Privacy Policy

 

1. Introduction
2. Data Collection
3. Type of Data Collected
4. Information Use
5. Legal Requirements
6. Information Sharing
7. Data Storage
8. Data Protection
9. Data Subject Rights
10. Complaints
11. Data Breaches
12. Administration

 

1. INTRODUCTION

Caribbean Alliance Insurance Company Limited (“CAIC”) takes its responsibility to protect personal data it collects very seriously and is committed to ensuring that all personal data obtained will be processed according to legally compliant standards of data protection and data security.

This privacy policy sets out what data CAIC collects, its intended use as well as how we process and protect such data.

This policy is issued on behalf of CAIC.  When we mention “we”, “us” or “our”, we mean CAIC.

 

2. DATA COLLECTION

In order to be able to provide our clients with insurance services, CAIC requires to collect and process personal data to assist in understanding the needs of customers and other stakeholders, and to be able to provide the most appropriate service with the greatest level of efficiency. This makes CAIC the data controller for the purposes of processing the personal data obtained.

3. TYPE OF DATA COLLECTED

If a customer is enquiring about, or applying for an insurance policy CAIC may collect the following:

• Name, address, date of birth, country of birth and gender
• Contact details
• Financial/payment information
• Information relating to your identity
• Employment details
• Information about you, as part of performing the necessary checks
• Sensitive personal data including criminal records and medical records
• Any other information relevant to your insurance application
• Closed circuit television footage if CAIC buildings are accessed

In the event of a claim, information about the incident will be collected and if other people are involved in the incident, it may be necessary to collect additional information about them.

 

4. INFORMATION USE

As an insurer, in order to be able to provide insurance services to its customers, CAIC is required to collect and use your personal information for specific purposes, such purposes include the following:

• Communication – to communicate with you.
• Quote – understand the type and level of insurance cover you require and provide you with an appropriate insurance quote.
• Processing of payment – ensure that the payment for any policy purchased directly from our website can be processed.
• Insurance Policy – ensure you are provided with the agreed policy.
• Insurance Terms – fulfil the conditions of the insurance policy.
• Specific Purpose – fulfil a specific purpose, where you have provided your consent to process such data.
• Improving our Services – assist us with improving the services we provide.
• Regulatory – allow us to comply with regulatory requirements.
• Crime – allow us to internally conduct fraud or other investigations.

 

5. LEGAL REQUIREMENT

CAIC must have a legal basis in order to process the personal information it collects. CAIC relies on one or more of the following legal grounds:

• Performance of Contract – CAIC needs to use personal information to provide insurance services and perform its obligations under the insurance contract it holds with its customers.
• Necessity to establish, exercise and/or defend a Legal Claim – CAIC may use personal information in either establishing its position or defending itself in relation to a legal claim.
• Legal Compliance – where CAIC has a legal or regulatory obligation to use such personal information.
• Legitimate Interests – CAIC may also process personal information where this processing is in its legitimate interests. In such circumstances, CAIC will carry out a balancing test of its interests in using such personal information against the customers’ rights and interests.

CAIC must have additional legal basis in order to process what is deemed “sensitive personal data”. These include but are not limited to the following:

• Public Interest – in respect of an insurance policy or claim there is a public interest to use such information.
• Legal Rights – in order to establish, exercise or defend legal rights.
• Unlawful Acts – for the purposes of preventing and detecting unlawful acts.
• Consent – you have provided your consent for your sensitive personal data to be processed.

 

6. INFORMATION SHARING

In order to be able to provide insurance services, CAIC may be required to share your personal information with certain third parties. We will only share such data with third parties when necessary and they may include the following:

• Advisers and Analysts – to assist with developing and managing our service.
• Reinsurers, Agents and Brokers – to manage and underwrite our services, risks or for administrative purposes.
• Regulators – to ensure we are compliant with the relevant regulations and laws.
• Financial Institutions – to process payments.
• Lawyers / Courts – to receive legal advice or where required by law.
• Loss Adjusters and Claims Experts – to assist with managing claims.
• IT Providers – to assist with operating our IT and back-office systems.
• Medical Professionals – to assist with assessing health records (appropriate and relevant medical history).
• Employers and/or Third Parties – your employer(s) or such third parties who provide CAIC’s customers with services or will assist with processing claims.
• Third Party Agencies – such as government agencies in partnership with such a third party.

Please be aware that it may be necessary for us to transfer your personal information to a different jurisdiction. In such circumstances we will take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy. If you would like further details, please contact the Risk & Compliance Officer using the contact details set out in section 10 below.

 

7. DATA STORAGE

CAIC complies with the requirements to process data lawfully and for it not to keep your data for longer than is necessary; relative to the purpose the data is being processed. It will therefore be retained in accordance with CAIC’s Data Storage and Retention Policy under one or more of the following criteria:

• Insurance Policy - as long as it is required to fulfil the conditions of the insurance contract.
• Consent - as long as we continue to have the customer’s consent.
• Improving our Services – for a period of time where CAIC uses customer information to improve our services.
• Law – as long as required by law.
• Crime – as long as required to allow us to conduct fraud and other investigations.

If customers require further information regarding the periods for which personal information will be stored, please contact the Risk & Compliance Officer (contact details set out in section 10 below).

 

8. DATA PROTECTION

We have adopted a number of technical and organisational measures in place which are appropriate to the nature of the information in order to protect your personal information and to comply with the latest data protection requirements. The measures cover various aspects of data security including the following:

• Encryption, data masking and activity logging.
• Access controls, such as specific authorisations and multi factor authentication.
• Maintenance of access logs.
• Password requirements including regular changes to passwords.
• Physical access controls to CAIC offices and specific storage areas.
• Implementation of procedures for security management and back-up and recovery and having in place business continuity plans.
• Use of firewalls and up-to-date virus scanning software and email filtering services.
• Regular security and privacy/data protection training for all CAIC employees.

CAIC’s security measures are reviewed periodically and are regularly updated to reflect developments in technology and security as well as changes to our business. However, while CAIC undertakes to minimise cybersecurity threats and data breaches, there are inherent security risks in transmitting data between customers, CAIC and third party service providers which may not emanate from CAIC. CAIC therefore encourages customers to utilise secure measures when transmitting data.

 

9. DATA SUBJECT RIGHTS

CAIC’s customers, as the data subject have the right to make the following requests:

• that CAIC updates any information CAIC holds about the data subject that may be incorrect or incomplete;
• confirmation of what information CAIC holds about the data subject, as well as obtaining a copy of such information; and
• that CAIC deletes certain information about the data subject if the data subject:
  • believes the information is no longer required; or
  • wishes to restrict the purpose for which CAIC can use the data subject’s information due to the purpose or legal basis being no longer valid or the data subject believes CAIC is not complying with this Privacy Policy.

However, please be aware that CAIC cannot fully comply with requests to delete all information where it is contrary to regulations. If the data subject has any concerns with the information CAIC holds, the data subject should contact the Risk & Compliance Officer using the contact details below in section 10.

In the event you would like to make any of these requests as set out above, please submit a written request to the Risk & Compliance Officer (contact details set out below). To ensure that we do not disclose your personal information to someone who is not entitled to it, when you are making the request please provide us with:

• your name;
• your address;
• your date of birth;
• any policy IDs or reference numbers; and
• a copy of your photo identification.

All requests are free of charge, although we reserve the right to charge you a reasonable administrative fee for requests for the provision of personal information. Wherever possible, we will respond within one calendar month from receipt of the request, but if we don’t, we will notify you of anticipated timelines ahead of the one month deadline.

Please note that simply submitting a request doesn’t necessarily mean we will be able to fulfil the request in full on every occasion as we are sometimes bound by law which can prevent us from fulfilling some requests in their entirety, but in such an event we will notify you within our response.

 

10. COMPLAINTS

As the data subject, you are entitled to raise a complaint about this Privacy Policy in the event you are unhappy with how we process or intend to process your personal data.

If you have any questions or comments about this Privacy Policy or wish to raise a complaint, please contact:

Caribbean Alliance Insurance Company Limited
ATTN: Risk & Compliance Officer
P.O. Box 1609
Newgate & Cross Streets
St John’s
Antigua

Or email the Data Protection Officer at: DPO@caribbeanalliance.com

In the event a complaint is raised, our Risk & Compliance Officer will investigate your complaint and will give you additional information about how such complaint will be handled. We will respond within a reasonable time.

If you are not satisfied that we are handling your complaint in compliance with applicable laws, you may lodge a formal complaint with CAIC for the attention of the Managing Director.

 

11. DATA BREACHES

If a data breach is discovered by CAIC and it poses a risk to the rights of anyone we hold information about, CAIC shall:

• Advise the affected individuals that there has been a breach and provide them with information about its likely consequences as well as the mitigation measure(s) undertaken; and
• report such breach to the relevant Regulator within 72 hours of discovery.

 

12. ADMINISTRATION

From time-to-time CAIC may need to make changes to this Privacy Policy, for example, as a result of changes to law, technology or other developments. It is therefore recommended that you periodically check our website to view the latest version of this Privacy Policy.