Privacy Policy

Privacy Policy

This is our main Privacy Policy and it explains how we use Personal Information collected about individuals as part of our business activities.

We use the words Personal Information to describe information about you and other individuals (for or they are identifiable.  

We strive for responsible and secure handling of Personal Information, balancing the benefits of activities like research and data analytics to improve our products and service delivery, with our other commitments, including fairness, transparency and non-discrimination.  

This Privacy Policy may be supplemented by additional privacy notices:

  1. Collecting Personal Information

Personal information is obtained from a variety of sources, including:

  • application, proposal and claim forms, and other forms;
  • telephone calls, emails, meetings and other communications;
  • service providers, brokers and agents, claims investigators, witnesses, medical professionals, driver and vehicle licensing authorities, credit reference agencies, your employer, and other third parties;
  • this website (the Site);

Unless otherwise indicated, the Site is not intended for use by individuals under the age of eighteen (18), and we request that if you are under eighteen (18) you do not provide Personal Information through the Site.

Personal Information may be provided to us by you directly or by a third party.  For example, an insurance policyholder may provide Personal Information about you so that you can benefit under their insurance policy.

Please note:

Before providing us with Personal Information about another individual you must (unless we agree otherwise): (a) inform the individual about the content of this Privacy Policy and any other applicable privacy notices provided to you; and (b) obtain their permission (where possible) to share their Personal Information with us in accordance with this Privacy Policy and other applicable privacy notices.

  1. Personal Information Collected

The Personal Information we collect and hold depends on our relationship with you, including the type of communications between us and the products and services we provide. Different types of Personal Information will be held if you are a consumer insurance policyholder or claimant, or you have enquired about our services, compared to where you benefit from insurance coverage under an insurance policy taken out by another policyholder

It will often include information relating to: 

  • contact details
  • identification 
  • administration of your insurance policy or claim (which may include medical or health information)
  • finance and banking 
  • marketing preferences

Please refer to the following table for a more detailed reference:

Type of Personal Information

Examples

1. Contact Information

Name, address, email and telephone number

2. General Information

Gender, marital and family status, date and place of birth

3. Insurance and Claim Information

Policy and claim numbers, relationship to policyholder, insured, claimant or other relevant individual, date and cause of property damage, loss or theft, injury, disability or death, activity records (for example, driving records), and other information relevant to insurance policy issuance, and claim assessment and settlement. For liability insurance, this will include details of the dispute, claim or proceedings involving you.

4. Government and other Official Identification Numbers

Social security or national insurance number, passport number, tax identification number, driver’s license number, or other government issued identification number 

5. Financial Information and Account Details

Payment card number (credit or debit card), bank account number, or other financial account number and account details, account log-in information and passwords for accessing insurance policy, claim and other accounts

6. Medical Condition and Health Status

Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history

7. Other Sensitive Information 

Information about religious beliefs, ethnicity, political opinions or trade union membership (for example, if an insurance application is made through a third party marketing partner that is a professional, trade, religious, community or political organization), sexual life and orientation, or genetic or biometric information 

We may obtain information about criminal records or civil litigation history (for example, for preventing, detecting and investigating fraud)

Information provided voluntarily to us (for example, preferences expressed regarding medical treatment based on religious beliefs)  (where collected in accordance with applicable law)

8. Telephone Recordings

Recordings of telephone calls with our representatives and call centers

9. Photographs and Video Recordings

Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises

10. Information to Detect, Investigate or Prevent Crime, including Fraud and Money Laundering

Insurers commonly collect, hold and share information about their previous dealings with policyholders and claimants with the intention of the detection, investigation and prevention of fraud, money laundering and other criminal activities

11. Information Enabling us to Provide Products and Services

Location and identification of property insured (for example, property address, vehicle licence plate or identification number), travel plans, age categories of individuals to be insured, details of the risks to be insured, prior accident or loss history, and cause of loss, status as company officer or director, or partner, or other ownership or management interest in an organisation, history of disputes, civil or criminal proceedings or formal investigations involving you, and information about other insurance held

12. Marketing Preferences, Marketing Activities and Customer Feedback

Marketing preferences, information relating to competition, prize draw or other promotion entry, or responses to voluntary customer satisfaction surveys 

To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications

13. Online Activity Information

We will receive Personal Information about you when you use the Site; this may include your social media account identifier and profile picture, your IP address and other online identifiers (to the extent that they are Personal Information), and other Personal Information that you provide to us online

If you choose to connect your social media account provided by another social media service provider to your account on the Site, Personal Information from your other social media account may be shared with us, which may include Personal Information that is part of your social media account profile, or the profiles of your friends and other connected individuals

14. Supplemental Information from Other Sources

We and our service providers may supplement the Personal Information we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third party commercial information sources, and information from our group companies and business partners). We will use any such supplemental information in accordance with applicable law (including obtaining your consent where required)

  1. Use of Personal Information

We use Personal Information to carry out our business activities.  The purposes for which we use your Personal Information will differ based on our relationship, including the type of communications between us and the services we provide.

The main purposes for which we use Personal Information are to: 

A. Communicate with you and other individuals. 

B. Make assessments and decisions (automated and non-automated, including by profiling individuals) about: (i) the provision and terms of insurance and (ii) settlement of claims and provision of assistance and other services.

C. Provide insurance, claims and assistance services, and other products and services which we offer, including claim assessment, administration, settlement and dispute resolution.

D. Assess your eligibility for payment plans, and process your premium and other payments.

E. Improve the quality of our products and services, provide staff training and maintain information security (for example, for this purpose we may record or monitor phone calls).

F. Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.

G. Carry out research and data analysis, including analysis of our customer base and other individuals whose Personal Information we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business, in accordance with applicable law (including obtaining consent where required).

H. Provide marketing information in accordance with preferences you have told us about (marketing information may be about products and services offered by our third party partners subject to your expressed preferences). We may carry out marketing activities in accordance with your preferences by using email, SMS and other text messaging, post or telephone.

I. Allow you to participate in competitions, prize draws and similar promotions, and to administer these activities. These activities have additional terms and conditions, which will contain more information about how we use and disclose your Personal Information where this is useful to provide you with a full picture of how we collect and use Personal Information, so we recommend that you review those too.

J. Personalize your experience when you use the Site or visit third party websites by presenting information and advertisements tailored to you.

K. Manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; data and website hosting; data analytics; business continuity; records management; document and print management; and auditing.

L. Manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Information.

M. Comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence).

N. Establish, enforce and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, privacy, safety or property, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies and limit our damages.  

The table below is a summary of the types of Personal Information used where necessary in connection with each main purpose described above. Personal Information will only be processed for these purposes where permitted under applicable law. The alphabets A-N refer to the abovementioned purposes and X indicates that such type of data is used for the given purpose.

TYPE

A

B

C

D

E

F

G

H

I

J

K

L

M

N

Contact Information

X

X

X

X

X

X

X

X

X

X

X

X

X

X

General Information

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Education and Employment Information

X

X

X

X

X

X

X

X

X

X

X

X

X

Insurance and Claim Information

X

X

X

X

X

X

X

X

X

X

X

X

X

Official Identification

X

X

X

X

X

X

X

Financial Information

X

X

X

X

X

X

X

X

X

X

X

Medical Information

X

X

X

X

X

X

X

X

X

Other Sensitive Information

X

X

X

X

X

X

X

X

X

Telephone Recordings

X

X

X

X

X

X

X

X

X

X

Photographs and Video Recordings

X

X

X

X

X

X

X

X

X

Information to investigate, detect or prevent crimes such as fraud and money laundering

X

X

X

X

X

X

X

X

X

X

Information enabling us to provide products and services

X

X

X

X

X

X

X

X

X

X

X

X

X

Marketing preferences, activities and customer feedback

X

X

X

X

X

X

X

X

X

X

X

X

X

Online Activity

X

X

X

X

X

X

X

X

X

X

X

X

X

Information from other sources

X

X

X

X

X

X

X

X

X

X

X

X

X

X

  1. Data Sharing and Transfers

In connection with the purposes described, we sometimes need to share your Personal Information with third parties (this can involve third parties disclosing Personal Information to us and us disclosing Personal Information to them).  

These third parties may include:

Type of third party

Examples

Other insurance and insurance distribution parties

Where permitted by applicable law, we may share Personal Information with other third parties, for example, other insurers, reinsurers, insurance and reinsurance brokers, other intermediaries and agents, appointed representatives, distributors, affinity marketing partners and financial institutions, securities firms and other business partners. 

Our service providers

External third party service providers, such as medical and security professionals, accountants, actuaries, auditors, experts, lawyers and other professional advisors; travel and medical assistance providers; call centre service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research, and data analysis service providers; banks and financial institutions that service our accounts; third party claim administrators; document and records management providers; claim investigators and adjusters; construction consultants; engineers; examiners; jury consultants; translators; and other third party vendors and outsourced service providers that assist us in carrying out business activities. 

Government authorities and third parties involved in legal proceedings

We may also share Personal Information with: (a) government or other public authorities (including, but not limited to, workers’ compensation boards, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.

Other third parties

We may share Personal Information with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organizations and providers; travel carriers; credit bureaus; credit reporting agencies; other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our businesses, assets, companies or stock (i.e. company shares).  

Where permitted by applicable law, Personal Information (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to prevent, detect and investigate fraud.  

If you benefit from another party’s insurance policy or service arrangement with us (for example, a policy taken out by your employer), Personal Information relating to the administration of that insurance policy or service may be shared with that other party.

Due to the global nature of our business activities, for the purposes set out above, depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries (including the USA, China, Mexico, Malaysia, Philippines, Bermuda and other countries that have data protection regimes which are different to those in the country where you are based, including countries which have not been found to provide adequate protection for Personal Information by the European Commission).

For example, we may transfer Personal Information in order to process international travel insurance claims and provide emergency medical assistance services when you are abroad.  We may transfer information internationally to our group companies, service providers, business partners, government or public authorities, and other third parties.

When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law. 

  1. Data Security

We use appropriate technical, physical, legal and organizational measures, which comply with data protection laws to keep Personal Information secure.

As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure.  For example, we may use anti-virus protection systems, firewalls, and data encryption technologies.  We have procedures in place at our premises to keep any hard copy records physically secure.  We also train our staff regularly on data protection and information security.

When we engage a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.  

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please immediately notify us.

  1. Duration of Holding Personal Information

We will keep Personal Information for as long as is necessary for the purposes for which we collect it.  The precise period will depend on the purpose for which we hold your information.  In addition, as a regulated financial services institution, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information.

The number of years varies depending on the nature of the product or service provided – for example, for certain insurance policies it may be necessary to keep the Personal Information for several years after the expiry of the policy. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to the policy or the handling of a claim.  Typically, for consumer insurance products, the retention period is seven 7 years.

 

  1. Personal Information Rights

The following is a summary of the data protection rights available to individuals in the European Economic Area (EEA) in connection with their Personal Information. These rights may only apply in certain circumstances and are subject to certain legal exemptions.

If you wish to exercise your rights, please contact us using the details below.

 

Description

When is this right applicable?

Right of access to Personal Information

You have the right to receive a copy of the Personal Information we hold about you and information about how we use it. 

This right is applicable at all times when we hold your Personal Information (subject to certain exemptions)

Right to rectification of Personal Information

You have the right to ask us to correct Personal Information we hold about you where it is incorrect or incomplete.

This right is applicable at all times when we hold your Personal Information (subject to certain exemptions).

Right to erasure of Personal Information

This right is sometimes referred to as 'the right to be forgotten'.  This right entitles you to request that your Personal Information be deleted or removed from our systems and records.  However, this right only applies in certain circumstances.

Examples of when this right applies to Personal Information we hold include (subject to certain exemptions):

• when we no longer need the Personal Information for the purpose we collected it;

• if you withdraw consent to our use of your information and no other legal justification supports our continued use of your information;

• if you object to the way we use your information and we have no overriding grounds to continue using it;

• if we have used your Personal Information unlawfully; and

• if the Personal Information needs to be erased for compliance with law.

Right to restrict processing of Personal Information

You have the right to request that we suspend our use of your Personal Information.  However, this right only applies in certain circumstances. 

Where we suspend our use of your Personal Information we will still be permitted to store your Personal Information, but any other use of this information while our use is suspended will require your consent, subject to certain exemptions.

You can exercise this right if:

• you think that the Personal Information we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Information is in fact inaccurate;

• the processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead;

• we no longer need the Personal Information for the purposes we have used it to date,  but the Personal Information is required by you in connection with legal claims; or

• you have objected to our processing of the Personal Information and we are considering whether our reasons for processing override your objection.  

Right to data portability

This right allows you to obtain your Personal Information in a format which enables you to transfer that Personal Information to another organisation.  However, this right only applies in certain circumstances.

You may have the right to have your Personal Information transferred by us directly to the other organisation, if this is technically feasible.

This right will only apply:

• to Personal Information you provided to us;

• where we have justified our use of your Personal Information based on:

o your consent; or 

o the fulfilment by us of a contract with you; and

• if our use of your Personal Information is by electronic means.

Right to object to processing of Personal Information

You have the right to object to our use of your Personal Information in certain circumstances.  

You can object to our use of your Personal Information where you have grounds relating to your particular situation and the legal justification we rely on for using your Personal Information is our (or a third party's) legitimate interests.

However, we may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims. 

This right is different where it relates to direct marketing.

You can also object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).

Rights relating to automated decision making and profiling

You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances.

This right is not applicable if:

• we need to make the automated decision in order to enter into or fulfil a contract with you;

• we are authorised by law to take the automated decision; or

• you have provided your explicit consent to the decision being taken in this way using your Personal Information.

Right to withdraw consent to processing of Personal Information

Where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent. 

This right only applies where we process Personal Information based upon your consent.  

Right to complain to the relevant data protection authority

If you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator.  If you live or work in an EEA member state, you may complain to the regulator in that state.

This right applies at any time.

Right to provide instructions regarding the management of your Personal Information after your death (only where such right applies under applicable law)

You may have the right to inform us of instructions on how we manage the Personal Information we hold about you after your death.

This right is applicable at all times when we hold your Personal Information (only where such right applies under applicable law).

  1. Data Protection Officer Contact

If you have any questions, concerns or complaints about the way your Personal Information is used by us, you can contact us by email or post using the details below.  

Email: 

Writing: Data Protection Officer, Address.

  1. User and Device Data

In addition to Personal Information, we may collect other information about your use of the Site and the devices you use to interact with us, from which you may not be identifiable, including:

  • internet browser and electronic device information;
  • information collected through cookies, pixel tags and other technologies;
  • demographic information; and
  • aggregated data.

 

We and our third party service providers may collect user and device data in a variety of ways when you use the Site, including:

Method of data collection

Examples

Through your internet browser or electronic device

Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit, pages visited. We use this information to ensure that the Site functions properly.

Using cookies and online tracking

We may use cookies and other online tracking tools (with your consent where required by applicable law). 

Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognize your device and to collect information such as internet browser type, pages visited, language preferences and relevant country website. We may use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Site. In addition, we may use the information to gather statistical information about the usage of the Site in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites. 

You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products.  We do not respond to browser do not track signals at this time.  

Using pixel tags, web beacons, clear GIFs or other similar technologies

We may use pixel tags, web beacons, clear GIFs and other similar technologies with your consent (where required by applicable law).

These may be used in connection with the Site and some HTML-formatted email messages to, among other things, track the actions of users of the Site and email recipients, measure the success of our marketing campaigns and compile statistics about usage of the Site and response rates.

We may use interest-based advertising service providers to customize, target, serve and report on advertisements served across the web, based on information relating to our offline interactions with you, our online interactions with you (on any of your devices) and information received from third parties.  To do this, these service providers may use cookies, pixel tags and other technologies to collect information about your and other users’ use of the Site and third party sites and mobile applications.  They may also use these technologies along with information they collect about your online use, to recognise you across the devices you use, such as a mobile phone and a laptop.  Our service providers may also match personal information we provide to them with your IP address and serve advertisements to you across the web, based on your IP address.

Physical location

Subject to applicable law (and your consent where required by applicable law), we may collect the physical location of your electronic device by, for example, using satellite, mobile/cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. 

Subject to your marketing preferences and applicable law, we may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. 

In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content. 

In some circumstances, physical location information may become your Personal Information if you are identifiable in relation to the physical location information. In such cases, the physical location information will be handled as Personal Information as described in the earlier sections of this Privacy Policy.

Using information provided by you

Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Information, this information does not personally identify you

By aggregating information

We may group information together so that it does not link to a specific individual, i.e. aggregate, and use that information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code).

Please note that, where user and device data is not Personal Information, we may use and disclose that data for any purpose to the extent we are allowed to by law. If we are required to treat user and device data as Personal Information under applicable law, or if we combine user and device data with identifiable Personal Information, then, in addition to the uses listed in this section, we may use and disclose user and device data for all the purposes for which we use and disclose Personal Information.

  1. Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Site link.  The inclusion of a link on the Site does not imply endorsement of the linked site or service by us or by our group companies. 

Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Information you disclose to other organizations through or in connection with the Site.

  1. Updates

This Privacy Policy was last updated on 25/12/2020.

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information.  We will place updates on this website and where appropriate we will give reasonable notice of any changes.