Personal Data Protection Policy and Practices (“the Policy”)
FWD Life Insurance Company (Bermuda) Limited (incorporated in Bermuda with limited liability) ("the Company") is committed to implementation and compliance with the provisions of the Personal Data (Privacy) Ordinance ("the Ordinance"). In this context the Corporate Data Protection Officer is responsible for coordinating and overseeing compliance with the Ordinance and the upholding of the Data Protection Principles set out in the Ordinance.
This Policy applies to all products and services provided by the Company and sets out how the Company may collect, use and disclose your personal information
Personal Information Collection Statement (“PICS”)
1. From time to time, it is necessary for you to supply the Company or agents and representatives acting on its behalf with personal information and particulars in connection with our services and products. Failure to provide the necessary information and particulars may result in the Company being unable to provide or continue to provide these services and products to you.
2. The Company may also generate and compile additional personal data using the information and particulars provided by you. All personal data collected, generated and compiled by the Company about you from time to time is collectively referred to in the PICS as "Your Personal Data".
3. "Your Personal Data" will also include personal data relating to your dependents, beneficiaries, authorised representatives and other individuals in relation to which you have provided information. If you provide personal data on behalf of any person you confirm that you are either their parent or guardian or you have obtained that person's consent to provide that personal data for use by the Company for the purposes set out in the PICS.
4. As detailed in this PICS, Your Personal Data may also be processed by the Company's subsidiaries, holding companies, associated or affiliated companies and companies controlled by or under common control with the Company (collectively, "the Group")
5. The purposes for which Your Personal Data may be used are as follows:
(i) providing our services and products to you, including administering, maintaining, managing and operating such services and products;
(ii) processing, assessing and determining any applications or requests made by you in connection with our services or products and maintaining your account with the Company;
(iii) developing insurance and other financial services and products;
(iv) developing and maintaining credit and risk related models;
(v) processing payment instructions;
(vi) determining any indebtedness owing to or from you, and collecting and recovering any amount owing from you or any person who has provided any security or other undertakings for your liabilities;
(vii) exercising any rights that the Company may have in connection with our services and/or products;
(viii) carrying out and/or verifying any eligibility, credit, physical, medical, security, underwriting and/or identity checks in connection with our services and products;
(ix) any purposes in connection with any claims made by or against or otherwise involving you in respect of any of our services or products, including, making, defending, analysing, investigating, processing, assessing, determining, responding to, resolving or settling such claims, detecting and preventing fraud (whether or not relating to the policy issued in respect of this application);
(x) performing policy reviews and needs analysis (whether or not on a regular basis);
(xi) meeting disclosure obligations and other requirements imposed by or for the purposes of any laws, rules, regulations, codes of practice or guidelines (whether applicable in or outside Hong Kong) binding on the Company or any other member of the Group, including making disclosure to any legal, regulatory, governmental, tax, law enforcement or other authorities (including for compliance with sanctions laws, the prevention or detection of money laundering, terrorist financing or other unlawful activities) or to any self-regulatory or industry bodies such as federations or associations of insurers;
(xii) for statistical or actuarial research undertaken by the Company or any member of the Group; and;
(xiii) fulfilling any other purposes directly related to (i) to (xii) above;
6. Your Personal Data will be kept confidential, but to facilitate the purposes set out in paragraph 5 above, the Company may transfer, disclose, grant access to or share Your Personal Data with the following:
(i) other members of the Group;
(ii) any person or company carrying on insurance-related and/or reinsurance-related business which is engaged by the Company in connection with the Company's business;
(iii) any physicians, hospitals, clinics, medical practitioners, laboratories, technicians, loss adjustors, risk intelligence providers, claims investigators, organizations that consolidate claims and underwriting information for the insurance industry, fraud prevention organizations, other insurance companies (whether directly or through fraud prevention organizations or other persons named in this paragraphs), the police and databases or registers (and their operators) used by the insurance industry to analyze and check information provided against existing information, legal advisors and/or other professional advisors engaged in connection with the Company's business;
(iv) any agent, contractor or service provider providing administrative, distribution, credit reference, debt collection, telecommunications, computer, call centre, data processing, payment processing, printing, redemption or other services in connection with the Company's business; and/or
(v) any official, regulator, ministry, law enforcement agent or other person (whether within or outside Hong Kong) to whom the Company or another member of the Group is under an obligation or otherwise required or expected to make disclosures under the requirements of any law, rules, regulations, codes of practice or guidelines (whether applicable in or outside Hong Kong).
7. Your Personal Data may be transferred or disclosed to any assignee, transferee, participant or sub-participant of all or any substantial part of the Company's business.
8. The Company is only allowed to (i) use Your Personal Data in direct marketing; or (ii) provide Your Personal Data to another person or company for its use in direct marketing, if you provide your consent or do not object in writing.
9. In connection with direct marketing, the Company intends:
(i) to use your name, contact details, services and products portfolio information, financial background and demographic data held by the Company from time to time in direct marketing to market the following classes of services and products offered by the Company, other members of the Group and/or Our Business Partners (being providers of the product and services described below) from time to time:
a. insurance services and products;
b. wealth management services and products;
c. pensions, investments, brokering, financial advisory, credit and other financial services and products;
d. health-check and wellness services and products;
e. media, entertainment and telecommunications services;
f. reward, loyalty or privileges programmes and related services and products; and
g. donations and contributions for charitable and/or non-profit making purposes; and
(ii) to provide your name and contact details to any members of the Group and/or Our Business Partners for their use in direct marketing the classes of services and products described in paragraph 9(i) above (including, in the case of Our Business Partners, for money or other commercial benefit).
The Company intends to send you marketing communications or materials and use Your Personal Data in accordance with paragraphs 8 & 9 above. If you do NOT agree to receive such marketing communications or the Company’s intended use of Your Personal Data, you may write to the Corporate Data Protection Officer of the Company at the address below to opt out from direct marketing at any time.
10. To facilitate the purposes set out in paragraphs 5 and 9 above, the Company may transfer, disclose, grant access to or share Your Personal Data with the parties set out in paragraphs 6 and 9(ii) and you acknowledge that those parties may be based outside Hong Kong and that Your Personal Data may be transferred to places where there may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the Ordinance.
11. Under the Ordinance:
(i) you have the right to request access to Your Personal Data held by the Company and request correction of any of Your Personal Data which is incorrect; and
(ii) the Company has the right to charge you a reasonable fee for processing and complying with your data access request.
12. Requests for access to or correction of Your Personal Data should be made in writing to the Corporate Data Protection Officer of the Company at the address below.
13. The Company reserves the right, at any time effective upon notice to you, to add to, change, update or modify the PICS.
Accuracy of Personal Information
The Company will ensure the accuracy of all personal data collected and processed by the Company. Appropriate procedures are implemented so that all personal data is regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by the Company consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.
The Company will at all times endeavour to ensure the accuracy of personal data held by the Company, and if such personal data is transferred to third parties, it will notify that third party of any correction to be made.
Retention of Personal Information
No personal data is kept for longer than is necessary and that the Company will comply with all statutory and regulatory requirements in the Hong Kong Special Administrative Region concerning the retention of personally identifiable information.
For the Company’s mobile app, namely FWD e-Services (“the App”), membership registration data of data subject will be deleted within 14 days after termination of membership of the App.
The Company will ensure an appropriate level of protection for personal data in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of the Company to achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data and personal data is only transmitted by secure means.
In addition, the Company takes prudent security measures to ensure personal data collected via the App are stored and transmitted under protection.
(i) For mobile app development, the App is developed by secure coding and annual penetration testing is conducted by third party security professionals.
(ii) The personal data collected via the App is stored in an encrypted database.
(iii) Data transfers between the Company and the App are made in SSL secured connection and valid session key management is in place to ensure unauthorized access is restricted and prevented.
(iv) A multi-layered defense system is used in the Company’s data centre to secure transmission and ensure effective data protection is in place.
The Company’s website may include hyperlinks to third party websites. The Company has no control over the content, accuracy, opinion expressed, and other links provided at these third party websites or how these third party websites deal with your personal data. You should visit these third party websites for details of their privacy policies in relation to their handling of your personal data.
The Company may use "cookies" to improve our internet service to you. Cookies are small data files that are automatically stored on your web browser in your computer that can be retrieved by the Company’s website. Cookies enable the Company’s website to remember you and your preferences when you visit the website and enable us to tailor the website to your needs. The information collected by cookies is anonymous visitor’s personalised settings information and contains no name or address information or any information that will enable anyone to contact you via telephone, e-mail or any other means. No customer personal data is stored in cookies. However, you can disable cookies by changing the settings of your web browser.
In case of discrepancies between the English and Chinese versions, the English version shall apply and prevail.
Further enquiries regarding the Company's Personal Data Protection Policy and Practices may be directed to:
The Corporate Data Protection Officer
1st Floor, FWD Financial Centre,
308 Des Voeux Road Central, Hong Kong
Telephone : (852) 3123 3123