
  8. How do we keep your personal data secure?
  9. For how long do we keep your personal data?
  10. Changes to this Privacy Notice
  11. Country specific information
  12. Supplemental U.S. State Privacy Notice Last Updated March, 2024

 

In this Privacy Notice the use of “ZLW”, “LiveWell”, “we”, “our” or “us” means Zurich LiveWell Services and Solutions Ltd, Switzerland. Reference to “Zurich Group” means Zurich Insurance Company Ltd, Switzerland, a wholly owned subsidiary of Zurich Insurance Group Ltd, Switzerland, and all its subsidiaries and affiliates.

For further information regarding the processing of personal data that is not covered by EU, Swiss, or U.S. regulations, please refer to section 11 “Country specific information”.

If you are a Consumer of U.S. states, as defined in the Supplemental U.S. State Privacy Notice, please also refer to section 12 “Supplemental U.S. State Privacy Notice”, which applies to the data collected from Consumers of U.S. states.

1. Who is processing your personal data?

The data controller for processing personal data relating to the Services is:

Zurich LiveWell Services and Solutions Ltd Talstrasse 83 8001 Zurich Switzerland

We work together with many other Zurich Group entities and partners and may share some data with them in order to be able to offer the Services to you. For further information also see section 6 “Whodo we share your personal data with?”.

2. Who is your Data Protection Officer and contact(s)?

We have appointed a Data Protection Officer to oversee the protection of your personal data.

If you have any questions or feedback regarding data protection or the processing of your personal data or if you would like to exercise your privacy rights you can reach us by post at the address indicated above (Attention: Data Protection Officer) or by email at privacy@zurich.com.

If you’re based in the EU/EEA or the UK and wish to contact us via our representative, DataRep, you may do so at: datarequest@datarep.com.

3. How is your personal data collected?

We may collect your personal data either directly from you or from third-party sources (including the organization that pays for your subscription (“Your Organization”) and publicly available information sources as follows:

a. Information you give us: You may provide us with information about yourself in connection with your use of the Services (including fitness and other apps or devices), for example by filling in forms, uploading your photo or using different functions of the Platform or by corresponding with us by email or otherwise contacting us;

b. Information we collect using cookies and other similar technologies: When you access and use our Platform, we will collect certain Technical data and Analytics information relating to your use of the Services and device information. We collect this personal data by using cookies and other similar technologies (see section 5.2 “Providing the personalized Services you have requested” and section 5.3“Providing you access to ZLW Rewards” and section 5.11 “Developing and improving our Services" below).

c. Information we receive from third-party sources: We may work with third parties from time to time (including Your Organization, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them. This may include the information that is required to create your personal account or your purchase history from business partners who supply you with rewards made available on the Platform, if you choose to participate in the rewards programs offered within the Platform. Furthermore, we may receive information about you that you have provided to third-party applications and/or that have been directly collected by the same if you connect such applications with the Platform. Finally, we may receive/collect your personal data from third parties (e.g. Google, Facebook) if you use the social login function to register on the Platform.

As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors and/or inaccuracies in your personal data or if there have been changes to your personal data. You can check and change your account information directly in the Platform, if necessary.

Please note that it is up to you to decide whether you would like to make use of the Services or Platform, which involves the related data collection and processing. If you choose not to provide your personal data and/or, where applicable, withdraw your consent to the use, processing and disclosure of your personal data as set out in this Privacy Notice we will not be able to provide the Services to you anymore.

4. What type of personal data is collected?

We may process the following categories of personal data about you in connection with your usage of the Services:

a. Personal data you provide when using our Services or creating a LiveWell account

  • Personal details: name, gender/biological sex, date of birth, country of residence;
  • Contact and registration details: email address, username, passwords and identification credentials for the Platform;
  • Health related data: weight and height; mental and social health assessments (e.g. anxieties, fears, loneliness);
  • Information on habits and activities: your smoking habits, alcohol consumption habits, sugar consumption habits, and other habits (e.g. hydration) or activities, mood, your stress level, your sleeping patterns and physical activities (e.g. steps, distance covered and workout sessions, activity tier level, used calories, challenges won and attempted, minutes meditated), health goals, financial wellbeing assessment (e.g. financial viability and concerns);
  • Points: points you can earn as a result of your use of the Platform (such as points allocated to you for completing certain activities);
  • Other information you provide to us in connection with your use of the Services: such as your consents, photos of yourself you may upload to the Platform, marketing and other preferences and feedback, and technical and bug fixing information as well as information you provide by connecting other fitness, wellness or healthcare applications with the Platform.

 

b. Personal data we collect automatically when you use our Services or create a LiveWell account

  • Technical data: type of device you use to access or make use of any part of the Platform, browser and operating system you are using, software version, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting and your IP address at the time of the creation of your user account. We may also collect the IP address associated with your device each time this Platform syncs with our systems;
  • Analytics information relating to your use of the Services and device information: traffic data, data relating to your browsing activity on the Platform obtained through the use of cookies, pixel tags and other similar technologies, location data and other communication data, and the resources that you access;

 

c. Any further information which you provide to us when contacting us or otherwise interacting with us: such as name, address, e-mail address and phone number, technical details of the device that you use and data from devices used in conjunction with the Platform.

5. For what purposes is your personal data processed?

We process your personal data for the purposes as set forth below. The legal bases for processing personal data specified below are based on the EU General Data Protection Regulation and laws in other jurisdictions that have similar grounds.

5.1 Managing your account:

We process in particular your Personal details as well as Contact and registration details to create and manage your account, in order to:

  • Identify you as a user of the Platform including to authenticate you, enable you to use the Services and us to communicate with you;
  • Populate your user account in connection with the Services and support the operation of such account;
  • Verify your physical activity movements, issue and/or award rewards, points and badges that can be redeemed through the Platform and/or the rewards partners (these can be external third parties) or are posted on the daily leaderboards of users ranked by physical activity; and
  • Operate the Platform's rewards marketplace.

 

The legal ground for processing related personal details is the performance of a contract to the extent such processing is closely related and necessary to provide you with the Services. Otherwise, the legal ground is our legitimate interest in protecting the security of your account and making sure that the information in relation to your account is correct and up to date. To the extent we process Health related data and Information on habits and activities, insofar as this is considered ‘special category’ data, we will rely on your explicit consent.

5.2 Providing the personalized Services you have requested:

We will process your personal data, including Health related data as well as Information on habits and activities on the Platform and Analytics information relating to your use of the Services and device information, to provide the requested Services to you, which in more detail may include:

  • Setting and tracking of your health goals or other features, the monitoring of the functions you choose to use, evaluating your progress and providing you with tips, boosts and other prompts to improve your progress and achieve your health goals;
  • Assisting you for lifestyle reasons, such as to lead an active and healthy lifestyle, if applicable; and
  • Making specific recommendations to you based on your health goals and achievements. In order to personalize the Service to you we may need to profile you (e.g. in order to determine what recommendations to provide).

 

The legal ground for processing related personal data will be performance of a contract.

Further to the extent the provision of our Services involves the processing of Health related data and Information on habits and activities, insofar as this is considered ‘special category’ data, we shall rely on your explicit consent.

Please see our Cookie Policy for further details on the use of cookies or similar technologies.

5.3 Providing you with access to ZLW Rewards:

In certain regions you may have access to the ZLW Rewards program (the “ZLW Rewards”), which is featured in the Platform and is provided by ZLW. ZLW Rewards allows the user to collect Points as further explained in the Platform. The collected Points can be redeemed for rewards displayed in the Rewards section of the Platform.

We will process your personal data on the Platform in order to place rewards on the Platform and to enable you to redeem them. These rewards will be generally available to any user in your region, Group (as defined below in section 5.7 “Sharing your data with Your Organization or other parties”) or user group who has access to ZLW Rewards.

In some cases what rewards are shown to you will be tailored to you based on the information we hold about you (including ‘special category’ data). For example, where we rank rewards according to what is most suitable to you.

We may also notify you where new rewards become available on the Platform.

We will rely on performance of a contract to process your personal data in connection with the placement and/or redemption of rewards.

To the extent the tailoring and placing of rewards involves the processing of Health related data and Information on habits and activities, insofar as this is considered ‘special category’ data, we shall rely on your explicit consent.

We will only provide information about new rewards available on the Platform where you have provided your consent. See section 5.8 “Sending you marketing communications”below.

Please see our Cookie Policy for further details on the use of cookies or similar technologies.

5.4 Sending you Service related/transactional communications and handling contact and user support requests:

We process your Personal details, Contact and registration details, Analytics information relating to your use of the Services and device information, Technical data, Health related data and Information on habits and activities as well as other information you provide to us to handle your requests, in order to communicate with you for Service related/transactional purposes, including, without limitation to:

  • inform you of updates to the Platform or the terms of the Privacy Notice;
  • notify you when onboarding has been completed or rewards have been redeemed;
  • update you on Point levels / expiration;
  • notify you if Groups (as defined below in section 5.9 “Sharing your data with Your Organization or other parties”) join or are removed from the Platform;
  • confirm when a user account has been deleted;
  • correct errors and problems with the Services; and
  • send you personalized recommendations based on your health goals and achievements as part of your use of the Platform and the provision of our Services.

 

The legal ground for processing related personal data is the performance of a contract to the extent such processing is closely related and necessary to provide you with the Services.

To the extent the personalization of recommendations involves the processing of Health related data and Information on habits and activities, insofar as this is considered ‘special category’ data, we shall rely on your explicit consent.

Otherwise, the legal ground is our legitimate interest in providing quality support, fulfilling your requests and communicating with you.

5.5 Sending you information relevant to your use of service or technical features we think may be of interest

We process your Personal details, Contact and registration details, Information on habits and activities and communications preferences in order to send you emails or push notifications which provide you information about (or relevant to) your use of the Service, including:

  • a summary of your use of the Platform over the last week; and
  • technical features in the Platform (including technical features that we have recently added).

 

The legal ground for processing related personal data is our legitimate interests to provide you with such information in order to improve your use of the Platform and help you to get the most benefit and achieve your health goals.

You can unsubscribe from these communications at any time. In particular, for push notifications you can manage your preferences through your device's "Settings" clicking on "Notifications”, and then changing the settings for some or all of the apps on your device. Please note that different device configurations or updates to devices may affect or change how these settings work.

5.6 Sending you information on boosts not linked to rewards or other incentives

We process your Personal details, Contact and registration details, Information on habits and activities and Technical data in order to send you emails and push notification which provide you information about the availability of boosts that Groups are taking part in or are hosting, or boosts that are generally available to all users of the Platform and are not linked to rewards or other incentives (e.g. product or services), including updates on your progress in the boost.

The legal basis for processing personal data in this context is our legitimate interest in providing you with relevant information to enhance your wellbeing and help you achieve your health goals.

In countries where legitimate interest does not exist as a legal basis, the legal basis for processing personal data indicated above for the purposes indicated above is the performance of a contract in which you are a party. In this case, we consider boosts not linked to rewards as an essential part of the Service, as they are designed to help users improve their wellbeing. By actively signing up for the Service and accepting the Terms and Conditions, you demonstrate your agreement to engage with the various components of the Service, including the boosts not linked to rewards. This contractual relationship between LiveWell and you establishes the legal basis for processing personal data related to the delivery of boosts and for sending communications related to them.

5.7 Sending you information on boosts linked to rewards or other incentives

We process your Personal details, Contact and registration details, Information on habits and activitiesand Technical Data to send you emails and push notifications for the following purposes:

a. to provide you with information about the availability of boosts linked to rewards or other incentives that Groups are taking part in or are hosting; and

b. to provide you with information if you are participating in a boost linked to rewards or other incentives, including updates on your progress in the boost, updates on your ranking, if you win a reward, and any other communication related to your participation in a boost linked to rewards or other incentives.

For the data processing described in letter a), the legal basis is your consent, which you can revoke at any time. For the data processing described in letter b), the legal basis is the performance of a contract to which you are a party.

Processing your personal data for the purposes indicated above is not mandatory. However, if you choose not to disclose your personal data for these purposes, you may not be able to receive information on the availability of boosts linked to rewards or other incentives or any information related to your participation in the boost.

For the data processing related to sponsored boosts, please see section 5.10 “Developing and improving our Services”, where you will find all the information related to the data that we may share with a third party that has sponsored a boost.

For push notifications you can manage your preferences as indicated in section 5.5 “Sending you information relevant to your use of service or technical features we think may be of interest”.

5.8 Sending you marketing communications

We process your Personal details and Contact and registration details and marketing preferences in order to send you marketing communications by email. We may also use your Technical data to send you push marketing via the Platform.

Our marketing communications may include invitations and reminders to join the Platform and/or events, information about rewards (or boosts that involve earning rewards or other incentives as indicated in section 5.7 “Sending you information on boosts linked to rewards or other incentives”), information about new commercial features of the Platform and any other offers and promotions that we or third parties may offer from time to time.

Our marketing communications may encompass both personalized and non-personalized marketing. Personalized marketing is marketing that is specifically tailored to you and includes content that we think is relevant to you based on what we know about you and the profiles we have created, which also take into account your behavior on the Platform. Non-personalized marketing is marketing that is not tailored to you.

We will only send marketing communications to you with your consent. You can unsubscribe from these communications at any time. In particular, for push notifications you can manage your preferences as indicated in section 5.5 “Sending you information relevant to your use of service or technical features we think may be of interest”.

5.9 Sharing your data with Your Organization or other parties in aggregated or anonymized way

We may also within the limits of the applicable laws, share aggregated or anonymized data with Your Organization or other affiliations or groups such as insurance companies or rewards partners (together with Your Organization, “Group(s)”). This aggregated or anonymized data will be shared with Groups in order to provide them with insights and statistics regarding the use of the Services and the Platform and information on the average health, stress or sleep levels of their users and other parameters the Groups may contractually require us to share. The Groups will not be able to identify you through the data they receive from us in this aggregated/anonymized reporting format. You can at any time remove yourself from a Group.

We rely on the fact it is in our legitimate business interest to share aggregated and/or anonymized data with a Group in this way to enable us and them to understand how our Platform is being used and to obtain aggregated insight on their user or people’s behavior.

5.10 Sharing your data with a third party in case of sponsored boosts

When you participate in a boost sponsored by a third party other than LiveWell (e.g. a Group) and fulfil the winning conditions, we may disclose your name, email address and/or your boost ranking/results to that party in order to ensure that you receive the reward or other incentive associated with the boost, if applicable.

The legal basis for sharing your personal data to the third party is the performance of a contract, specifically the terms and conditions applicable to the sponsored boost in which you have participated.

Processing your personal data for this purpose is mandatory. However, if you choose not to disclose your personal data for this purpose, you may not be able to participate in the boost or receive any reward or other incentive reserved for the boost.

5.11 Developing and improving our Services:

We process in particular Technical data, as well as Analytics information relating to your use of the Services and device information, to further develop and improve our Services, which in more detail may include:

  • analyzing the usage of and improving the Services; and
  • carrying out data analytics.

 

Where consent is not required, the legal ground for the processing is our legitimate interest in further developing and improving our Platform to provide our users with more relevant Services.

Please see our Cookie Policy for further details on the use of cookies or similar technologies.

5.12 Identifying customer opportunities:

We process in particular Analytics information relating to your use of the Services and device information to assess new potential customer opportunities, which in more detail may include:

  • performing market and customer research;
  • maintaining and developing our business relationship with you, identifying products or services you may be interested in, pursuing business development initiatives;
  • marketing our products and services to you; and
  • creating aggregated data for commercial purposes.

 

We will only send marketing communication to you with your consent. You can unsubscribe from these communications at any time.

Where consent is not required, the legal ground for the processing is our legitimate interest in further developing and improving our Services to make them more relevant for you.

5.13 Reviewing compliance; ensuring security; preventing or detecting fraud or abuses:

We process in particular your Personal details, Analytics information relating to your use of the Services and device information as well as relevant Technical data to protect our rights, to protect against misuse or abuse of our Services, including when cooperating with public and government authorities, courts or regulators, or for auditing purposes, which in more detail may include:

  • preventing and investigating any suspected fraud or other criminal activities; and/or
  • investigating any disputes between users or with you.

 

The legal ground for processing related personal data is our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data. Otherwise, the legal ground is our legitimate interest in protecting our users and us against misuse or abuse of our Services, protecting personal property or safety, pursuing remedies available to us, limiting our damages, complying with judicial proceedings, court orders or legal processes or responding to lawful requests.

In relation to data processing as described within this section 5 “For what purposes is your personal data processed”, for the processing of ‘special categories’ of personal data such as Health related data, we rely on your explicit consent for processing of such personal data. We will obtain such consent from you prior to collecting and processing such data in accordance with applicable law. Certain Services or functionality of the Platform may not be available if we are unable to process such personal data.

In addition, within the limits of the applicable laws, we may aggregate and anonymize certain of your personal data in order to process it for further purposes such as s creating statistics on the use of the Services and the Platform, improving the products and Services or identifying new products or services, producing reports on the use of the Services, creating statistical communications for users regarding the use of the service, or sharing such statistical data with other entities within the Zurich Group.

We do not use automated decision-making.

6. Who do we share your personal data with?

First and foremost, please note that the Zurich Group makes an unwavering commitment to its customers, i.e. to you, to keep your data safe, never sell your personal data, not share your personal data without being transparent about it and to put your data to work so we can better protect you, and so you can get the most out of life (see Data Privacy & Protection | Zurich Insurance). To the extent parties we intend to share data with are located outside of Switzerland, the EU or UK, we only share your personal data on a basis that ensures an adequate level of data protection according to applicable data protection laws, in particular, the EU Standard Contractual Clauses as amended on a case-by-case basis and supported by additional safeguards as required. We may also transfer personal data abroad to the extent we are required to by law or to exercise, establish or defend legal claims.

Against this background, in addition to sharing data with Groups as described above, we may share your data with the following parties to the extent required to provide the Services and the Platform and to fulfil the other purposes described in this Privacy Notice:

  • Subsidiaries, affiliates and other Zurich Group entities.We share your personal data with our subsidiaries and affiliates, as well as other Zurich Group entities (i) to process or manage your personal data for us so that we may provide the Services and (ii) subject to the necessary consent as above indicated, to carry out market and customer research.
  • Third-party service providers. We share your personal data with authorized third parties located in Ireland, Germany and United States: (i) to process or manage your personal data for us so that we may provide the Services (including but not limited to third parties providing the information technology necessary for the Services, such as third-party hosting providers, or third-party providers for payment and delivery services) and (ii) subject to the necessary consent as above indicated, to carry out market and customer research (including but not limited to third-parties providing advertising networks, analytics tools or search information tools and software). Please see our Cookie Policy for further details;
  • Strategic partners and third-party application providers. We may make it possible for you to use the Platform to interact with third-party applications that you use, which may include functionality allowing you to share and sync your personal data with such third-party applications such as other health applications you may be using. Such sharing and syncing will always be initiated by you. Where you initiate such a process, we will share your personal data with the third-party operating the relevant application. Please consult the privacy notice of the respective third-party your personal data is shared with to understand how they process your personal data they receive;
  • Rewards partners. In case you redeem any reward, we may provide our rewards partners with aggregated statistics and reports based upon details of the use of the rewards by you and other users;
  • Regulators or other legal or governmental agencies. We may disclose your personal data if we are under a duty to disclose or share such data in order to comply with any legal or regulatory obligation or request;
  • Sponsors of boosts. In case you participated in a boost that featured a sponsored reward or other incentive and you fulfill the winning conditions, we may disclose your personal data to the sponsor of the boost.
  • Third-parties for the protection of our interests and protection against fraud. We may disclose your data (i) if this is reasonably required to enforce the Terms and Conditions or any other agreement we have entered into with you or to investigate potential breaches; or (ii) if this is required to protect the rights, property or safety of the Zurich Group, our customers, or others (including by exchanging information with other companies and organizations for the purposes of fraud protection) and (iii) in accordance with applicable laws, to defend our interests or to prevent and combat fraud; and
  • Zurich Group. We may share limited personal data about you (mainly contact data, never health related data) with other entities within the Zurich Group or our agents, subject to the necessary consent as above indicated, for marketing, communications and advertising purposes, to measure your level of satisfaction with our products, Services and the Platform, to maintain and develop a business relationship with you, to identify new products or services, to pursue certain business development initiatives and services or to create statistics on the use of our Services and Platform. You may receive marketing communications from us or from these other entities about products and services that may be of interest to you. You may tell us at any time if you do not wish to receive marketing communications from us or entities within the Zurich Group by notifying us at the address or e-mail address set out in this Privacy Notice or using the unsubscribe button provided in our marketing communications.

 

Some of your personal data may also be shared with other users of the Platform as part of the normal operation of the Platform, but only when you decide to share such information. For example, when you share your progress, rewards, Points, boosts you have accessed, statistics or insights through the Platform.

7. What are your rights?

You have several rights, subject to the conditions set out in the applicable law, of which we would like to inform you;

  • the right of access your data and request a copy of your data that we have;
  • the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you;
  • the right to obtain from us the erasure of personal data concerning you under certain conditions (e.g. when the personal data are no longer necessary in relation to the purposes for which they were processed or when they are no longer required for overriding legitimate grounds, such as the detection/prevention of fraud), for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;.
  • the right to obtain from us the restriction of processing your personal data to the extent that
  • the accuracy of the data is disputed by you,
  • the processing is unlawful, but you oppose the erasure of the personal data,
  • we no longer need the data, but you need it to assert, exercise or defend legal claims or
  • you have objected to the processing.
  • the right to object to our processing of your personal data in certain circumstances. For example, where we rely on legitimate interests to process your personal data you have a right to object to such processing;
  • the right to data portability (i.e. to receive your personal data in a structured, commonly used, machine-readable format).

 

You also have the right to lodge a complaint with a supervisory authority, if you believe we are not processing your data in compliance with applicable data protection law. You can find the contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

The contact details for the UK data protection regulator (‘ICO’) can be found on its website at: https://ico.org.uk.

For other countries, where relevant, we have included contact details in section 11 “Country specific information”.

If you have provided your consent to the collection, processing and transfer of your personal data you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

Please note that we may refuse or limit to grant these rights for legal reasons or based on applicable data protection law.

If you do not reside in the EEA, UK, or Switzerland but you believe you have a right to exercise any of your data subject rights under your local laws, or if we did not process your personal data to your satisfaction or you have any questions on how we process your personal data, you may contact the Data Protection Officer listed in section 2 “Who is your Data Protection Officer and contact(s)?” above.

8. How do we keep your personal data secure?

We apply technical and organizational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations. LiveWell is certified against the ISO 27001:2013 standard, which is a worldwide recognized standard for information security.

We use recent standard encryption techniques to transfer your data. However, communication via email may not be encrypted.

9. For how long do we keep your personal data?

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

The duration of the retention period may vary depending on the circumstances..

How long we retain personal data may vary depending on the Services we provide and our legal obligations under applicable national law. The following factors typically affect the retention period:

  • Necessity for the provision of our Services This includes such things as executing the Terms and Conditions with you, maintaining and improving the performance of our Services, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
  • Consent-based processing of personal data If we process personal data on the basis of consent, we store the data for as long as necessary in order to process it according to your consent.
  • Statutory, contractual or other similar obligations Corresponding retention obligations may arise, for example, from laws or official orders. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.

 

10. Changes to this Privacy Notice

We reserve the right to update and change this Privacy Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Privacy Notice in the future will be made available to you by appropriate means, for example, through our Platform, or will be posted on our website.

Last updated: April 2024

11. Country specific information

Argentina:

If you are located in Argentina, the following is applicable:

Pursuant to Resolution No. 14/2018, we hereby inform you that the Agency for Access to Public Information Agency, in its capacity as the supervisory authority of Law No. 25,326, has the power to deal with complaints and claims filed by those affected in their rights for breach of the regulations in force regarding the protection of personal data.

Some of the personal information collected may be considered sensitive according to Law No. 25,326. In consequence, you acknowledge that you cannot be compelled to provide sensitive data and that certain Services or functionality of the Platform may not be available if we are unable to process such sensitive personal data.

Your personal data may be transferred to countries or jurisdictions that may not have the same level of legal protection for personal data as Argentina and therefore have less protection, which you understand and consent to when you provide us with your information.

Lastly, if you are a customer of Zurich International Life Limited, Argentina Branch (e.g. if you hold an insurance policy) and are part of the member group "Zurich Argentina" in the Platform (see "My Groups" in the Platform), the said entity, with its registered address at Cerrito 1010, Autonomous City of Buenos Aires, is the data controller (“responsable del tratamiento”) for the processing of personal data related to the Services, in addition to LiveWell.

Australia:

If you are located in Australia, by using the Services or Platform, you consent to your personal data being collected (including from third party sources), used and disclosed in accordance with this Privacy Notice. If you are a customer of Zurich Australia Limited (“ZAL”) (e.g. if you hold a ZAL or OnePath insurance policy), and are a part of the member groups of "Zurich Australia Life or “Zurich Australia OnePath” (see "My Groups" in the Platform), please note that LiveWell may collect and process personal data about you (including customer number, enrolment date in the Platform and data regarding your level of engagement and use of the Platform and whether a fitness device is connected) and share that personal data with ZAL, in order to enable ZAL to understand how its customers are engaging with the Platform and to provide you with any additional products and services they offer to you.

Zurich Australia Limited (ABN 92 000 010 195) is bound by the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles. Before providing Zurich LiveWell Services and Solutions Ltd, Switzerland (“ZLS” in this country specific information - Australia) with any personally identifiable information (“Information”) in connection with an Australian product or service, you should know the following information. ZAL collects, uses, processes and stores your Information in order to provide you with additional products or services to enhance your experience of the Livewell app and web portal provided by ZLS (collectively, the “ZLS Platform” in this country specific information - Australia), understand how you are engaging with the ZLS Platform and manage the link between your insurance product and the ZLS Platform (“Purposes”). ZAL does not use your Information to manage claims or determine the premium for your Australian insurance product.

By providing your Information to ZLS in connection with the ZLS Platform, you consent to ZAL using, disclosing to third parties and collecting from third parties your Information for the Purposes.

ZAL collects your Information from ZLS, including your customer number, enrolment date in the ZLS Platform, data regarding your level of engagement and use of the ZLS Platform and whether a fitness device is connected. ZAL may also obtain from ZLS aggregated or anonymized information, which cannot be traced to you as an individual, in order to enhance ZAL’s products and services and assess the usefulness of the app. Where relevant for the Purposes, ZAL may disclose the limited Information that it receives from ZLS to relevant third parties including ZLS, other affiliates of Zurich Insurance Group Ltd, our service providers, our business partners, government bodies, regulators, law enforcement bodies and as required by law, within Australia and overseas.

If you do not provide the requested information to its collection and disclosure as described above, ZAL may be unable to provide you with additional products or services to enhance your experience of the ZLS Platform or communicate with ZLS or the entity obtaining insurance cover for your benefit to verify your use of the ZLS Platform. ZAL is not required by law to collect your Information.

For further information about ZAL’s Privacy Policy, a list of service providers and business partners that ZAL may disclose your Information to, a list of countries in which recipients of your Information are likely to be located, details of how you can access or correct the Information that ZAL holds about you or make a complaint, please refer to the Privacy link on ZAL’s homepage (www.zurich.com.au), contact ZAL by telephone in Australia on 132 687 or by email at privacy.officer@zurich.com.au.

If you are located in Australia, and you would like to make a complaint about our personal data handling practices you may contact the Office of the Australian Information Commissioner (OAIC). mailto:enquiries@oaic.gov.au). Further information about how to lodge a complaint with the OAIC is available at: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

Brazil:

If you are located in Brazil, the following is applicable:

Your personal data will be processed in accordance with Law No. 13.709/2018 (Lei Geral de Proteção de Dados - LGPD) and other applicable Brazilian legislation, such as the Brazilian Consumer Defense Code (CDC) and the Brazilian Civil Rights Framework for the Internet.

You may exercise your LGPD-related rights by contacting the Data Protection Officer listed in the section 2 “Who is your Data Protection Officer and contact(s)?”. You may also contact the Brazilian Supervisory Authority (ANPD) regarding concerns related to our privacy and data protection practices.

Indonesia:

If you are located in Indonesia, you have the following rights in respect of your data processing:

  • the right to obtain information regarding identity clarity, basis of legal interest, purpose of requesting and using personal data, and accountability of parties that request personal data;
  • the right to complete, update and/or correct errors and/or inaccuracies in personal data in accordance with the purpose of the personal data processing;
  • the right to access and obtain a copy of personal data in accordance with provisions of laws and regulations;
  • the right to end processing, delete, and/or destroy personal data in accordance with provisions of laws and regulations;
  • the right to withdraw consent to the processing of personal data that has been given to a personal data controller;
  • the right to object a decision-making action that is based solely on automated processing, including profiling, which has legal consequences or have a significant impact on personal data subjects;
  • the right to delay or limit the personal data processing proportionally with the purpose of personal data processing;
  • the right to sue and receive compensation for violations of the processing of personal data;
  • the right to obtain and/or use personal data from a personal data controller in a form that is in accordance with the structure and/or format commonly used or readable by an electronic system; and/or
  • the right to use and to send personal data to other personal data controllers, as long as the system used can communicate with each other securely in accordance with the personal data protection principles based on the Personal Data Protection Law 27/2022.

 

South Africa:

If you are located in South Africa, the following is applicable:

By using the Platform, you hereby consent to the transfer of data outside of South Africa.

The Protection of Personal Information Act, 2013 (POPIA), the Consumer Protection Act, 2008 (CPA), the Electronic Communications and Transaction Act, 2002 (ECTA) is applicable. As such, this Privacy Notice is qualified, to the extent necessary, by POPIA, the CPA and the ECTA.

Switzerland:

For Swiss residents: Your personal data may be transferred outside of Switzerland with a Group or a party as described in section 6 “Who do we share your personal data with”? Such transfer may occur worldwide, including outside the EU or the European Economic Area (i.e. also in so-called third countries, e.g. the U.S.). Many third countries currently do not have legislation that guarantee a level of data protection equivalent to Swiss and/or European standards. We therefore take contractual precautions to compensate for the lower level of legal protection. To this end, we use the standard contractual clauses issued or recognized by the European Commission and the Federal Data Protection and Information Commissioner (FDPIC) (for further details and a copy of these clauses, please visit www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html), unless the legislation of the destination country guarantees an appropriate level of protection.

12. Supplemental U.S. State Privacy Notice Last Updated March, 2024

This Supplemental U.S. State Privacy Notice (“Supplemental Notice”) applies only to information collected about Consumers of U.S. states with comprehensive privacy legislation that requires provision of a privacy notice. Specifically, it provides information required under comprehensive state privacy legislation in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia (collectively, “U.S. Privacy Laws”).

This notice also includes additional disclosures for compliance with the Washington My Health My Data Act, the Nevada My Health My Data Act, and Nevada Revised Statutes Chapter 603A. These disclosures are included at the end of this Supplemental Notice. The remaining portions of this Supplemental Notice do not apply to Washington and Nevada consumers.

This Supplemental Notice describes Zurich LiveWell Services and Solutions Ltd’ (“ZLW”, “LiveWell”, “we,” “us,” “our”), with registered office in Talstrasse 83, 8001 Zurich, Switzerland, practices regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject rights requests.

Some portions of this Supplemental Notice apply only to Consumers of particular states. In those instances, we have indicated that such language applies only to those Consumers.

Please note that this Supplemental Notice does not apply to individuals with whom we interact in an employment-related context or a business context..

A. Definitions

Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes “personal data” as that term is defined in the U.S. Privacy Laws. Personal Information also includes “Sensitive Personal Information,” as defined below, except where otherwise noted.

Sensitive Personal Information” means Personal Information that reveals a Consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes Processing of biometric information for the purpose of uniquely identifying a Consumer and Personal Information collected and analyzed concerning a Consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also includes “sensitive data” as that term is defined in the U.S. Privacy Laws.

Third Party” has the meanings afforded to it in the U.S. Privacy Laws.

Vendor” means a service provider, contractor, or processor as those terms are defined in the U.S. Privacy Laws.

“Platform”means the LiveWell app and web portal provided by LiveWell.

“Service” or “Services” means the services provided in the context of the Platform.

To the extent other terms used in this Supplemental Notice are defined terms under the U.S. Privacy Laws, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the U.S. Privacy Laws, the definitions applicable to you are those provided in the statute for the state in which you are a Consumer. For example, if you are a California Consumer, terms used in this Supplemental Notice that are defined terms in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”) shall have the meanings afforded to them in the CCPA as this Supplemental Notice applies to you.

B. Collection & Processing of Personal Information

We, and our Vendors, collect the following categories of Personal Information about Consumers. We also have collected and Processed the following categories of Personal Information about Consumers in the preceding 12 months:

  1. Identifiers, such as name, alias, online identifiers, account name, password, physical characteristics or description, country of residence, date of birth;
  2. Contact information, including phone number, address, email address, passwords and identification credentials for the Platform ;
  3. Characteristics of protected classifications under state or federal law, such as age, gender/biological sex, social health assessment (e.g. anxieties, fears, loneliness), physical or mental health conditions;
  4. Information on habits and activities such as your smoking habits, alcohol consumption habits, sugar consumption habits, and other habits (e.g. hydration) or activities, mood, your stress level, your sleeping patterns and physical activities (e.g. steps, distance covered and workout sessions, activity tier level, used calories, challenges won and attempted, minutes meditated), health goals, financial wellbeing assessment (e.g. financial viability and concerns);
  5. Technical data such as type of device you use to access or make use of any part of the Platform, browser and operating system you are using, software version, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting and your IP address at the time of the creation of your user account. We may also collect the IP address associated with your device each time this Platform syncs with our systems;
  6. Analytics information relating to your use of the Services and device information such as traffic data, data relating to your browsing activity on the Platform obtained through the use of cookies, pixel tags and other similar technologies, location data and other communication data, and the resources that you access;
  7. Points you can earn as a result of your use of the Platform (such as points allocated to you for completing certain activities).
  8. Sensitive Personal Information, including Personal Information collected and analyzed concerning a Consumer’s health (e.g. weight and height; mental and social health assessments).

 

Children’s Personal Information. We generally do not knowingly collect or Process Personal Information of children under 18 years of age.

C. Purposes for Processing Personal Information

We, and our Vendors, collect, Process, and disclose the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice to:

  • Operate, manage, and maintain our business;
  • Provide, develop, improve, repair, and maintain our Services;
  • Personalize, advertise, and market our Services;
  • Conduct research, analytics, and data analysis;
  • Maintain our facilities and infrastructure;
  • Undertake quality and safety assurance measures;
  • Conduct risk and security controls and monitoring;
  • Sending Service related/transactional communications and handling contact and user support requests;
  • Sending advertising communication on our behalf;
  • Sending you information relevant to your use of service or technical features we think may be of interest;
  • Identify customer opportunities;
  • Detect and prevent fraud;
  • Perform identity verification;
  • Perform accounting, audit, and other internal functions, such as internal investigations;
  • Comply with law, legal process, and internal policies;
  • Maintain records;
  • Exercise and defend legal claims;
  • Providing you with access to rewards; and
  • Otherwise accomplish our business purposes and objectives.

 

We, and our Vendors, collect and Process the Sensitive Personal Information described in this Supplemental Notice for:

  • Performing the services reasonably expected by an average Consumer who requests those goods or services;
  • Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information;
  • Resisting malicious, deceptive, fraudulent, or illegal actions directed at us and prosecuting those responsible for those actions;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a Consumer’s current interaction with us, provided that we will not disclose the Consumer’s Personal Information to a Third Party and will not build a profile about the Consumer or otherwise alter the Consumer’s experience outside of their current interaction with us;
  • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
  • Verifying or maintaining the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and improving, upgrading, or enhancing the service or device that is owned, manufactured by, manufactured for, or controlled by us; and
  • Collecting or Processing Sensitive Personal Information where such collection or Processing is not for the purpose of inferring characteristics about a Consumer.

 

Disclosure for California Consumers: We do not Sell or Share and have not Sold or Shared Personal Information about California Consumers in the past twelve months. Relatedly, we do not have actual knowledge that we Sell or Share Personal Information of California Consumers who are under 16 years of age. For purposes of the CCPA, a “Sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “Share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

Disclosure for Consumers in Other States with U.S. Privacy Laws: We do not Sell Personal Information to Third Parties or Process Personal Information for purposes of Targeted Advertising or Profiling in furtherance of decisions that produce legal or similarly significant effects concerning a Consumer, as the terms “Sell,” “Process,” “Targeted Advertising,” and “Profiling” are defined in the U.S. Privacy Laws.

Retention of Personal Information. We retain your Personal Information for the period reasonably necessary to provide services to you and for the period reasonably necessary to support our business operational purposes listed in Section C.

D. Categories of Personal Information We may Disclose to Vendors & Third Parties

We disclose and have disclosed the following categories of Personal Information to Vendors and Third Parties for a business purpose in the past twelve months:

1. Identifiers, such as name, alias, online identifiers, account name, password, physical characteristics or description, country of residence, date of birth;

2. Contact information, including phone number, address, email address, passwords and identification credentials for the Platform;

3. Characteristics of protected classifications under state or federal law, such as age, gender/biological sex, social health assessment (e.g. anxieties, fears, loneliness), physical or mental health conditions;

4. Information on habits and activities such as your smoking habits, alcohol consumption habits, sugar consumption habits, and other habits (e.g. hydration) or activities, mood, your stress level, your sleeping patterns and physical activities (e.g. steps, distance covered and workout sessions, activity tier level, used calories, challenges won and attempted, minutes meditated), health goals, financial wellbeing assessment (e.g. financial viability and concerns); 5. Technical data such as type of device you use to access or make use of any part of the Platform, browser and operating system you are using, software version, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting and your IP address at the time of the creation of your user account;

6. Analytics information relating to your use of the Services and device information such as traffic data, data relating to your browsing activity on the Platform obtained through the use of cookies, pixel tags and other similar technologies, location data and other communication data, and the resources that you access;

7. Personal Information collected and analyzed concerning a Consumer’s health (e.g. weight and height; mental and social health assessments).

E. Sources from Which We Collect Personal Information

We collect Personal Information directly from Consumers, as well as from our partners, social media platforms, and Vendors and Third Parties when they disclose Personal Information to us.

F. Categories of Entities to Whom We may Disclose Personal Information

  • Affiliates & Vendors. We may disclose the categories of Personal Information listed in Section D to our affiliates and Vendors for the purposes described in Section C of this Supplemental Notice. Our Vendors provide us with services for our Platform, as well as other products and services, such as web hosting, data analysis, order fulfilment, customer service, infrastructure provision, technology services, email delivery services, legal services, and other similar services. We may disclose Personal Information to our marketing service providers including social media advertising services, advertising networks and other service providers to reach or better understand our users and measure advertising effectiveness. We grant our Vendors access to Personal Information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.
  • Third Parties. We may also disclose the categories of Personal Information listed in Section D for the purposes described in Section C of this Supplemental Notice to the following categories of Third Parties:
  • At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction.
  • Sponsors of Boost. We may disclose your Personal Information to any Third Party that sponsors a boost in order to deliver rewards to you.
  • Your Organization. With your consent may disclose your Personal Information to your organization that pays for your subscription.
  • Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
  • Legal and Regulatory. We may disclose your Personal Information to government authorities, including regulatory agencies, lawyers and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.

 

G. Data Subject Rights

  • Data Subject Rights Disclosure: Consumers who reside in states with U.S. Privacy Laws have the following rights regarding our collection and use of the Personal Information, subject to certain exceptions. Please read this section carefully as some rights vary by state.
  • Right to Receive Information on Privacy Practices: (California residents only)You have the right to receive the following information at or before the point of collection:

 

- The categories of Personal Information to be collected;

- The purposes for which the categories of Personal Information are collected or used;

- Whether or not that Personal Information is Sold or Shared;

- If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is Sold or Shared; and

- The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.

We have provided such information in this Supplemental Notice, and you may request further information about our privacy practices by contacting us as at the contact information provided below.

  • Right to Know: (California residents only) You may request that we provide you with information about what Personal Information we have collected about you, including:

 

- The categories of Personal Information we have collected about you;

- The categories of sources from which we collected such Personal Information;

- The business or commercial purpose for collecting, Selling, or Sharing Personal Information about you;

- The categories of Third Parties to whom we disclose such Personal Information; and

- The specific pieces of Personal Information we have collected about you.

  • Right of Access. You may ask us to confirm whether we are Processing your Personal Information and request to access your Personal Information. Please note this right does not apply to California residents.
  • Right to Deletion: You may request that we delete any Personal Information about you we that we collected from you.
  • Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you. Please note this right does not apply to Iowa and Utah residents.
  • Right to Data Portability. You may ask to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Information to another entity without hindrance. You may not exercise this right more than two times in a calendar year. Please note this right does not apply to California residents.
  • Right to Receive Information About Onward Disclosures: (California residents only) You may request that we disclose to you:

 

- The categories of Personal Information that we have collected about you;

- The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared; and

- The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

  • Right to Receive Information about Disclosures. (Delaware residents only) You may require that we disclose to you a list of the categories of Third Parties to whom your Personal Information was disclosed.
  • Right to Opt-Out. You have the right to opt out of the Sale of your Personal Information and the Processing of your Personal Information for Targeted Advertising. You also have the right to opt-out of the Processing of your Personal Information for purposes of Profiling in furtherance of decisions that produce legal or similarly significant effects. Please note, these rights do not apply to California residents, as California Opt Out-Rights are described below. Please also note, Iowa, Tennessee, and Utah residents do not have the right to opt out of Profiling in furtherance of decisions that produce legal or similar significant effects.
  • Right to Opt-Out of the Sale and Sharing of Your Personal Information and Right to Limit the Use of Your Sensitive Personal Information. (California residents Only) You have the right to opt-out of the Sale and Sharing of your Personal Information. You also have the right to limit the use of your Sensitive Personal Information to the purposes authorized by the CCPA. We do not Sell or Share and have not Sold or Shared Personal Information of California Consumers in the past twelve months. Further, we do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA, and we have not used Sensitive Personal Information of California Consumers in the preceding twelve months for purposes beyond those authorized by the CCPA.
  • Opt-Out Preference Signal. We do not Sell or Share Personal Information, or use or disclose Sensitive Personal Information for purposes other than those authorized by the CCPA and its implementing regulations. Accordingly, we do not process opt-out preference signals of California Consumers. If we process opt-out preference signals of California Consumers in the future, we will update this Supplemental Notice to provide details about how we do so.
  • Right to Non-Discrimination: (California residents only) You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.
  • Exercising Data Subject Rights. You may exercise the data subject rights applicable to you under the U.S. Privacy Laws by contacting our Privacy Office at privacy@zurich.com and submitting details regarding your request. Consumers in some states, including California and Colorado, may also authorize an agent to make data subject requests on their behalf. In such instances, authorized agents may use the same methods as Consumers to submit data rights requests on Consumers’ behalf.
  • Verification of Data Subject Requests. We may ask you to provide information that will enable us to verify your identity in order to comply with your data subject request. In particular, when submitting a request, it is necessary to attach a copy of your ID card or a document with the same legal value to verify your identity Further, when a Consumer authorizes an agent to make a request on their behalf where permitted by U.S. Privacy Laws, we may require the agent to provide proof of signed permission from the Consumer to submit the request, or we may require the Consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
  • Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
  • Appeals. Consumers of certain states have the right to appeal our decisions on their data subject requests. This section does not apply to California or Utah Consumers, or to Consumers who reside in other states where the applicable U.S. Privacy Law does not give them the right to appeal Controllers’ decisions regarding data subject rights. To appeal our decision on your data subject requests, you may contact our Privacy Office at privacy@zurich.com. Please enclose a copy of or otherwise specifically reference our decision on your data subject request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.

 

H. Other Disclosures

  • California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by writing to privacy@zurich.com. Please note that your request does not ensure complete or comprehensive removal of the content or data as, for example, some of your content or data may have been reposted by another user.
  • Disclosure About Direct Marketing for California Residents.California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. (We do not distribute your Personal Information to other entities for their own direct marketing purposes.”
  • Financial Incentives for California Consumers. We do not provide financial incentives to California Consumers who allow us to collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you.
  • Washington & Nevada My Health My Data Act Disclosures. This section only applies to Consumers as the term “Consumer” is defined by the Washington My Health My Data Act and the Nevada My Health My Data Act, respectively. Terms used in this section that have defined meanings under the Washington My Health My Data Act or the Nevada My Health My Data Act shall have the meanings afforded to them in those statutes as this section applies to Consumers of those states. We Collect and Share the below categories of Consumer Health Data from Consumers, and we Process such categories of Consumer Health Data for the purposes and in the manners listed in Section C:

 

  1. Identifiers, such as name, alias, online identifiers, account name, password, physical characteristics or description, country of residence, date of birth;
  2. Contact information, including phone number, address, email address, passwords and identification credentials for the Platform;
  3. Characteristics of protected classifications under state or federal law, such as age, gender/biological sex, social health assessment (e.g. anxieties, fears, loneliness), physical or mental health conditions;
  4. Information on habits and activities such as your smoking habits, alcohol consumption habits, sugar consumption habits, and other habits (e.g. hydration) or activities, mood, your stress level, your sleeping patterns and physical activities (e.g. steps, distance covered and workout sessions, activity tier level, used calories, challenges won and attempted, minutes meditated), health goals, financial wellbeing assessment (e.g. financial viability and concerns);
  5. Technical data such as type of device you use to access or make use of any part of the Platform, browser and operating system you are using, software version, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting and your IP address at the time of the creation of your user account;
  6. Personal Information collected and analyzed concerning a Consumer’s health (e.g. weight and height; mental and social health assessments).

 

We Collect these categories of Consumer Health Data from the sources listed in Section E, and we Share these categories of Consumer Health Data with the categories of entities listed in Section F. Consumers may exercise their data subject rights, including obtaining access to and requesting changes to their Consumer Health Data, under the Washington My Health My Data Act and the Nevada My Health My Data Act by contacting us via the methods listed in Section G.

We limit Third Party Collection of Consumer Health Data over time and across different websites or online services when the Consumer uses our websites or online services. We do this by ensuring that entities whose cookies, pixels, and other online trackers we use on our websites and online services are our Vendors under applicable U.S. Privacy Laws and under the Washington and Nevada My Health My Data Acts. Nonetheless, please note that Third Parties may still be able to Collect Consumer Health Data from you over time and across different websites depending on your browser, browser add-ons, and associated permissions you set on your device. This Collection of Consumer Health Data by those Third Parties is unrelated to LiveWell’s Collection of Consumer Health Data from you, and we encourage you to view those Third Parties’ privacy notices for more information about their Processing of Consumer Health Data and the methods they provide to allow you to opt out of such Processing.

  • Privacy Notice for Nevada Residents. To the extent we collect Covered Information as defined by Nevada law, the categories of Covered Information we collect are listed in Section B. We do not Sell Covered Information as defined under Nevada law, and we generally do not disclose or share Personal Information as defined under Nevada law for commercial purposes. Under Nevada law, you have the right to direct us to not sell your Covered Information to third parties. To exercise this right, if applicable, you or your authorized representative may contact our Privacy Office at privacy@zurich.com .
  • Changes to our Supplemental Notice. We reserve the right to amend this Supplemental Notice in our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.
  • Contacting Us. If you have any questions, comments, requests, or concerns related to this Supplemental Notice, LiveWell’s information practices, or how to access this policy in another format, please contact us by mail at LiveWell, Talstrasse 83, 8001, Zurich, Switzerland], by email at privacy@zurich.com.

 

Version published 29th May 2024