Personal data protection and information security policy

Personal data protection and information security policy

United Insurance Company of Vietnam would like to inform that from 20th May 2024, we replaced Privacy Policy by Personal Data Protection and Information Security Policy. Customer please read carefully the following

PERSONAL DATA PROTECTION AND INFORMATION SECURITY POLICY

This Personal Data Protection and Information Security Policy (“This Policy”) provides for the method which United Insurance Company of Vietnam (“UIC” or “we”) deal with data, personal data of the data owner, customer (including potential customer) and relevant parties of customer and partner (hereinafter referred to as “Customer” or “you”) and other measures applied by UIC to protect information, personal data protection, ensure the compliance with relevant laws. 

I.       DEFENITION

1.         Platform refers to website https://uic.vn/ of United Insurance Company of Vietnam and other websites, platform, application of UIC or partners of UIC which is connected to website https://uic.vn/, or legally authorized/permitted by UIC (the aforementioned websites, platform, application hereinafter referred to as “Platform”). By accessing and using Website, the Customer agree and be bound by this Policy of UIC.

2.         Decree 13 refers to Decree 13/2023/ND-CP dated 17 April 2023 of the Government of the Socialist Republic of Vietnam on protection of personal data, and amendment or supplementation or replacement thereto from time to time.

3.         Customer information is any information, documents, data of or related to customer, provided by customer or collected by UIC in accordance with this Policy. Customer information includes personal data.

4.         Personal data refers to electronic information in the form of symbols, letters, numbers, images, sounds, or equivalences associated with an individual or used to identify an individual. The personal data includes general personal data and sensitive personal data. Individual herein may be the insurance buyer, the insured, the beneficiary and other people related to personal data which is proceeded by UIC during the process of providing products, services to the Customer. Personal data also including personal data.

5.         Personal data processing refers to one or multiple activities that impact on personal data, such as: collection, recording, analysis, confirmation, storage, rectification, disclosure, combination, access, traceability, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction or other relevant activities.

6.         Data subject refers to an individual whom the data reflect.

7.         Third party is any organization, person other than UIC and Customer.

II.       INFORMATION SECURITY

UIC will comply with the laws of Vietnam on protecting information and personal data when processing information of the customers.

1.        Collection of information

UIC may collect information directly from Customers and from a variety of other sources through transparent and legitimate ways.

The information that UIC may collect about customers based on relationship with customers, general personal data, sensitive personal data, business lines, customer interests and other information that is required by law or is necessary, related to the provision of products and services, for business purposes and for better understanding of customer needs

For customers conducting online transactions, UIC may use various tools on website, application, other tools managed by us. UIC may collect information, such as IP address, type of operating system, browser and device customers are using, when and how long the customers access the Platform, Internet access location and items they have visited on the UIC Platform, user information provided to UIC by entering such information on the UIC Platform when registering the products or using tools and online computer. This may include (but not limited to) name, email address, mobile phone number, user name, password, date of birth and your language option, other information collected by using cookie, web beacon and other equivalent technology for the purpose of monitoring the use of, administering and customizing the Platform, improving the customer experience, providing products/services to customers.

If any part of the website, application, or tool managed by UIC contains links to other websites, such websites may not be governed by this Policy. You should check the regulation on privacy on such websites to clearly understand their policies when collecting, using, transferring and disclosing customer information and personal data.

2.          Purpose of collecting information

Depending on your relationship with us, we may use the information to be collected in the following ways:

2.1.       Manage and support activities of Customer

a.       Verify your identity, handle requests to access, provide, edit, and delete personal data of data subjects; process the request or transaction of customer

b.       Contact, provide technique support related to Platform or changes to this Policy; provide customer the right to access the Platform or social media platform of UIC;

c.        Personalize and enhance your experience when you visit or use the Platform, and make navigation easier

d.       Enables use of our digital consulting tools

2.2.      Manage operation of UIC

a.       Mange business of UIC

i.        Record and report UIC’s activities to UIC’s owners, shareholders/capital contributing members;

ii.       Risk management, compliance control, audit and other administrative purposes;

iii.      Carry out periodic or extraordinary reports, provide information according to the provisions of law and requests of competent state agencies;

iv.       Calculate capital demands and solvency, capital safety level;

v.        Reinsurance;

vi.       Conclude and performance of contract/ agreement between UIC and Customer;

vii.      Marketing and advertising

viii.     Protect customer and UIC from errors, misrepresentations, fraud and/or illegal or criminal activity;

ix.       Design and improve products and services

x.        Targeted distribution and advertising of UIC products and services;

xi.       Provide customer service, provide information about our products/services, conduct customer satisfaction surveys, market research.

b.       Execute and perform contracts with Customer

i.         Assessment of insurance dossier, appraisal and issuance of insurance policy and any amendments and supplements thereto;

ii.        Offer insurance premiums, calculate insurance premiums, collect insurance premiums;

iii.       Prevent insurance fraud or other illegal activities, prevent and limit losses;

iv.        Complaints settlement and claim settlement, settlement of all disputes related to insurance policy;

c.       Manage Platform

i.       Allows our web server to determine whether the cookie setting on your web browser is enabled or disabled to determine whether data can be collected from your web browser;

ii.      Track visits to the Platform and recognize your web browser so that we can collect statistics on the number of visitors as well as evaluate the effectiveness of the Platform.

d.       Other purpose

i.        Collect or use or handle information as required by competent state agencies or in compulsory case as stipulated by laws;

ii.       Allow third parties to contract on our behalf to perform services or functions. Such third party will be required to keep confidential the information we share with them and may only use that information for business purposes in accordance with our contract or where required by law;

iii.      Any purpose which is: (i) indicated in or related to Article 2 Section II of this Policy; (ii) provided for in any specific products, services which we provide, or (iii) permitted or requested by laws.

If UIC cooperates with advertising and marketing companies to promote our products and services, including website, application, platform of third party which is not affiliated with us, such service providers may use for online behavior promoting techniques or display advertisement based on interest.

3.     Use of Personal Information

UIC shall only process collected information, for the same purpose as that for which it is collected, or for other purposes as agreed by customers, or in cases as required by law.

UIC may analyze customer information to understand customers’ needs and types of products, services and promotion programs that customers may be interested in.

UIC may retain customer information until it is no longer needed for collection purposes or as required by law.

UIC shall be responsible for information owned by UIC, including information passed to service providers who are performing obligations on its behalf. When the personal information is shared with the service providers, it is their responsibility to protect it by measures consistent with UIC’s practices, confidentiality regulations and agreements with UIC.

4.     Confidentiality

The protection of customer information shall be implemented in accordance with this Policy and relevant provisions of the insurance contract. UIC shall comply with relevant laws and regulations, and shall take all necessary and reasonable measures to the extent possible to protect the information and personal data of customer and other related parties.

UIC shall manage personal information under strict and careful control in accordance with the law and agreements with customers.

UIC shall take necessary measures to prevent unauthorized access, reading, copying, stealing, alteration, or deletion of personal information of customers.

UIC shall ensure that information about UIC’s privacy policy and personal information protection practices is easily accessible to customers.

UIC shall provide customers with reasonable access to their personal information and notify them of the processing of personal information upon request or in accordance with the law. Customers may also verify the accuracy and completeness of the information and request it to be revised, updated or deleted, if appropriate or permitted by law.

UIC shall retain and process the information as of the time of declaration or collection, in physical and electronic records (including without limitation, cloud storage), or other means in accordance with the law, until it is no longer necessary to meet the purposes for which it was collected or as required by law.

5.     Responsibility to Protect customer’s information

UIC shall make the best efforts to provide optimum security of your data and all transactions in the same manner as protection of our customers. However, despite our best efforts, there are always online risks, and it is your responsibility to take necessary measures to protect yourself in accordance with the law, recommendations from trusted network security organizations and competent authorities, and do not share your accounts, account authentication information, passwords with anyone.

III.      PERSONAL DATA PROTECTION

1.         Principles for processing personal data

a.        Personal data is processed only on the basis of the consent of the data subject, unless otherwise stipulated by law. The consent of the data subject must be expressed clearly and specifically in writing, voice, checking the consent box, consent syntax via text message, selecting consent technical settings or via a text message or other actions demonstrating this.

b.      UIC only process personal data for the purposes as provided for in this Policy and in relevant contracts/ agreements between UIC and Customer.

c.          Personal data will be processed by UIC fairly, transparently and in accordance with the law.

d.      UIC will apply necessary, reasonable and permissible measures to protect and secure the personal data of data subjects. To the extent permitted by law, UIC may store your personal data in Vietnam or oversea, including on cloud storage solutions.

e.        UIC only proceed personal data about children provided by their parents or legal guardians when the child is the insured in insurance contract or when the child is designated as the beneficiary. If you participate in an insurance contract for children 7 years of age or older or designate a child 7 years of age or older to be the beneficiary of insurance benefits, you hereby agree to the processing of personal data. your child’s personal data as governed by this Policy, and ensure that you have informed and obtained your child’s consent to UIC’s processing of your child’s personal data in accordance with this Policy.

2.         Types of personal data to be processed

            Depending on features, requirements of each type of products, services, or purpose for collecting personal data, UIC can process the following personal data:

            General personal data includes but not limited to: first name, middle name and birth name, other name (if any); date, month, year of birth; date, month, year of death or loss; gender; permanent address, temporary address, current address, contact address; country, nationality; image of individual; telephone number, ID card number/citizen identification number/personal identification number/passport number, driver license number, personal tax code, personal social insurance code, number of health insurance card; email address; marital status; personal image; information of family relationship; working place, salary; information of digital account of individual; personal data reflecting activities and history of activities in cyber environment; other information required or necessary for, or related to provision of our products/services such as history of buying insurance of the insurers, history of requesting for claim or settlement of career interest; and other information that pertains to a particular person or identifies a particular person that is not sensitive personal data.

            Sensitive personal data includes but not limited to: health condition and private life in medical record, including information of blood group; information about genetic characteristics which is inherited or  inherited or acquired genetic characteristics; information about an individual’s own biometric or biological characteristics; information of customers of credit institutions, branches of foreign bank, payment intermediary service providers and other licensed institutions, including: information about customer identification in accordance with the law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment intermediary service providers; data on violated activities which is collected/stored by state agencies, information of your location determined via location service, and other personal data which, under the laws, is typical and needed to have necessary security measure.

3.         Methods of collecting personal data

a.         UIC may collect information and personal data directly from data subjects or from third parties (which may include customers). Collection of personal data from third parties will be carried out on the basis of consent from the data subject.

b.         In case you provide personal data of another person (data subject) to UIC, you will undertake to have received all legal authorization or permission from the data subject to process such data.

c.         Personal data will be collected through lawful means, including but not limited to phone calls, messages, emails, forms, cookie (“Cookie” are data files created by websites you visit. By saving information about your visit, cookie help to make your online experience easier.)

d.         Personal data collected can be presented in paper form, electronic form or any other form that allows storage and retrieval when necessary.

4.         Purposes for processing personal data

            UIC will only process necessary personal data for the purposes specified in Article 2 Section 2 of this Policy.

5.         Provide personal data to third party

a.         For the purposes of processing data under this Policy, UIC reserves the right to provide, share, and transfer personal data to the following parties: director/manager/staff/representative of UIC to perform the works of UIC and to the extent in accordance with this Policy and contracts/ agreements between Customer and UIC, reinsurers, insurance ancillary service providers, claim settlement assistant, insurance agents (including but not limited to the individuals working for the organization operating in insurance agent, and individuals, organization providing insurance management providing service), insurance brokers, consultants, actuaries, contractors, suppliers, third party handling personal data under the contract with UIC (including company operating in research or survey and rating agency), owners/capital contributing members, parent companies, company being the member of the same group, other relevant partners of UIC in Vietnam and other countries and territories, the Insurance Association of Vietnam,  competent state agencies, anyone acting on your behalf, the payee, the beneficiary, correspondent bank or any party making payments to you, other parties with whom you approve or UIC has a legal basis to share personal data. The aforementioned third parties must perform the obligation to keep confidential the information provided and shared by UIC, in accordance with the agreement with UIC and the law of Vietnam and host country (if any).

b.         For transfer of personal data abroad (if any) according to Article 5.a of Section III above, UIC will require the receiving party to ensure compliance with the laws of Vietnam and the host country on transferring personal data.

6.         Time for processing data

UIC and the party which is permitted/ authorized by UIC will be entitled to process personal data as from the time when the data is declared and provided to UIC or the party which is permitted/ authorized by UIC and until such data is not necessary to satisfy the purposes for processing data or the laws provide for other requirement.

7.         Rights and obligations of data subject

a.         Rights of data subject

UIC, to the extent possible and reasonable and unless otherwise provided by law, will ensure that data subjects exercise their rights to their personal data under Decree 13, including:

–              The right to know about the process of their personal data;

–              The right to consent or not consent to process their personal data;

–              The right to access to view, edit or request correction of personal data;

–              The right to withdraw consent to the processing of personal data;

–              The right to request to delete personal data;

–              The right to restrict processing personal data;

–              The right to request to provide yourself with your personal data;

–         The right to object to process personal data in order to prevent or restrict the disclosure of personal data or use for the purpose of advertising and marketing;

–              The right to complain, denounce or sue in accordance with laws;

–            The right to request compensation for damages in case of violation of regulations on personal data protection;

–           The right to self-protect, or request competent agencies and organizations to implement methods to protect civil rights under the law.

UIC can request customer to pay relevant fee which is direct and necessary for conduct these requests.

b.         Obligations of data subject

–          Ensure that the personal data provided to UIC is accurate, adequate, updated and legitimate. Any failure to the aforesaid obligation may result in contracts/agreements (including but not limited to, insurance policy) being null and void, terminated, or claim being rejected.

–          Timely notify UIC any changes to provided personal data; comply with all requirements applicable to customer regarding your provision of personal data under the laws.

–       Keep confidential your personal data, do not let your personal data be used, stolen, edited, or disclosed illegally, such as sharing or revealing your login name or password of trading account. UIC will not be responsible for your losses or damages related to personal data that are not due to UIC’s fault.

c.        If the data subject does not consent or restrict or withdraw his or her consent to process his or her personal data, the insurance policy and related contracts/agreements, as the case may be, may not be executed or terminated since the parties do not have a basis to perform relevant rights and obligations under the contract relating to such personal data, and UIC will reserve its reasonable rights and lawful remedies in such cases.

IV.       CONTACT MADE BY UIC

  1. a.  UIC may contact customers by email or telephone, online transaction account (if any) or other lawful method. UIC may call you by name in emails asking you to respond via email or by any of your actions over the Internet. Any information UIC received from email/telephone/account of such data owner will be considered as legally confirmed and delivered by customer. Customer is responsible for keep confidential such email/telephone/account.
  2. b.  UIC shall not include links in emails that direct you to other websites that require you to enter your confidential information. UIC shall not send you emails requesting you to update, verify or confirm your confidential details, such as PIN, bank account number, identification/passport number.
  3. c.  If you have any doubt about the legality of any email received that appears to originate from UIC, please contact UIC immediately.

V. IMPLEMENTATION

  1. 1. Customer clearly understand and agree that this Policy will be also a Notice on handling personal data as provided for in Decree 13/ND-CP/2023 and has been amended, supplemented periodically before UIC proceed to handle personal data.
  2. 2. This Policy is published on UIC’s website by UIC (https://uic.vn/) or websites, mobile application, platform of UIC or third party of the third party legally authorized/ permitted by UIC. If customer continues to use such website, mobile application, platform or sign contract(s), agreement(s) or any documents in which this Policy is referred, the Customer will be considered to agree and commit to comply with this Policy.
  3. 3. This Policy is an integral part of contract, agreement and any document in which this Policy is referred. All rights and obligations of UIC and customers under this Policy will not replace, terminate or change but will be existed concurrently and be supplemented to the rights and obligations of the Company and customer subject to any documents. No provision of this Policy limits or eliminates any rights or obligations established between the parties, unless expressly agreed in writing by UIC and customer.
  4. 4. UIC will have the right to review, change, supplement, update this Policy from time to time. Your continued use of the Platform and/or UIC products or services after any amendment, supplement, update to this Policy shall constitute your acceptance of such amendments and supplements, update. UIC recommend Customer to regularly subscribe this notification to update changes and to be informed about UIC’s methods to protect your information and personal data.
  5. 5. UIC reserves the right to assign, transfer, or license any of the rights and obligations under this Policy in accordance with the laws.
  6. 6. This Policy is governed by the law of the Socialist Republic of Vietnam. All claims, disputes related to this Policy shall be resolved by a competent court of Vietnam.

VI. CONTACT INFORMATION

Customer can contact with UIC at one of the following address: · Hotline: 1800555505 Email: infor@uicvn.com

(Working time: 8h – 17h From Monday to Friday)

· In Hanoi:

Telephone number: (84-24) 3826 2686

(Working time: 8h – 17h From Monday to Friday

· In Ho Chi Minh city:

Telephone number: (84-28) 3821 9036

(Working time: 8h – 17h From Monday to Friday)

· In Da Nang:

Telephone number: (84-236) 365 0939

(Working time: 8h – 17h From Monday to Friday)

Privacy Policy