Data protection and privacy
Zurich’s code of conduct reflects our commitment to integrity and to living by our values, as this is critical for us to maintain the trust of our customers and other stakeholders. In a digital society, protecting data is a key part of this, as reflected in our data commitment. Zurich is committed to high standards of data protection and privacy (DPP) compliance to prevent and deter abuse of our products and services and to safeguard employees and customers regarding improper management of personal data. The code of conduct applies to everyone at Zurich and its subsidiaries worldwide, including board members and employees including management. Furthermore, we expect our business partners to adhere to the spirit of our code and embrace high standards of business conduct. The code of conduct also covers the consequences of non-compliance.
To properly govern personal data processing, Zurich has established a robust, data protection and privacy framework applicable globally. Each Zurich unit implements these Group requirements as a minimum and adheres to stricter laws and regulations, if applicable, in its respective jurisdiction. Data protection and privacy principles are embedded into the design and architecture of the Zurich technology infrastructure and business practices. Zurich has a global network of data protection and privacy experts, of new legal, regulatory and best-practice developments in the field. All employees receive regular training on data protection, privacy and information security topics and there are clear processes in place to respond in a timely manner to data protection and privacy incidents, should they occur. Any questions or requests related to personal data can be directed to privacy@zurich.com.
If you want to know more…
Data protection and privacy framework
Zurich acknowledges that its responsibilities include compliance with data protection and privacy laws and regulations. Zurich is committed to protecting personal data and respecting privacy rights across its operations globally. The Group principles stated in this framework align with the high standards set in data protection and privacy laws and regulations around the globe and internal business needs.
Each Zurich unit adapts the global DPP framework according to local needs. Zurich entities in the various jurisdictions inform their customers, as locally required, usually by way of Privacy Notices available on their local web pages or shared with individuals directly. These Privacy Notices typically include information such as the type of information captured, how the information is used, ways in which customers can decide on how private data is collected, used, retained and processed, how long the data will be kept and how the information is kept safe. Please see more on Corporate Governance structure of Zurich.
Global expert network & training
There is a global network of data protection and privacy experts within Zurich. These experts ensure Zurich remains informed of new developments, from a legal and regulatory perspective, including industry best practices.
Zurich employees receive annual training on data protection and privacy as well as on information security aspects. Furthermore, our global network of data protection and privacy experts share their knowledge actively, provide advice and support to employees when required.
Data breaches
Zurich has processes in place to respond in a timely manner to data protection and privacy breaches. Experts from the required business areas assess relevant cases and take necessary actions as required, including providing information to affected individuals and respective authorities.
For any data protection related comment or question you may have in connection with zurich.com can be directed to privacy@zurich.com.
