The purpose of this Data Protection and Privacy Notice is to inform you of your statutory rights and the protections available to you in relation to your Personal Data when it is provided to Generali Worldwide Insurance Company Ltd ("Generali Worldwide") and to provide further information on how we use your Personal Data.
Personal Data is any information relating to you as an identifiable individual, and because your Personal Data has been provided to Generali Worldwide, you are entitled to the statutory rights and protections afforded by applicable Data Protection Law.
Guernsey Head Office
If your Personal Data relates to a Plan or Policy that has been issued by our Head Office in Guernsey, you are entitled to the statutory rights and protections afforded by the Data Protection (Bailiwick of Guernsey) Law, 2017 which is equivalent to Regulation (EU) 2016/679, the General Data Protection Regulation or "GDPR". If your Personal Data relates to a Plan or Policy that has been issued by a Branch or Office of Generali Worldwide that is outside of Guernsey, you will be entitled to the same statutory rights and protections that are available in Guernsey in addition to those rights and protections offered by local Data Protection Laws in the relevant jurisdiction.
If your Personal Data relates to a Plan that has been issued by our Hong Kong Branch, you are entitled to the statutory rights and protections afforded by the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.
If your Personal Data relates to a Plan that has been issued by our Singapore Branch, you are entitled to the statutory rights and protections afforded by the Personal Data Protection Act 2012 (PDPA) of Singapore.
If your Personal Data relates to a Plan that is administered by our Switzerland Branch, you are entitled to the statutory rights and protections afforded by the Swiss Federal Data Protection Act.
If your Personal Data relates to a Policy that has been issued by our Bahamas Office, you are entitled to the statutory rights and protections afforded by the Data Protection (Privacy of Personal Information) Act, 2003 of The Bahamas.
If your Personal Data relates to a Policy that has been issued by our Cayman Islands Office, you will be entitled to the statutory rights and protections afforded by the Data Protection Law of the Cayman Islands that is expected to come into force in 2018.
British Virgin Islands
There are currently no dedicated Data Protection Laws in the BVI. However, if your Personal Data relates to a Policy that has been issued by our office in the BVI, it is protected by our duty and obligations of confidentiality under the Regulatory Code, 2009.
How we use your Personal Data
Generali Worldwide will collect and process your Personal Data lawfully and fairly to the extent necessary for the management and administration of a Plan or Policy (or the Policy that your data is linked to). We reserve the right to further process your Personal Data where we consider it necessary to protect your vital interests, such as in a medical emergency or where we are compelled to under applicable law.
In processing your Personal Data, Generali Worldwide must comply with the applicable Data Protection Laws and the associated Data Protection Principles that are set out in the Appendix to this Data Privacy Notice.
Should Generali Worldwide need to use Personal Data that is classified by law as a special category of 'Sensitive Personal Data' or process your Personal Data for purposes other than for the contractual performance of a Plan or Policy, such as direct marketing, then the reasons will be explained to you in writing and your specific consent will be required. You may withdraw such consent at any time by providing us with written notice.
'Sensitive Personal Data' is defined as data revealing racial or ethnic origin, religious, political or philosophical beliefs, genetic, biometric, health data or data concerning an individual's sexual orientation.
When entering into or becoming a life assured, beneficiary or member of a Plan or Policy with Generali Worldwide that relies upon the provision of your Personal Data, we confirm that your Personal Data will be used as a matter of necessity for the purposes of administering the relevant Plan or Policy and to comply with our statutory and regulatory obligations. We are required to inform you of your statutory rights as a data subject and provide you with a range of related information.
We will not retain more Personal Data than we need in order to operate the relevant Plan or Policy, or to meet our obligations under applicable law and regulation. If you wish to withdraw your consent to the use of your Personal Data in this respect, it will be necessary to either:
- Terminate the relevant Plan or Policy
- Cease participation in your Employer's Policy
- Remove yourself as a beneficiary under the relevant Plan or Policy.
This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data. For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the Premiums that have been contributed.
The Personal Data that we require about you will typically comprise of and may vary, depending on the nature of the Plan or Policy:
- Full name and any former names or aliases
- Permanent residential address, preferred email address(es), and telephone number(s)
- Nationality, including any Dual Nationality
- Date and place of birth
- Tax domicile and Tax Identification Number (where applicable)
- Documents which determine your identity and current or former residential address(es)
- Information relating to the source(s) of your wealth, including but not limited to your current and former income and employment and details of any public position held by you either currently or in the past.
Depending on the nature of the relevant Plan or Policy, we may require additional Personal Data or require validation of your Personal Data at any time in order to ensure that the information is up to date, accurate and sufficient for us to manage and administer the Plan or Policy.
How we store your Personal Data
Personal Data records held by us will typically comprise, but not be limited to hard copy documents, scanned documents, transaction information, email communications, telephone voice recordings where applicable and CCTV images (if you visit our premises), that are stored on electronic and/or physical systems.
All Personal Data is held by us on a strictly confidential basis but may be transferred or disclosed by us in the following circumstances:
- Between members of the Generali Group for management and governance purposes
- To your Financial Adviser or any third party as may be authorised by you
- To your employer, where you are a member of an Employee Benefit Policy
- To our service providers, meaning any agent, contractor or third-party service provider, including but not limited to our administration and claims outsourcing partners, investment fund managers, investment trustees and custodians, fiscal representatives or re-insurers, or any other party that provide services to us in connection with the provision of our insurance products and services, wherever they are located in the world
- To statutory authorities wherever located in the world, including but not limited to, financial and other regulators, tax authorities and the police or other law enforcement agencies. Any disclosure will be limited to the extent as may be required for us to comply with applicable law, regulation, regulatory code, rule or official guidance, including in connection with tax information exchange and the prevention and detection of money laundering, terrorist financing, fraud and other financial crimes.
We are required to hold your Personal Data during the lifetime of the Policy or membership within the Policy and we will retain it for a period of up to 10 years after the business relationship ceases, which we deem to be necessary to meet our statutory and regulatory obligations. Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.
Your data protection rights
As the subject of Personal Data that has been provided to Generali Worldwide, you are provided with the following rights of data protection:
Your Statutory Rights
Our commitment to your rights
The right to information regarding the processing of Personal Data when collected from the data subject.
You are entitled to certain information about the intended use of your Personal Data when providing that data to an organisation.
When Personal Data is collected from you, you will be provided with clear and concise information regarding the intended use of your Personal Data, your rights as a data subject, our official contact details and the contact details of our Data Protection Officer.
The right to information regarding the processing of Personal Data when collected indirectly from the data subject.
Where your Personal Data is provided indirectly to an organisation, you are entitled to the same rights and information as other data subjects.
Where your Personal Data is provided to us by a third party on your behalf, such as your employer, independent financial adviser, an insurance broker, intermediary, or another party, you are entitled to the same information and rights as other data subjects.
The right to object to processing for direct marketing purposes.
You are entitled to object to the use of your Personal Data for direct marketing purposes.
We will ask you for your specific consent before we use your Personal Data for direct marketing purposes. You are entitled to refuse consent or where given, you may withdraw this consent at any time by informing our Data Protection Officer at DPO@generali-worldwide.com
The right of access to the Personal Data of the data subject (subject to relevant exceptions).
You are entitled to know what Personal Data is recorded about you.
We will ordinarily provide a schedule of your Personal Data that is held by us upon request.
You are not ordinarily entitled to receive copies of our documentation, particularly where this may disclose the Personal Data of other individuals, but we may choose to provide you with such copies of documents at our sole discretion.
Please note: We can only provide data relating to recorded telephone calls or CCTV images if you provide the date and approximate time of the relevant interaction. In addition, we are not required to respond to requests for Personal Data that we consider to be frivolous, vexatious, unnecessarily repetitive or excessive.
The right to data portability.
You might be entitled to receive your Personal Data from us in a portable format.
In the event, a right to data portability arises, we will provide you with details of your relevant Personal Data in portable format. It should be noted that the 'right to data portability', is a limited right and is only valid when Personal Data is being processed by automated means.
The right to rectification.
You are entitled to require the rectification of any Personal Data that is inaccurate, incorrect or recorded in error.
If you become aware or suspect that any Personal Data held by us is inaccurate, incorrect, incomplete or recorded in error, you should inform our Data Protection Officer in writing at DPO@generali-worldwide.com and we will make such corrections, changes or additions as soon as it is practicable.
The right to restriction of processing.
Where you wish to dispute the accuracy or integrity of Personal Data held about you, you are entitled to require the organisation to restrict the processing of that data until the issue is resolved.
Where you wish to dispute the accuracy or integrity of the Personal Data that we hold about you, please notify our Data Protection Officer in writing at DPO@generali-worldwide.com. If we do not agree to amend or remove the Personal Data in question, we will inform you of the reasons and restrict the processing of that data until the issue has been resolved.
The right to data erasure.
You are entitled to have your Personal Data erased or otherwise put beyond use when we no longer have a need to use it.
We are required by law to hold your Personal Data during the lifetime of your Policy or membership and for a period of 10 years after our business relationship with you ceases, which we deem to be necessary to meet our statutory and regulatory obligations. Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.
The right not to be subject to decisions based on automated processing.
You are entitled to know if your Personal Data is used in any automated decision making process.
We do not currently utilise any Personal Data for automated decision making processes.
The right to object to processing on grounds of public interest, historical or scientific purposes.
In certain circumstances, you may object to your Personal Data being retained or disclosed for public interest, historical or scientific purposes.
We do not currently hold or expect to hold Personal Data that is likely to be of public interest, or of historical or scientific importance. If you have provided Personal Data to us that you think may fall into these categories, please notify our Data Protection Officer in writing at DPO@generali-worldwide.com
The right to be notified of rectification, erasure and restrictions.
You are entitled to be informed when your Personal Data has been rectified, erased or restricted.
We will ordinarily confirm to you in writing when any rectification, erasure or restrictions have been carried out at your request.
Who is responsible for managing and controlling my Personal Data?
The data controller of your Personal Data is:
For Plans or Policies issued in Guernsey
Generali Worldwide Insurance Company Limited
St Peter Port
For Plans issued in Hong Kong
Generali Worldwide, Hong Kong Branch
Unit 2402B, Great Eagle Centre
23 Harbour Road
For Plans issued in Singapore
Generali Worldwide, Singapore Branch
20 Collyer Quay
For Plans Administered in Switzerland
Generali Worldwide Insurance Company Limited,
St Peter Port, Switzerland Branch, Adliswil
For Policies issued in the Bahamas
Generali Worldwide - Bahamas Office
PO Box AP-59217 Slot 2052
2nd Floor, Campbell Maritime Centre
West Bay Street
For Policies issued in the Cayman Islands
Generali Worldwide at IHS Ltd.
PO Box 10212, Grand Cayman
2nd Floor, Bougainvillea Way
Grand Pavilion Commercial Center
802 West Bay Road, Cayman Islands
For Policies issued in British Virgin Islands
Generali Worldwide Insurance Company Limited
c/o Harney Westwood & Riegels
PO Box 71
Road Town, Tortola
British Virgin Islands
How can I contact the Data Protection Officer?
You can contact our Data Protection Officer at:
Is my Personal Data classified as 'Sensitive Personal Data'?
We will not ordinarily ask you to provide 'Sensitive Personal Data' other than health data which may be required for medical underwriting purposes or in connection with a claim for benefits under a Plan or Policy, but if this does become necessary, we will inform you of the reasons and ask for your specific consent to use or process any Personal Data that qualifies as 'Sensitive Personal Data'.
Note: 'Sensitive Personal Data' is defined as data revealing racial or ethnic origin, religious, political or philosophical beliefs, genetic, biometric, health data or data concerning an individual's sexual orientation.
How have you obtained my Personal Data?
We only accept Personal Data as provided to us by either you, a third party on your behalf, such as your independent financial adviser, an insurance broker, third party administrator, or another party such as your employer who has established a Policy with us. We may also ask you directly for additional Personal Data where this is required to administer the relevant Plan or Policy or to provide benefits.
What is the purpose and legal basis for processing my Personal Data?
Your Personal Data will be collected and processed only in connection with fulfilling a Plan or Policy contract with Generali Worldwide. If we wish to use your Personal Data for any other purpose, we will advise you and seek your prior written consent.
Is it legitimate for my Personal Data to be disclosed to a third party?
We will only disclose your Personal Data to a third party in circumstances where we are compelled to do so by an applicable law, which includes for the purposes of international tax information exchange, or for the prevention of money laundering, the financing of terrorism, fraud or other financial crime, or where we consider it to be in your vital interests, such as in connection with a medical emergency.
Who are the recipients or categories of recipients of my Personal Data, if other than Generali Worldwide?
Your Personal Data is controlled by Generali Worldwide, but it may be necessary for your Personal Data to be processed by or passed to another Generali Group affiliate in any country where our Group operates. In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.
Will my Personal Data be transferred to a jurisdiction, other than a Member State of the European Union?
As noted above, we may transfer your Personal Data to another affiliate of the Generali Group, in any jurisdiction but we will only do this where it is necessary for the purposes of administration of a Plan or Policy.
In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.
What is the period for which my Personal Data is expected to be kept?
Generali Worldwide will not keep or use your Personal Data for longer than it is needed. However, we are subject to a range of legal obligations that require the retention of Personal Data, and it will typically be retained by us for at least 10 years after termination of the relevant Plan or Policy. After this period, we will arrange for the secure destruction of documents containing your Personal Data and where stored electronically, these records will be erased or otherwise put beyond use. Our Data Protection Officer will be happy to provide more details upon request to DPO@generali-worldwide.com
What are my rights as a data subject?
Your statutory rights as a data subject are summarised within this Data Privacy Notice. Full details can be found in the text of the relevant Data Protection Laws. Our Data Protection Officer will be happy to provide more details upon request.
Can I withdraw my consent to the processing of my Personal Data?
You cannot withdraw your consent to the processing of your Personal Data by Generali Worldwide except by either:
- Terminating the relevant Plan or Policy
- Being removed as a beneficiary under the relevant Plan or Policy
- Ceasing your participation in the relevant Employee Benefit Policy.
This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data. For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the Premiums that have been contributed, our Data Protection Officer will be happy to provide more details upon request.
How can I complain about data protection issues?
If you are dissatisfied with the manner in which your Personal Data is processed by Generali Worldwide, then you should lodge a complaint in the first instance with our Data Protection Officer at DPO@generali-worldwide.com
You are also entitled to lodge a complaint or an appeal against a decision made by our Data Protection Officer by directly contacting the relevant Data Protection authority:
Plans issued in Guernsey
Office of the Data Protection Commissioner
Guernsey Information Centre
North Esplanade, St Peter Port
Guernsey, GY1 2LQ
Telephone: +44 (0)1481 742074
Plans Issued in Hong Kong
Office of the Privacy Commissioner for Personal Data
12/F, Sunlight Tower
248 Queen's Road East, Wanchai, Hong Kong
Telephone: +852 2827 2827
Plans Issued in Singapore
Personal Data Protection Commission,
460 Alexandra Road #10-02 PSA Building,
Telephone: +65 6377 3131
Plans Administered in Switzerland
Data Protection Officer of the Canton of Zurich
Beckenhofstrasse 23 8090 Zurich
Telephone: + (043) 259 39 99
Policy Issued in Bahamas
Office of the Data Protection
Cecil Wallace-Whitfield Building
West Bay Street
P. O. Box N-3017
Nassau, N.P., The Bahamas
Telephone: +242 702 1522
Policy Issued in Cayman Islands
Cayman Islands Monetary Authority
PO Box 10052, 80 Shedden Road
Grand Cayman KY1 - 1001
Telephone: +345 244 1663
Policy Issued in British Virgin Islands
British Virgin Islands Financial Services Commission
Pasea Estate, P.O. Box 418
Road Town, Tortola, VG 1110, BVI
Tel: 284-494-1324 or 284-494-4190
Does Generali Worldwide base any decision about me using an automated processing system?
Generali Worldwide does not currently utilise any automated decision making processes. We will inform you if such processes are introduced in the future that may affect you or your Personal Data.
If you have any queries regarding this Data Privacy Notice, please contact our Data Protection Officer at DPO@generali-worldwide.com
To access/download the Data Privacy Notice as a PDF, click