The privacy of your Personal Data is of utmost importance to us. For that reason we at ERGO Insurance Pte. Ltd. (hereafter “ERGO”) take our responsibilities under Singapore’s Personal Data Protection Act 2012 (the “PDPA”) seriously.
We are committed to protect your Personal Data and manage and process the Personal Data of our customers and other individuals with particular care.
The purpose of this Personal Data Protection Policy (“Policy”) is to demonstrate our on-going commitment to protecting your data privacy and addressing any privacy concerns that you might have. In particular, this Policy aims to assist you in understanding how we collect, use, disclose, process and retain Personal Data provided to us in accordance with the PDPA.
If you have any queries on this Policy please don’t hesitate to contact us (details in clause 9 below).
1 Personal Data
In this Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified
- from that data; or
- from that data and other information to which we have or are likely to have access.
Examples of Personal Data could include your name, NRIC, passport or other identification number(s), telephone number(s), mailing address, email address and any other personal information provided by you or possessed by ERGO relating to.
2 Purposes for Collection, Use, Disclosure and Processing of Personal Data
To process, administer and/or manage your relationship and policy with ERGO, ERGO will necessarily need to collect, use, disclose and/or process your Personal Data or personal information about you for the purpose(s) of:
- verifying and validating your identity
- reviewing, considering, assessing and processing your application for underwriting and insurance;
- administering and/or managing your relationship, account and/or policy with ERGO;
- requesting and collecting premiums or payments;
- making payments;
- dealing with any matters relating to the services and/or products which you are entitled to under your policy which you are applying for or have applied (including the mailing of correspondence, statements, invoices, reports or notices to you, which could involve disclosure of certain Personal Data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages);
- processing, handling, assessing and/or dealing with any claims including the settlement of claims and any necessary investigations relating to the claims, under your policy;
- carrying out and/or dealing with your instructions or responding to any enquiries or requests by you;
- carrying out due diligence or other screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by ERGO;
- conducting market and actuarial research and analysis to help us improve the products or services offered by us or to develop new products or services
- compliance with legal or regulatory obligations, risk management procedures and ERGO’s internal policies
- investigating fraud, misconduct, any unlawful action or omission, whether relating to your application, your claims or any other matter relating to your policy, and whether or not there is any suspicion of the aforementioned;
- sending you marketing, advertising and promotional information about other insurance, investment and/or financial products and/or services that ERGO may be offering;
- reviewing, investigating and/or addressing feedback or complaints received;
- insuring and reinsuring risks;
- storing, hosting, backing up (whether for disaster recovery or otherwise);
- accounting, auditing, legal, regulatory and compliance purposes;
- attending to regulatory or audit enquiries;
- assisting in regulatory investigations or law enforcement;
- any other purposes which we notify you of at the time of obtaining your consent.
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
Where Personal Data is submitted by you on behalf of another individual or concerns another individual other than yourself (or, in the case of situations where you, as a representative of your company or organisation, are submitting the Personal Data of individuals as part of the disclosures by the company or organisation to us), you represent and warrant to us that all the necessary consents (procured in accordance with all applicable data protection legislation, including without limitation the PDPA, for such purposes stated in the relevant sections of this Data Protection Policy) have been obtained from the relevant individuals and that you have retained proof of these consents, such proof to be provided to us upon our request.
We may/will also be collecting Personal Data about you from sources other than yourself for one or more of the above Purposes, and thereafter using, disclosing and/or processing such Personal Data for one or more of the above Purposes.
Your Personal Data may/will be disclosed by ERGO to third parties who may be sited outside of Singapore, for one or more of the above purposes, and such third party, if engaged by ERGO, may/would be collecting, using, disclosing and/or processing your Personal Data for ERGO for one or more of the above Purposes. Third parties include:
- ERGO’s Group companies including associated or affiliated companies;
- ERGO’s agents, brokers, representatives, or affinity partners who distribute or promote our products and services;
- the owner of any policy of insurance underwritten by us where you are a named;
- industry or public / government organizations, associations and authorities;
- other insurers or financial institutions for the purpose of administering claims and obtaining policy payments;
- contractors, service providers, third party administrators, loss adjustors, surveyors, assessors, private investigators, motor workshops, emergency providers, retailers, medical providers and travel carriers;
- agents, contractors or third party service providers which we engage to provide such services as marketing and research, communications, telecommunications, telemarketing, customer servicing, information technology, data entry or processing, printing, dispatch, mail distribution, payment, training, data storage or archival, disaster recovery and business continuity
- lawyer’s/law firms, legal services providers, legal process participants and their advisors, courts, other alternative dispute resolution forums;
- our professional advisers, including auditors and legal advisers;
- our reinsurers;
- debt collection agencies;
- any other party you authorize us to disclose the Personal Data to;
Your Personal Data may/can be disclosed by any of the Insurers and/or General Insurance Association of Singapore to their third party service providers or agents (including their lawyer’s/law firms), which may be sited outside of Singapore, for one or more of the above Purposes.
3 Consent Obligation
Provision of Consent
- ERGO shall not collect, use, disclose or process your Personal Data unless you give, or are deemed to give consent. You may give your consent expressly or implied.
- You are deemed to provide your consent to the collection, use, disclosure and processing of your Personal Data if you voluntarily provide your Personal Data to ERGO for that purpose, albeit without actually expressly providing your consent.
- Your consent remains valid until you alter or revoke it by providing written notice to our Data Protection Officer (details in clause 10 below).
Withdrawal of Consent
- On giving reasonable notice you may withdraw your consent given or deemed to be given in respect of the collection, use or disclosure of your Personal Data by ERGO.
- You may submit the withdrawal of consent by submitting your request in writing to our Data Protection Officer (details in clause 10 below).
- Please note that your withdrawal of consent to any or all collection, use or disclosure of your Personal Data could result in certain legal consequences arising from such withdrawal.
- In this regard, depending on the nature and extent of your withdrawal of consent in relation to your Personal Data, we may not be in a position to continue to provide our products or services to you or administer any contractual relationship in place and, hence, it may mean that we will not be able to continue with your relationship or the data subject’s existing relationship with us. ERGO’s legal rights and remedies are expressly reserved in such event.
- We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter cease to collect, use and/or disclose the Personal Data for the purposes as stated in your request unless such collection, use or disclosure, as the case may be, without the consent of the individual is required or authorized under the PDPA or other written law.
4 Access and/or Correction of Personal Data
You may request to access or to correct an error or omission of your Personal Data currently in our possession or under our control.
For a request to access Personal Data, we will provide you with the relevant Personal Data within a reasonable time from such a request being made, unless we have reasonable grounds not to do so.
For a request to correct your Personal Data, we will:
- correct your Personal Data as soon as practicable after the request has been made, unless we have reasonable grounds not to do so; and
- send the corrected Personal Data to other organizations to which the Personal Data was disclosed by us within a year before the date the correction was made, unless that other organization does not need the corrected Personal Data for any legal or business purpose.
ERGO is not required to correct or otherwise alter an opinion, including professional or an expert opinion.
Please note that we may charge you a reasonable fee to offset the administrative costs of processing your request.
5 Data Accuracy and Protection
ERGO will take reasonable efforts to ensure that Personal Data collected is accurate and complete, if the Personal Data is likely to
- be used by us to make a decision that affects you, or
- be disclosed to another organization.
However, this means that you are required to update us of any changes to your Personal Data that you had initially provided us with (details in clause 9 below). We will not be responsible for relying on inaccurate or incomplete Personal Data arising from you not updating us of any errors or changes in the Personal Data that you had initially provided us with.
ERGO will put in place reasonable security arrangements to ensure that your Personal Data is adequately protected and secured. This includes arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. However, we cannot assume responsibility for any unauthorized use of Personal Data by third parties which are wholly attributable to factors beyond our control.
6 Retention of Personal Data
ERGO will cease to retain documents containing your Personal Data, or remove the means by which the Personal Data can be associated with you, as soon as it is reasonable to assume that
- the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and
- the retention is no longer necessary for any other legal or business purposes.
7 Transfer of Personal Data outside Singapore
ERGO shall not transfer your personal data outside of Singapore except in accordance with the requirements of the PDPA.
8 Complaints Process
If you have any complaint or grievance regarding how we handle your Personal Data or you believe there has been a breach of the PDPA, we welcome you to contact our Data Protection Officer (details in clause 9 below).
Where a complaint or grievance is initially made orally, you must confirm the matter in writing as soon as possible and clearly set out the nature of your concern.
Your complaint or grievance will be reviewed and we will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
9 Update on Data Protection Policy
We reserve the right to amend our Data Protection Policy from time to time to ensure we properly manage and process your personal data. Any amended Data Protection Policy will be posted on our website.
10 Contacting Us
If you have any questions about the use or disclosure of your Personal Data please don’t hesitate to contact our Data Protection Officer (“DPO”) via mail or email at:
DPO: ERGO Data Protection Officer
8 Temasek Boulevard,
#04-01 Suntec Tower Three,
8 Temasek Boulevard,
#04-01 Suntec Tower Three,