Corporate governance

Personal Data Protection Policy

Zurich Life Insurance (Singapore) Pte. Ltd., Zurich International Life Limited (Singapore Branch) and Zurich Insurance Company Ltd. (Singapore Branch) (collectively / individually “Zurich Insurance” / “we” / “us” / “our”) take our responsibilities under Singapore’s Personal Data Protection Act 2012 (“PDPA”) seriously. This Personal Data Protection Policy (“Policy”) outlines as well as assists you in understanding how Zurich Insurance collect, use, process and disclose personal data. It also assists you in making an informed decision before providing us with any of your personal data.

This Policy is effective 2 July 2014 and shall form an integral part of your contractual relationship with Zurich Insurance. If you have provided your consent to Zurich Insurance or agreed to the terms with regard to your personal data before, on and/or after 2 July 2014 (“PDPA Terms”), this Policy shall supplement but not to replace or supersede such consent and terms. In the event of any inconsistencies between PDPA Terms and this Policy, this Policy shall prevail.

Introduction to the PDPA

“Personal Data” is defined under the PDPA as data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. For examples, personal data include names, identification numbers, contact information, medical records, photographs and video images.

We will collect, use and disclose your personal data in accordance with the PDPA and any other applicable legislation. For more information about the PDPA and Do Not Call Registry, please visit the PDPC website. The PDPC website also has FAQs for individuals here.

Collection, use and disclosure of personal data

Consent

If you communicate with Zurich Insurance, submit any information or applications and/or sign up for any products or services offered by Zurich Insurance, you agree and consent that Zurich Insurance may:

  • collect, use, process and disclose the personal data provided and to be provided by you (whether in writing or oral) and through other sources (including other insurers, medical and financial institutions) as Zurich Insurance deem appropriate from time to time; and
  • disclose the personal data to the third parties (whether sited in or outside Singapore),

in carrying out one or more of the purposes and in the manner set forth in this Policy.

If you provide third parties’ personal data (e.g. information of the life assureds, insured persons, beneficiaries, beneficial owners, dependents, spouse, children, parents, siblings, customers, prospects, payors and/or employees) to Zurich Insurance, you represent and warrant to Zurich Insurance that prior consents have been obtained from each of the third parties for the collection, usage, disclosure and processing of their personal data in the manner as set out in this Policy.

Purposes for Collection, Use and Disclosure of Personal Data

Marketing

If you consent or agree, Zurich Insurance may collect, use, process and disclose your personal data for the purpose of sending or communicating with you the marketing, advertising and promotional information or material about the insurance products, financial or investment products or services that Zurich Insurance are or may be selling or marketing which may be of interest or benefit to you, including the update of the same (“Marketing Materials”).

If you would like to receive the Marketing Materials from Zurich, please click here to print and submit the completed marketing consent form to our representative. Our contact details are available at Contact Us. If you wish to withdraw your consent for marketing purpose, please Contact Us to do so.

 

Administration and Servicing

Zurich Insurance collect, use, disclose and process your personal data for any one or more of the purposes below:

  • providing financial advice or recommendation for product(s) based on your financial needs analysis, where applicable;
  • processing, considering and underwriting your insurance application(s) whether with Zurich Insurance and/or other insurers;
  • reinsuring arrangement and management;
  • administering, servicing (including pre- and post- sales support), maintaining and/or managing your relationship and policy(ies) with Zurich Insurance (including the mailing of correspondences, statements, invoices, reports and notices to you involving the disclosure of your personal data printed on the external envelope and communicating with you via voice call, text message, fax and email);
  • processing, investigating, handling and settling any claims under your policy(ies) issued by Zurich Insurance or other insurers;
  • managing any actions or proceedings, protecting or enforcing our contractual and legal rights and remedies arising out of the policy(ies) issued by Zurich Insurance (including but not limited to obtaining legal advices and facilitating dispute resolutions);
  • carrying out on-going due diligences or screening activities [including background checks, anti-money laundering, “know-your-client”, creditworthiness, financial and medical conditions and to review whether to continue insuring you, the life assured(s) and/or the insured person(s)] in accordance with applicable legal and regulatory obligations or Zurich Insurance’s policies;
  • carrying out your instructions, dealing with your complaints, responding to your enquiries or feedbacks;
  • performing the operations and transactions under your policy(ies) with Zurich Insurance including the debt recovery, making and obtaining payments;
    detecting, preventing or investigating fraud, misconduct, unlawful action or omission relating to your application(s), claim(s) or policy(ies) issued by us or other insurer(s), and whether there is any suspicion of the aforementioned;
  • storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
    complying with the requests or directions of the industry associations, authorities, courts, dispute resolution forums, applicable legal and/or regulatory obligations which bind or have jurisdictions over Zurich Insurance and/or its related corporations in administering your relationship with Zurich Insurance (including the regulatory and industry associations reporting obligations);
  • conducting compliance monitoring and audit reviews by Zurich Insurance, its related corporations or service providers, including but not limited to external auditors, banks and reinsurers;
  • facilitating the proposed or actual business asset transactions including any asset transferring, acquisition or sales, merger, joint venture, reorganisation or assignment involving Zurich Insurance, its related corporations and/or third parties;
  • conducting market research, survey, statistical and profiling analysis to understand market trend to improve our services and products for your, other clients and prospects’ benefit;
  • employee training and quality assurance program;
  • informing or engaging you for our charity or corporate events; and/or
  • any other purposes relating to any of the above,
    (collectively, the “Purposes”).

 

As the purposes for which we may / will collect, use, disclose and process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or law.

Any other insurers may / can collect from us (and that we may disclose to them), use, disclose (including disclose to us) and/or process your personal data for one or more of the above Purposes.

 

Disclosure

To facilitate our business operations and carry out one or more of the Purposes, Zurich Insurance may disclose the personal data you have provided to us and/or collected by us to third parties whether sited in or outside Singapore. The third parties listed below may use and process your personal data for one or more of the Purposes. They are:

  • our associated and related corporations (collectively, “Group Companies”);
  • the financial advisers, brokers, agents or distribution intermediaries;
  • contractors or service providers who supply services to Zurich Insurance such as information technology, telecommunication, actuarial, data entry, data storage, data recovery, mail distribution, claim assessment, adjudication and administration, payment, cheque printing, marketing, emergency assistance service, auditors, lawyers, medical and professional service;
  • credit reference agencies, debt collection agencies, reinsurers, other insurers and financial institutions;
  • governmental / regulatory authorities, courts, dispute resolution forums (which have jurisdiction over Zurich Insurance or Group Companies) or legal process participants and their advisors;
  • any third parties involve or facilitate in business asset transactions (please see (n) under the heading of Administration and Servicing); and/or
    third parties who receive your personal data for one or more of the Purposes.

Request for access and correction of personal data

You may request to access and/or correct the personal data currently in our possession or control by submitting a written request to us (please see CONTACT INFORMATION). We will need adequate information from you in order to ascertain your identity as well as the nature of your request, so as to be able to process your access or correction request.

Access Request

  • You may request to access your personal data in our possession or control. You may also request the information about the ways in which your personal data has been used or disclosed by us within a year before the date of request. We may seek to provide you with the relevant information within 30 days from the date of receiving your request. If we could not do so, we will notify you before the expiry of the said 30 days, the reasonably soonest time when we can provide you the requested information.
  • Please note that the PDPA exempts certain types of personal data from being subject to your access request.
  • Access request can only be made by the policyholder or with the policyholder’s consent in writing.
  • We will charge you reasonable fee to process your access request as per the applicable laws. Depending on the nature and complexity of your request, we will provide you the fee chargeable. We will not respond to your access request unless you have agreed to pay the fee.

 

Correction Request

  • We may correct your personal data within 30 days from the date of receiving your correction request. If we could not do so, we will notify you before the expiry of the said 30 days, the reasonable soonest time when we can make the correction.
  • Please note that the PDPA exempts certain types of personal data from being subject to your correction request. It also specifies the situations which correction need not be made by us despite your request.
  • Correction request can only be made by the policyholder or with the policyholder’s consent in writing.
    Subject to sub-clause (e) below, we will send the corrected personal data to every other organisation to which the personal data was disclosed by Zurich Insurance within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
    Notwithstanding sub-clause (d) above, we may, if you consent, send the corrected personal data only to specific organisations to which the personal data was disclosed by us within a year before the date the correction was made.

Request to withdraw consent

  • You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by contacting us (please see CONTACT INFORMATION). We will need adequate information from you in order to ascertain your identity as well as the nature of your request, so as to be able to process your withdrawal request.
  • Withdrawal of consent request can only be made by the policyholder or with the policyholder’s consent in writing.
  • The withdrawal of consent for Marketing Materials will not affect Zurich Insurance’s ability to provide you with the products and services that you asked for or have with Zurich Insurance.
  • If you have withdrawn consent for Zurich Insurance to collect, use and disclose your personal data for any one or more of the Purposes, it may affect or prevent Zurich Insurance to continue with your existing relationship with us and/or any contracts and/or policies you have with us will have to be terminated or surrendered. In this case, you may lose benefits from the terminated or surrendered policy(ies) and you might not possible to obtain a similar level of protection on the same terms in future.
  • The withdrawal of consent under Clause (d) above may be deemed as you terminate any contractual relationships that you have with us. All losses arising out of such withdrawal shall be fully borne by you. Zurich Insurance’s legal rights and remedies in such incident are expressly reserved.

Complaint process

  • If you have any complaint or grievance in respect of your personal data protection, please contact our DPO through one of the methods under CONTACT INFORMATION.
  • Where it is an email or a letter through which you are submitting a complaint, your indication at the subject header like “PDPA complaint” or “PDPA Matter” would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle.
  • We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.

Updates on personal data protection policy and governing law

  • As part of our efforts to ensure that we properly manage, protect and process your personal data or if there are any changes in industry trend, legal, regulatory or business requirements, we will review and amend this Policy from time to time without any prior notice to you.
  • The amended Policy will be posted on our website at http://www.zurich.com.sg/pdpa. Please visit this website regularly or from time to time for updated Policy.
  • You agree to observe the prevailing terms and conditions of this Policy as may be updated or amended by Zurich Insurance from time to time.
  • This Policy is governed by the Singapore laws and the courts in Singapore has jurisdiction over it.

Cookies

  • Whenever you interact with us on our corporate websites, we may receive and store certain types of information via “cookies”. The “cookies” are small text files placed on your computer or electronic devices by website.
  • Through the “cookies”, we are able to collect and analyse non personal information such as your IP address, browser type, domain names, access times, pages browsed, time spent per webpage, traffic monitoring, user experience, website performance and to remember your preferences. We will not collect your personal information unless you provide it to us. If we collect your personal data through cookies, we may use, disclose and process it in accordance with this Policy.
  • You may choose to disable the cookies by altering your browser setting. By doing so, you may not be able to use certain services, perform certain transactions or browse certain parts of our website.
  • Your use of our website constitutes consent by you to our use of cookies and to the matters set out above.

Third party websites

Our website may contain links to websites operated by third parties. This Policy does not apply to third parties’ websites. Zurich Insurance will not be responsible for the data protection practices of the third parties’ websites even though such websites may co-branded with Zurich Insurance logo or trademark.

You should refer to and understand the third party website operators’ data protection practices.

Personal data protection undertaking by corporate policyholder corporate prospect

"You" / "Your” / "Yours” wherever mentioned in this Policy shall include the corporate policyholder / corporate prospect (“Company”) of Zurich Insurance.

The Company represents to, undertakes and warrants with Zurich Insurance that:

  • the Company shall observe all terms and conditions in this Policy in addition to the provisions under this heading;
  • for any personal data of individuals that the Company will be or may be disclosing or discloses to Zurich Insurance, whether directly or through an intermediary, that the Company would have prior to disclosing such personal data to Zurich Insurance obtained the appropriate consent from each of the individuals to permit Zurich Insurance to: (i) collect, use, disclose and/or process the individuals’ personal data for one or more of the Purposes; and (ii) disclose the individuals’ personal data to the third parties in the manner as set out in this Policy;
  • any personal data of individuals that the Company will be or is disclosing or discloses to Zurich Insurance are accurate, true and complete. The Company shall give Zurich Insurance notice in writing as soon as reasonably practicable should it be aware that any such personal data has been updated and/or changed after such disclosure;
  • the Company shall give Zurich Insurance notice in writing as soon as reasonably practicable should it be aware that any individual above has withdrawn such consent as set out in this Policy;
    the Company shall ensure that it complies with the prevailing PDPA and the related subsidiary legislation. The Company shall not do anything and shall not omit to do anything that may cause Zurich Insurance and/or the Group Companies to be in breach of any PDPA obligations;
  • the Company shall at the request of Zurich Insurance, promptly assist Zurich Insurance to comply with the PDPA and all subsidiary legislation related thereto. This includes but is not limited to the Company executing such further documents as Zurich Insurance may require and/or the Company making arrangements for additional form(s) and consent(s) to be completed and signed by individuals whose personal data are provided by the Company to Zurich Insurance; and
  • the Company shall notify and make each of the individuals aware of this Policy before disclosing their personal data to Zurich Insurance.

The Company undertakes to indemnify and at all times hereafter to keep Zurich Insurance and the Group Companies (together with their respective directors, officers, employees, contractors and agents) (each an “Injured Party”) indemnified against any and all losses, damages, actions, proceedings, costs, claims, demands, expenses and liabilities (including full legal costs on a solicitor and own client basis) which may be suffered or incurred by the Injured Party or asserted against the Injured Party by any person or entity whatsoever, in respect of any matter or event whatsoever arising out of, in the course of, by reason of or in respect of:

  • any breach of any of the provisions in this Policy; and/or
  • any action or omission by the Company, that causes Zurich Insurance and/or any of the Injured Party to be in breach of the PDPA.

Contact Information

If you have any queries on this Policy or wish to request access to or correct your personal data or withdrawal your consent for us to collect, use and disclose your personal data, you may contact our Data Protection Officer (please attention any emails or postal mail to the Data Protection Officer) at Contact Us.
Last updated on 3rd March 2015