Hong Kong Privacy and Security Policy
Privacy and Security Policy Statement
We, Allied World Assurance Company, Ltd, a company incorporated in Bermuda with limited liability, are committed to safeguarding your privacy and pledge to observe the requirements of Personal Data (Privacy) Ordinance (Chapter 486), Laws of Hong Kong Special Administrative Region.
Privacy principles
We maintain the following principles in addressing data privacy issues:
- Respect individual’s rights of privacy and confidentiality;
- Collect the personal data that are relevant and necessary for the provisions of products and services to customers;
- Use the personal data collected only for the purposes prescribed on the Personal Information Collection Statement (the “PICS”) provided upon collection;
- Protect the personal data collected by appropriate safeguards and make available only to authorised persons on a need-to-know basis;
- Disclose or transfer the personal data to those transferees stated in the PICS or in circumstances permitted or required by applicable laws; and
- Respect customer’s choices for direct marketing activities.
Collection of your information
When we collect personal data, we will provide you with a PICS on or before the collection in an appropriate format and manner. Personal data we collected will not be used for any other purposes without your consent unless such use is permitted or required by law. Failure to provide the necessary information and particulars may result in us being unable to process your request and application, provide or continue to provide our services and products to you.
Kinds of personal data held
Three broad categories of personal data are held by us. They are personal data contained in:
Customer records, which include but are not limited to personal contact details and general identification information; gender and age; occupation; billing and payment information; claims and loss history; and other information enabling us to provide products and services and to administer the customer account.
Personnel records, which include but are not limited to job applications; references; appraisal and disciplinary records; leave and training records; salary, mandatory provident schemes participation, pension and benefits details; results of medical check and sickness records; personal contact details; bank account and tax details of employees (including potential employees, as applicable) and other information relevant to the purpose as specified on the PICS provided.
Service Provider records, which include the data required to arrange and manage the services to be contracted with the suppliers. The information collected would be used for the purposes of supplier selection, bill settlement and administering their provision of services.
We may also use aggregate information and statistics for the purposes of monitoring web site usage in order to help us develop the web site and our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
How we use
The purposes for which any personal data collected by us may comprise the following:
In relation to customers
- Processing insurance application;
- Arranging the contract of insurance and administering the policy issued;
- Claims handling, investigation and analysis;
- Designing products and/or services for customers;
- Promoting, improving and furthering the provision of products and/or services by us, our group companies and/or our business partners; and/or
- Complying with any legal or regulatory requirements applicable to us.
In relation to employees and suppliers
- Recruiting employees and services providers;
- Arranging the contract of employment and providing employment benefits;
- Appraising job performance;
- Managing human resources and administering employment related arrangement.;
- Taking appropriate action in event of emergencies; and/or
- Complying with any legal or regulatory requirements applicable to us.
Details of the usage are set out in the applicable PICS provided upon the collection.
Retention
We maintain and execute retention policies of records containing personal data to ensure that personal data is not kept longer than necessary for the fulfillment of the purpose for which the data is or is to be used. Different retention periods apply to the various kinds of personal data collected and held by us in accordance with our internal policies on record management.
Security
We are committed to provide a secure online environment for our customers. To enhance the security of your online transactions at our website, we adopt state-of-the-art Secure Site Services from VERISIGN, a renowned provider of security services for electronic commerce and communication. If you wish to know more about the services provided by VERISIGN, please visit www.verisign.com.
Through the use of VERISIGN Secure Site Services:
1. You can authenticate or verify this website so that you can be assured that this website belongs to us; and
2. You can communicate with us via Secure Socket Layer (SSL) encryption technology so that your privacy will be protected.
Your transactions are secure
Our website protects data over the Internet by using 128-bit SSL encryption. 128-bit encryption offers one of the highest level of protection possible for all Internet communications, including payment by credit card and other financial transactions. It is now the industry standard protection method used by most recognised online banks and institutions around the world.
Access and correction
You have the right to access to and request for correction of your personal data held by us. Such requests shall be in writing containing the following information:
- A request for access to and/or correction of the personal information held by us;
- Full name, correspondence address and contact number of the requester, with signature and date of request,
- For correction of personal information request, supported with applicable proof of change, and
- Consent of the data subject to release his/her information if the requester is acting on behalf of the data subject.
Where to send your request
You can contact us by email or by post to the following address:
Compliance Officer
Allied World Assurance Company, Ltd (Hong Kong Branch)
Suite 2201, 22/F One Island East, Taikoo Place
18 Westlands Road
Quarry Bay, Hong Kong