Privacy notice

This privacy notice informs you about how we process your personal data when you use the One Zurich Application (“App”) in relation to a Zurich location that is supported by the App.

In general, the privacy notice of the country of your work location, location you are visiting or location you are temporarily working from available in the App or the privacy notice of the country of the Zurich location you select in the App applies to the processing of your personal data in relation to the App.

This privacy notice applies until you have logged in and the App has determined what region you work from. If the region that you work from has a different privacy notice, then these will replace this privacy notice and you will be able to review these before accessing the App.

With this privacy notice, we would like to inform you about the following topics:

  • Who is responsible for processing your personal data,
  • How is your personal data collected,
  • What types of personal data do we process,
  • Why and on what legal bases do we process personal data,
  • Profiling and automated decision-making,
  • With whom do we share your personal data,
  • Do we share your personal data with third parties,
  • How do we protect your personal data,
  • How long do we store your personal data,
  • What data protection rights do you have,
  • Changes to this privacy notice.

Reference to “Service” or “Services” means the services as defined in the Terms of Use and provided in the context of the App. When you use the App, we process your personal data so that you may access the local office, register for an event, receive local information (e.g. information about the restaurant menu), make travel arrangements, book a meeting room or make use of other building services (e.g. blueprint details).

It is up to you to decide whether you would like to make use of the Services or App. To use the App, we require certain personal data. If you choose not to provide the personal data that is required to use the App, we will not be able to provide the Services and you will not be able to use the App. The provision of certain personal data may be optional. You will be able to use our App and Services even if you do not provide such optional data to us.


Who is responsible for processing your personal data?

Zurich Insurance Company Ltd., Mythenquai 2, 8002 Zurich, Switzerland (“Zurich”, “we”, “our” or “us”), is the data controller for the personal data processed in the App unless the region where you normally work from has a different privacy notice for processing your personal data which you will be informed about when you log into the App for the first time.


How is your personal data defined and collected?

Personal data means any information relating to an identified or identifiable natural person.

We may collect your personal data either directly from you or from third-party sources including the organization you work for and publicly available information sources as follows:

  • Information you give us: You may provide information about yourself in connection with your use of the Services and the App, for example by filling in forms or using different functions of the App or by corresponding with us by email or otherwise contacting us;
  • Information we collect through this App: Some data is automatically collected through the app, in particular, when the App is active. This information may also include your precise location when the App is either open, minimised in the background or when fully closed but only if you have provided separate consent for the App to collect this information;
  • For Zurich employees and staff, information we have about you: We may already have information about you that is necessary for you to use the App, such as your work contact details, and therefore, collected in connection with the App.

As the accuracy of your personal data depends largely on the information you provide to us, kindly inform us as soon as practicable if there are any errors in your personal data or if there have been changes to your personal data.


What types of personal data do we process?

We may, for example, process the following categories of personal data about you in connection with your usage of the Services and App:

  • Contact and registration details: name/surname, (work) email address, username, passwords and identification credentials for the App;
  • Booking information: meeting room, meeting name, number of participants and name of organizer;
  • Industry-standard log data: device type, browser and operating system you are using and your IP address at the time of the creation of your user account. We may also collect the IP address associated with your device running the App each time this App syncs with our systems;
  • Technical information: type of mobile device you use, software version, details of your browser, unique device identifiers, mobile network information, user consent for connected apps and devices, user preferences, your mobile operating system and your time zone setting;
  • Analytics information relating to your use of the Services or the App and device information: traffic data, App activity, location data and other communication data, and the resources that you access;
  • Other information you provide to us in connection with your use of the Services or the App such as preferences and feedback, and technical and bug fixing information;
  • GPS/IPS location data (if you have consented thereto). GPS co-ordinates when you are outside of a building are not collected or stored. GPS co-ordinates when you are inside a building may be stored but only temporarily and only your last location is held (i.e. the previous coordinates are overwritten). The App never records coordinates for washrooms, multi faith rooms, showers or nursing rooms. The information the App collects is used to detect what building you are working from to provide location-based features (such as “Find a Colleague”) and to know where you are in the building for features such as location-based notifications. The App may access location in the foreground and in the background based on the separate consent you have explicitly granted to the App and;
  • Any further information which you provide to us when you interact with us.

Why and on what legal bases do we process personal data?

We may process your personal data if you have consented to this by accepting the terms of use which all users are asked to review when accessing the App for the first time. Access to the App is only permitted once consent has been obtained. Processing of your data is required for the following purposes:

  • ensuring the functionality and security of the App;
  • optimization of the App and Services;
  • providing the Services offered through the App such as notifying you of vacant meeting rooms, availability of colleagues, travel details, events, opening hours of building, current menus at the building’s restaurant etc.;
  • identifying you as a user of the Service including to authenticate you, enable you to use the Services and App and enable us to communicate with you;
  • handling your request / queries when contacting us;
  • detecting and correcting errors and problems with the Services;
  • populating your user account in connection with the Services and support the operation of such account;
  • market research, statistical evaluation and business development;
  • combating fraudulent behaviour on or use of our App;
  • ensuring compliance with our legal and regulatory obligations;
  • safeguarding our prevailing interests, especially in defending and enforcing its legal claims;
  • creating aggregated data for commercial and analytics purposes; and
  • other purposes to which explicit reference is made at the point of data collection.

Once your personal data is anonymized, we may process it for further purposes not listed in this privacy notice such as sharing it with other entities within the Zurich Group to create statistics on the use of the Services and the App, to improve the Services and App or to identify new products or services.


Profiling and automated individual decision-making

We do not use automated decision-making, nor do we engage in profiling activities when you use this App.


With whom do we share your personal data?

Zurich makes an unwavering commitment to keep your data safe, never sell your personal data, not share your personal data without being transparent about it and to put your data to work so we can better protect you, and so you can get the most out of life.

Against this background, we may share your data with the following third parties to the extent required to provide the Services and the App and to fulfil the other purposes described in this privacy notice:

  • Third-party service providers. We share your personal data with authorized third parties: (i) to process or manage your personal data so that we may provide the Services (including but not limited to third parties providing the information technology necessary, such as third party hosting providers, or third-party providers for payment and delivery services) and (ii) to carry out market and customer research (including but not limited to third parties providing advertising networks, analytics tools or search information tools and software);
  • Third-party application providers listed in “Annex 1: Subprocessors”. We may include certain third-party application in the App or make it possible for you to use the App to interact with third party applications that you use, which may include functionality allowing you to share and sync your personal data with such third party applications. Such sharing and syncing will always be initiated by you. Where you initiate such a process, we will share your personal data with the third party operating the relevant application. Please consult the privacy notice of the respective third party your personal data is shared with to understand how they process your personal data they receive;
  • Lawful requests. We may disclose your personal data if we are under a duty to disclose or share such data in order to comply with any legal or regulatory obligation or request;
  • Protection of our interests and protection against fraud. We may disclose your data (i) if this is reasonably required to enforce terms of use or any other agreement we have entered into with you or to investigate potential breaches; or (ii) if this is required to protect the rights, property or safety of Zurich, our customers, or others (including by exchanging information with other companies and organisations for the purposes of fraud protection) and (iii) in accordance with applicable laws, to defend our interests or to prevent and combat fraud; and
  • GPS/IPS location data that the App collects whilst you are using it or in the background is never shared with a third-party. This information is only ever held for short periods of time to provide users with location-based features.

We may also share your personal data with other third parties if we have a legal obligation to do so or in a court proceeding.


How do we protect your personal data?

We apply technical and organizational security measures to protect your personal data against unauthorized use, manipulation, loss, disclosure, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations. However, due to the inherent open nature of the internet, we cannot guarantee that communications between you and us or the personal information stored are absolutely secure. We will notify you of any data breach that is likely to have unfavourable consequences for your privacy in accordance with applicable law.

We use recent standard encryption techniques to transfer your data.


How long do we store your personal data?

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected, in particular, to provide our Services and enable you to use the App, or to comply with legal or regulatory retention duties or internal policy requirements. We will delete or anonymize data that is no longer required, to the extent permitted by law.


What data protection rights do you have?

When we process your personal data, you have several rights, of which we would like to inform you;

  • the right to access, at reasonable intervals and free of charge, your personal data and request a copy of your personal data in an intelligible form;
  • the right to request us to correct your personal data (e.g., if your data is inaccurate);
  • the right to request us to delete or block your personal data (e.g., if the retention of your data is no longer necessary in relation to the envisaged purpose of the processing and we do not have an overriding interest or legal duty to keep your personal data);
  • the right to transfer your personal data to another controller, to the extent possible; and
  • the right to lodge a complaint with the competent supervisory authority, if you believe we are not processing your personal data in compliance with applicable data protection law.

If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

Please note that we may refuse or limit to grant these rights for legal reasons or based on applicable data protection law.

To exercise these rights, please contact us at privacy@zurich.com. We may request you to provide a copy of your ID card or other evidence of your identity. We will respond to your request within the applicable statutory term.


Changes to this privacy notice

We reserve the right to update and change this privacy notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our privacy notice in the future will be brought to your attention by appropriate means, e.g. in this App or on our website.


Annex 1: Sub processors

Service Provider Legal Basis Processing Country
Spica Technologies Ltd. Consent Spica Technologies Ltd. provides the workplace experience mobile app, web based app and all backend services to support the running of the App. United Kingdom
Amazon Web Services Ireland Ltd. Consent Amazon Web Services Ireland Ltd. provides the hosting services for the solution and data storage. Ireland
Microsoft Ltd. Consent Microsoft App Insights is used to gather behavioural analytics on how users use the app to help improve and guide product development. All App analytics data is anonymised. United Kingdom

Last updated: 7 December 2021