COVID Coverage Available: See our Coronavirus (COVID-19) Coverage Statement for eligible plan coverage and service requests.
Zurich Insurance Company Ltd (Canadian Branch), Travelex Insurance Services Canada Inc., and World Travel Protection Canada Inc., (collectively, “Zurich”) are committed to protecting the privacy and security of the personal information we collect in the course of providing products and services to our customers.
We value the trust of our customers and others with whom we do business. This document provides an overview of our practices regarding the collection, use and disclosure of personal information.
Why does Zurich collect personal information?
We collect personal information for the purpose of administering and/or servicing an insurance policy, handling a claim or providing requested assistance services.
How does Zurich ensure that my personal information is accurate?
Zurich verifies the accuracy of your personal information whenever you contact the company with respect to a claim under an existing policy of insurance or to purchase additional insurance. Our staff ensures that your name, date of birth, address and contact information is accurate, up-to-date and complete. In the event that there is a change to be made to your personal information, this change is recorded and saved in our database, and the out-of-date or inaccurate information is expunged.
From whom is personal information collected?
Personal information may be collected from such sources as our affiliates, independent insurance brokers, other financial institutions, credit bureaus, government departments, claims organizations, a policyholder, a customer, a customer’s employee, a claimant, a claimant’s employer or a claimant’s employee. We may collect personal information from persons who witnessed incidents, or persons retained by a claimant or by us in the process of administering or servicing a policy or handling a claim. Such people might include physicians, lawyers, accountants, repair shops, consumer reporting agencies and appraisers as permitted or required by law.
What kind of personal information is collected?
Personal information that may be collected includes, but is not limited to: an individual’s name, address, telephone number, date of birth, family status, occupation, claims history, motor vehicle reports, driver’s license number, gender, policy number, premium and/or premium payment history, medical history and status. In the case of a claim, we may also collect the date of loss, type of loss, cause of loss and the value of the claim.
How is personal information used?
We use personal information to administer or service a policy; administer a claim; provide assistance services; comply with the law; and as otherwise permitted by law. The transfer of your personal information to an affiliate or third party for processing purposes is defined as a “use” of your personal information. Affiliated and non-affiliated third parties that may receive or have access to the personal information in our care are not authorized to use such information for any marketing purposes except as permitted by law. They may not copy or disclose personal information to any other party and may use it only for the purpose of performing their responsibilities to us, one of our policyholders or claimants and as otherwise permitted or required by law.
To whom might personal information be disclosed?
Personal information may be shared with affiliated and non-affiliated third parties in Canada, the United States and abroad in order to provide services, administer or service an insurance policy or a claim, and as otherwise permitted or required by law. Our affiliates include insurance companies, third-party insurance administrators and other providers of financial products and services. Examples of unaffiliated third parties include independent insurance brokers, the policyholder, persons or organizations retained to assist in the administration of policies and/or claims (such as adjusters, appraisers, repair shops and medical service providers), insurance support organizations, companies with whom we have joint marketing agreements, information processing facilities and others as permitted or required by law.
Depending on the nature and sensitivity of your personal information, your consent to the collection, use and disclosure of personal information may be required. This consent can be express (oral or written) or implied and, subject to legal or contractual restrictions, may be withdrawn.
Transferring Personal Information Overseas
By contacting us, you are consenting to us sending your information to overseas parties if required to provide you with medical and non-medical assistance or to progress and assess your claim. The countries we typically disclose your personal information to under these circumstances are generally located in the geographic regions you travelled during the duration of your policy. We may also need to disclose information to service providers who are located overseas who assist us by managing and authenticating some customer data. Who those service providers are and where they are located may change from time to time. You can contact us for details.
While we are committed to protecting your information from misuse, loss or interference when your personal information is sent to third parties overseas, in some cases we may not be able to take reasonable steps to ensure that those third parties do not breach applicable privacy laws and the information may not be subject to the same level of protection as is provided for under Canada’s privacy laws. You may not be able to seek redress either under laws of Canada or under laws in the overseas jurisdiction in the event of any misuse, loss or interference with your personal information. When assessing your claim, we may refer to information provided by our third party medical and non-medical assistance providers, who include related entities.
What security features are in place to protect personal information?
Access to personal information is limited to those with a specific “need to know” in order to provide products and services to policyholders and to others as permitted or required by law. We maintain contractual, physical, electronic and procedural safeguards to protect against the misuse of personal information under our control.
Can I access or change my personal information? Yes. To access your personal information on file, please send a request in writing to our Privacy Officer at the address provided below. Please specify the kind of information you are seeking. You will be contacted by our Privacy Officer and asked to provide some form of identification to confirm your right to access this information. To change or correct any personal information, please contact our Privacy Officer.
How long do you retain my personal information?
It is Zurich’s policy to retain data pertaining to claimants for a period of seven (7) years, after which time it is destroyed/erased from our records.
What are the rights of data subjects under GDPR?
The European Union’s GDPR came into force on May 25, 2018. Under GDPR, residents and citizens of the EU (“data subjects”) have greater control over who collects their data, how the information is used, and for how long.
GDPR: Rights of Data Subjects
The rights of data subjects under GDPR are detailed in Chapter 3 – Articles 12 to 23. There are eight fundamental rights under GDPR.
1. Right to Access Personal Data
Under GDPR, data subjects have the right to access the data collected on them by a data controller. The data controller must respond to that request within 30 days (Article 15).
2. Right to Rectification
Data subjects have the right to request modification of their data, including the correction or errors and the updating of incomplete information (Article 16).
3. Right to Erasure
The right to erasure – also referred to as the right to deletion or the right to be forgotten – allows a data subject to stop all processing of their data and request their personal data be erased (Article 17).
4. Right to Restrict Data Processing
Data subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18).
5. Right to be Notified
Data subjects must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded. Data subjects must also be informed of any rectification or erasure of their personal data under articles 16, 17, and 18 (Article 19).
6. Right to Data Portability
A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine readable format, if doing so is technically feasible (Article 20).
7. Right to Object
If a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21).
8. Right to Reject Automated Individual Decision-Making
Data subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects – profiling for example (Article 22).
Rights of Data Subjects under GDPR are Not Absolute
While data subjects have the above rights under GDPR, in certain situations those rights cannot be granted.
For example, the right to restrict data processing does not apply is when data are processed for the purposes of the prevention, investigation, detection or prosecution of criminal offenses. The same applies to the processing of personal data in the prevention of threats to public security.
Data subjects have the right to access their personal data file, although not if that access adversely affects the rights and freedoms of others.
While data controllers must be aware of the rights of data subjects, they should also be aware of the circumstances under which those rights can be denied, and when charges can be applied for granting data subjects’ rights.
What Privacy Rights Apply to Children?
We support the Children’s Online Privacy Protection Act (“COPPA”) and other frameworks like the General Data Protection Regulation and the “UK GDPR” (together, the “GDPR“). Our goal is to minimize the information gathered from and disseminated about Children while allowing us to provide the Services for which they are covered under policies of insurance.
A. How We Collect Personal Information About Children
We require parental consent to collect Personal Information about Children for the purposes of providing the Services. Children’s Personal Information is used for the same purposes as set out above.
B. How is Personal Information About Children Used?
We use personal information to administer or service a policy; administer a claim; provide assistance services; comply with the law; and as otherwise permitted by law. The transfer of Children’s personal information to an affiliate or third party for processing purposes is defined as a “use” of your personal information.
How We Respond to “Do Not Track” Signals
Our website does not respond to DO NOT Track signals. Third parties cannot collect any other personally identifiable information from our website unless you provide it to them directly.
What are My Choices?
- Location Information: With your consent, we may collect information about your actual location when you use our mobile applications and when you request or purchase products or services. You may stop the collection of this information at any time by changing the settings on your mobile device; but note that some features of our mobile applications may no longer function if you do so.
- Native Applications on Mobile Device: Some features of our mobile applications may require access to certain native applications on your mobile device, such as the camera, photo album and the address book applications. If you decide to use these features, we will ask you for your consent prior to accessing the applications and collecting associated information. Note that you can revoke your consent at any time by changing the settings on your device.
- Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the website.
- Push Notifications: With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within our mobile applications.
What if I have a question, concern or complaint?
If you have a question, concern or complaint about privacy or our personal information handling practices, our employees or service providers, please contact our Privacy Officer at the address or number listed below or visit our website for details on how to bring your concern to our attention.
Fax: (416) 205-4676
Travelex Insurance Services Canada Inc.
901 King Street West
Canada M5V 3H5
This Privacy Statement is stand-alone document. You may receive privacy statements or notices from other parties. The terms of this Privacy Statement do not modify, supersede, revise, or amend the terms of other privacy statements or notices received from other parties.
Office of the Privacy Commissioner of Canada
Office of the Information and Privacy Commissioner for Alberta
Office of the Information and Privacy Commissioner for British Columbia
4th Floor, 947 Fort Street, Victoria BC V8W 9A4
PO Box 9038, Stn. Prov. Govt.
Victoria B.C. V8W 9A4
Inquiries: (250) 387-5629
Toll-free: 1 (800) 663-7867 (free within B.C.) Information: https://www.oipc.bc.ca/.