Privacy Policy

When we refer to “us”, “we” or “our” in this Privacy Policy, we are referring to the branches in Asia of Berkley Insurance Company.

This Privacy Policy describes the kind of personal data we collect, the purposes for which we collect and hold personal data, and our usage of personal data. It also describes the policies and practices we maintain in relation to privacy and personal data. We may amend this Privacy Policy at any time and for any reason. The up to date version is available by following the “Privacy Policy” link on our website: https://berkleyasia.com.

DATA

The type of personal data we collect depends upon the circumstances in which that data is collected. We may collect details about prospective and existing customers including name; identity card number; passport number; date of birth; telephone number; postal address; email address; bio-data and health information; employment information; financial information; investment portfolios; the same personal data relating to any other relevant individuals (e.g. family members or beneficiaries) to enable the provision of insured benefits; and other personal data relevant to the insurance being applied for.

PURPOSE

We collect personal data as required by our business purposes including, but not limited to:

  • Assessing, evaluating and processing applications for insurance;
  • Administering an insurance policy (including a group policy) and providing services in relation to it;
  • Assessing and investigating claims made under an insurance policy, and processing and paying claims under it;
  • Contacting you regarding enquiries, the collection of insurance premium, payment discrepancies, renewals, changes to an insurance policy mid-term or any other matter relating to an insurance policy or a claim under it;
  • Underwriting and reinsuring risk;
  • Verifying identities;
  • For our own internal records;
  • Marketing (please see below for more information);
  • Commencing or defending any legal proceedings brought against us, our directors, officers, employees, subcontractors, agents, affiliates and subsidiaries;
  • Compliance with applicable laws, regulations or any industry codes or guidelines; and
  • For other ancillary purposes which are directly related to the above purposes.

PROVISION OF DATA

We will let you know whether it is obligatory or voluntary to supply your personal data when we ask you for it. In most cases, it will be obligatory. We will also explain to you the consequences of failing to supply the data we ask for; the purpose for which the data is being collected; persons to whom the data may be transferred; your rights to request access to and correct your data, and the contact details of the Data Protection Officer who will handle these requests.

COLLECTION

We ensure that we will not collect data beyond what we require for our business activities. We ensure that we collect data by lawful and fair means in compliance with applicable data protection legislation.

CONSENT

We will obtain your consent before using, collecting or disclosing your personal data for any purpose and will notify you of your right to withdraw consent at any time and the consequences of doing so.

USAGE

The purposes for which personal data will be used will depend on the circumstances in which that personal data is collected. Details of the purposes for which we use personal data are contained in our Personal Information Collection Statement which we will issue to you at or before the time we collect your personal data. Generally, we may use personal data for the purpose for which it was provided to us, purposes which are directly related to the purpose for which it was provided to us, and any other purpose to which you have consented.

ACCURACY

We will make a reasonable effort to accurately record your personal data in our systems. This will include reviewing the completeness of any submitted forms and/or other written documentation, and verifying identities and particulars against identification documents. We may assume that personal data collected directly is accurate and complete and we may ask you for a verbal or written declaration that the personal data provided to us is accurate and complete. In certain situations, we may request that personal data is provided again to ensure that records are current and we will make a reasonable effort to accurately record the updated personal data provided in our systems.

CONFIDENTIALITY

We are committed to protecting the confidentiality and security of personal data. We will comply with applicable data protection requirements and will only collect, use or disclose personal data in accordance with applicable data protection laws. We may sometimes use third parties to process data on our behalf. Such processing, which may involve the transfer of personal data across national boundaries, is subject to contractual restrictions regarding confidentiality and security, in addition to the obligations established by applicable data protection laws. We may use policy information of real cases for our training purposes internally. In these circumstances, we will not share any personal data that will enable you to be identified.

MARKETING

Where we need to disclose information for a purpose for which have not consented, we will first ask you for your consent. We will inform you of your options to receive or opt-out of direct marketing communications from us and/or other companies.

MEDICAL INFORMATION

We will keep all medical information confidential. It will only be disclosed to those involved with your treatment or care, including your General Practitioner/Primary Health Physician, or to their agents, and, if applicable, to any person or organisation who may be responsible for the delivery of the benefits provided by our products.

RETENTION

We will keep personal data for no longer than is necessary depending on the circumstances and type of personal data. For more details about our retention policies, please see our Retention Statement.

SECURITY

We will take all practicable steps to ensure that personal data is protected against unauthorised access, processing, erasure, loss, collection, use, disclosure, copying, modification, disposal and other similar risks. We have in place appropriate physical, electronic and managerial measures to safeguard and secure personal data from unauthorised access. However complete confidentiality and security is not guaranteed, especially in relation to electronically held information. We do not provide any warranty against third parties’ unauthorised access to personal data. We are not responsible in any manner for direct, indirect, special or consequential damages, howsoever caused, arising out of the provision of personal data to us.

DATA ACCESS

You may request a copy of the personal data which we hold about you and information about the ways personal data has been or may have been used or disclosed in the past year by us. You may also request correction of your personal data by email to our Data Protection Officer at dpo@berkleyasia.com. We may charge a reasonable fee for this request and for the protection of personal data, we will need to verify identities before processing a request.

On receipt of a request, we will provide a copy of the personal data within 30 calendar days. If we cannot provide a copy within 30 calendar days, we will inform you, within that time about when you can receive access to your personal data. Data may not be provided where it could reasonably be expected to reveal the identity of someone whose consent to the disclosure of their identity has not been given.

CORRECTION RIGHTS

In situations where we are satisfied on reasonable grounds that a correction does not need to be made, we will annotate the personal data with the correction that was requested but not made. On receipt of a request, we will make the requested correction to personal data within 30 calendar days. If we are unable to make the correction within 30 calendar days, we will inform you, within 14 calendar days of receiving a request, when the correction will be made and then send the corrected personal data within 30 calendar days to every organisation to whom we had disclosed the uncorrected personal data in the preceding 12 months, unless that other organisation does not need the corrected personal data for any legal or business purpose.

CONTACT

For any information or queries please contact our Data Protection Officer at privacy@berkleyapac.com.

European Union General Data Protection Regulation

Our European customers can access our Privacy Notice under the European Union General Data Protection Regulation (“GDPR”) by clicking on the link below.

GDPR EU Website Notice Asia