Privacy Policy

Customer Data Privacy Policy

1. Definition

Data Subject: A natural person about whom the entity holds personal identification information and  who can be identified, directly or indirectly, by reference to that information

Personal Identifiable Information (PII): means any data relating to an identified natural person, or one who can be identified directly or indirectly by way of linking data, using identifiers such as name, voice, picture, identification number, online identifier, geographic location, or one or more special features that express the physical, psychological, economic, cultural or social identity of such person. It also includes Sensitive Personal Data and biometric data.

Sensitive personal Information means any data that directly or indirectly reveals a natural person's family, racial origin, political or philosophical opinions, religious beliefs, criminal records, biometric data, or any data related to the health of such person, such as his/her physical, psychological, mental, genetic or sexual condition, including information related to health care services provided thereto that reveals his/her health status.

2. Overview

This Privacy Policy for Union Insurance websites and associated online portals - identified as digital services, has been formulated to assist Data Subjects to understand how their personal information will be treated by Union Insurance Company (hereafter referred as UIC) when they use its digital services, as UIC’s objective is to make available a good experience and quality service to all Data Subjects. This policy is in alignment with Union Insurance Company’s data Privacy and data protection policy which is based on UAE Federal Decree Law No. 45/2021 on the Protection of Personal Data (UAE PDPL) and Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) Version 2.

By using the digital services or by otherwise giving us your information in any form, you will be deemed to have read, understood and agreed to the practices and policies outlined in this policy.  Please note that UIC may amend this policy from time to time without prior notice. Data Subjects are advised to check this Policy on regular basis. If you do not agree with this policy at any time, do not use any of the digital services or give us any of your information.

If you use the services on behalf of someone else (such as your child) or an entity (such as your employer), you represent that you are authorised by such individual or entity to accept this privacy policy and to provide their information.

3. Types of Personally Identifiable Information Collected during use of UIC Digital Services

We collect, use, disclose, transfer and/or otherwise process Personal Data about you or Personal Data relating to individuals who are connected, referred, nominated or associated with you including but not limited to your legal representatives that you provide to us (“Associated Persons”) in accordance with this Privacy Policy.

The Personal Data that we collect or may collect include (without limitation):

• Personal contact data (including title, name, telephone number, mobile number, email contact details, address (residential address and correspondence address);

• Signatures, specimen signature(s);

• Occupation, education and income levels;

• Identification details, passport number, Emirates ID details, date of birth, age, place of birth, nationality, residency details, citizenship details, and other identity related details;

• Your government identification number and identification documents including, for instance, document type, number, country of issue and expiration date;

• Financial, insurance, banking information (e.g. information on net assets, income, expenses, credit history, bank account and banking transactions, securities trading account);

• Details of your marital status, spouse’s name and account information, dependents, beneficiaries, beneficial owners, representatives, indemnifiers, tax status, sources of income and funds, assets and liabilities, whether you are a politically exposed person and/or other compliance-related details;

• Details of shareholdings, prominent functions, directorships and/or employment including, for instance, your occupation, salary, employer and length of service;

• Details of your current or past insurance policies, insurance claims, reinsurance policy, reinsurance claims, and any related data and/or information;

• Details of your medical history and current and ongoing health status;

• Details of your products and services including, for instance, application information, insurance policy details, reinsurance details, currency, account history, standing orders, direct debits, payment transactions, insurance policies held – their details, details of additional signatories, beneficiary details, banking details, information relating to complaints and/or fraud reports, and details associated with policy cancellations/amendments and so on;

• Value-added tax, corporate tax details;

• Insurance details, reinsurance details;

• Information about your risk profile, investments, investment objectives, knowledge and experience and/or business interests and assets;

• Personal opinions made known to us (e.g. your feedback or responses to any surveys);

• Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, IP address and MAC address;

• Security identifiers (password reset questions);

• Any other Personal Data reasonably required in order for us to provide the Services; and/or

• Any other Personal Data permitted by or required to comply with any UAE Data Protection Laws and our internal control and compliance policies.

4. Purpose / Use of Personally Identifiable Information Collected as part of UIC digital services

We Process your Personal Data for the following purposes ("Purposes"):

• To provide a quotation and/or contract of insurance;

• To identify individuals that contact us;

• To set up a policyholder, life insured or a member of a corporate savings plan or group insurance policy;

• To arrange and maintain business relationships with service providers and representatives;

• To administer and renew policies;

• To communicate with policyholders or their appointed representatives in respect of insurance services;

• To make and receive payments;

• To assess, process and settle claims;

• For fraud prevention and detection purposes;

• To comply with tax reporting obligations such as Common Reporting Standards (CRS)/Foreign Account Tax Compliance Act (FATCA);

• To provide the Services to you, including underwriting, administering, Processing any insurance policy, claim, reinsurance;

• To automate decision making processes including profiling, underwriting, issuance of policy, claim processing, (such automated decision-making process including profiling may produce legal consequences or otherwise seriously impacts you);

• To carry out any transactions on your behalf contemplated by the Services;

• To assess and process applications, instructions or requests from you;

• To communicate with you, including providing you with updates, or changes to our Services;

• To verify your identity for the purposes of providing Services to you;

• To conduct due diligence checks, screenings or credit checks as may be required by any applicable laws or our internal policies and procedures;

• For the specific purpose for which it was volunteered or provided to us;

• To detect and prevent fraud and other unauthorised or illegal activities and protect us or any third parties against negligence, fraud, theft and other illegal activities;

• To understand your needs and preferences;

• To improve the content, appearance and utility of the Services;

• To manage and develop infrastructure and business operations;

• To carry out our obligations and enforce our rights arising from any agreements entered into between you and us, including for billing and collection and the processing of payments;

• To comply with our internal policies and procedures;

• To respond to queries or feedback;

• To address or investigate any complaints, claims or disputes;

• To conduct surveys and obtain feedback on our services;

• To comply with any applicable laws or any request from any relevant governmental or regulatory authority;

• For financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;

• To create anonymised reports, analytical reports, statistical research, market surveys;

• To seek professional advice, including legal advice;

• To provide you with marketing materials in connection with the Services we may provide;

• To fulfil any purpose related to the above purposes or any other purpose in connection with the provision of our Services;

• Conducting market research and surveys with the aim of improving our products and Services;

• For development of new products, improvement of products, creating business intelligence, database creations;

• Marketing and promotion, conducted with or without the support of third parties engaged by us;

• Remaining competitive as well as developing and improving our products and services;

• Preventing, detecting, investigating and prosecuting crimes (including but not limited to money laundering, terrorism, fraud and other financial crimes) in any jurisdiction, identity verification, government sanctions screening and due diligence checks;

• To comply with applicable legal and regulatory requirements such as anti-money laundering, financial sanctions, tax or regulatory reporting. This includes complying with requests to provide data including personal information to our regulators, which may be on an adhoc or regular and daily basis, such as with UAE Central Bank, Department of Health, Dubai Health Authority, relevant Roads and Transport Authority(ies), Federal Tax Authority, or any other Government regulator as required to satisfy the regulatory requirements. Such data sharing could be in respect of individual insurance policies, group insurance policies and corporate savings plans issued by us in the UAE and may include personal information of relevant parties of the above policies and plans (such as policy owners, claimants, lives insured and beneficiaries - and employees of such policy owners, claimants and beneficiaries as the case may be). This data sharing may include requests for historic as well as current data;

• Complying with applicable local or foreign law, regulation, policy, voluntary codes, directive, judgement or court order, as well as any request by any authority, regulator or enforcement agency or body;

• Establishing, exercising or defending legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings; and

• Any other purposes that are appropriate or authorized by any applicable laws.

5. Customer Consent

BY CONTINUING TO USE OUR SERVICES (WHETHER DIRECTLY, INDIRECTLY OR THROUGH THIRD-PARTY ARRANGEMENTS) OR OUR WEBSITE OR ANY APPS AND/OR BY PROVIDING ANY PERSONAL DATA (INCLUDING SENSITIVE PERSONAL DATA) TO US OR TO OUR AUTHORISED PARTNERS, YOU ARE CONSENTING TO OUR USE AND PROCESSING OF YOUR PERSONAL DATA AS SET OUT IN THIS PRIVACY POLICY.

You may withdraw consent at any time by submitting ‘Data Subject Consent Withdrawal Request’ by writing to privacy@unioninsurance.ae . Please note that it will take us 30 days to complete the processing and give you a confirmation.

6. Your rights as a Data Subject

• Right of access – you have the right to request a copy of the information that we hold about you.
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to object – you have the right to object to certain types of processing such as direct marketing.
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that the UIC refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below sections.

7. Can I find out the personal data that the organisation holds about me

You as Data Subject, can request UIC to find out about the personal data that it holds and how its processed by writing ‘Data Subject Access Request’ to UIC at privacy@unioninsurance.ae .

You can request the following information:

• Identity and the contact details available with the UIC.
• Contact details of the data protection officer (DPO), where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of the UIC or a third party, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• Transfer of the personal data to a third country or international organisation, information about how the UIC ensure this is done securely.
• How long the data will be stored.
• Information about your right to withdraw consent at any time.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

8. Association with Third party websites/Services

The website / digital services may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third party websites.

9. Data Security

As part of its due care/ due diligence, UIC employs various data protection and data security measures to secure its  Digital Services as part of its wider information security & privacy program which is based out of best practices like ADHICS standards. It is worth noting that such measures do not guarantee that use of the UIC Website and its digital services is invulnerable to all security risks, nor does UIC make any warranty, guarantee, or representation that use of the UIC Website and digital services is protected from all viruses, worms, and other vulnerabilities. The personal data collected shall be stored only till the storage is mandated by UAE PDPL, ADHICS or any other UAE existing laws and regulation. Data shall be purged upon the elapse of the retention time, mandated by law. It shall be noted that as a policy, UIC will not transfer customer personal data outside UAE without the explicit approval of Central Bank of UAE and/or Department of Health Abu Dhabi.

10. Process to be followed in case of changes in personal information

As the accuracy of your Personal Data depends largely on the information you or such third party provide to us, you should inform us in writing as soon as practicable if there are any errors in the Personal Data or if there have been any changes to the Personal Data. Any errors or incomplete Personal Data may prevent us providing Services to you or may lead us to provide partial or incorrect Services.

If you were introduced to us by a broker or other intermediary who is data controller in its own right, you should contact them separately

11. Addressing Customer Complaint associated with UIC Digital services

If you want to contact the UIC on data privacy related topics, have any grievance or you suspect a breach with respect to our use of your information, or if you have any complaint on handling your data, you may communicate such grievance to privacy@unioninsurance.ae which will be addressed by the Union Insurance Company’s Data Protection Officer (DPO), within 30 days.

If you wish to make a complaint about how your personal data is being processed by the UIC or its associated processors or how your data right request has been handled, you have the right to lodge a complaint directly with the regional supervisory authority and the UIC’s data protection officer.

If UIC identify any data breach in under any circumstances, the Data Subject will be notified immediately in customer e-mail ID, along with the procedural measures taken to handle / manage the breach.

If you want to contact the UIC on data privacy related topics, have any grievance or you suspect a breach with respect to our use of your information, or if you have any complaint on handling your data, you may communicate such grievance to

The details for each of these contacts are:

Legal Department,

Union Insurance PJSC

P.O. Box 119227

Dubai, UAE

privacy@unioninsurance.ae