Howden Insurance Brokers (S.) Pte. Limited ("HIB") is committed to the observance and fulfilment of the provisions in the Singapore's Personal Data Protection Act 2012 (the "PDPA") and all relevant data protection laws. We place utmost importance on the proper management, protection and processing of your personal data. HIB's Data Privacy and Protection Policy intends to assist you in understanding how we collect, use, disclose and/or process your personal data so that you can make an informed decision before providing us with your personal data. If you, at any time, have any queries on this policy or on the way we manage and process your data, please do not hesitate to contact us or our Data Protection Officer ("DPO"):
Data Protection Officer
Office General Number/Email
61 Robinson Road
#07-01 Robinson Centre
8.45 am to 6.00 pm, Mondays to Fridays
1. Introduction to PDPA
1.1 The Personal Data Protection Act (PDPA) 2012 comprises various rules governing the collection, use and disclosure of personal data. Personal data refers to data, whether true or not, about an individual who can be identified from that data, and other information to which the organization has or is likely to have access. Examples of personal data are:
- Full Name
- NRIC or FIN number
- Passport number
- Photograph or video image of an individual
- Mobile telephone number
- Personal email address
- Name, residential address and residential telephone number
1.2. Personal data also includes other types of data that do not directly identify an individual on its own but form part of an accessible record about an individual.
1.3. HIB shall be entitled to assume that any person disclosing personal data to HIB is doing so in compliance with all relevant data protection laws, including the Personal Data Protection Act 2012. Each of the person disclosing personal data to HIB and HIB will comply with our respective obligations arising from all applicable data protection laws (including the Personal Data Protection Act 2012) in effect from time to time to the extent applicable to this agreement and the services provided under this agreement. Such obligations include without limitation, to obtain all necessary consents required for the collection, use, disclosure and transfer of personal data to us by you or any third party and to comply with all obligations relating to the collection, use, disclosure and transfer of personal data by the recipient of personal DATA (such as to take security arrangements to protect personal data in our possession or under our control).
2. Purposes for Collection, Use, Disclosure and Processing of Personal Data
2.1 The personal data provided by you may be collected, used, disclosed and/or processed for varying purposes, depending on circumstances that dictate the collection, use and disclosure of those data. They may be for:
- providing and administering any products or services that you may have requested;
- managing and responding to your requests and/or queries;
- statutory/regulatory reporting purposes;
- internal and external audit being conducted in the company;
- investigating your complaints;
- conducting due diligence in accordance with regulatory obligations or risk management procedures of the company
- complying with applicable rules, laws, regulations or guidelines
(collectively the "Purposes")
As the purposes for collecting, using, disclosing and/or processing your personal data depend on the circumstances, the list of purposes as described above may not be exhaustive. We will notify you of any such other purpose(s) at the time of obtaining your consent unless processing of your personal data without your consent is permitted by the PDPA or by law.
2.2 We may be disclosing your personal data to the following parties: third party service providers, insurers and/or our affiliates or related corporations as they may be processing your personal data either on our behalf or otherwise for one or more of the above-stated Purposes. These parties may be sited in Singapore or elsewhere in the world and in this regard, we would have sought your explicit consent to do so prior to the transfer of your data outside of Singapore. Transfer of your personal data will only be made for one or more of the Purposes specified in this policy.
2.3 Where we disclose your personal data to third party service providers, insurers and/or our affiliates or related corporations, we will ensure that they protect and manage your personal data as per the PDPA.
3. Direct Marketing
3.1 We may use your personal data to send you direct marketing communications about our insurance products or our related services. This may be in the form of email, post, SMS, telephone or targeted online advertisements. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you. Our processing of your personal data for direct marketing purposes is based on our legitimate interests, but where opt-in consent is required by law we may seek your consent where applicable. You have a right to prevent direct marketing of any form at any time - this can be exercised by following the opt-out links in electronic communications, or by writing to our DPO.
4. Request for Access and/or Correction and/or Erasure of Personal Data
4.1 You may request for access and/or correct your personal data currently in our possession by submitting a written request to us or contacting our DPO.
4.2 You may also request to know how your personal data is being used and disclosed for the last 12 months to the extent your right is allowed by law.
4.3 We may charge a reasonable fee for access to your personal data.
4.4 You have the right to request correction of your personal data and we shall respond to an access or correction within 30 days upon receiving the request.
4.5 If we are unable to respond to your request for an access or correction within 30 days from the time the request is made, we shall inform you in writing by when we will respond to your request.
4.6 You can ask us to erase your personal data, but only where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object; or
- it has been processed unlawfully; or
- to comply with a legal obligation to which HIB is subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims;
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.
5. Request to Refuse or Withdraw Consent
5.1 You may refuse or withdraw your consent for the collection, use and/or disclosure of your personal data in our possession by giving us reasonable notice so long as there are no legal or contractual restrictions preventing you from doing so.
5.2 If you withdraw your consent for us to use your personal data for your insurance matters, this will affect our ability to provide you with the products and services that you asked for or have with it.
6. Administration and Management of Personal Data
6.1 We will take reasonable efforts to ensure that your personal data in our possession is accurate and complete. You must also update us with any changes in your personal data that you had initially provided us with. We will not be responsible for relying on inaccurate or incomplete personal data if you did not update us of the changes.
6.2 We will ensure reasonable security measures are put in place to protect and secure your personal data that are in our possession.
6.3 In the event when the purpose for which your personal data is collected is no longer served by the retention of such data, or when the retention is no longer necessary for any other legal or business purpose, we will ensure that your personal data shall be completely destroyed.
7. Complaint Process
7.1 If you have any complaint or feedback on how we handle your personal data or complying with the PDPA, please contact us or our DPO.
7.2 Should your complaint or feedback be sent to us via email, please indicate "PDPA Complaint" in the subject header to ensure prompt response from us.
7.3 We will strive to attend to any complaint or feedback that you may have expeditiously.
8. Updates on Data Protection Policy
8.1 We reserve the right to amend our Data Protection Policy from time to time to ensure we properly manage and process your personal data. Any amended Data Protection Policy will be posted on our website.