Updated: November 7, 2019
This AIA Personal Data Policy (“PD Policy”) sets out how AIA Singapore Private Limited (Co. Reg. No. 201106386R) (“AIA Singapore”) and its associated individuals/organizations (collectively, “AIA”, “us”, “our”) collect, use, disclose and retain your personal data.
Among the most important assets of AIA is the trust and confidence placed in us to properly handle personal data. You can expect us to maintain your personal data accurately, protect your personal data against manipulation and errors and keep your personal data secure from theft and free from unwarranted disclosure.
AIA recognises its responsibilities in relation to the collection, holding, processing, use and disclosure of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with or provide services to you.
Save where “policy” is referred to in the context of the PD Policy, references to such expression may, in addition to insurance policies that you may have purchased or under which you may be covered, include AIA programmes to which you have subscribed or in which you are participating.
How we collect personal data
AIA collects personal data in the following ways:
- when you use our products or services, access our website and use our online and mobile services;
- when you submit documents and application forms to us during the application process for the purchase, or in consideration of the purchase, of our products or services;
- when you submit requests for changes or updates to your policy or any other requests in connection with your policy including through the submission of policy servicing forms and documents;
- when you respond to our queries or request for us to contact you;
- when you interact with our personnel, agents, customer service officers or sales representatives via phone, email, face to face meetings, interviews, SMS, fax, mail or electronic mail;
- when we receive referrals and collect personal data from within AIA, its associated persons/organisations, agents, business partners and service providers (collectively “AIA Persons”), and third party service providers and representatives of AIA Persons;
- when you submit personal data to us to participate in a lucky draw, contest, event or competition organised by AIA, its partners, representatives or service providers; and
- when we seek information from third parties about you including but not limited to investigators, medical sources, hospitals, doctors, other healthcare professionals in connection with your policy, policy applications, underwriting the risks of your policy, policy claims and/or products and services of AIA used or purchased by you (“Medical Sources”).
By providing us with any personal data relating to a third party (e.g. insured persons, family members, and beneficiaries), you represent and warrant that you shall ensure accuracy of such personal data provided and have obtained such third party’s prior consent for our collection, use and disclosure of such third party’s personal data for the relevant purposes, except to the extent that such consent is not required under relevant law. You further agree to keep us fully indemnified from and against any and all damages, losses, costs, legal fees (solicitor- client basis), penalties and proceedings, including any penalties or other amounts levied, imposed or charges by any regulator or regulatory authority, arising out of or in connection with your (or those of your officers, employees, advisors, agents and representatives) acts or omission, fault or negligence in performing these obligations or which results in us breaching relevant laws.
If you make use of any social media features or platforms, either on our website, an application we provide, or otherwise through a social media provider, we may access and collect information about you via that social media provider in accordance with their policies. When using a social media feature, we may access and collect information you have chosen to make available and to include in your social media profile or account, including but not limited to your name, gender, birthday, email address, address, location etc. Our access to this information may be limited or blocked based on your privacy settings with the relevant social media provider.
We will usually identify any information which is mandatory (i.e. information required for creating an account, and to enable you to access the features of the website and receive any services) when we collect the information from you. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries.
Type of personal data collected, used or disclosed
AIA may collect, use and disclose personal data including but not limited to the following:
- your personal particulars such as NRIC numbers, passport numbers, contact details, addresses, date of birth, occupation, photographs and marital status;
- your financial information such as income, bank account numbers, CPF statements, bank statements, credit card, GIRO and other payment details;
- your employment information and employment history;
- your medical information such as medical history, consultation history, prescriptions, notes, treatments, description of medical services rendered and medical reports;
- details of your products and services purchased with AIA such as policy numbers and amounts insured; and
- personal data of a third party that you provide to us in connection with the purchase of our products and services or for referrals.
Purposes for which personal data is collected, used or disclosed
AIA collects, uses and discloses personal data for the following purposes:
- evaluating your financial needs and providing recommendations of suitable products and services to you;
- to assess, process, administer, implement and effect the requests or transactions;
- underwriting the risks of your policy, reinsurance and assessing your eligibility to purchase our products and services;
- servicing your policy, account and relationship with us;
- responding to your requests and queries including requests and queries from your authorised representatives and individuals purporting to be you;
- making changes or updates to your policy;
- reviewing, renewing or reinstating your policy;
- providing ad-hoc or regular information about your policy;
- assessing, processing, settling, authenticating and investigating claims;
- verifying your identity and any information you provide to us;
- collecting premiums and making any payments to you in connection with our products and services;
- marketing and promoting the business activities, products and services of AIA to you via face to face meetings, telephone calls, SMS, fax, mail and electronic mail;
- participating and administering contests, lucky draws, events and competitions;
- providing, managing, operating, processing and administering our products and services to you;
- archiving, backing-up or destroying personal data;
- compliance, monitoring and audit reviews;
- meeting requirements of prevailing internal policies of AIA;
- to design new or enhance existing products and services provided by us;
- to communicate with you including to send you administrative communications about any account you may have with us or about future changes to this PD Policy;
- for market, statistical or actuarial research and trend analysis of our products and services for company, regulatory or industry exercises and studies and reviewing the standard of our products and services;
- for data matching, internal business and administrative purposes;
- meeting requirements imposed by any law, rules, regulations, agreements or schemes imposed by any government regulators, law enforcement agencies, government authorities, dispute resolution or industry bodies or in connection with any investigations;
- to personalise the appearance of our websites, provide recommendations of relevant products and provide targeted advertising on our website or through other channels;
- quality and training when our communications with you are recorded;
- conducting general administration in connection with the foregoing;
- other purposes as notified at the time of collection; and
- other purposes directly relating to any of the above.
By providing your personal data to us, you accept that AIA may retain your information for as long as necessary, to fulfill the purpose(s) for which it is collected in compliance with applicable laws and regulations and AIA’s prevailing internal policies. AIA applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use including limiting physical access to data within AIA’s systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete, destroy or anonymise your personal data when it is no longer necessary for any of the purposes above.
Who may be provided with your personal data?
Personal data will be kept confidential but may, where permitted by law and where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal data to the following parties:
- insurance intermediaries (including our financial services consultants);
- any AIA Persons, third party service providers and representatives of AIA Persons who provide administrative services, business process services, storage services, scanning of policy documents services, printing and despatch of documents, document processing and archiving services, information technology services, data centre services, payment services, data analytics services, marketing services and other services to AIA in connection with the business of AIA including but not limited to banks, credit card companies, credit agencies, investigators, reinsurers, hospitals and clinics;
- Medical Sources and insurance organisations;
- any member company of AIA where necessary;
- other companies that help gather your information or communicate with you, such as research companies and ratings agencies, in order to enhance the services we provide to you;
- our professional advisers such as our lawyers and auditors;
- any law enforcement agency, statutory board, government regulator, government authority, dispute resolution or industry bodies as necessary to comply with any laws, rules, regulations, agreements or schemes;
- any party to whom you have consented the disclosure of your personal data; and
- any other party as permitted under applicable law.
From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and where permitted by law your personal data may be transferred or disclosed as a part of the purchase or sale or a proposed purchase or sale. In the event that we purchase a business, the personal data received with that business would be treated in accordance with this PD Policy, if it is practicable and permissible to do so.
Where permitted by law, your personal data may be provided to any of the above parties who may be located in Singapore or outside of Singapore. Your information may be transferred to, stored, and processed in Singapore or any other jurisdictions where any AIA company is located, or jurisdictions where a third party contractor is located or from which the third party contractor provides us services. By providing us with your personal information or using our services or our website or applications, you consent to the transfer of such information outside your jurisdiction to our facilities or to those third parties with whom we share it as described above.
Consent for marketing purposes
If you have given us consent to receive marketing and promotional information through electronic mail or postal mail or on your Singapore telephone number (s) via phone calls, text or fax, we may from time to time contact you on such Singapore telephone numbers (s) via your designated mode of communication or through electronic mail or postal mail (as the case may be) to provide you with marketing, promotional information and updates about our products and services.
We may also seek your consent and notify you separately of the purposes of the collection, use and disclosure of your personal data from time to time with respect to particular products and services.
Any consent that you have given for marketing purposes is not affected by termination of your policy.
Consequences of consent withdrawal
You may withdraw your consent for us to collect, use or disclose your personal data by giving us reasonable notice.
If you withdraw your consent for us to collect, use or disclose your personal data for non-marketing reasons, we will be unable to process, administer and/or manage your policy, relationship and/or account with us. In such event, you may be required to surrender or terminate all your policies or accounts or withdraw from any programs in which you are participating. This may be to your disadvantage, as you may be losing valuable benefits from your policies or programmes, incur surrender charges or it may not be possible for you to obtain a similar level of protection on the same terms in the future.
You may withdraw your consent for your personal data to be used for marketing purposes and you will stop receiving marketing information from us via the mode(s) of communication for which you have withdrawn such consent after a period permitted under law or in accordance with our internal policies. Please note that such withdrawal of your consent will not affect our ability to provide you with the products and services for which you have requested or to which you have applied, subscribed or are participating with us.
As AIA relies on your personal data to provide products and services to you, you shall ensure that the information provided by you to us is at all times correct, accurate and complete. You shall update us in a timely manner of all changes to the information provided to us.