BHSIC is committed to protecting the “Personal Data” of the individuals we encounter in conducting our business. “Personal Data” is any information of any type, irrespective of the type of medium involved, including sound and image, relating to an identified or identifiable natural person. This Privacy Policy explains how and why BHSIC, its representatives, distributors, reinsurers and authorized administrators (“we” “us” “our”) handle the Personal Data of customers, potential customers, claimants, insureds and policyholders (“you” “your”). Our policies and procedures have been designed to ensure that your Personal Data is protected. This Privacy Policy is designed to assist you in understanding why and how BHSIC collects and uses your Personal Data, to whom such data is disclosed and to whom data access requests can be addressed.
PLEASE READ THIS PRIVACY POLICY CAREFULLY. THIS PRIVACY POLICY MAY BE MODIFIED FROM TIME TO TIME.
BHSIC Personal Data Protection Principles
The very nature of BHSIC’s business is such that the collection, use and disclosure of personal information is fundamental to the products and services we provide. We work hard to respect and maintain personal privacy and accordingly align this policy with the Personal Data Protection Act, Law No. 8/2005 (“PDPA”) when collecting, holding, processing or using Personal Data in Macau. We are equally committed to ensuring that all our employees and agents uphold these obligations. BHSIC follows the below principles following principles with respect to your Personal Data:
Principle 1 – Collection of Personal Data
We will only collect Personal Data that is necessary for and directly related to our provision of insurance products and services (including, but not limited to processing your insurance application, arranging a contract of insurance with you, managing your account with us or handling a claim made under a contract of insurance) and the other purposes of our collection of Personal Data as set out in our Personal Information Collection Statement (“Primary Purpose”).
We will only collect Personal Data by lawful and fair means. Personal Data is collected when you complete an insurance proposal form, make a claim under a contract of insurance with us, or when you use or visit our website and submit other information (including Personal Data) to us.
Some information is collected automatically when you visit our website because your IP address needs to be recognized by the server. We may use the IP address information to monitor and analyze how parts of our website are used.
We may use cookies for a number of purposes as set out in our website terms of use. Our cookies will track only your activity relating to your online activity on our website and will not track your other internet activity. Our cookies do not gather personally identifiable information. Please refer to our website terms of use for our policy on the use of cookies.
At or before the time we collect Personal Data from you, we will take practical steps to ensure you are aware of: a) the purposes for which the Personal Data is collected and used; b) the classes of persons to whom we may transfer the Personal Data; c) whether it is obligatory or voluntary for you to provide the Personal Data; d) if it is obligatory for you to provide the Personal Data, the consequences for you if Personal Data is not provided; e) your rights to request access to and to request the correction of the Personal Data; and f) the name and address of the individual to whom any such request may be made.
Due to the global nature of our business, for the purposes set out in this Privacy Policy, we may transfer Personal Data to parties located in other countries that may have a different data protection regime than is found in Macau. Personal Data collected in Macau by BHSIC may be transferred to parties which may be located in Macau or overseas, such as to other BHSIC branches; BHSIC secure data centers; BHSIC affiliates, reinsurers, lawyers, auditors, service providers and business partners; governmental or regulatory authorities; providers of risk intelligence for the purpose of customer due diligence or anti-money laundering screening, in order to carry out the purposes, or directly related purposes, for which the Personal Data was collected. Where such a transfer is performed, it will be done in compliance with this Privacy Policy and the applicable law.
Principle 2 – Use of Personal Data
We will only use Personal Data for a purpose other than the Primary Purpose of collection (a “Secondary Purpose”) if: a) the Secondary Purpose is directly related to the Primary Purpose of collection; or b) you consent to the use or disclosure; or c) the Secondary Purpose is direct marketing and we will give you the express opportunity at the time of first contact to decline to receive any further direct marketing communications; or d) any of the relevant exemptions under the PDPA apply.
We may share Personal Data we have collected with the persons set out in our Personal Information Collection Statement.
Principle 3 – Data Quality
We will take practical steps to ensure that the Personal Data we collect, use or disclose is accurate, complete and up to date, having regard to the purpose (including any directly related purpose) for which the Personal Data is or is to be used. Please refer to Principle 6 below for details on how you can obtain and correct any Personal Data relating to you that we may hold.
We will retain your Personal Data for only as long as is necessary for the purposes set out in Principles 1 and 2 above as well as for purposes set out in the below Personal Information Collection Statement in compliance with all statutory and regulatory requirements in Macau concerning the retention of personally identifiable information. We will take reasonable steps to destroy or permanently de-identify Personal Data if it is no longer needed for such purposes.
Principle 4 – Data Security
We will take all practical steps to ensure that Personal Data we hold is protected against unauthorized or accidental access, processing, erasure or other use. We provide a highly secure online infrastructure for activities conducted via our website, including SSL (secure socket layer) encryption, IDS (intrusion detection system) and the use of firewalls and anti-virus software. We also adopt stringent security procedures with the use of user ID and passwords, time stamping and audit trails for all transactions, together with a dedicated internal transaction security policy. Our online infrastructure is closely monitored and maintained, with data backup and data recovery procedures and mechanisms.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us.
Principle 5 – Openness
We have clearly expressed policies and practices on our management of Personal Data. These policies are set out in this Privacy Policy and in our Personal Information Collection Statement, which we make available to anyone who requests it.
Principle 6 – Access and Correction
Under the PDPA, you have the right (subject to certain exemptions) to:
Subject to certain exemptions under the PDPA, we will grant access to and correct Personal Data as requested by you. If we hold Personal Data about you and you are able to establish that the Personal Data is not accurate, complete and up to date, we will take reasonable steps to correct your Personal Data so that it is accurate, complete and up to date. We will provide reasons for any denial of access or a refusal to correct Personal Data.
Your requests to access or correct your Personal Data will be actioned within 40 days of our receipt of your request and copies of the requested Personal Data or Personal Data so corrected will be posted to your current address.
Direct Marketing
We may use some of the Personal Data we collect to send marketing material to our customers, but only in accordance with the PDPA. If we intend to use your Personal Data for direct marketing purposes or provide your Personal Data to third parties for direct marketing purposes, we will inform you of that in the Personal Information Collection Statement at the time we collect your personal data. We will provide you an opportunity to opt out of receiving direct marketing materials at that time. If you don’t opt out at that time but later decide you no longer wish to receive direct marketing, you may ask us to further cease any direct marketing by contacting us at the address below.
Practical Steps
If you would like to access a copy of your personal data, correct or update your personal data, or have a complaint or want more information about how BHSIC manages your personal data, please contact BHSIC’s Privacy/Compliance Officer at [email protected].
October 2016