Chubb Limited and its subsidiaries and affiliates (collectively, “Chubb”), are committed to protecting the privacy of visitors to our websites (“Websites”) and users of our mobile applications (“Apps”). It is important that our users understand how we collect, use and disclose Personal Information (as defined below). This Privacy Notice (“Notice”) is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Websites and Apps.
References to “our”, “us”, “we” or “Chubb” within this Notice are to Chubb Limited and its operating companies, as applicable. For the purpose of applicable data protection laws, Chubb Limited is the data controller responsible for determining how and why your personal data is processed when you visit our Websites.
What Personal Information does Chubb collect? How does Chubb collect such Personal Information?
“Personal Information” is information through which a natural person is identifiable or may be identified, either directly or indirectly. This may include your name, physical address, the company for whom you work, phone number, email address, details of the preferences you express to us, your comments and questions, and technical information from the devices you use to access our website or product you are registering (e.g. a device identifier) or the person/company that installed or maintains it. Chubb collects, uses and processes your Personal Information when you submit a form or request, or register a product with us in order to provide you with further information about Chubb’s services or products.
The collection of Personal Information will be transparent to you, and you will have the opportunity to decide whether or not to provide it. However, please note that if you choose not to provide any of the Personal Information requested, Chubb may be unable to provide you with the information and/or services or products that you have requested
This Notice applies to all information we collect about you, information we collect directly from you, information we automatically collect, information we collect through our Websites, Apps and information we collect from third parties.
You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time.
Why does Chubb collect your Personal Information?
|To provide you with requested information, and respond to your questions, including directing you to the appropriate Chubb website.||Nature of enquiry, Area of Chubb, Customer No (if existing customer), contact information, message content and IP address||Legitimate interest|
|To process and deliver your order for our products and/or services.||Contact information, shipping or delivery address, and content||Performance of a contract|
|Respond to your enquiry request or further process your submitted form||Nature of enquiry, Area of Chubb, Customer No (if existing customer), contact information, message content and IP address||Legitimate interest|
|Analyse your behaviour on our Website and Apps , in order to improve our products, services, Websites and Apps||IP address, [log files].||Legitimate interest;
Consent (where your consent is required by law)
|Respond to a legitimate legal request from law enforcement authorities or other government regulators||Contact information||Compliance with legal obligations|
|Conduct investigations to ensure compliance with, and comply with, legal obligations||Contact information||Compliance with legal obligations|
Where we rely upon Legitimate Interest as a lawful basis, we have balanced your rights and freedoms against our interests or those of any third parties, and determined your rights are not infringed. Legitimate Interest is where your personal data is processed for either our own interests or the interests of third parties. This can include commercial interests, individual interests, or broader societal benefits.
Where is Personal Information stored?
Because Chubb is a global company with locations in many different countries, your Personal Information may be transferred to, stored at and/or accessed from countries other than your own in order to accomplish the purposes listed above. The countries to which your data may be transferred include the United States, the member states of the European Economic Area (“EEA”), the United Kingdom, Switzerland, Canada, Australia, New Zealand, China, Hong Kong, Macau, Singapore, India and Thailand.
This means that, if you are located in the EEA or the UK, the Personal Information that we process about you may be transferred to, and stored at, a destination outside the EEA or the UK (as applicable). It may also be processed by staff outside the EEA or the UK (as applicable) who work for us, our group companies, or our third party service providers.
We will transfer your Personal Information consistent with applicable legal requirements, including, where required, entering into standard contractual clauses (or equivalent measures) with the foreign entity receiving the personal information and only to the extent necessary for the purposes for which such Personal Information was collected as set out above. If you would like more information regarding the specific mechanism used by us when transferring your Personal Information out of the EEA and/or UK, please contact us using the details below.
Does Chubb use your Personal Information to contact you?
Where you have provided your consent to receive marketing communications Chubb may use the Personal Information you provide to contact you about products, services, promotions, special offers, surveys, and other information that may be of interest to you. If you would prefer not to receive such communications in the future, please use the “unsubscribe” link within any communications sent, or let us know by sending an email to [email protected]. Alternatively, you can click on the unsubscribe link in any Chubb marketing communications sent by electronic means. Please note that if you unsubscribe from marketing communications, you may continue to receive non-marketing communications about your account or transactions with us.
We will also use your Personal Information to contact you in response to a direct inquiry or if you register to receive communications on any of the Websites, such as the Investors section if available.
Does Chubb share the information it collects with third parties?
Chubb may share your Personal Information with its affiliated companies and subsidiaries within the Chubb group for the purposes set out in the table above. Your Personal Information may also be shared with the parent company of Chubb, APi Group, a company with a registered office at 1100 Old Highway 8 NW, New Brighton, Minnesota, United States.
In addition, Chubb will provide access to or share Personal Information on an as-needed basis with third parties, including trusted service providers, consultants and contractors who are granted access to Chubb facilities and systems or which provide services to Chubb, and with government agencies and others as required by law.
Chubb may share Personal Information with such third parties for the following purposes:
- to comply with Chubb’s legal obligations, including complying with tax and regulatory obligations, sharing data with labour/trade unions and works councils, and responding to a court proceeding or a legitimate legal request from law enforcement authorities or other government regulators;
- to investigate suspected or actual illegal activity;
- to prevent physical harm or financial loss;
- to conduct web analytics on user interactions with our Website and Apps to improve our products and services; or
- to support the sale or transfer of all or a portion of our business or assets (including through bankruptcy).
We require any third party service providers that we use to respect the security of Personal Information that they process on our behalf, and only permit them to process your Personal Information for specified purposes and in accordance with our instructions.
Your Personal Information will also be maintained and processed by our service providers in the United States, the member states of the European Union, the United Kingdom, Switzerland, Canada, Asia, and in other jurisdictions, within an appropriate legal and contractual framework, including (where applicable) the data transfer mechanisms required by applicable data protection laws, as detailed above.
How does Chubb secure Personal Information?
Chubb is committed to ensuring the security and integrity of Personal Information. Chubb has adopted appropriate physical, technical and administrative procedures to safeguard your Personal Information when stored within Chubb systems. However, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee or warrant that your transmission of Personal Information to us is completely secure.
How long do we keep your Personal Information?
We will only retain your Personal Information for as long as it is reasonably necessary for the purposes for which it was collected and to the extent permitted by applicable laws, including for the purposes of satisfying any relevant legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
When data is no longer necessary for the purpose of collection and/or processing, it will be removed, archived, or otherwise deleted as appropriate.
Your Rights – How can you correct, change or delete your information held by Chubb?
- For any users not located in the EEA or the UK:
You may request to access, update, correct, change, or delete your Personal Information at any time. Chubb will use reasonable efforts to timely update and/or remove your Personal Information. To protect the user’s privacy and security, Chubb will take steps to verify the user’s identity before making any requested access or change.
- If you are in the EEA or the UK, you have various rights in connection with our processing of your personal data, each of which is explained below:
- Access. You have the right to request a copy of the Personal Information we are processing about you. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information.
- Rectification. You have the right to have incomplete or inaccurate Personal Information that we process about you corrected.
- Deletion. You have the right to request that we delete Personal Information that we process about you, except we are not obliged to do so if we need to retain such Personal Information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your Personal Information a where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. In such case, we would mark stored personal data with the aim of limiting particular processing for particular purposes in accordance with your request, or otherwise restrict its processing.
- Portability. You have the right to obtain Personal Information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you and (c) the data is processed by automated means. Additionally, you have the right to require us to transmit such Personal Information directly to another controller, where technically feasible. This right is not applicable if it adversely affects the rights and freedoms of others.
- Objection. Where the legal justification for our processing of your Personal Information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your Personal Information, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages (where we have previously requested your consent for these).
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights), except that we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Please also note that we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You can exercise your rights by contacting us as set out in the contact section below.
If are based in the UK and you would like to lodge a complaint about how we have processed your data, you can contact the Information Commissioner’s Office at:
Telephone: +44 0303 123 1113
Email: [email protected]
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
If you are based or the issue you would like to complain about took place in the European Economic Area (EEA), please click here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080] for a list of local data protection authorities in the countries within the EEA in which we operate.
Note that the rights outlined above only extend to Personal Information.
Failure to Provide Personal Information:
Where we are required by law to collect your Personal Information, or we need to collect your Personal Information under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the Personal Information we need in order to provide the services you have requested from us. In this case, we may have to cancel the provision of the relevant services to you, in which case we will notify you.
- For all Website and App users:
To request access to, or for updates, corrections, changes, or to delete your Personal Information, you can contact us by email at [email protected].
Please note that while we will assist you in protecting your Personal Information, it is your responsibility to protect your passwords and other access credentials from others.
What should you understand about the third party links that may appear on this Website?
In some instances, Chubb may provide links to non-Chubb controlled websites, which Chubb will make reasonable efforts to identify as such. Chubb does not control such third party websites, however, and cannot be responsible for the content or the privacy practices employed by other websites if you click through and leave a Chubb controlled site. Furthermore, Chubb is not responsible for the governing of information collected about you by third party websites or platforms and cannot guarantee the security of the personal data that you provide, or that is collected by such websites. When you leave our websites, we encourage you to read the privacy notice of every website you visit.
Cookies and similar technologies
What additional information should specific users know?
Parents, Guardians, and Children: Our Apps and Websites are intended for visitors who are at least 18 years of age, or the age of majority in their jurisdiction of residence. Chubb does not knowingly solicit information from, or market products or services to, children. If you do not meet the age requirements set out above, please do not enter your Personal Information on this or any other Chubb Websites or Apps.
Users from the US: Chubb does not collect Social Security Numbers through its Websites.
How might Chubb change this Privacy Notice?
As Chubb expands and improves its Websites and its Apps, or as legal requirements change, we may need to update this Privacy Notice. If we decide we need to update this Notice, we will notify you of any changes to the data processing activities described via an alert on the home page of our Website or App before these changes are implemented. The date of the latest version will be identified at the bottom of the Notice.
How can you contact Chubb?
If you have any comments or questions about this Notice or our privacy practices, please contact us at [email protected], or at Oak House, Littleton Rd, Ashford TW15 1TZ
In the event that you are located in the EEA or UK and would like to contact the local Data Protection Officer, please note that in your email to [email protected] and your inquiry will be directed to the appropriate person.
Last Updated: December 2022