Zurich Insurance Company Ltd (Canadian Branch) and World Travel Protection Canada Inc., (collectively, “Zurich”) are committed to protecting the privacy and security of the personal information we collect in the course of providing products and services to our customers.
We value the trust of our customers and others with whom we do business. This document provides an overview of our practices regarding the collection, use and disclosure of personal information.
Why does Zurich collect personal information?
We collect personal information for the purpose of administering and/or servicing an insurance policy, handling a claim or providing requested assistance services.
How does Zurich ensure that my personal information is accurate?
Zurich verifies the accuracy of your personal information whenever you contact the company with respect to a claim under an existing policy of insurance or to purchase additional insurance. Our staff ensures that your name, date of birth, address and contact information is accurate, up-to-date and complete. In the event that there is a change to be made to your personal information, this change is recorded and saved in our database, and the out-of-date or inaccurate information is expunged.
From whom is personal information collected?
Personal information may be collected from such sources as our affiliates, independent insurance brokers, other financial institutions, credit bureaus, government departments, claims organizations, a policyholder, a customer, a customer’s employee, a claimant, a claimant’s employer or a claimant’s employee. We may collect personal information from persons who witnessed incidents, or persons retained by a claimant or by us in the process of administering or servicing a policy or handling a claim. Such people might include physicians, lawyers, accountants, repair shops, consumer reporting agencies and appraisers as permitted or required by law.
What kind of personal information is collected?
Personal information that may be collected includes, but is not limited to: an individual’s name, address, telephone number, date of birth, family status, occupation, claims history, motor vehicle reports, driver’s license number, gender, policy number, premium and/or premium payment history, medical history and status. In the case of a claim, we may also collect the date of loss, type of loss, cause of loss and the value of the claim.
How is personal information used?
We use personal information to administer or service a policy; administer a claim; provide assistance services; comply with the law; and as otherwise permitted by law. The transfer of your personal information to an affiliate or third party for processing purposes is defined as a “use” of your personal information. Affiliated and non-affiliated third parties that may receive or have access to the personal information in our care are not authorized to use such information for any marketing purposes except as permitted by law. They may not copy or disclose personal information to any other party and may use it only for the purpose of performing their responsibilities to us, one of our policyholders or claimants and as otherwise permitted or required by law.
Do you limit the collection of my personal information?
Yes. We collect only the information that is necessary for us to process your policy of insurance or administer your claim for benefits. In the event of a claim for medical coverage, we only request medical records for the pre-existing and/or eligibility periods and do not ask for social insurance numbers. When we collect your credit card information to confirm coverage, only the BIN number (the first 6 digits) of the credit card is saved and the rest of the digits are masked to ensure your privacy.
To whom might personal information be disclosed?
Personal information may be shared with affiliated and non-affiliated third parties in Canada, the United States and abroad in order to provide services, administer or service an insurance policy or a claim, and as otherwise permitted or required by law. Our affiliates include insurance companies, third-party insurance administrators and other providers of financial products and services. Examples of unaffiliated third parties include independent insurance brokers, the policyholder, persons or organizations retained to assist in the administration of policies and/or claims (such as adjusters, appraisers, repair shops and medical service providers), insurance support organizations, companies with whom we have joint marketing agreements, information processing facilities and others as permitted or required by law.
Depending on the nature and sensitivity of your personal information, your consent to the collection, use and disclosure of personal information may be required. This consent can be express (oral or written) or implied and, subject to legal or contractual restrictions, may be withdrawn.
What security features are in place to protect personal information?
Access to personal information is limited to those with a specific “need to know” in order to provide products and services to policyholders and to others as permitted or required by law. We maintain contractual, physical, electronic and procedural safeguards to protect against the misuse of personal information under our control.
Can I access or change my personal information?
Yes. To access your personal information on file, please send a request in writing to our Privacy Officer at the address provided below. Please specify the kind of information you are seeking. You will be contacted by our Privacy Officer and asked to provide some form of identification to confirm your right to access this information.
To change or correct any personal information, please contact our Privacy Officer.
How long do you retain my personal information?
It is Zurich’s policy to retain data pertaining to claimants for a period of seven (7) years, after which time it is destroyed/erased from our records.
What Are My Privacy Rights as a California Resident?
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information; subject to exclusions from the rights granted under California law with respect to certain information governed by certain sector-specific privacy laws.
Subject to certain exceptions under California law, California residents may have the following rights with respect to their personal information collected by Zurich:
- The right to know and access. California residents have the right to request we disclose (i) a copy of the personal information that we collect about you; (ii) the categories of personal information that we collected about you in the preceding 12 months; (iii) the categories of purposes for which such personal information was disclosed in the preceding 12 months; (iv) the categories of sources such personal information was collected for; and (v) the categories of third parties such personal information may have been shared with.
- The right to deletion. California residents have the right to request that we delete the personal information that we or our vendors collected about you. There may be circumstances under which we will be unable to delete your personal information, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected. If we are unable to comply with your request for deletion, we will let you know the reason why.
- The right to equal service. If a California resident chooses to exercise any of these rights, we will not discriminate against the California resident in anyway. However, if a California resident exercises certain rights, such California resident may be unable to use or access certain features of the Sites.
1. Exercising California Resident Rights
To exercise any of these rights, contact us at email@example.com, 1-866-236-5009.In connection with submitting a request, you must provide the following information: name, email, phone number, state of residence, and policy number and you must state what type of request you are making.
We have the right to require you to provide written permission granting authority to your representative and for your agent to verify its identity directly with us, and we may deny a request from your representative who does not submit proof of authorization as we request.
A California resident may only make a verifiable consumer request for access or data portability twice within a 12-month period. The request must provide sufficient information that allows us to reasonably verify the requestor is the person about whom we collected personal information or an authorized representative and describe the request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to a request or provide personal information if we cannot verify the identity or authority to make the request.
We will endeavour to confirm receipt of a request within 10 days following submission and provide information about how we will process the request. We will endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to an additional 45 days), we will provide notice in writing explaining the reason for the extended time period. We may deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the request receipt date. If we deny a request, we will provide a response explaining the reasons we cannot comply with a request, if applicable.
2. Sharing of California Resident Personal Information
We may have collected and disclosed the following categories of personal information from a California resident for a business purpose in the preceding 12 months:
- Various identifiers, including, name, address, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), including, telephone number or financial information.
Geolocation data, including, physical location or movements.
- Protected classification characteristics, including, race, colour, national origin, marital status, sex, veteran or military status.
- Personal records, such as, power of attorney, family history or power of attorney.
- Information received from a government entity or other third party.
We may collect the above categories of personal information directly from you, indirectly as you interact with our website, from or through other third-party sources, including our customers, or through email or other electronic messages between you and our website.
3. Sale of California Resident Personal Information
In the prior 12 months, we have not sold personal information of a California resident.
4. “Shine the Light” Law
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California consumers asking about the business’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
How We Respond to “Do Not Track” Signals
Our website does not respond to DO NOT Track signals. Third parties cannot collect any other personally identifiable information from our website unless you provide it to them directly.
What Are My Privacy Rights as a Nevada Resident?
Nevada residents may have certain rights to opt-out of sales of their personal information under Nevada Revised Statutes Chapter 603A. However, please know Zurich does not sell data triggering this Nevada statute’s opt-out requirements. If you have questions with respect to this right, please contact email@example.com
What Are My Choices?
- Location Information: With your consent, we may collect information about your actual location when you use our mobile applications and when you request or purchase products or services. You may stop the collection of this information at any time by changing the settings on your mobile device; but note that some features of our mobile applications may no longer function if you do so.
- Native Applications on Mobile Device: Some features of our mobile applications may require access to certain native applications on your mobile device, such as the camera, photo album and the address book applications. If you decide to use these features, we will ask you for your consent prior to accessing the applications and collecting associated information. Note that you can revoke your consent at any time by changing the settings on your device.
- Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the website.
- Push Notifications: With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within our mobile applications.
What if I have a question, concern or complaint?
If you have a question, concern or complaint about privacy or our personal information handling practices, our employees or service providers, please contact our Privacy Officer at the address or number listed below or visit our website for details on how to bring your concern to our attention.
Phone: (416) 977-4701
Toll Free: 1-866-236-5009
Fax: (416) 205-4676
World Travel Protection Canada Inc.
901 King Street West
Canada M5V 3H5
This Privacy Statement is stand-alone document. You may receive privacy statements or notices from other parties. The terms of this Privacy Statement do not modify, supersede, revise, or amend the terms of other privacy statements or notices received from other parties.
Office of the Privacy Commissioner of Canada
30 Victoria Street
Office of the Information and Privacy Commissioner for Alberta
410, 9925 – 109 Street
Edmonton, Alberta T5K 2J8
Inquiries: 1-888-878-4044 (toll-free)
Office of the Information and Privacy Commissioner for British Columbia
4th Floor, 947 Fort Street, Victoria BC V8W 9A4
PO Box 9038, Stn. Prov. Govt.
Victoria B.C. V8W 9A4
Inquiries: (250) 387-5629
Toll-free: 1 (800) 663-7867 (free within B.C.)
Office of the Ombudsman (Manitoba)
750 – 500 Portage Avenue
Winnipeg, MB R3C 3X1
Inquiries: 1-800-665-0531 (toll-free)
Commission d’accès à l’information du Québec
575, rue Saint-Amable, Suite 1.10
Québec (Québec) G1R 2G4
Inquiries: (418) 528 7741
Toll-free: 1 (888) 528-7741 (free within Québec)