data privacy notice

Data Protection and Privacy Notice

The purpose of this Data Protection and Privacy Notice is to inform you of your statutory rights and the protections available to you in relation to your Personal Data when it is provided to Generali Worldwide Insurance Company Ltd ("Generali Worldwide") and to provide further information on how we use your Personal Data.

Personal Data is any information relating to you as an identifiable individual, and because your Personal Data has been provided to Generali Worldwide, you are entitled to the statutory rights and protections afforded by applicable Data Protection Law.

Guernsey Head Office

If your Personal Data relates to a Plan or Policy that has been issued by our Head Office in Guernsey, you are entitled to the statutory rights and protections afforded by the Data Protection (Bailiwick of Guernsey) Law, 2017 which is equivalent to Regulation (EU) 2016/679, the General Data Protection Regulation or "GDPR". If your Personal Data relates to a Plan or Policy that has been issued by a Branch or Office of Generali Worldwide that is outside of Guernsey, you will be entitled to the same statutory rights and protections that are available in Guernsey in addition to those rights and protections offered by local Data Protection Laws in the relevant jurisdiction.

Hong Kong

If your Personal Data relates to a Plan that has been issued by our Hong Kong Branch, you are entitled to the statutory rights and protections afforded by the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

Singapore

If your Personal Data relates to a Plan that has been issued by our Singapore Branch, you are entitled to the statutory rights and protections afforded by the Personal Data Protection Act 2012 (PDPA) of Singapore.

Bahamas

If your Personal Data relates to a Policy that has been issued by our Bahamas Office, you are entitled to the statutory rights and protections afforded by the Data Protection (Privacy of Personal Information) Act, 2003 of The Bahamas.

Cayman Islands

If your Personal Data relates to a Policy that has been issued by our Cayman Islands Office, you will be entitled to the statutory rights and protections afforded by the Data Protection Law of the Cayman Islands that is expected to come into force in 2018.

British Virgin Islands

There are currently no dedicated Data Protection Laws in the BVI. However, if your Personal Data relates to a Policy that has been issued by our office in the BVI, it is protected by our duty and obligations of confidentiality under the Regulatory Code, 2009.

Cookies

This website makes use of cookies that helps us to distinguish you from other users of the website. Cookies are small non-executable files stored on your hard drive for the purpose of identifying your computer. Cookies also help us monitor what sections of the website you have visited, but do not hold any personal or confidential information about you. You are not obliged to accept cookies and can turn them off on your browser, although this may prevent access to areas that require registration.

How we use your Personal Data

Generali Worldwide will collect and process your Personal Data lawfully and fairly to the extent necessary for the management and administration of a Plan or Policy (or the Policy that your data is linked to). We reserve the right to further process your Personal Data where we consider it necessary to protect your vital interests, such as in a medical emergency or where we are compelled to under applicable law.

In processing your Personal Data, Generali Worldwide must comply with the applicable Data Protection Laws and the associated Data Protection Principles that are set out in the Appendix to this Data Privacy Notice.

Should Generali Worldwide need to use Personal Data that is classified by law as a special category of 'Sensitive Personal Data' or process your Personal Data for purposes other than for the contractual performance of a Plan or Policy, such as direct marketing, then the reasons will be explained to you in writing and your specific consent will be required. You may withdraw such consent at any time by providing us with written notice.

'Sensitive Personal Data' is defined as data revealing racial or ethnic origin, religious, political or philosophical beliefs, genetic, biometric, health data or data concerning an individual's sexual orientation.

When entering into or becoming a life assured, beneficiary or member of a Plan or Policy with Generali Worldwide that relies upon the provision of your Personal Data, we confirm that your Personal Data will be used as a matter of necessity for the purposes of administering the relevant Plan or Policy and to comply with our statutory and regulatory obligations. We are required to inform you of your statutory rights as a data subject and provide you with a range of related information.

We will not retain more Personal Data than we need in order to operate the relevant Plan or Policy, or to meet our obligations under applicable law and regulation. If you wish to withdraw your consent to the use of your Personal Data in this respect, it will be necessary to either:

  • Terminate the relevant Plan or Policy
  • Cease participation in your Employer's Policy
  • Remove yourself as a beneficiary under the relevant Plan or Policy.

This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data. For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the Premiums that have been contributed.

The Personal Data that we require about you will typically comprise of and may vary, depending on the nature of the Plan or Policy:

  • Full name and any former names or aliases
  • Permanent residential address, preferred email address(es), and telephone number(s)
  • Nationality, including any Dual Nationality
  • Date and place of birth
  • Gender
  • Tax domicile and Tax Identification Number (where applicable)
  • Documents which determine your identity and current or former residential address(es)
  • Information relating to the source(s) of your wealth, including but not limited to your current and former income and employment and details of any public position held by you either currently or in the past.

Depending on the nature of the relevant Plan or Policy, we may require additional Personal Data or require validation of your Personal Data at any time in order to ensure that the information is up to date, accurate and sufficient for us to manage and administer the Plan or Policy.

How we store your Personal Data

Personal Data records held by us will typically comprise, but not be limited to hard copy documents, scanned documents, transaction information, email communications, telephone voice recordings where applicable and CCTV images (if you visit our premises), that are stored on electronic and/or physical systems.

All Personal Data is held by us on a strictly confidential basis but may be transferred or disclosed by us in the following circumstances:

  • Between members of the Generali Group for management and governance purposes
  • To your Financial Adviser or any third party as may be authorised by you
  • To your employer, where you are a member of an Employee Benefit Policy
  • To our service providers, meaning any agent, contractor or third-party service provider, including but not limited to our administration and claims outsourcing partners, investment fund managers, investment trustees and custodians, fiscal representatives or re-insurers, or any other party that provide services to us in connection with the provision of our insurance products and services, wherever they are located in the world
  • To statutory authorities wherever located in the world, including but not limited to, financial and other regulators, tax authorities and the police or other law enforcement agencies. Any disclosure will be limited to the extent as may be required for us to comply with applicable law, regulation, regulatory code, rule or official guidance, including in connection with tax information exchange and the prevention and detection of money laundering, terrorist financing, fraud and other financial crimes.

We are required to hold your Personal Data during the lifetime of the Policy or membership within the Policy and we will retain it for a period of up to 10 years after the business relationship ceases, which we deem to be necessary to meet our statutory and regulatory obligations. Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.

Your data protection rights

As the subject of Personal Data that has been provided to Generali Worldwide, you are provided with the following rights of data protection:

Your Statutory Rights

Our commitment to your rights

The right to information regarding the processing of Personal Data when collected from the data subject.

You are entitled to certain information about the intended use of your Personal Data when providing that data to an organisation.

When Personal Data is collected from you, you will be provided with clear and concise information regarding the intended use of your Personal Data, your rights as a data subject, our official contact details and the contact details of our Data Protection Officer.

The right to information regarding the processing of Personal Data when collected indirectly from the data subject.

Where your Personal Data is provided indirectly to an organisation, you are entitled to the same rights and information as other data subjects.

Where your Personal Data is provided to us by a third party on your behalf, such as your employer, independent financial adviser, an insurance broker, intermediary, or another party, you are entitled to the same information and rights as other data subjects.

The right to object to processing for direct marketing purposes.

You are entitled to object to the use of your Personal Data for direct marketing purposes.

We will ask you for your specific consent before we use your Personal Data for direct marketing purposes. You are entitled to refuse consent or where given, you may withdraw this consent at any time by informing our Data Protection Officer at DPO@generali-worldwide.com

The right of access to the Personal Data of the data subject (subject to relevant exceptions).

You are entitled to know what Personal Data is recorded about you.

We will ordinarily provide a schedule of your Personal Data that is held by us upon request.

You are not ordinarily entitled to receive copies of our documentation, particularly where this may disclose the Personal Data of other individuals, but we may choose to provide you with such copies of documents at our sole discretion.

Please note: We can only provide data relating to recorded telephone calls or CCTV images if you provide the date and approximate time of the relevant interaction. In addition, we are not required to respond to requests for Personal Data that we consider to be frivolous, vexatious, unnecessarily repetitive or excessive.

The right to data portability.

You might be entitled to receive your Personal Data from us in a portable format.

In the event, a right to data portability arises, we will provide you with details of your relevant Personal Data in portable format. It should be noted that the 'right to data portability', is a limited right and is only valid when Personal Data is being processed by automated means.

The right to rectification.

You are entitled to require the rectification of any Personal Data that is inaccurate, incorrect or recorded in error.

If you become aware or suspect that any Personal Data held by us is inaccurate, incorrect, incomplete or recorded in error, you should inform our Data Protection Officer in writing at DPO@generali-worldwide.com and we will make such corrections, changes or additions as soon as it is practicable.

The right to restriction of processing.

Where you wish to dispute the accuracy or integrity of Personal Data held about you, you are entitled to require the organisation to restrict the processing of that data until the issue is resolved.

Where you wish to dispute the accuracy or integrity of the Personal Data that we hold about you, please notify our Data Protection Officer in writing at DPO@generali-worldwide.com. If we do not agree to amend or remove the Personal Data in question, we will inform you of the reasons and restrict the processing of that data until the issue has been resolved.

The right to data erasure.

You are entitled to have your Personal Data erased or otherwise put beyond use when we no longer have a need to use it.

We are required by law to hold your Personal Data during the lifetime of your Policy or membership and for a period of 10 years after our business relationship with you ceases, which we deem to be necessary to meet our statutory and regulatory obligations. Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.

The right not to be subject to decisions based on automated processing.

You are entitled to know if your Personal Data is used in any automated decision making process.

We do not currently utilise any Personal Data for automated decision making processes.

The right to object to processing on grounds of public interest, historical or scientific purposes.

In certain circumstances, you may object to your Personal Data being retained or disclosed for public interest, historical or scientific purposes.

We do not currently hold or expect to hold Personal Data that is likely to be of public interest, or of historical or scientific importance. If you have provided Personal Data to us that you think may fall into these categories, please notify our Data Protection Officer in writing at DPO@generali-worldwide.com

The right to be notified of rectification, erasure and restrictions.

You are entitled to be informed when your Personal Data has been rectified, erased or restricted.

We will ordinarily confirm to you in writing when any rectification, erasure or restrictions have been carried out at your request.

Who is responsible for managing and controlling my Personal Data?

The data controller of your Personal Data is:

For Plans or Policies issued in Guernsey

Generali Worldwide Insurance Company Limited

Generali House

Hirzel Street

St Peter Port

Guernsey

GY1 4PA

For Plans issued in Hong Kong

Generali Worldwide, Hong Kong Branch

Unit 2402B, Great Eagle Centre

23 Harbour Road

Wanchai

Hong Kong

For Plans issued in Singapore

Generali Worldwide, Singapore Branch

#14-02

20 Collyer Quay

Singapore 049319

For Policies issued in the Bahamas

Generali Worldwide - Bahamas Office

PO Box AP-59217 Slot 2052

2nd Floor, Campbell Maritime Centre

West Bay Street

Nassau, Bahamas

For Policies issued in the Cayman Islands

Generali Worldwide at IHS Ltd.

PO Box 10212, Grand Cayman

2nd Floor, Bougainvillea Way

Grand Pavilion Commercial Center

802 West Bay Road, Cayman Islands

For Policies issued in British Virgin Islands

Generali Worldwide Insurance Company Limited

c/o Harney Westwood & Riegels

Craigmuir Chambers

PO Box 71

Road Town, Tortola

British Virgin Islands

VG1110

How can I contact the Data Protection Officer?

You can contact our Data Protection Officer at:

DPO@generali-worldwide.com

Is my Personal Data classified as 'Sensitive Personal Data'?

We will not ordinarily ask you to provide 'Sensitive Personal Data' other than health data which may be required for medical underwriting purposes or in connection with a claim for benefits under a Plan or Policy, but if this does become necessary, we will inform you of the reasons and ask for your specific consent to use or process any Personal Data that qualifies as 'Sensitive Personal Data'.

Note: 'Sensitive Personal Data' is defined as data revealing racial or ethnic origin, religious, political or philosophical beliefs, genetic, biometric, health data or data concerning an individual's sexual orientation.

How have you obtained my Personal Data?

We only accept Personal Data as provided to us by either you, a third party on your behalf, such as your independent financial adviser, an insurance broker, third party administrator, or another party such as your employer who has established a Policy with us. We may also ask you directly for additional Personal Data where this is required to administer the relevant Plan or Policy or to provide benefits.

What is the purpose and legal basis for processing my Personal Data?

Your Personal Data will be collected and processed only in connection with fulfilling a Plan or Policy contract with Generali Worldwide. If we wish to use your Personal Data for any other purpose, we will advise you and seek your prior written consent.

Is it legitimate for my Personal Data to be disclosed to a third party?

We will only disclose your Personal Data to a third party in circumstances where we are compelled to do so by an applicable law, which includes for the purposes of international tax information exchange, or for the prevention of money laundering, the financing of terrorism, fraud or other financial crime, or where we consider it to be in your vital interests, such as in connection with a medical emergency.

Who are the recipients or categories of recipients of my Personal Data, if other than Generali Worldwide?

Your Personal Data is controlled by Generali Worldwide, but it may be necessary for your Personal Data to be processed by or passed to another Generali Group affiliate in any country where our Group operates. In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.

Will my Personal Data be transferred to a jurisdiction, other than a Member State of the European Union?

As noted above, we may transfer your Personal Data to another affiliate of the Generali Group, in any jurisdiction but we will only do this where it is necessary for the purposes of administration of a Plan or Policy.

In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.

What is the period for which my Personal Data is expected to be kept?

Generali Worldwide will not keep or use your Personal Data for longer than it is needed. However, we are subject to a range of legal obligations that require the retention of Personal Data, and it will typically be retained by us for at least 10 years after termination of the relevant Plan or Policy. After this period, we will arrange for the secure destruction of documents containing your Personal Data and where stored electronically, these records will be erased or otherwise put beyond use. Our Data Protection Officer will be happy to provide more details upon request to DPO@generali-worldwide.com 

What are my rights as a data subject?

Your statutory rights as a data subject are summarised within this Data Privacy Notice. Full details can be found in the text of the relevant Data Protection Laws. Our Data Protection Officer will be happy to provide more details upon request.

Can I withdraw my consent to the processing of my Personal Data?

You cannot withdraw your consent to the processing of your Personal Data by Generali Worldwide except by either:

  • Terminating the relevant Plan or Policy
  • Being removed as a beneficiary under the relevant Plan or Policy
  • Ceasing your participation in the relevant Employee Benefit Policy.

This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data. For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the Premiums that have been contributed, our Data Protection Officer will be happy to provide more details upon request.

How can I complain about data protection issues?

If you are dissatisfied with the manner in which your Personal Data is processed by Generali Worldwide, then you should lodge a complaint in the first instance with our Data Protection Officer at DPO@generali-worldwide.com

You are also entitled to lodge a complaint or an appeal against a decision made by our Data Protection Officer by directly contacting the relevant Data Protection authority:

Plans issued in Guernsey

Office of the Data Protection Commissioner

Guernsey Information Centre

North Esplanade, St Peter Port

Guernsey, GY1 2LQ

Email: enquiries@dataci.org

Telephone: +44 (0)1481 742074

Plans Issued in Hong Kong

Office of the Privacy Commissioner for Personal Data

12/F, Sunlight Tower

248 Queen's Road East, Wanchai, Hong Kong

Email: enquiry@pcpd.org.hk

Telephone: +852 2827 2827

Plans Issued in Singapore

Personal Data Protection Commission,

460 Alexandra Road #10-02 PSA Building,

Singapore 119963

Telephone: +65 6377 3131

Policy Issued in Bahamas

Office of the Data Protection

Cecil Wallace-Whitfield Building

West Bay Street

P. O. Box N-3017

Nassau, N.P., The Bahamas

Email: dataprotection@bahamas.bs

Telephone: +242 702 1522

Policy Issued in Cayman Islands

Cayman Islands Monetary Authority

PO Box 10052, 80 Shedden Road

Elizabethan Square,

Grand Cayman KY1 - 1001

Cayman Islands

Telephone: +345 244 1663

Policy Issued in British Virgin Islands

British Virgin Islands Financial Services Commission

Pasea Estate, P.O. Box 418

Road Town, Tortola, VG 1110, BVI

Email: webmaster@bvifsc.vg

Tel: 284-494-1324 or 284-494-4190

Does Generali Worldwide base any decision about me using an automated processing system?

Generali Worldwide does not currently utilise any automated decision making processes. We will inform you if such processes are introduced in the future that may affect you or your Personal Data.

If you have any queries regarding this Data Privacy Notice, please contact our Data Protection Officer at DPO@generali-worldwide.com

To access/download the Data Privacy Notice as a PDF, click