Privacy notice

Last updated: 17 Dec 2024

This North America (U.S. and Canada) privacy notice replaces and supersedes the privacy notice that appeared before you logged into the One Zurich Application (“App”).  Please review this North America privacy notice before accessing the App.

We reserve the right to update and change this privacy notice from time to time in order to reflect any changes to the way in which we process your personal data or for legal requirements. Any changes we may make to our privacy notice in the future will be brought to your attention by appropriate means, e.g. in this App or on our website.

General

The App is the all-in-one employee mobile application that provides you with a modern, streamlined way to manage your day-to-day work-related activities. The App improves your employee experience, giving you a convenient way to stay connected and save time.

With this privacy notice, we would like to inform you about the following topics:

  • Who is responsible for processing your personal data?
  • How is your personal data collected?
  • What types of personal data do we process?
  • Why and on what grounds do we process personal data?
  • Profiling and automated decision-making
  • With whom do we share your personal data?
  • How do we protect your personal data?
  • How long do we store your personal data?
  • What data protection rights do you have?

In this privacy notice the use of “Zurich”, “we”, “our” or “us” means for the U.S., Zurich American Insurance Company and its U.S. affiliates, and for Canada, Zurich Canadian Holdings Limited and World Travel Protection Canada Inc. Reference to “Service” or “Services” means the services as defined in the Terms of Use and provided in the context of the App.

It is up to you to decide whether you would like to make use of the Services or App. To use the App, we require certain personal data. If you choose not to provide the personal data that is required to use the App, we will not be able to provide the Services and you will not be able to use the App. There may be some personal data the provision of which is optional. You will be able to use our App and Services even if you do not provide such optional data to us.

Who is responsible for processing your personal data?

Zurich American Insurance Company and its U.S. affiliates is the data controller for the personal data of U.S. employees, Zurich Canadian Holdings Limited is the data controller for the personal data of its Canadian employees, and World Travel Protection Canada Inc. is the data controller for the personal data of its Canadian employees processed in the App unless the region you selected or where you normally work from has a different privacy notice for processing your personal data which you will be informed about when you log into the App for the first time.

How is your personal data defined and collected?

Personal data means any information relating to an identified or identifiable natural person.

We may collect your personal data either directly from you or from third-party sources including the organization you work for and publicly available information sources as follows:

  • Information you give us: You may provide us with information about yourself in connection with your use of the Services and the App, for example by filling in forms or using different functions of the App or by corresponding with us by email or otherwise contacting us;
  • Information we have about Zurich employees and staff: We may already have information about you that is necessary for you to use the App, such as your work contact details, and therefore, collected in connection with the App.

As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your personal data or if there have been changes to your personal data. 

What types of personal data do we process?

We may, for example, process the following categories of personal data about you in connection with your usage of the Services and App:

  • Contact and registration details: name/surname, (work) email address, username, passwords and identification credentials for the App; 
  • Booking information: meeting room, meeting name, number of participants and name of organizer including time and date of the event;
  • Employee data: the App is a secondary access point that connects to the Human Resources (HR) web system to enable real time mobile access to your GEMS data for your convenience away from your desktop. The data in relation to HR is controlled by the GEMS system provided to Zurich by SAP (Schweiz) AG. The following sections are available from the App:
    • Personal data – view and edit
    • Holidays – request holiday
    • Payslip – view and download
    • Address – view and amend
    • Family members – view and amend
  • Achievers employee Recognition data (Spotlight): including only the ability to view the Newsfeed for all recognitions and your activity, view your total points, and to create a recognition;
  • Industry-standard log data: device type, browser and operating system you are using and your IP address at the time of the creation of your user account. We may also collect the IP address associated with your device running the App each time this App syncs with our systems;
  • Technical information: type of mobile device you use, software version, details of your browser, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting;
  • Other information you provide to us in connection with your use of the Services or the App such as preferences and feedback, and technical and bug fixing information; 
  • Any further information which you provide to us when you interact with us.

Why and on what grounds do we process your personal data?

We may process your personal data if you have consented to such processing by accepting the Terms of Use which all users are asked to review when accessing the App for the first time. Access to the App is only permitted once consent has been obtained. Processing of your personal data is required for the following purposes: 

  • ensuring the functionality and security of the App;
  • optimization of our App and Services;
  • providing the Services offered through the App such as notifying you of vacant meeting rooms, availability of colleagues, opening hours of building, Virtual Private Network, including Digital Risk Assessment, services, Achievers employee Recognitions, etc.;
  • identifying you as a user of the Services including to authenticate you, enable you to use the Services and App and enable us to communicate with you;
  • handling your request and queries when contacting us;
  • detecting and correcting errors and problems with the Services;
  • populating your user account in connection with the Services and support the operation of such account;
  • combating fraudulent behaviour on or use of our App;
  • ensuring compliance with our legal and regulatory obligations;
  • safeguarding our interests, especially in defending and enforcing its legal claims;
  • other purposes to which explicit reference is made at the point of data collection.

We do not sell your personal data. 

We may use artificial intelligence and machine learning capabilities to assist with certain analytics and inform decision-making, in accordance with applicable law.

Once your personal data is anonymized, we may process it for further purposes not listed in this privacy notice such as sharing it with other entities within the Zurich Group to create statistics on the use of the Services and the App, to improve the Services and App or to identify new products or services.

Profiling and automated individual decision-making

We do not use your personal data to render a decision based exclusively on an automated processing of your personal data, nor do we engage in profiling activities when you use this App. Should our practices in this regard change in the future, we will inform you accordingly.

With whom do we share your personal data?

We may share your data with the following third parties to the extent required to provide the Services and the App and to fulfil other purposes described in this privacy notice:

  • Third-party service providers listed in “Annex 1: Subprocessors”. We may share your personal data with authorized third parties: (i) to process or manage your personal data for us so that we may provide the Services (including but not limited to third parties providing the information technology necessary, such as third-party hosting providers).
  • Third-party application providers listed in “Annex 1: Subprocessors”. We may include certain third-party applications in the App or make it possible for you to use the App to interact with third-party applications that you use, which may include functionality allowing you to share and sync your personal data with such third-party applications. Please consult the privacy notice of the respective third-party your personal data is shared with to understand how they process your personal data they receive;
  • Lawful requests. We may disclose your personal data if we are under a duty to disclose or share such data in order to comply with any legal or regulatory obligation or request; and
  • Protection of our interests and protection against fraud. We may disclose your data (i) if this is reasonably required to enforce the Terms of Use or any other agreement we have entered into with you or to investigate potential breaches; or (ii) if this is required to protect the rights, property or safety of Zurich, our customers, or others (including by exchanging information with other companies and organisations for the purposes of fraud protection) and (iii) in accordance with applicable laws, to defend our interests or to prevent and combat fraud.

We may also share your personal data with other third parties if we have a legal obligation to do so or in a court proceeding.

How do we protect your personal data?

We apply technical and organizational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations. However, due to the inherent open nature of the internet, we cannot guarantee that communications between you and us or the personal information stored are absolutely secure. We will notify you of a data incident in accordance with applicable law.

We use current standard encryption techniques to transfer your data.

How long do we store your personal data?

We retain your personal data for only as long as reasonably necessary to fulfil the purpose for which it was collected and, in particular, to provide our Services and enable you to use the App, or to comply with legal or regulatory obligations or internal policy requirements. We will delete or anonymize personal data that is no longer required, or after a period of twelve (12) months App inactivity, to the extent permitted by law.

What data protection rights do you have?

When we process your personal data, you may have several rights as outlined in applicable laws of which we would like to inform you;

  • the right to access, at reasonable intervals and free of charge, your personal data and request a copy of your personal data in an intelligible form;
  • the right to request us to correct your personal data (e.g., if your data is inaccurate);
  • the right to request us to delete your personal data (e.g., if the retention of your data is no longer necessary in relation to the envisaged purpose of the processing and we do not have an overriding interest or legal duty to keep your personal data);
  • the right to transfer your personal data to another controller, to the extent possible; and
  • the right to lodge a complaint if you believe we are not processing your personal data in compliance with applicable data protection law.

If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

Please note that we may refuse or limit to grant these rights for legal reasons or based on applicable law. 

To exercise these rights, please contact us at privacy.office@zurichna.com (U.S. employees),  privacy.zurich.canada@zurich.com (Canada employees), or WTPlegal@covermore.com (WTP employees). We may request you to provide evidence of your identity. We will respond to your request within the applicable statutory term.

Annex 1: Subprocessors

Service Provider

Legal Basis

Processing

Country

Amazon Web Services Ireland Ltd.

Consent

Amazon Web Services Ireland Ltd. provides the hosting services for the solution and data storage.

Ireland

Microsoft Ltd.

Consent

Microsoft App Insights is used to gather behavioural analytics on how users use the App to help improve and guide product development. All App analytics data is anonymised.

United Kingdom

Launch Darkly

Consent

Launch Darkly is used to enable and disable features on the product based on anonymized user demographics.

United States of America