PRIVACY STATEMENT
AIA Group Limited and/or its subsidiaries (“AIA Group”, "AIA", "we", "us", "our", “Company”) recognise our responsibilities in relation to the collection, holding, process, transfer and storage of the Personal Data.
Among the most important assets of AIA, is the trust and confidence placed to properly handle information. It is our aim to maintain all personal information in our custody of any identified or identifiable natural person, alive or deceased, of whom we receive Personal Data (“Individuals”, “you”, “your”) be accurate, protected against manipulation and errors, secure from theft and free from unwarranted disclosure. We ensure data security of all the Individuals by complying with all the relevant data protection laws and regulations and ensure compliance by our staff with strict standards of security and confidentiality.
This statement provides you with notice as to how and why your Personal Data is collected, how it is intended to be used, to whom your Personal Data may be transferred to, how to access, review and amend your Personal Data, and our policies on direct marketing and the use of cookies. If you object to any practices and policies in this statement, please do not proceed with any transactions with the Company or you may contact the Data Protection Officer (“DPO”) of the Company for any clarifications (details of the DOP given below).
AIA recognises its responsibilities in relation to the collection, holding, processing, transferring or use of Personal Data. The provision of your Personal Data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and services to you or to respond to your enquiries. AIA will not collect any information that identifies you personally unless and until you provide your consent to this privacy statement.
This website, and our social media platforms are not intended for persons in jurisdictions that restrict the distribution of information by us or use of such website or social media platforms. If this is applicable to you, we would advise you to make yourself familiar with and observe the relevant restrictions, and AIA does not accept liability in this respect.
HOW WE COLLECT DATA
We will collect and store your Personal Data either:
directly when you provide such information to us (for example, when you use enquiries or communications, by submitting a proposal for an insurance policy, claim form, assignment form, nomination form, by submitting an application for a job vacancy, by submitting a vendor registration form to be registered as a vendor of the Company );
during Insurance contract administration;
indirectly through your use of our websites, apps or social media platforms;
indirectly when another Individual provides your Personal Data to us for the purposes of including you in an insurance policy such person has or willing to obtain from us, and may have provided your details as life assured/beneficiaries/nominees/assignees/spouse of life assured/ child or for the purposes performing a contract entered into or to be entered into with us, with the assurance that such individual has full authority from you to deal with your respective information already provided to us and will be provided in the future;
where you have provided it to us through any other means.
We may obtain lawfully collected personal or non-Personal Data about you from employee applications, vender applications, affiliated entities, business partners, medical practitioners or its relevant associates / nominees / subsidiaries, Company authorized investigators, financial institutions and other independent third parties’ sources. We may also collect some information about your computer or other devices used when you visit this website, apps or social media platforms.
The Personal Data we collect (which includes sensitive Personal Data as defined under relevant applicable laws and regulations), includes the following:
Identity information – name, address, personal contact details (including email address and telephone numbers); and
Employment related information - including current employer, nature of position, medical benefits and benefit usage information; and
Medical Data – including medical history, investigation findings, treatments and prescriptions; and
Financial related information – income sources, transaction history, account details, credit/ debit card details and/or bankruptcy; and
Reference on health condition - including information obtained from a medical professional for a reference on the health condition of Individuals; and
technical information – such as IP address, browser type and version, time zone settings, browser plugin types, operating systems and platform, device information (including where mobile device the IMEI number, wireless networks and general network information).
Information which are in the public domain such as;
• basic personal details such as name, age, contact details and gender;
• family, lifestyle and social circumstances, such as marital status, dependants and employment type;
• data relating to children in some circumstances, for example where the child is a beneficiary or covered under a policy or is involved in a claim;
• financial details such as direct debit or payment card information;
• photographs and/or video, including surveillance to help us manage policies and assess claims;
• location verification, if it is relevant to the insurance policy or claim;
• identification checks and background insurance risk details including previous insurance claims, employment history and other credible information;
• accessibility details if we need to make reasonable adjustments to help;
• business activities, such as goods and services offered.
• in certain circumstances, we may request and/or receive special category or sensitive information about you. We would only collect this information if it is relevant to the insurance policy or claim or where it is necessary for a legal obligation such as information on your current or former physical or mental health, criminal offences, including alleged offences, criminal proceedings, outcomes and sentences (previous criminal convictions, bankruptcies and other financial sanctions such as County Court Judgements)
WHY WE COLLECT YOUR PERSONAL DATA AND HOW IT MAY BE USED?
Personal Data is collected for the following purposes:
to provide quotes, administer proposals, policies, insurance, employee and vendor contracts, policyholder claims and carry out engineering inspections to fulfil the intended contract obligations.
to verify your details with regulatory bodies such the Department of Registration of Persons (DRP), Police, Insurance Association of Sri Lanka (IASL), Sanction lists etc. as deemed necessary for further screening and administration and management of contract or relationship with the Company.
to fulfil the conditions of the insurance, employee and vendor contract we may have with you (directly or indirectly);
to administer third party claims, deal with complaints and prevent financial crime to meet our legal obligations;
to send marketing information about our products and services if we have received your specific consent;
to provide you with access to the content on the website, apps or social media platforms;
to process and administer your account, to implement and effect the requests or transactions contemplated by the forms available on our website or any other documents you may submit to us from time to time;
to design new or enhance existing products, information and services provided by us;
to communicate with you including to send you administrative and technical communications about any contract you may have with us (directly or indirectly), to provide technical support or notify about future changes to this privacy statement;
for statistical or actuarial research undertaken by AIA, the financial services industry or our respective regulators;
for advances data analytics, data matching, internal business and administrative purposes; to monitor your use of the website, apps and social media platforms and conduct analysis of the use of the website in order to operate, evaluate and improve the website and our services, understand your preferences and troubleshoot any problems;
to assist in law enforcement purposes, investigations by police or other government or regulatory authorities and to meet requirements imposed by applicable laws and regulations or other obligations committed to government or regulatory authorities;
to personalise the appearance of our websites, provide recommendations of relevant products, information and services and provide targeted advertising on our website or through other channels;
other purposes as notified at the time of collection; andother purposes directly relating to any of the above.
Unless permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your Personal Data for purposes other than those stated in this privacy statement.
AIA may retain your information for as long as necessary to fulfil the purpose(s) for which it is collected or as otherwise required to ensure compliance with applicable laws and regulations. AIA applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use including limiting physical access to data within AIA’s systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete or destroy the information when it is no longer necessary for any of the purpose above.
For our policy on use of your Personal Data for promotional or marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.
AIA has implemented a Data Protection Management Programme to ensure internal controls, breach handling, and oversight mechanisms are also in place. While adhering to the said Data Protection Management Programme AIA has appointed a Data Protection Officer whose details are given below,
Mr. Hasitha Mapalagama
AIA Insurance Lanka Limited
11th floor, AIA Tower,
No. 92, Dharmapala Mawatha,
Colombo 07
Sri Lanka
Tel: 0112 310122
email : Hasitha.Mapalagama@aia.com
WHO MAY BE PROVIDED WITH YOUR PERSONAL DATA?
AIA maintains a record of the necessary third-party recipients and ensures that data sharing is based on lawful grounds and subject to appropriate safeguards.
Personal Data will be kept confidential but may, where permitted by law or where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the Personal Data was collected, provide such Personal Data to the following parties:
any person authorised to act as an agent of AIA in relation to the distribution of products and services offered by AIA;
any agent, contractor or third-party service provider (within or outside AIA) who provides administration, data processing, telecommunications, investigations, computer, payment, debt collection or securities clearing, technology outsourcing, call centre services, mailing and printing services in connection with the operation of AIA’s business and AIA’s provision of services to you. Such third-party service providers may process your personal information and transfer all processed personal information back to the Company to fulfil the intended purpose;
any member company of AIA Group Limited in relation to the provision or marketing of insurance services;
any agent, contractor or third-party service provider (within or outside AIA) including companies that help deliver our services, such as reinsurance companies, investment management companies, claims and other investigation companies, medical practitioners and related medical institutions, other stakeholders of the industry, industry associations or federations;
other companies that help gather your information or communicate with you, such as research companies and rating agencies, in order to enhance the services we provide to you; and
government or regulatory bodies in any jurisdiction or any person to whom an AIA company must disclose data: (a) under a legal and/or regulatory obligation in that or any other jurisdiction applicable to that particular AIA company; or (b) pursuant to an agreement between the AIA company and the relevant government, regulatory body or other person.
For our policy on sharing of your Personal Data for promotional and marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.
From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and your Personal Data may be transferred or disclosed as a part of the purchase or sale or a proposed purchase or sale. In the event that we purchase a business, the Personal Data received with that business would be treated in accordance with this privacy statement if it is practicable and permissible to do so.
Your Personal Data may be provided to any of the above persons/entities who may be located in other jurisdictions or territories to that in which you are located. Your information may be transferred to, stored, and processed in other jurisdictions where any AIA Group entity is located, or jurisdictions where a third-party contractor is located or from which the third-party contractor provides us services. Where required under relevant law, we may seek your consent to the transfer of such information outside your jurisdiction to our facilities or to those third parties with whom we share it as described above, however if you choose not to provide the personal information required and or do not consent for sharing of such personal information as herein explained, that will result in you not qualifying to enter in to any contract or relationship with the Company for the intended purpose. Your Personal Data will only be transferred to other locations, where we are satisfied that adequate levels of protection exist to protect the integrity and security of your Personal Data, which as a minimum are comparable to the jurisdiction or territory in which you provided such Personal Data.
HOW LONG WE KEEP PERSONAL INFORMATION
Company may retain such information for as long as necessary for the relevant contract, to fulfil the purpose(s) for which it is collected in compliance with laws and regulations of the country.
RIGHTS OF INDIVIDUALS IN TERMS OF PERSONAL DATA
Under applicable laws and regulations, you may have the right to:
verify whether AIA holds any Personal Data about you and to access any such data or information about how AIA used or disclose your Personal Data;
require AIA to rectify or complete any Personal Data relating to you which is inaccurate or incomplete;
request to erase your Personal Data under certain circumstances;
withdraw your consent or request a change to your scope of consent;
request deregistration or deletion of your registered account;
make a complaint about AIA's data handling; and
enquire about AIA’s policies and practices in relation to the Personal Data.
Requests for access, correction, complaints, or other queries relating to your Personal Data should be addressed to:
The Data Protection Officer
AIA Insurance Lanka Limited
11th floor, AIA Tower,
No. 92, Dharmapala Mawatha,
Colombo 07
Sri Lanka
Tel: 0112 310122 or
email to : dataprotectionrequest@aia.com
Under applicable laws and regulations, AIA has the right to charge costs which are directly related to and necessary for the processing of any Personal Data request.
You also have the right to lodge a complaint with a supervisory authority in certain jurisdictions if you consider that the processing of your Personal Data infringes applicable law.
USE OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES
In addition to the purposes outlined above, and where permitted by applicable law, AIA may also use your personal data for promotional or marketing purposes. This may include sending you promotional materials and conducting direct marketing activities related to AIA products and associated services.
For the purposes of direct marketing, we may, where permitted by law, provide your personal information to marketing service providers (whether within or outside of AIA) so that they can send you promotional content and conduct direct marketing in relation to the products and services they offer (these materials may be sent to you by electronic means or post).
Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your Personal Data for any promotional or marketing purpose.
The types of Personal Data that AIA would use and provide for direct marketing purposes as described above are your name and relevant contact details, although we may possess additional Personal Data.
If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by AIA of your Personal Data for direct marketing purposes and thereafter AIA shall cease to use or provide such data for direct marketing purposes.
If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please inform us by writing to the address in the section on “Access Rights to Personal Data” or by sending us an email to dataprotectionrequest@aia.com. Any such request should clearly state details of the Personal Data in respect of which the request is being made. Such withdrawal may prevent you from receiving important information that the Company may address to you and you shall not hold the Company responsible in any manner whatsoever in the event any loss is incurred by you or any other party whose information you have provided to the Company, by the reason of not receiving such important information by you due to such withdrawal.
Use of Artificial Intelligence
Artificial intelligence ("AI") is a technology to simulate the human thought process to perceive, understand, reason and solve problems to augment, improve, or replace human decisions.
While we carry out our business, we may use AI to process your Personal Data to fulfil the purposes. Common examples for using AI may include:-
i. Customer interaction – natural language processing that converts voice to text and conducts appropriate interaction with customers;
ii. Digital onboarding and servicing processes – application and servicing processes using optical character recognition tool that recognizes text within digital images and validates the accuracy of form contents filled out against the supporting documents; and
iii. Product and portfolio recommendation – AI is used to conduct big data analysis based on our customer database and enables us to understand the needs of our customers.
Anyone subject to an automated decision has the right to object to it. To do so please contact the Data Protection Officer mentioned above.
AIA ensures transparency in profiling and automated decision-making, providing meaningful information about the logic involved and the consequences for data subjects.
USE OF COOKIES
Cookies are small text files containing limited amounts of information that are downloaded and may be stored on your web browser or internet-enabled devices (e.g. your computer, smartphone, or tablet). These files can later be read by the server — functioning like a memory for a web page.
AIA may use cookies and similar technologies on its website. By continuing to use AIA’s website, you consent to the placement of cookies on your device.
The information collected through cookies may include, but is not limited to:
· IP addresses and domain names
· Browser software, types, and configurations
· Language settings
· Geolocation data
· Operating systems
· Referring websites
· Pages and content viewed
· Duration of visits
This data is used to:
· Ensure the proper functioning of the website
· Enable secure login
· Compile aggregate statistics on visitor behaviour
· Enhance and optimise website performance
Improve user experience
Cookies also allow our website to remember your preferences and tailor content to your needs. Advertising cookies help us deliver relevant advertisements, such as interest-based ads or limiting repetitive ad exposure.
For more details on the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.
EXTERNAL LINKS
If any part of this website contains links to other websites, those sites may not operate under this privacy statement. You are advised to check the privacy statements on those websites to understand their policies on the collection, usage, transferal and disclosure of Personal Data.
AMENDMENTS TO THIS PRIVACY STATEMENT
AIA reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, simply by notifying you of such change, update or modification. If we decide to change our Personal Data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting. Where required by applicable law, we may also notify you in the event of material changes to this privacy statement and, where required, seek your consent to those changes.
ADDITIONAL INFORMATION
Should you have any questions on any part of this privacy statement or would like additional information regarding AIA’s Data Privacy practices please do not hesitate to contact us by the contact details given above.