1. About Us
R.E. Lee International is a group of companies comprising R.E. Lee International (Cayman) Ltd. and its subsidiaries and affiliates, including R.E. Lee International Asia, LLC, R.E. Lee International Hong Kong Limited, R.E. Lee International (Middle East) Limited, and RELI Services Limited. In this Notice, we refer to these entities collectively as "R.E. Lee International," "R.E. Lee", "we," "our," or "us”.
We provide bespoke life insurance solutions designed to meet our clients’ needs with a global perspective and international scope. To learn more about us, please visit our Website.
We take your privacy seriously and are committed to safeguarding the confidentiality and privacy of your Personal Data.
The R.E. Lee International entity responsible for your Personal Data will depend on how you interact with us. In most cases, the entity with which you have a direct contractual relationship, or the entity that collects your Personal Data in connection with our services as specified by the applicable terms of engagement, will act as the controller of your Personal Data.
Contact details for all R.E. Lee International entities in respect of data protection or privacy matters are the same and can be found in the Contact Us Section of this Notice.
2. About This Notice
This Privacy Notice ("Notice") describes how R.E. Lee International collects, processes, and protects your Personal Data when you interact with us.
The categories of Personal Data we collect about you and how we process such data depend on the nature of our relationship with you and the means through which we interact. This may include interactions as a prospective or current client, beneficiary, professional advisor, referral partner, insurance carrier, goods or service provider, regulatory authorities, or other relevant third party, as well as your use of our website.
This is a global Privacy Notice providing information about our global privacy standards. Where local data protection laws impose additional or different requirements, these take precedence and are reflected in this Notice and, where applicable, in any jurisdiction-specific forms or disclosures provided at the time of collection.
For the purposes of this Notice, "Personal Data" means any information relating to an identified or identifiable natural person, whether held in electronic or physical form. Personal Data includes Sensitive Data and pseudonymised data. Unless stated otherwise, other terms used in this Notice will have the meaning given to them under applicable data protection laws.
Any third-party websites accessible via our website are not covered by this Notice. You should read the relevant third party’s privacy notice before providing any Personal Data.
This Notice, together with any applicable consent or collection forms provided at the time of collection, serves as the Personal Information Collection Statement (PICS) as required under the Personal Data (Privacy) Ordinance. It provides you with information about the purposes of collection, the classes of persons to whom your Personal Data may be transferred, and your rights of access and correction.
3. Sources of Personal Data Collection
We may collect Personal Data about you from the following sources:
Directly from you. Personal Data that you, or your authorised representative, provide to us when you enquire about or engage our services, including when you complete application forms, insurability questionnaires, medical questionnaires, or other documentation required in connection with the placement or administration of life insurance policies; when you correspond with us; or when you contact us for any other purpose.
Third parties. Personal Data provided to us by third parties, including: client referral partners, private banks, wealth managers, and financial planning firms, insurance carriers, medical and healthcare providers engaged in connection with underwriting, financial institutions, verification and screening providers, and other third parties we may engage in connection with the services we provide.
Publicly available sources. Personal Data that is publicly available or accessible, such as public registers, company databases, regulatory filings, or publicly accessible profiles.
If you wish for a third party to refrain from disclosing your Personal Data to us, please liaise with them directly. You may also exercise your rights in respect of Personal Data already disclosed to us by contacting the R.E. Lee International Data Protection contact at data@releeinternational.com.
4. Categories of Personal Data We Collect
We collect only the Personal Data that is necessary for the purposes for which it was collected. The categories of Personal Data we may collect depend on the nature of our relationship with you and may include the following.
Personal Identification and Contact Information: Full name, date of birth, gender, nationality, country of birth, country of residence, marital status, number of dependants, passport and national identification details, contact details (postal address, email address, telephone numbers), job title, employer name, nature of business, business address, professional qualifications, and other employment information relevant to the provision of our services.
Government and Compliance Information: Passport numbers, national identification numbers, government-issued identification documents, tax identification numbers, and corporate registration numbers required for identity verification and regulatory compliance. KYC documentation; AML and counter-terrorist financing screening results; sanctions screening results; politically exposed person (PEP) status and screening results; criminal history and criminal background information and verification results; and other information collected to fulfil our legal and regulatory compliance obligations.
Financial Information: Bank account name, number, and address; routing information; assets and liabilities; source of wealth and source of funds; income information; investment and portfolio details; policy premium payment history; and financial statements.
Health and Lifestyle Information: Medical history; current health status; details of pre-existing conditions; medications; results of medical examinations and insurability assessments conducted in connection with insurance underwriting, including information provided in medical and lifestyle questionnaires. Information relating to participation in hazardous activities or sports, such as aviation; smoking and alcohol consumption; driving history.
Beneficiary and Third-Party Information: Name, date of birth, contact details, relationship to policyholder, and identification information relating to beneficiaries, nominees, legal guardians, trustees, and other third parties named in connection with your policy; authorised signatories and shareholders, director and officer information.
Insurance and Policy Information: Policy number, policy name, coverage terms and amounts, policy status, premium payment history, surrender and claims history, and related policy administration records.
Travel and Residency Information: Countries of residence and citizenship, travel history, intended future travel plans, and documentation relating to residency status (including residency permits and country-specific residency questionnaires).
Marketing and Interaction Data: Communication preferences, records of consents provided or withdrawn, and records of your enquiries and correspondence with us.
Contract Information: Details of contracts entered into between you and R.E. Lee International, and information regarding existing contractual arrangements with third parties that may be relevant to the services we provide.
5. How We Use Your Personal Data and the Legal Basis We Rely On
We use your Personal Data only for the purposes described in this section, and only where we have a lawful basis for doing so. We do not process your Personal Data for purposes that are incompatible with those described in this Notice.
Applicable data protection laws require us to identify a lawful basis for each processing activity. Depending on the nature of the processing, this may include your consent, the necessity of processing to perform our contractual obligations to you, compliance with a legal obligation to which we are subject, or our legitimate interests where not overridden by your rights and freedoms. The table below sets out our key processing activities, the categories of Personal Data involved, and the lawful basis applicable to each.
|
Processing Purpose |
Categories of Personal Data |
Lawful Basis |
|---|---|---|
|
Client Identification, Onboarding, and Due Diligence: client onboarding, identity verification, source of wealth / source of funds checks, client and referral-source due diligence, suitability and client classification checks. |
Personal identification and contact information; government and compliance information; financial information; travel and residency information; beneficiary and third-party information; director / ownership information; geo-location data where relevant. |
Performance of a Contract; Legal Obligation; and, where required for specific disclosures or Sensitive Data, Consent |
|
KYC / AML / CTF Screening and PEP Verification: screening against sanctions, PEP, adverse-media, and financial-crime databases; verification of nationality, residence, and related compliance information. |
Personal identification and contact information; government and compliance information; PEP and screening information; publicly available information; geo-location data where relevant. |
Legal Obligation; and, where permitted and appropriate, Legitimate Interests |
|
Insurance Advisory, Underwriting Support, and Policy Placement: assessment of insurability; preparation and submission of insurance applications and associated documentation to carriers; coordination of medical examinations where applicable; communication with underwriters; negotiation and communication of insurance terms; policy placement and settlement. |
Personal identification and contact information; financial and policy information; health and lifestyle information; travel and residency information; beneficiary and third-party information; government and compliance information. |
Performance of a Contract; Consent and, where required for Sensitive Data, Explicit Consent |
|
Policy Administration: administration of policies following placement, including policy delivery, annual policy reviews, changes to ownership, beneficiaries, or contact details, and management of claims, surrender, and other policy servicing requests. |
Insurance and policy information; personal identification and contact information; beneficiary and third-party information; financial and policy information; correspondence and change request records; health information where relevant to the request. |
Performance of a Contract; and, where required for Sensitive Data Consent |
|
Client Relationship Management: managing and responding to client, referral partner, bank, and professional adviser enquiries and requests; maintaining records of client interactions; and supporting relationship communications connected with the services we provide. |
Personal identification and contact information, including professional and employment information; policy information; correspondence records; contract information; beneficiary and third-party information where relevant. |
Performance of a Contract; and, where permitted and appropriate, Legitimate Interests |
|
Compliance with Legal and Regulatory Obligations: meeting obligations under applicable laws and regulations; responding to regulatory enquiries; making mandatory disclosures to authorities; supporting internal compliance reviews; and cooperating with court orders and legal processes, as necessary or as permitted by law. |
Personal Data necessary to meet the relevant obligation, which may include personal identification and contact information; government and compliance information; financial and policy information; health information where relevant; contract information; director / ownership information; and beneficiary and third-party information. |
Legal Obligation; and, where permitted and appropriate, Legitimate Interests |
Where processing activities described in this Notice rely on legitimate interests as a lawful basis in other jurisdictions, R.E. Lee International relies on a different lawful basis in China, such as consent, necessity for the conclusion or performance of a contract, or compliance with legal duties or obligations, as applicable under the PIPL.
You may withdraw your consent at any time by contacting the R.E. Lee International Data Protection contact at data@releeinternational.com. Please note that the withdrawal of your consent does not affect the lawfulness of processing carried out prior to withdrawal, nor processing conducted on other lawful grounds.
Wherever there is a business requirement to process your Personal Data for purposes that are incompatible with those described above, we will notify you and obtain your consent where required by applicable privacy laws prior to engaging in any such further processing.
6. Sensitive Personal Data
Where we process sensitive personal data, such as health data and, in some jurisdictions, certain financial information, we do so only for purposes relevant to the services we provide and as described in this Notice or otherwise communicated to you at the time of collection. Where required by applicable law, we will obtain your explicit or separate consent and apply additional safeguards.
7. How We Share Your Personal Data
We may share your Personal Data with the following categories of recipients, only where necessary and in accordance with the purposes described in this Notice.
The categories of Personal Data shared with each category of recipient will vary depending on the nature of the services provided and may include identification data, contact details, financial information, and health data where relevant.
Sharing may occur both within and outside the country in which your Personal Data was originally collected; where it involves a cross-border transfer, the safeguards described in Section 8 (Cross-Border Transfers of Personal Data) apply.
R.E. Lee International group entities. We may share your Personal Data within the R.E. Lee International group for the purposes of providing our services, ensuring compliance, and maintaining consistent data governance across the group.
Insurance carriers and reinsurers. We share your Personal Data, including health, financial, and identification data, with the insurance carriers and reinsurers with whom we place or administer policies on your behalf to provide our services.
Client referral partners. We may share Personal Data with client referral partners, such as private banks, wealth managers, and financial planning firms, where necessary for the provision of services, including policy placement and administration, and subject to appropriate contractual and confidentiality obligations.
Medical and healthcare providers. We may share relevant Personal Data with examining physicians and medical facilities engaged to carry out medical assessments required for insurance underwriting purposes.
Third-party service providers. We engage third parties to support our operations, including IT infrastructure, document management and compliance services. These providers process Personal Data on our behalf and are contractually restricted from using it for their own purposes.
Regulatory and government authorities. We may disclose Personal Data to regulatory bodies, law enforcement agencies, tax authorities, and other competent authorities where required or permitted by applicable law.
Legal and professional advisors We may share Personal Data with legal advisors, auditors, and other professional advisors in connection with legal proceedings, compliance matters, or corporate transactions, subject to confidentiality obligations.
Corporate transactions. In connection with any merger, acquisition, restructuring, or similar transaction, we may share Personal Data with prospective or actual counterparties, subject to appropriate confidentiality protections.
Other third parties with your consent. We may share your Personal Data with other third parties where you have given your explicit consent to do so.
We do not sell your Personal Data or share it for cross-context behavioural advertising. Should this change at any point in the future, we will update this Notice or otherwise notify you of any changes, and provide you with the appropriate mechanism to exercise your right to opt-out from the sale of your Personal Data.
8. Cross-Border Transfers of Personal Data
Due to the international nature of our business, your Personal Data may be transferred to and processed in countries outside the country where it was originally collected, including between our group companies and trusted third parties such as insurance providers and service providers.
Where Personal Data is transferred internationally, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws. These safeguards may include:
Intra-group data transfer agreements: We maintain intra-group agreements governing the transfer and protection of personal data between our group entities across jurisdictions.
Standard Contractual Clauses (SCCs): Where required, we rely on contractual clauses approved by competent authorities, including the European Commission’s Standard Contractual Clauses, for transfers to countries not recognised as providing an adequate level of protection.
Adequacy decisions: Where the destination country has been recognised by a competent authority as providing an adequate level of data protection.
Contractual safeguards with third parties: We include data protection provisions in our agreements with insurance providers and other partners to ensure appropriate handling, confidentiality, and security of personal data.
In limited circumstances, and where permitted by applicable law, we may rely on your explicit consent for certain international transfers, particularly where this is necessary in the context of underwriting or claims assessment or administering in-force service requests involving sensitive data.
You may request further information about the safeguards we use for international transfers by contacting the R.E. Lee International Data Protection contact at data@releeinternational.com.
9. How We Protect and Secure Your Data
R.E. Lee International has implemented appropriate technological and organisational security measures designed to protect your Personal Data against accidental or unlawful loss, misuse, alteration, unauthorised disclosure, or unauthorised access. These measures include restricting access to Personal Data on a need-to-know basis, maintaining policies and procedures governing secure data handling throughout its lifecycle, and applying safeguards such as encryption and secure communication methods where appropriate.
Access to Personal Data is limited to those R.E. Lee International employees and authorised third parties who are subject to confidentiality obligations and who process such data only on our instructions.
Data Breach Notification
We maintain procedures to detect, investigate, and respond to personal data breaches. Where required by applicable law, we will notify affected individuals and relevant supervisory authorities within applicable timeframes. Specific notification requirements may vary by jurisdiction. In the UAE (DIFC), we will notify the DIFC Commissioner of Data Protection without undue delay where a breach is likely to result in a risk to individuals’ rights and freedoms. In Singapore, we will notify the PDPC and affected individuals where a breach is likely to result in significant harm or affects 500 or more individuals. In the Cayman Islands, we will notify the Ombudsman and affected individuals within 5 days where required. In Hong Kong, we will notify the PCPD and affected individuals where appropriate and in line with applicable guidance.
10. Retention and Destruction of Personal Data
We typically retain your Personal Data only for as long as is necessary, for the purposes for which it was collected, and in line with legal, regulatory, and legitimate business requirements. This will usually be for the duration of your relationship with us plus the length of any applicable statutory limitation or obligation, as required or permitted by applicable privacy laws. Upon reaching the end of the relevant retention period, R.E. Lee International will take steps to dispose of your Personal Data in a secure and permanent manner, in accordance with applicable privacy and data protection laws.
The following retention periods typically apply to key categories of Personal Data:
|
Data Category |
Retention Period |
|---|---|
|
Insurance, underwriting, and policy records, including health, financial, lifestyle, travel and residency, and beneficiary information collected in connection with the assessment, placement, and administration of life insurance policies |
Seven (7) years following the last of: withdrawal or decline of the application; settlement of a claim; surrender, cancellation, or lapse of the policy; or transfer of policy service obligations to another provider. |
|
Client relationship, KYC, AML, and compliance records, including identification, government identifier, and due diligence information |
Seven (7) years following the termination of the client or client referral partner relationship. |
|
Contract information |
Seven (7) years following the termination of the contractual relationship. |
|
Complaints records |
Six (6) years following resolution of the complaint. |
11. Individual Privacy Rights
Depending on where you are located and subject to applicable conditions and exemptions, you may have some or all of the following rights in relation to your Personal Data.
|
INDIVIDUAL PRIVACY RIGHTS |
|
|---|---|
|
Right to Information/Confirmation of processing |
The right to receive the information set out in this Notice regarding our processing of your Personal Data. |
|
Right to Access |
The right to receive a copy of or otherwise access Personal Data we hold about you. |
|
Right to Correct |
The right to request that we correct or complete inaccurate Personal Data we might hold about you. |
|
Right to Delete/ Erase |
The right to request us to delete or remove Personal Data where there is no lawful reason for us continuing to process it. |
|
Right to Restrict Processing |
The right to ask us to suspend the processing of your Personal Data in specific circumstances. |
|
Right to Data Portability |
The right to obtain and reuse your Personal Data for your own purposes across different services |
|
Right to Object / Opt-Out |
The right to opt out of our processing of your Personal Data in certain circumstances (e.g. direct marketing, Personal Data sale, automated decisions, profiling). |
|
Right to Withdraw Consent |
The right to withdraw consent at any time that you may have provided to us for processing your Personal Data (where the Legal Basis we rely on is consent). |
|
Right to Lodge Complaint |
The right to lodge a complaint with a competent supervisory authority and, where applicable under local law, to request review or appeal of a decision relating to your Personal Data. |
|
Rights related to Automated Decisions |
Where applicable, the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significant effects on you, or to request an explanation and object where provided by law. |
Please note that the availability, scope, and conditions applicable to these rights vary by jurisdiction. To exercise any of your data protection rights, please contact data@releeinternational.com. We will respond to requests in accordance with applicable law and aim to do so within one (1) calendar month of receipt. This period may be extended by a further two (2) calendar months where a request is particularly complex or where we have received a significant number of requests. We will notify you of any extension and the reason for it.
We may need specific information from you to verify your identity before processing your request. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
No fee is normally payable to exercise your rights, although we reserve the right to charge a reasonable fee, or to decline to comply, where a request is manifestly unfounded or excessive.
12. Contact Us
If you have any questions, concerns, or complaints regarding this Notice, or wish to exercise your data protection rights, please contact the R.E. Lee International Data Protection contact:
R.E. Lee International Data Protection email: data@releeinternational.com
You also have the right to lodge a complaint with a competent supervisory or enforcement authority and, where local law provides, to seek review or appeal in relation to the handling of your Personal Data.
|
Jurisdiction |
Relevant Supervisory or Enforcement Authority |
|---|---|
|
Singapore |
Personal Data Protection Commission (PDPC) |
|
UAE (DIFC) |
DIFC Commissioner of Data Protection |
|
Hong Kong |
Privacy Commissioner for Personal Data (PCPD) |
|
China |
Cyberspace Administration of China (CAC) |
|
Cayman Islands |
Office of the Ombudsman (Cayman Islands) |
13. Updates to This Notice
This Privacy Notice was last updated in June 2026. We may update or amend this Notice from time to time to reflect changes to how we process your Personal Data, changes to our business operations, or changes in applicable legal requirements. Any material updates will be posted on our website. Where required by applicable law, we will notify you of material changes directly.
This Privacy Notice is provided by R.E. LEE INTERNATIONAL (MIDDLE EAST) LTD. (RE Lee International, 'we' or 'us'). We are a 'Controller' for the purposes of the DIFC Data Protection No 5 of 2020 (also referred to as the "Data Protection Law"). We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our Processing and your rights.
How to contact us
If you have any questions about this Privacy Notice, how we handle your personal
data, or would like to exercise any of your rights, please contact:
| Data Protection Manager | Mary Wilson |
| Address: |
Al Fattan Currency House Tower 1, Mezzanine Level, Office M07 DIFC, Sheikh Zayed Road, Dubai |
| Telephone number: | + 971 4388 9040 |
| Email: | data@releeinternational.com |
Changes to the Privacy Notice
The latest version of the Privacy Notice can be found here on our website at
https://www.releeinternational.com/en/
We may change this Privacy Notice from time to time. We therefore recommend that you
check this Privacy Policy on a regular basis.
USEFUL WORDS AND PHRASES
We have listed below certain words and phrases that have particular meanings in the Data Protection Law and are used throughout this Privacy Notice:
|
Term |
Definition |
|---|---|
|
Commissioner |
This means the DIFC commissioner, appointed by the President of the DIFC pursuant to article 43 (1) of the Data Protection Law to administer and enforce the Data Protection Law. |
|
Controller |
This means any person who alone or jointly with others determines the purposes and means of the Processing of Personal Data. In this case, we are the Controller. |
|
Data Protection Law |
This means the DIFC Data Protection Law No. 5 of 2020 as may be amended. |
|
Data Subject |
This means the person to whom the personal data relates. |
|
Identifiable Natural Person |
This means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and "Identified Natural Person" is interpreted accordingly). |
|
Personal Data |
This means any information any information referring to an identified or Identifiable Natural Person. |
|
Processing |
This means any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored personal data with the aim of limiting Processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on personal data by: (a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or (b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security. |
|
Special Categories of Personal Data |
This means any information relating to:
|
WHAT PERSONAL DATA WE COLLECT AND WHAT WE USE IF FOR:
We may collect, use, store and transfer different kinds of personal data about you, which we have been provided with as follows:
Direct Interactions: You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when:
you fill in our application form to enquire about our services: we may collect information from you including your name, your date of birth, your marital status, details of your assets and liabilities, details of your health history, name of your doctors and/or consultants, the name and contact details of your beneficiary (ies), your billing address, payment information (including credit card numbers), email address and phone number).
you fill in the insurability questionnaire we provide to you: we may collect your name, your contact details, personal postal address, gender, passport details, health data, financial and employment data (including bank details, salary and details of your assets and liabilities, source of income and wealth), family details and details about your hobbies.
we enter into a contract with you to provide you with our advisory services: we may collect your name, your contact details, personal postal address, bank details, family details and details about you beneficiary(ies).
we communicate with each other: we may collect your name, your email address, your phone and/or mobile number and any other information you may provide to us.
give us feedback or contact us: When you contact us, we will collect your name, your email address, your phone number and any other information you may provide us with.
Information automatically collected when you use our website: As you interact with our website, we will automatically collect information about your device, browsing actions and patterns, IP address, time zone and some of the cookies that are installed on your device ("Device Information"). We collect this Personal Data by using cookies, server logs, web beacons, tags, pixels and other similar technologies.
Third parties or publicly available sources. We will receive Personal Data about you from various third parties as set out below:
Technical Data from the Refinitiv World-Check Risk Intelligence for the purpose of carrying out Customer Due Diligence screening;
Health Data from your healthcare provider (based inside or outside the DIFC and the UAE) and the examining physician we may engage to see you before we enter into any contracts with you (based inside the UAE); and
Financial data from our clients' referral source (i.e. private banks, wealth management and financial planning firms).
HOW WE KEEP YOUR PERSONAL DATA SECURE:
We implement appropriate technical and organisational measures in order to protect your Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of Processing. We aim to ensure that the level of security and the measures adopted to protect your Personal Data are appropriate for the risks presented by the nature and use of your Personal Data.
WHY DO WE PROCESS YOUR PERSONAL DATA:
We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is Processing your data lawful' for further detail):
|
Origin of Data |
Why do we need it? |
Lawful basis for Processing |
|---|---|---|
|
Application Form and Insurability Questionnaire |
to respond to your enquiries, to provide you with our advisory services |
|
|
to communicate with you |
|
|
|
to screen the information you provided for potential risk or fraud |
|
|
|
Device Information |
to help us screen for potential risk and fraud (in particular, your IP address) |
Processing is in our business legitimate interests; To comply with our legal obligation. |
|
to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site.. |
Processing is in our business legitimate interests. |
|
|
Information collected via comments/feedback |
to manage and improve our services and the way we communicate with you. |
Processing is in our business legitimate interests. |
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL:
We are allowed to Process your Personal Data and any Special Categories of Personal Data based on the following legal bases for the purposes explained in this Privacy Policy.
Legitimate Interests We are permitted to Process your Personal Data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for Processing your Personal Data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section "Why do we Process your Personal Data" explains the Personal Data Processed on this basis.
You can object to Processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.
Contract It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your Personal Data to us, we will not be able to carry out our obligations under the terms of your contract.
Legal obligation We are subject to legal obligations to Process your Personal Data for the purposes of complying with applicable regulatory rules and to make mandatory disclosures to government bodies and law enforcement agencies.
Prevention of Financial Crime We are subject to anti-money laundering and counter-terrorist financing obligations and we may Process your Personal Data for the prevention, detection or prosecution of any crime;
Consent Sometimes we want to use your Personal Data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On this occasion, we will ask for your consent to use your information. You can withdraw this consent at any time.
ORGANISATIONS THAT WE MAY SHARE YOUR DATA WITH:
We use processors to support our IT systems and operate our website, such as website hosting and our IT services providers. Some of these service providers may Process your Personal Data as part of the services they offer to us. We take steps to ensure that our service providers treat your Personal Data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our other service providers, please contact us (see section "How to Contact Us").
Your Personal Data is transferred outside of the DIFC and the UAE for us to provide you with our services :
to our group company based in Hong-Kong that will seek quotations and proposals from various insurance providers; and
onto our Group's client relationship management system, which is located on a server based in the USA and on the Cloud;
Any transfer of your Personal Data outside the DIFC and the UAE will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.]
RETENTION AND DELETION OF YOUR PERSONAL DATA:
We only retain your Personal Data for as long as we need it by law. The following categories of Personal Data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:
|
Data we Process |
How long this will be held for |
|---|---|
|
Device Information (cookies/analytics data) |
Thirty (30) days. |
|
Contract Information |
Six (6) years after the last of the following:
|
|
Information from enquiry forms |
Until the enquiry has been completed and no further responses are received for a reasonable period. If you are an existing customer, the enquiry may be added to the other contract information that we hold about you as a customer. |
|
Complaints data |
For a period of up to 6 years after resolution of the complaint. If you are an existing customer, the complaint and its resolution may be added to the other contract information that we hold about you as a customer. |
YOUR RIGHTS:
You have the following legal rights under the Data Protection Law in relation to your Personal Data. You can exercise these rights free of charge, by contacting us (please see "How to contact us"). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months (in accordance with Article 33 (7) of the Data Protection Law).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Law.
|
YOUR DATA PROTECTION RIGHTS |
WHAT DOES THIS MEAN? |
|---|---|
|
You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and what your rights are. This is why we are providing you this Privacy Notice. |
|
You have the right to obtain access to your personal data we Process and certain other information (similar to that provided in this Privacy Notice). This is so you are aware and can check that we are using your information in accordance with Data Protection Law. You may ask for:
To help us find the information, please give us as much information as possible about the type of Personal Data you would like to see. |
|
You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section "How to Contact Us"). |
|
You can ask us to stop contacting you for direct marketing purposes. If you would like to do so, please contact us. Alternatively, you can also click the 'unsubscribe' button at the bottom of the email newsletter. It may take up to 7 days for this to take place. |
|
This is also known as the 'right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where:
|
|
You have rights to 'block' or suppress further use of your information. When Processing is restricted, we can still store your information, but may not use it further. You may request that we stop Processing your Personal Data temporarily if:
|
|
You have rights in certain circumstances to obtain and reuse your Personal Data for your own purposes across different services. |
|
You have the right to object to certain types of Processing, including Processing based on our legitimate interests only. |
|
If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your Personal Data with your consent up to that point is unlawful.) We will contact you via electronic means (SMS or email) to allow you to assess the consent, which you have given us. |
|
You have the right not to be discriminated against if you decide to exercise any of the rights mentioned above, including being:
|
Notification to the Commissioner
It is important that you ensure you have read this Privacy Notice. If you do not think that we have Processed your Personal Data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to notify the Commissioner's Office of our breach by phone: +971 4 362 2222 or by email: commissioner@dp.difc.ae