skip to main content

Chubb European Group SE (“Chubb”) with its offices in Denmark at Kalvebod Brygge 45, 2. Sal, 1560 København V, values its employees and respects and protects their privacy. 

This employee data privacy notice ("Notice") sets out the types of information that Chubb, as data controller, collects about you, the purposes for which it is collected, the basis on which we process it and how Chubb handles your personal data. It is intended to comply with our obligations to provide you with information about Chubb's processing of your personal data under applicable privacy laws.  

This Notice principally applies to current employees even after the end of their employment but, where relevant, it also applies to workers, job applicants, interns, agency workers, consultants directors, and third parties whose information is provided to us in connection with the employment or work relationship (for example, referees or emergency contact information). Where we use the term employee or employment then for the purpose of this notice that includes those who work for us on a basis other than employment to the extent it is relevant but this does not in any way indicate that the individual is an employee of Chubb.

This Notice does not form part of any contract of employment and does not confer any contractual right on you, or place any contractual obligation on us. We may update or otherwise amend this Notice at any time. 

If you have any questions regarding the processing of your personal data or if you believe your privacy rights have been violated, please contact dataprotectionoffice.europe@chubb.com . If you are aware of an unauthorised disclosure of data, please also refer this to us for guidance as to the applicable reporting requirements. 

Overview 

Chubb collects and uses personal details which you provide as part of the recruitment and onboarding processes, together with additional personal data collected throughout the course of your employment or engagement (for instance, in relation to performance reviews, disciplinary processes and participation in voluntary benefit schemes).

The personal data Chubb collects is used primarily for the recruitment process, managing the workforce and complying with contracts of employment.  The data may be stored in systems based around the world, and may be processed by third party service providers acting on Chubb's behalf.

We need your data in order to commence, perform and terminate your employment and for performing the related contractual or statutory obligations. Without this data we will not be able to enter into a contract with you or to perform our obligations under such contract.

It is our policy to comply with our obligations under the European General Data Protection Regulation (“GDPR”) and local legislation, namely the Danish Data Protection Act (Act no. 502 of 23 May 2018). But you also have an important role to play in protecting the security of personal data, and you should be careful to whom you disclose personal data, and how you protect your communications and devices. Please refer to the Chubb Global Information Security Policy and the Global Information Security and Privacy Policy and Guidelines for more information about your responsibilities. 

You also have certain rights in respect of your personal data, which you can exercise by contacting us using the contact details below. 

Email:  dataprotectionoffice.europe@chubb.com

Write to: 

Data Protection Officer, 

Chubb, 100 Leadenhall Street, 

EC3A 3BP, London 

Types of personal data that Chubb processes 

"Personal data" refers to information which relates to an identified or identifiable natural person. An identifiable natural person is an individual who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. Personal data includes, for example, your contact details and your date of birth.

Chubb processes your personal data. In this context, “processing” means dealing with the data in any way, such as using, disclosing or destroying it.

The types of personal data which we process will vary depending on your role, your location and any terms and conditions of employment or engagement relevant to you.  Typically, the types of personal data will include, for example, your personal and basic work details and details of your remuneration and benefits.

The types of personal data which we process will include, but may not be limited to, the following:

  • Your Personal Details - for example your name, date of birth, national identification number (CPR.no), gender, personal contact details, emergency contact/next of kin details, immigration and eligibility to work data and languages spoken;
  • Basic Work Details - for example your work contact details (corporate email address and telephone numbers), employee number, photograph, job title, job description, assigned business unit or group, reporting lines, primary work location, working hours and your terms and conditions of employment;
  • Professional Qualifications and Regulatory Data - where applicable, including certifications and unique regulatory identifiers;
  • Recruitment/Selection Data - for example, any personal data contained in your CV, application form, record of interview or interview notes, records of assessments and vetting and verification documentation;
  • Remuneration and Benefits Data - for example, details of your pay and benefits package, bank account details, grade, social security number, health insurance details tax information and third party benefit recipient information;
  • Criminal Records Data - where permitted under local law in relation to recruitment for specific roles;
  • Leave Data - for example your holiday and family related leave records;
  • Incapacity Data - for example, any personal data contained in your absence records, medical forms, reports or certificates and records relating to accommodations or adjustments;
  • Disciplinary and Grievance Data - for example, any personal data contained in records of allegations, investigations and meeting records and outcomes; 
  • Performance Management Data - for example, colleague and manager feedback, appraisals, outputs from talent programmes and formal and informal performance management processes;
  • Equality and Diversity Data - where permitted under local law, data regarding gender, age, race, nationality, religious belief and sexuality (stored anonymously for equal opportunities monitoring purposes);
  • Training and Development Data - data relating to training and development needs or training received;
  • Monitoring Data - where permitted under local law, identifiable images contained in CCTV footage, system and building login and access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters; 
  • Health and Safety Data - personal data in audits, risk assessments and incident reports;
  • Employee Claims, Complaints and Disclosures Data - personal data in the subject matter of employment based litigation and complaints, employee involvement in incident reporting and disclosures;
  • Termination Data - for example, dates and reason for leaving, termination arrangements and payments, exit interviews and references;
  • Any other personal data which you choose to disclose to Chubb personnel during the course of your employment, whether verbally or in written form (for example, on work emails). 

Sources of personal data

Primarily the personal data we process about you will have been provided by you, either during your application for employment or engagement, the onboarding process, or on an ad hoc basis during the course of your employment or engagement. This will especially include your personal and basic work details as well as equality and diversity data.

During the recruitment process, we may request references from third parties, and carry out screening and vetting processes using third party sources. Prior to obtaining such references we will request your written consent. 

We also receive information which may include your personal data from your line manager (for example, in respect of performance reviews) or, from time to time, from other managers or colleagues (for instance, in the course of conducting an investigation). 

We may also receive personal data about you from other third parties, for example clients, brokers and regulatory bodies.

In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems and email and Internet access logs), if and to the extent permitted by applicable laws.  In these circumstances, the data may be collected by Chubb or a third party provider of the relevant service.  This type of data is generally not accessed on a routine basis but access is possible.  Access may occur, for instance, in situations where Chubb is investigating possible violations of Chubb policies such as those relating to travel and expense reimbursement, use of the Internet, or employees conduct generally, or where the data are needed for compliance purposes.  More frequent access to such data may occur incidental to an email surveillance program, if and to the extent permitted by applicable laws. Chubb will not use any such collected data for any purpose other than explicitly stated in this Notice.

Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated.  Failure to provide any mandatory information will mean that we cannot carry out certain HR processes.  For example, if you do not provide us with your bank details, we will not be able to pay you.  In some cases, it may mean that we are unable to continue with your employment or engagement as Chubb will not have the personal data we believe to be necessary for the effective and efficient administration and management of our relationship with you.

Apart from personal data relating to yourself, you may also provide Chubb with personal data of other third parties, notably your referees, dependents and other family members or friends, for purposes of HR administration and management, including employment verification, the administration of benefits and to contact your next of kin in an emergency.  Before you provide such third party personal data to Chubb you must first inform these third parties of any such data which you intend to provide to Chubb and of the processing to be carried out by Chubb, as detailed in this Notice.

Please contact us if you have any questions regarding the source of your personal data or would like more detail than is set out in this Notice. 

Purposes of Processing and legal basis for processing 

We process your personal data for recruitment decisions, the performance of the employment contract and the termination of the employment relationship. 

Whenever we process your personal data, we do so on the basis of a lawful "condition" for processing. The processing of your personal data by us will primarily be justified because it is necessary to give effect to the employment contract (Article 6.1. (b).

Apart from that, the processing of your personal data can be justified because:

  • you have given your consent for one or more specific purposes (Article 6 1. (a) GDPR);
  • it is necessary for us to comply with a legal obligation (Article 6 1. (c) GDPR) (for example, disclosing tax data to the tax authorities, compliance with health and safety or employment laws or compliance with statutory payment or record keeping obligations); or
  • where it is in our legitimate interests as a business and as your employer, and our interests are not overridden by your interests, fundamental rights or freedoms (Article 6 1. (f) GDPR) (for example, succession planning).

The purposes for which we process your personal data are to: 

 

Purposes for processing

Lawful basis

a) 
  • to assess applications for employment and make recruitment decisions;
  • to investigate and respond to concerns about your conduct or performance or other issues arising during your employment.
  • manage day-to-day aspects of employment, including:
  • paying fees, salary, reimbursable expenses and bonuses and distributing stock awards;
  • providing and administering benefits;
  • planning and allocating work and measuring working hours;
  • creating and maintaining records relating to your absence from work and calculating and administering any related payments (including for sickness, parental leave, discretionary leave, holidays, sabbaticals etc.);
  • creating and maintaining training records and administering training and development programmes;
  • addressing occupational health issues, incapacity at work and making reasonable adjustments;
  • setting work objectives and reviewing and reporting on and managing your performance at work;
  • responding to and resolving grievances whether from you or other employees;
  • conducting disciplinary investigations processes and making related decisions; and
  • managing professional certifications / licences and liaising with regulatory bodies on your behalf;
  • review eligibility to work;
  • bring you on-board and create an employee record on our HR IT system;
  • management and development of talent and succession planning;
  • workforce planning and planning and implementing business change programmes, restructures or redundancy exercises including to develop a business case, programme planning, facilitation of appropriate selection and redeployment decision making and managing an effective and efficient process;
  • make decisions on continuation of employment or engagement and administer terminations and provide references;
  • maintain emergency       contact             and beneficiary details;
  • Process the selection of flexible benefits to ensure benefits for special needs
  • investigate and respond to complaints from clients and brokers;
  • budgeting, financial review and internal business reporting;
  • internal directories to facilitate contact and effective working and communication;

This processing is necessary to take steps at the applicant's request to enter a contract of employment or to give effect to the performance of the contract (Article 6 1(b) GDPR)

b)  
  • Transfer personal data regarding salary payments to the Danish tax authorities (SKAT) for the purpose of calculation of taxable income and – in some cases – to the Danish Public Benefit Agency (Udbetaling Danmark) or applicable municipality in the event of scheduling and handling of
  • parental leave or receiving public benefits;
  • Process your CPR-number (social security number) in order to provide information to tax authorities (SKAT) and pay out salary to your personal account (Nem-Konto)

This processing is necessary for the compliance with legal obligations to which Chubb is subject.

c)  
  • where authorised by law and required for your role, seek criminal record disclosure and carry out credit and employment history checks;

This processing is based on your consent 

 

d)  
  • to create IT and building access rights;
  • monitor            employee         use       of             IT        and communications, consistent with the law and with Chubb internal policies;
  • maintaining security of our sites, systems, employees and visitors;
  • due diligence processes in relation to any potential corporate transaction or TUPE transfer which may be relevant to your role;
  • exercise our rights to defend, respond to or conduct prospective or actual legal claims or proceedings whether in relation to you or a third party;
  • tendering for client work and the effective management and delivery of client work and relationships including compliance with client contracts.

This processing is subject to the purpose of the legitimate

interests pursued by Chubb.  Chubb considers that it has a legitimate interest in effective employee management to support its long term business goals and outcomes, including monitoring your account to ensure that fraudulent actions or security breaches are limited. We further reserve the right to monitor your use of IT for the purpose of protecting our sensitive business information.

 

Please note that this not an exhaustive list and we may process your personal data for other purposes that are consistent with the legal basis on which we process your personal data.  

Special categories of personal data  

To the extent permitted by applicable laws, Chubb may also collect and process a limited amount of personal data falling into special categories.  Within this category, Chubb collects and records information relating to health (including details of accommodations and adjustments) as permitted by applicable laws.  We may also process information relating to sexual life, sexual orientation, racial or ethnic origin, trade union membership, political opinions or religious or philosophical beliefs, only where you provide this to us and as permitted by applicable laws.

Where we process special categories of personal data, this will always be justified on the basis of an additional lawful condition.

The processing of special categories of personal data (for example, data relating to health, sexual life, sexual orientation, racial or ethnic origin, trade union membership, political opinions or religious or philosophical beliefs) will be justified by one of the following special conditions:

  • the processing is necessary for the purposes of carrying out obligations under employment law, social security law and for social protection, if there is no reason to believe that your legitimate interests for excluding the processing of your personal data prevail (Article 9 2. (b) GDPR) (for example, complying with health and safety rules, statutory sick pay, making reasonable adjustments for someone with a disability or ensuring any dismissal is fair);
  • the processing is voluntary and is carried out subject to your explicit consent for one or more specific purposes (Article 9 2. (a) GDPR) (for example if you wish to participate in an additional support programme or benefit related to incapacity or health promotion). If we are relying on consent we will be clear about this and will not rely on consent if there is another relevant lawful condition;
  • the processing is necessary for the establishment, exercise or defence of legal claims (Article 9 2. (f) GDPR) (whether a claim is made by you or a third party); 
  • the processing is necessary for an assessment of your working capacity carried out by a health professional (Article 9 2. (h) GDPR) (for example, an occupational health report); 
  • the processing is necessary for reasons of substantial public interests authorised by local law (Article 9 2. (g) GDPR) (for example, preventing or detecting unlawful acts or equal opportunities monitoring where permitted by local law); or
  • in exceptional circumstances, the processing is necessary to protect your vital interests and you are incapable of giving consent (Article 9 2. (c) GDPR) (for example in a medical emergency). 

This may include the following, although this is not an exhaustive list 

 

Purposes for processing

Lawful basis

a) 
  • conduct an equal opportunities monitoring programme;

 

This processing is based on your consent 

 

b)  
  • manage health and safety at work and

investigate and report on incidents;

 

the processing is necessary for the purposes of carrying out obligations under employment law, social security law and for social protection, if there is no reason to believe that your legitimate interests for excluding the processing of your personal data prevails (Article 9 2. (b) GDPR)

We may seek your consent to certain processing which is not otherwise justified under one of the above bases. If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit.  Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent.  You should be aware that it is not a condition or requirement of your employment or engagement to agree to any request for consent from Chubb. 

Retention of personal data 

We only retain employee personal data for as long as is required to satisfy the purpose for which it was collected by us or provided by you. We will therefore generally retain your personal data as a minimum for the duration of your employment with us.

In certain cases, legal or regulatory obligations (for example in the case of tax related matters) require us to retain specific records for a set period of time, including following the end of your employment. In the case of tax related matters we are for example obliged to keep data concerning your remuneration for up to five years.

For more information about Chubb's data retention practices, including in respect of employee records and applicants’ records, please refer to the Chubb Records Management Policy

Disclosures of personal data 

Internally your direct and indirect line managers, HR professionals supporting your work area and in some cases certain colleagues will have access to some of your personal data where relevant to their role. 

We routinely share your personal data with other members of the Chubb group where required in order to, for example, run global processes, carry out group wide reporting, or assist with workforce planning. 

Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other staff.  

We may also be required to disclose your personal data to third parties. This will include suppliers which help us provide HR services, tax or other authorities, a regulator or a professional adviser.

Examples of third parties with whom your data may be shared include tax authorities, medical/occupational health professionals, regulatory authorities, law enforcement and regulatory bodies, Chubb's insurers, bankers, IT administrators, lawyers, accountants, data centre providers, doctors or other healthcare providers, auditors, notaries, investors, lenders, training providers, landlords, office access providers, social media and marketing suppliers, consultants and other professional advisors, payroll/tax providers, and administrators of Chubb's benefits programs.  Your personal data is also accessed by third parties whom we work together with in connection with IT services, such as hosting, supporting and maintaining the framework of our information systems.

Chubb expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.  Where these third parties act as a "data processor" (for example, a payroll provider), they carry out their tasks on our behalf and upon our instructions for the above mentioned purposes.  In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services. 

We may also share limited information with clients where you are part of a client team or proposed team in a tender process.

We use a number of third party suppliers to help us provide HR services. These third parties may have access to or merely host your personal data, but will always do so under our instruction and subject to a contractual relationship.

Some third parties to whom we may provide personal data, for instance private health insurance or occupational health providers or professional advisers or regulators, are data controllers in their own right, and you should refer to their own privacy notices and policies in respect of how they use your personal data. 

We may also be required to disclose your personal data to third parties in response to orders or requests from a court, regulators, government agencies, parties to a legal proceeding or public authorities, or to comply with regulatory requirements or as part of a dialogue with a regulator.

Your personal data may also be disclosed to advisors, potential transaction partners or interested third parties in connection with the consideration, negotiation or completion of a corporate transaction or restructuring of the business or assets of any part of the Chubb group. 

Please contact us if you have any questions regarding recipients of your personal data or would like more detail than is set out in this Notice.

Cross-border Transfers 

The global nature of our business means that your personal data may be disclosed to members of the Chubb group outside of the EEA. Certain suppliers and service providers may also have personnel or systems located outside of the EEA, mainly in the USA. As a result, your personal data may be transferred to countries outside of the country in which you work to countries whose data protection laws may be less stringent than yours.

In this context, your personal data may be transferred outside the European Economic Area (EEA) for the purposes set forth in this Notice, to countries that may not offer a level of protection of personal data equivalent to that offered within the EEA.

The Chubb group has an intra-group data transfer agreement in place which regulates crossborder transfers of your personal data within the group. Where third parties transfer your personal data outside of the EEA, we will take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes. All third party transfers outside the EEA is subject to the Standard Contractual Clauses of the EU Commission. 

You have a right to request a copy of any data transfer agreement under which your personal data is transferred, or to otherwise have access to the safeguards used by contacting us. Any data transfer agreement made available to you may be redacted for reasons of commercial sensitivity.  

Data Subject Rights 

You have a number of rights, which include the following:

  • to request access to any personal data that we hold about you or, in some cases, to obtain a portable copy of it or have it transferred to a third party;
  • to ask to have inaccurate data amended;
  • to erase or restrict the processing of personal data in limited circumstances;
  • to withdraw your consent to the processing of your personal data at any time in those rare circumstances where we have relied on your consent as the justification for the processing (please note that a withdrawal will not affect the lawfulness of the processing made up until that point). 

Right to object to processing justified on legitimate interest grounds where we are relying upon legitimate interests to process data, then you have the right to

object to that processing.  If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that

override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims.  Where we rely upon

legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

In addition to the above, you have the right to lodge a complaint with the supervisory authority. This is Datatilsynet, Borgergade 28, 5, 1300 Copenhagen. The email address is dt@datatilsynet.dk

If you wish to investigate the exercising of any of these rights, please contact our Data Protection Officer on dataprotectionoffice.europe@chubb.com

You have the following rights in respect of your personal data:

  • to request a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to ask us to rectify inaccurate personal data (including the right to have incomplete personal data completed); 
  • to ask us to erase your personal data in limited circumstances, for example where it is no longer necessary in relation to the purposes for which it was collected or processed;  to restrict processing of your personal data where: 
    • the accuracy of the personal data is contested while steps are taken to correct or complete it or verify the accuracy;
    • the processing is unlawful but the erasure of the personal data is not appropriate;
    • we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim;
  • to object to processing which we have justified on the basis of a legitimate interest in which case the relevant processing will only continue where we have compelling legitimate grounds for the processing;
  • to obtain a portable copy of those parts of your personal data where we rely on consent or performance of the contract as the justification for processing, or to have a copy of that personal data transferred to a third party controller; and
  • to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA (see Cross-border Transfers).  

Data Protection Officer 

Chubb has a Data Protection Officer who is responsible for Chubb’s European region’s compliance with data protection law.

You may contact Chubb's Data Protection Officer or their office securely and confidentially at any time if you have general concerns about the processing of your personal data, or any data protection issue. The DPO's email address is dataprotectionoffice.europe@chubb.com