Personal Data Protection Notice ('Notice') - English Version
1. Personal Information
By interacting with Great Eastern General Insurance (Malaysia) Berhad (“Company”), submitting information to the Company, enrolling or signing up for any products or services offered by the Company, you are providing personal information to the Company.
“Personal information” means any information which relates to you and which has been or will be provided by you to the Company, including but not limited to your name, bio-data or personal profile, National Registration Identity Card number, passport number, address, telephone number, email address, images, your personal preferences, particulars of any third party insured person or beneficiary, financial and banking account information and any information which may identify you, any insured person, assignee, trustee or beneficiary, that has been or may be collected, stored, used and processed by the Company from time to time. The term “personal information” also includes sensitive personal information which means any personal information consisting of information as to physical or mental health or condition, political opinions, religious beliefs or other beliefs of a similar nature, the commission or alleged commission of any offence.
By providing personal information to the Company, you consent (and where required, explicitly consent) to such use of your personal information including sensitive personal information, in the manner set out in this Notice. Such consent and authorisation herein shall extend to any information obtained from any of the insurance policy(ies) presently provided to you, any new application to the Company for insurance, and claim processing, such historical financial or credit records, data or information whether or not provided personally.
As a general rule, if you are under the age of 18 years, the Company will obtain the consent from your parent, guardian or person who has parental responsibility you. However, if you have attained the age of 16 years and wish to effect a policy on your own life or on another life in which you have an insurable interest, you are deemed to have the capacity to give your own consent in relation to that life policy.
2. Collection of Personal Information
The Company may collect your personal information in the following manner, which includes but not limited to:
- when you submit any form, including but not limited to application, proposal and/or claims forms;
- when you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with the Company, or when you use the Company's services;
- when you interact with Company's staff, including the Company's customer services officers, e.g. via telephone calls (which may be recorded), letters, facsmile transmission, face-to-face meetings, digital platforms (including social media) and email;
- when you use some of the Company's services provided through online and other technology platforms, e.g. websites and applications including when you establish any online accounts with the Company;
- when you request the Company to contact you, be included in an email or other mailing list, or when you respond to the Company's request for additional personal information or the Company's promotions and/or other initiatives;
- when you are contacted by, and respond to, the Company's authorised representatives and other service providers;
- when the Company receives references from business partners and third parties, e.g. where you have been referred by them;
- when your images are captured by the Company via CCTV cameras while you are within the Company's premises, or via photographs or videos taken by the Company or its authorised representatives when you attend events hosted by the Company;
The Company may also collect and/or verify your personal information from third parties, such as a policyholder who has taken up a policy on you or for your benefit, agents, brokers, business or strategic partners of the Company and third parties from whom you have been referred to the Company, or third parties from whom the Company seeks or receives information on you in connection with your policy, which includes your policy applications, or claims, e.g., from any of the Great Eastern group of companies, other insurers or takaful providers, insurance associations and takaful associations, hospitals, clinics, motor workshops and the relevant authorities.
If you provide the Company with any personal information relating to a third party, including where you have named them as an insured person, assignee, trustee or beneficiary, or where you refer a third party to the Company for the purposes of offering the Company’s products and/or services to that third party, you represent to the Company that you have obtained the consent of the third party for you to provide the Company with their personal information for the purposes set out herein. References to “your personal information” shall include the personal information of third parties provided by you.
3. Purpose of Collection and Use of Personal Information
Your personal information may be used, recorded, stored, archived, disclosed or otherwise processed by or on behalf of the Company (and its successors in title) for the following purposes:
- to carry on insurance business, as may be applicable and to carry out any activity or duty as an insurer, including but not limited to any operational or internal management purposes;
- to assess or process any proposals or applications made for any of the Company’s products and services, including any future underwriting;
- any claim or investigation or analysis of such claim, including to ascertain your claims history in order to improve claims processing and prevent fraudulent claims, including any future claims assessment;
- to manage and service the Company’s relationship with you and to provide you with improved customer service;
- to match and update any personal information held by the Company and the Great Eastern group of companies (“Great Eastern”) relating to you from time to time (for more information on Great Eastern, log on to greateasterngeneral.com);
- to offer and/or process any alterations, variations, cancellation or renewal of products or services by the Company or by Great Eastern;
- for direct marketing and general marketing of insurance and takaful products and services of the Company and Great Eastern, or third party, that may be of interest to you. Please be assured that marketing information in respect of third party products and services will only be sent to you if you have expressly consented to the same;
- for research and audit including but not limited to historical and statistical purposes;
- to exercise any right of subrogation or recovery;
- to prevent, investigate, or report any actual or suspected money laundering, terrorist financing, bribery, corruption, actual or suspected fraud including but not limited to insurance fraud, evasion of tax or of economic or trade sanctions, and other criminal or unlawful activities;
- for reinsurance;
- for litigation or potential litigation; and
- if required by law or in good faith, if such action is necessary:
o to comply with any law enforcement, court orders or legal process, and/or
o to protect and defend the rights or property of the Company and Great Eastern (for information, log on to greateasterngeneral.com).
The information that you have provided to the Company is necessary. If you do not provide the Company with such information, the Company may not be able to provide you with the insurance coverage and/or respond to any claim.
4. Disclosure of Personal Information
The Company may disclose and/or provide your personal information to the following parties (within and outside Malaysia) for the purposes stated above:
- the authorised representatives of the Company;
- in relation to third party policies, the policy owner and/or insured person;
- in relation to group policies, the policyholder and/or its brokers;
- third party service providers (who provide administrative, telecommunications, computer, payment, data processing or storage, other services to the Company in connection with the operation of our business) to fulfil the Company's obligations to you;
- banks and financial institutions;
- insurers or takaful providers, fraud detection and prevention services, reinsurance companies, insurance associations or takaful associations and insurance industry regulatory authorities;
- any credit reference agencies or, in the event of default, any debt collection agencies;
- any insurance rating organisations that collect information about credit history, accident fault, injury description and amounts paid and share it with other insurance companies or takaful operators and others entitled to see it;
- any person, who is under a duty of confidentiality and has undertaken to keep such data confidential, which the Company has engaged to fulfil its obligations to you;
- any actual or proposed assignee, transferee, participant or sub-participant of the Company’s rights or business;
- any person to whom the Company is under an obligation to make disclosure under the requirements of any law, rules, regulations, codes of practice or guidelines binding on the Company including, without limitation, any applicable regulators, governmental bodies, or insurance associations, and where otherwise required by law;
- other companies in Great Eastern, and the Company’s affiliates; and
- any business or strategic partners.
5. Security Measures on Your Personal Information
The Company will take reasonable efforts to protect personal information in its possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. However, the Company cannot completely guarantee the security of any personal information the Company may have collected from or about you, or that e.g. no harmful code will enter the Company’s website (e.g. viruses, bugs, trojan horses, spyware or adware). You should be aware of the risks associated with using websites.
While the Company strives to protect your personal information, the Company cannot ensure the security of the information you transmit to the Company via the Internet, and the Company urges you to take every precaution to protect your personal information when you are on the Internet. The Company recommends that you change your passwords often, use a combination of letters and numbers, and ensure that you use a secure browser.
If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorised person, and to inform the Company as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorised transactions have taken place. The Company is not liable for any damages resulting from any security breaches related to unauthorised and/or fraudulent use of your username and password.
6. Retention of Personal Information
The Company may retain your personal information for such time as deemed to be necessary for the purpose of fulfilling any operational, audit, investigation, legal, regulatory, tax or accounting requirements, including but not limited to any potential litigation, and future underwriting and claims assessment purposes.
7. Use of Cookies and Related Technologies
The Company’s websites and platforms use cookies and other technologies. Cookies are small text files stored in your computing or other electronic devices when you visit the Company’s website and platforms for record keeping purposes. Cookies are stored in your browser’s file directory, and the next time you visit the website or platform, your browser will read the cookie and relay the information back to the website, platform or element that originally set the cookie. Depending on the type of cookie it is, cookies may store user preferences and other information.
Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in the Company’s websites or platforms. Web beacons are usually used in conjunction with cookies and primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites and platforms, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
The Company may employ cookies and other technologies as follows:
- tracking information such as the number of visitors and their frequency of use, profiles of visitors and their preferred sites;
- making the Company’s websites and platforms easier to use e.g., cookies may be used to help speed up your future interactions with the Company’s websites and platforms;
- to better tailor the Company’s products and services to your interests and needs e.g., cookies information may be identified and disclosed to the Company’s service providers and business partners to generate consumer insights;
- collating information on a user’s search and browsing history;
- when you interact with the Company on the Company’s websites and platforms, the Company may automatically receive and record information on its server logs from your browser. The Company may collect for the purposes of analysis, statistical and site-related information including, without limitation, information relating to how a visitor arrived at the website or platform, the browser used by a visitor, the operating system a visitor is using, a visitor's IP address, and a visitor's click stream information and time stamp (which may include e.g., information about which pages they have viewed, the time the pages were accessed and the time spent per web page);
- using such information to understand how people use the Company’s websites and platforms, and to help the Company improves its structure and contents;
- using cookies that are necessary in order to enable the Company’s websites and platforms to operate e.g., cookies that enable you to log onto secure parts of the Company’s websites and platforms; and/or
- personalising the website and platform for you, including delivering advertisements which may be of particular interest to you and using cookie related information to allow the Company to understand the effectiveness of the Company’s advertisements.
Some cookies the Company uses are from third party companies to provide the Company with web analytics and intelligence about the Company’s websites and platforms. These companies collect information about your interaction with the Company’s websites and platforms. The Company uses such information to compile statistics about visitors who interact with the websites, platforms and other online content related to the Company, to gauge the effectiveness of the Company’s communications, and to provide more pertinent information to its visitors.
If you do not agree to such use of cookies, you can adjust your browser settings. Unless you have adjusted your browser settings to block cookies, the Company’s system will issue cookies as soon as you visit the Company’s site or click on a link in a targeted email that was sent to you, even if you have previously deleted the cookies.
The way which cookies can be managed depends on your browser. For more information on how to configure or disable cookies, please refer to the 'Help' option of your internet browser.
If you do not agree to the Company’s use of cookies and other technologies as set out in this Notice, you should delete or disable the cookies associated with the Company’s websites and platforms by changing the settings on your browser accordingly. However, you may not be able to enter certain part(s) of the Company’s websites or platforms. This may also impact your user experience while on the Company’s websites or platforms.
Data analytics, artificial intelligence and machine learning may be used for some of the purposes stated above.
8. Your Rights on Your Personal Information
You may access certain personal information held by the Company based on the applicable data protection laws of Malaysia.
You may access your personal information at any time by calling the Company’s Customer Service Care or visiting the Customer Portal. If you have any inquiry such as limiting the processing of certain information, including the withdrawal of consent to receive marketing information, you may contact the Company’s Customer Service Care, or write to the Company.
The Company may charge a reasonable fee for access. If you can show that the personal information held by the Company is not accurate, complete and up to date, the Company will take reasonable steps to ensure it is accurate, complete and up to date upon receiving your verification or feedback.
If you have any complaints in respect of your personal information, you may contact the Company’s Privacy Officer.
For more information on how the Company processes your personal information, please log on to the Company’s website and read the Client Charter and Privacy Policy, as set out below:
Great Eastern General Insurance Malaysia | |
Website | greateasterngeneral.com |
Customer Portal | https://econnect-my.greateasternlife.com |
Customer Service Careline | 1300 1300 88 (Press 2 for General Insurance) |
Email Address | gicare-my@greateasterngeneral.com |
Privacy Officer | +603 2786 1162 |
The Company may review and update this Notice from time to time to reflect changes in the law, changes in the business practices, procedures and structure of the Company and Great Eastern, and changes in the community's privacy expectations. It is not generally feasible to notify you of changes to this Notice and as such, you can log on to the Company’s website to obtain the latest version of the Notice at any time.
In the event of any inconsistencies between the English version and the Bahasa Malaysia version of this notice, the English version shall prevail.
Last Reviewed: 26 August 2022
DECLARATION IN PROPOSAL FORM:
"[tick-box] I would like to receive updates and information about products, services, promotions, charitable causes or other marketing information about, and from, the affiliates, business and strategic partners of the Company."