Personal Data Protection Notice

By signing up for any product offered by Zurich Malaysia, interacting with us and submitting your information to us to participate in any campaign, contest or promotion (collectively "Contests" organized by us, you have consented to such use of your personal data including your sensitive personal data. For the purpose of this Notice, Data Subject shall mean any individual who is the subject of the personal data.

For the purpose of providing Insurance/ Takaful services, or managing your participation in the Contests organized by us, we would require you to provide us personal data which is obligated, required and necessary, without which it may not be possible for us to provide the services to you or organized the Contests. Such personal data includes but not limited to the following:

• Your name;
• Date of birth;
• Gender;
• Home address/correspondence address;
• Bank account details, including account numbers;
• Payment details, including credit card and banking information;
• Telephone number or email address;
• Information for the verification of identity, including Identity card number or passport number;
• Medical reports/records.

You may be requested to provide certain personal data that may be deemed optional (as the case may be), although failure to provide the requested data may prevent us to provide our services to you or your participation in the Contests. This type of personal data includes but not limited to:

• Employment details;
• Profession;
• Other related products and services subscribed to;
• Family and household demographics.

Your personal data will be collected, used and otherwise processed for but not limited to the following primary purposes below:

1. To conduct insurance/takaful business, i.e. carrying out any activity in relation to or in connection with carrying out duties as an Insurer/Operator as licensed under the FSA/IFSA;
2. The performance of obligations including customer service under a policy contract, complaints handling, conservation, including any value-added services that are connected but not directly connected to such policy contract, where such contract shall include but not be limited to life insurance, general insurance, family takaful, general takaful, medical insurance/takaful, group insurance policies or group takaful certificates, agency contract, broking arrangements, and employment contract;
3. Investigation during underwriting and claims assessment or at any time during the concurrence of the insurance policy/takaful certificate that is necessary and reasonable to identify any possible non-disclosure of material information in an insurance/takaful fraud or conspiracy claim, including but not limited to the purposes of medical/health/life insurance, requesting and verifying information with any medical practitioner, hospital, medical institution or any person (whether incorporated or not) who has ever attended to the Data Subject or has records on the health of the Data Subject; the purposes of motor insurance, requesting and verifying information with any motor companies, workshops, or any person (whether incorporated or not) who has ever attended to the Data Subject or has records on the motor vehicles belonging to the Data Subject; and the Insurer/Operator and/or its relevant Data Processors may keep such records for future possible cases of underwriting and claims assessment;
4. Exercising the right of subrogation/recovery;
5. For the purposes of preventing, investigating, reporting or otherwise in relation to actual or suspected money laundering, terrorist financing, bribery, corruption, actual or suspected fraud including but not limited to insurance/takaful fraud, tax evasion, evasion of economic or trade sanctions, and criminal activities generally or other unlawful activities;
6. Compliance with the requirements of any law, any regulations or guidelines, any present or future contractual or other commitment with any legal, regulatory, judicial, administrative, public or law enforcement body, whether inside or outside Malaysia, that are issued by regulatory or other authorities with which Zurich Malaysia or any other group members of the Zurich Malaysia need or are expected to comply, including but not limited to making any enquiries, any investigation, disclosure or reporting requirements and/or meeting obligations pursuant to such law, regulations guidelines and/or the relevant authorities;
7. Cooperating with the PDP Commission, BNM or any other relevant authority to conduct an audit, examination or investigation which is authorized under any applicable Malaysian laws or international treaties/agreements affecting Insurers/Operators, whether directly or through the Zurich Malaysia and group of companies belong;
8. Marketing (including direct marketing) to any Data Subject of Zurich Malaysia insurance or takaful products, provided that such Data Subject has not given written instructions pursuant to Section 43 of the Act to cease processing his personal data for direct marketing purpose;
9. Matching personal data held in relation to a Data Subject for any purposes contained in this paragraph, specifically but not limited to those as set out at sub-paragraphs (5), (6), and (7) above;
10. Research, audit purposes and risk assessment/survey, including statistical/actuarial research or data analytics/study. In the event such data was required for this purpose, the Data Subjects' personal data are not to be published, and only figures, statistics and general information in the findings of the study/research are to be published;
11. The performance of obligations under any lawful scheme of transfer of business;
12. Cooperating or assisting in investigations undertaken by another Insurer/Operator or any of the Insurance and Takaful Associations;
13. Conducting investigation on any Insurance/Takaful Intermediaries and their third party service providers for any allegation of fraud, conspiracy, breach of any laws, rules and regulations, codes of practice including this Code, misconduct or any unethical behaviors or practices;
14. Performing re-insurance/re-takaful;
15. Information sharing with the Insurance and Takaful Associations and any information-sharing systems; and/or all the other processing operations and other purposes incidental and associated with any of the above.
16. Managing your participation in the Contests organized by us.
    Processing operation mentioned above shall mean:

• Handling applications to purchase insurance policies/participate in takaful certificates and/or requests for advice and product recommendations or your submission to Contests;
• Preparing, issuing and handling other administrative matters relating to the insurance policies/takaful certificates;
• Collecting premiums/contributions and submitting other bills;
• Processing and settling claims and paying other benefits in relation to your insurance policies/ takaful certificates or delivering your reward/ prizes (if any) pursuant to your participation in the Contests;
• Regular assessment after purchase of insurance/participation in takaful products;
• Reinsurance/re-takaful;
• Co-insurance/co-takaful;
• Preventing, detecting, investigating and/or prosecuting actual or suspected insurance/takaful fraud and other criminal activities;
• Establishing, exercising or defending a legal claim;
• Meeting other specific legal or contractual obligation;
• Prospecting new insurance/takaful markets, including research for product and service development;
• Internal management;
• Disclosure to third parties as provided for under the Disclosure Principle under the Code and the Act;
• Audit, risk assessment, survey, statistical and analytical studies relating to the insurance/takaful business;
• Discharging regulatory or legislative obligations;
• Actuarial activities;
• Image recorded through CCTV or other electronic media; and/or
• Other information or documents provided by a Data Subject in writing, over the telephone, electronically by way of Instant Messaging, e-mail or through Zurich Malaysia Corporate Website.

All reasonable efforts and practical steps are made to ensure that any personal data held by Zurich Malaysia are kept up-to-date and are protected against any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

Your personal data will be kept confidential but such personal data may be provided to the following categories of parties strictly on need to know basis within or outside of Malaysia for the purposes set out below:

• Individuals or Companies within Zurich Insurance Group, or any other company carrying on insurance / takaful or reinsurance / retakaful related business, or an intermediary;
• Bancassurance partners, contractor, third party call centers, Insurance/takaful Intermediaries, independent insurance/takaful broker or financial adviser who provides services to Zurich Insurance Group in connection with the operation of its business;
• Third party service providers including investigators, loss adjusters, reinsurers, medical and rehabilitation consultants, surveyors, specialists, repairers, workshop owners, towing company, and/or other parties necessary to process the personal data for insurance or takaful claims purposes;
• Third party service providers appointed by us to assist us in managing your participation in the Contests organized by us or delivering your reward/ prize (if any) to you.
• Re-insurer/re-takaful service providers or retrocessionaires;
• Relevant government authorities, law enforcement agencies, courts, tribunals, regulatory bodies and/or statutory agencies or bodies or any other person to whom Zurich Insurance Group is under an obligation to make disclosure under the requirements of any law binding on Zurich Insurance Group or any of its associated companies and for the purposes of any regulations, codes or guidelines issued by governmental, regulatory or other authorities with which Zurich Insurance Group or any of its associated companies are expected to comply;
• Claims investigation companies or loss adjuster, surveyors
• Industry associations and federations;
• Doctors, medical specialists, hospitals, clinics or healthcare institutions;
• Zurich's auditors, consultants, lawyers, legal advisors, accountants, fund managers or other professional advisers appointed in connection with Zurich’s business on a strictly confidential basis, appointed to provide services to Zurich;
• Banks, credit card companies or other financial institutions for purposes of collection or refund of any monies due or payable;
• Any person permitted by the Data Subject or, as the case may be, the executor, administrator or legal personal representative of the Data Subject;
• Information-sharing systems, for purposes of enabling exchange of information between the Insurers/Takaful operators in order to facilitate fraud prevention and detection;
• Any person to whom disclosure is necessary for the purpose of investigation into any allegation of Insurance/Takaful Intermediaries' and their third party service providers' breach of any laws, rules and regulations, codes of practice including this Code, misconduct or unethical behaviors or practices;
• Any person to whom the disclosure is necessary for the purposes of investigations under any written law, criminal proceedings or civil proceedings, or any person to whom the disclosure is required to be made under court order; and/or
• Other third party service providers appointed to provide administrative, telecommunications, payment, data processing, data storage, or other services to Zurich Malaysia and/or to any member of the Zurich Insurance Group and/or the insurance and Takaful Associations in connection with the purposes described above.
• For the purpose of this Notice, "Insurer's/Operator's Group of Companies" means the parent/holding companies of Zurich Malaysia, as well as the subsidiaries of Zurich Insurance Group;

The disclosure of personal data (including all personal data relating to the applications/proposals for insurance but not limited to any upgrades) policies, claims by Zurich Malaysia to any of the Insurance and Takaful Association, or other Insurer/Operator and/or any information–sharing systems for the prevention and detection of crime or for the purpose of investigation, the apprehension of offenders or institutions of legal proceedings shall be exempted under section 45(2)(a) of the Act, which shall include but are not limited to the following circumstances:

• Insurance/Takaful Intermediaries who have committed acts of breach, misconduct or fraud, or have engaged in unethical behaviors or practices, in the insurance/takaful industry, in accordance with the prevailing rules, regulations or guidelines of the relevant Insurance and Takaful Association;
• Sub-standard hospitalization and disabilities cases;
• Life, general or family/general takaful policy/certificate proposals by sum insured/assured and type of plans for early detection of possible fraud; and
• Past and/or current claims information and personal data for the purposes of underwriting evaluation, analysis, investigation and fraud detection.

The personal data referred above shall include the personal data of:

• Data Subjects who are policyholders/certificate holders, and their authorized representatives;
• Lives assured, beneficiaries, nominees, trustees and/or assignees under an insurance/takaful cover;
• Past and/or current Insurance/Takaful Intermediaries of the Insurers/Operators including their third party service providers;
• Data Subjects who apply for insurance/takaful cover and are subsequently rejected or declined for cover by the Insurers/Operators;
• Third party insurance/takaful claimants and their authorized representatives;
• Data Subjects who apply for insurance/takaful cover and who subsequently withdraw their insurance/takaful applications for cover from the Insurers/Operators; and/or
• Any other relevant Data Subjects who have/are suspected of committing acts of crime, misconduct or fraud.

In addition to the purpose set out above, Zurich Malaysia may use your name and contact details for promotional or marketing purposes including sending you promotional materials and conducting direct marketing in relation to our products and services where permitted by law.

For the purposes of direct marketing, we may, where permitted by law, provide your personal data to providers (whether within or outside of Zurich Malaysia) of any of the products and services described above and call centre, marketing or research services (“other direct marketing organization”) so that they can send you promotional materials and conduct direct marketing in relation to the products and services we offer.

Zurich Malaysia may process your name, e-mail address, home address or telephone/fax number for direct marketing purposes only if the relevant consent has been obtained to such use of your personal data at the point of collection of the personal data and the message is limited to products and services offered by Zurich Malaysia. As such, We (Zurich Malaysia or other direct marketing organization) will only communicate to you for direct marketing purposes by way of post and electronic communications which includes SMS/MMS, email, phone call and fax.

If you have provided consent and wish to opt-out from receiving any direct marketing materials from Zurich Malaysia, kindly fill in the opt-out form and e-mail it to CallCentre@zurich.com.my or contact our Customer Care Officer by dialling 1-300-888-622.

You may choose whether or not to provide us with your personal data. If you choose not to do so, you may continue to interact with Zurich Malaysia, although you may only be able to enjoy limited features of certain services which may depend on your personal data. If you choose to withdraw your consent, please take note that withdrawal of consent may result in the termination of the insurance policy/takaful certificate that you currently have with Zurich Malaysia and you might have to bear all legal consequences arising from such withdrawal of consent and risk on subsequent termination of the insurance policy/takaful certificate.

Zurich Malaysia customers have the right to access to, correct or change any of their own personal data held by Zurich Malaysia. If you wish to access, update, and change or opt-out your personal data, we will exercise reasonable efforts to accommodate the access and make the changes as soon as possible. However, in order for us to address your request appropriately, we may request verification of your identity or any other relevant details before allowing such access or making such changes.

Access and change requests can be made through forms which can be downloaded at our website and available at our branches.

To update your consent to the collection, use and disclosure of your personal data for marketing purposes and/or choose to opt-out your consent from receiving any marketing material from us, kindly download the consent form, fill it in and submit it to CallCentre@zurich.com.my. You may also contact our Customer Care Officer by dialling 1-300-888-622 or visit our nearest Zurich branches to submit your request for access and changes.

Zurich Malaysia may review and update the Personal Data Protection Notice from time to time to reflect the changes in laws and regulations, business practices, procedures and structures.

Where it is not feasible to notify you on the changes from time to time, you may visit our PDP Notice at our website for the latest update or contact our Personal Data Officer to obtain the latest version of the Personal Data Notice.

Click here for more information on Code of Practice on Personal Data Protection for the Insurance and Takaful Industries in Malaysia.

Once the primary purpose of the data collection is achieved, your personal data will not be kept longer than is necessary for the fulfillment of the purpose for which it was collected unless such retention is necessary for our operational, audit, legal, regulatory, tax or accounting requirements. We will take all reasonable steps to ensure that your personal data are destroyed or permanently deleted.

However, your personal data can be retained for a longer period of time if such retention is necessary for the following purposes:

• Legal proceedings or a regulatory or similar investigation or obligation to produce the said information;
• A crime or misconduct is suspected or detected;
• Information is relevant to a company in liquidation or receivership, where a debt is due to the Insurers/Operators; or
• Information is considered to be of potential historical importance including but not limited to the purposes described above.

In order to conduct business, Zurich processes personal information in certain situations. This access comes with a responsibility to keep this information secure and to use it in an ethical and transparent manner. As part of our Data Commitment, Zurich has promised that it will not sell our customers’ personal information. We don’t sell your information so you don’t need to tell us not to.