We, HDFC International Life and Re Company Limited ("HDFC International Life and Re Company Limited") are committed to safeguarding the privacy of our clients and protecting personal information that we receive when we provide our services to clients. We are committed to maintaining Data processing practices in accordance with the requirements the Data Protection Law (DIFC Law No. 5 of 2020 as amended from time to time “Data Protection Law”) and the following is our updated Privacy Policy Statement explaining data processing practices about how we collect, process, and share that information. Protecting your privacy is very important to us.
This privacy policy explains how and why HDFC International Life and Re Company Limited, ("we" or "us") collect personal information and how we use it when we provide our reinsurance services.
HDFC International Life and Re Company Limited ("HDFC International Life and Re Company Limited") is the life reinsurer incorporated in the Dubai International Financial Centre ("DIFC") and is regulated by the Dubai Financial Services Authority (“DFSA”) to carry out life reinsurance business in and from the DIFC. Our business consists of both, treaty and facultative reinsurance arrangements of ceding insurers, across a broad range of life insurance products, including Individual Life and Group Life.
In accordance with the Data protection Law, HDFC International Life and Re Company Limited, being the data controller for the purpose of its services, must provide the information on how personal data will be processed. However, we act as a Reinsurer and hence, we are not in direct contact with the Data subject for the purpose of reinsurance services.
This privacy policy notice is designed to provide compliance with all relevant applicable Data Protection laws. HDFC International Life and Re Company Limited acknowledges that certain laws might be modified to require stricter standards than those described in this privacy policy notice, in which case we will ensure compliance with those stricter standards.
HDFC International Life and Re Company Limited will handle personal data in accordance with Data Protection Laws.
Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
As a reinsurer, we need to obtain information about the policies held by customers of the insurance companies we have reinsurance arrangements with, to properly assess the risk associated with reinsuring those insurance policies (individual and group life). This means we may process information about individuals named in an insurance policy, or individuals that are beneficiaries of, or have made claims under an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This privacy policy notice applies to any individual whose personal information we process in the course of providing the services (each a "data subject" or "you").
We may collect your personal information from a variety of sources, such as:
Occasionally we may collect your personal information from a third party, in particular from authorized, regulatory, public sources such as government regulators, industry self-governing bodies, third party AML compliance screening database and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes. If appropriate and required, in these circumstances we will either notify the insurers of our sources or seek your consent through them for use by our regulator.
We do not normally collect personal information from you directly. There are instances where we provide certain tools or prescribed forms to insurers that allow for information supplied by you directly to the insurer to be automatically provided to us. We may also collect personal information if you voluntarily supply it to us, for example by sending us an email.
The type of information we may collect and process from insurers and/or other reinsurers will depend upon the type of insurance policy we are underwriting. It may include any of the below (where permitted by law):
From the information we collect about you, we may also derive or generate further information such as risk assessment ratings. Some of this information is generated through profiling (see the section below at 10).
Some of the categories of information we collect are special categories of personal data (sometimes referred to as "sensitive personal information”). These include:
We use your personal data:
The way we analyse personal information for the purposes of risk assessment, fraud prevention and detection, and to report or communicate to our clients as part of providing the services may involve profiling, which means that we may process your personal information using software that is able to evaluate certain personal aspects about you and calculate/assess risks or outcomes. For example, we may analyse personal information about your lifestyle or health information or medical history to predict the likelihood of a claim being made on your insurance policy.
As we are reinsurer, we do not make any decisions about your ability to buy an insurance policy or the price of insurance. However, the personal information we process (including by profiling) may be shared with your insurance provider and may impact the decisions made by your insurance provider. If you have questions about automated decision making by your insurance provider, you should contact your insurance provider.
We are committed to processing your personal information fairly and lawfully and in transparent manner, only to the extent necessary to achieve the purposes listed above.
We must have a lawful basis to process your personal data. In most cases, our ability to obtain and process your personal data is based on one of the following lawful bases:
If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:
We may share your personal information with third parties under the following circumstances:
You have certain rights regarding your personal information, subject to local law. These include the right to:
Since, in many cases, we receive your data directly from your insurance provider you should contact your insurance provider first if you would like to exercise your rights. We would encourage you to inform your insurance provider if your personal information needs to be corrected or updated (and you may be under a legal duty to do so).
Please note that your insurance provider will likely require additional information from you in order to meet your requests.
As per our adopted data security framework, we implement technical and organizational measures and use only secure processes and systems in accordance with the provisions of the applicable Data Protection Law for the transfer, storage and processing of your data, to ensure an appropriate level of security of your personal data we process, from the identified risks to which the personal data is exposed by virtue of human action or physical or natural environment. These measures are aimed at ensuring the on-going security and confidentiality of personal data. We evaluate these measures on a regular basis to ensure an adequate security of the processing and any such other security measures are introduced from time to time.
We will normally keep your personal data for as long as you have an interest in, or claim against, a policy we are underwriting. Beyond that, we retain personal information for a period of time that reasonably allows us to investigate, commence or defend legal claims brought by or against us or our clients, comply with our regulatory obligations and conduct required analysis. We securely destroy or delete personal data when its retention period has expired.
We may retain aggregated or anonymised data (which is not treated as personal data under this privacy policy notice) for longer.
As a Global reinsurer, your personal information may be transferred to, stored, and processed in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for personal data under Data Protection Law.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected and secured. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.
HDFC International Life and Re Company Limited is the controller responsible for the personal data we collect and process. Other Group entities or support service entities may also be controllers in respect of your personal data, depending on the nature of the services they provide.
If you have questions or concerns regarding the way in which your personal data has been used, please e-mail us at info@hdfclifere.com or call or write to us.
If you would like to exercise a data subject right, you may use the above.
Our Corporate information and address is:
HDFC International Life and Re Company Limited
Regulated by the DFSA
Unit OT 17-30, Level 17,
Central Park, Dubai International Financial
Centre (DIFC),
P.O. Box 114603, Dubai, United Arab Emirates
Board: +971 4 354 6969
HDFC International Life and Re Company Limited’s Data Protection Officer is Mr. Manoj Raman, Head – Customer Relations and Business Systems. If you have any questions or concerns for our DPO regarding the way in which your personal data has been used or on any of your rights as outlined above, please submit a written request to DPO via email at DPO@hdfclifere.com.
Contact Details of Data Protection officer (DPO): Name: Mr. Manoj Raman Address: HDFC International Life and Re Company Limited Regulated by the DFSA Unit OT 17-30, Level 17, Central Park, Dubai International Financial Centre (DIFC), P.O. Box 114603, Dubai, United Arab Emirates E-mail: DPO@hdfclifere.comWe are committed to working with you to obtain a fair resolution of any complaint or concern about this privacy policy notice. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to lodge a complaint with supervisory authority in particular, in the jurisdiction of your residence or place of work or place of alleged infringement, if you consider that the processing of personal data relating to you carried out is not as per the relevant Data Protection Laws.
The provision by you of personal data, as outlined in the section titled “Purpose of processing and lawful basis for processing” is required for us to provide our reinsurance services and so that we can comply with our contractual, tax, legal, regulatory requirements referred above. Where you fail or refuse to provide such personal data to the insurance provider, we may not be able to perform the contract we have entered with them or we may be prevented from complying with our legal and regulatory obligations.
We may modify or update this privacy policy notice from time to time. If we make a major change to this privacy policy notice, we will post a notice about this on our website, and we may ask the insurance companies we work with to notify its customers on our behalf.
You will be able to see when we last updated the privacy policy notice, as it will include a revision date, shown below.