We undertake to protect and maintain the integrity of the information given to us by you, our policyholders and prospective clients. We are expected to ensure that the information they provide will not be subject to unauthorized disclosure. We recognize our obligations with respect to the collection, holding, processing and/or use of our policyholders’ and prospective clients’ Personal Data.
By using our services and products, engaging us through our application and claim forms, telephone calls, text messages, e-mails and other forms of communication, you are providing us your data voluntarily. You may opt not to provide us with the requested data, with the understanding that this may constrain our efforts to provide quality services to you. BIMA will not collect any information from you that identifies you certainly and directly through this website or any other means, unless and until you avail of our products or services, or provide information willingly when inquiring about the particulars of your policy/ies or our products and services.
By providing your personal information to us, you accept and agree that BIMA may retain and share your information for as long as necessary, to fulfill the purposes for which it is collected in compliance with this policy, and applicable laws and regulations. BIMA applies reasonable and appropriate security measures to prevent unauthorized or accidental access, processing, erasure, loss or use, including limiting physical access to data within BIMA’s systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete or destroy the information when it is no longer necessary for the purposes for which the information was collected.
This policy provides you with information on (1) Personal Data Collection; (2) Personal Data Use; (3) Sharing of Personal Data; (5) Security Measures regarding your Personal Data in our possession; (6) our treatment of Personal Data relating to other persons supplied by you; (7) our marketing communications with you; and (8) access, correction, objection and deletion requests, as well as the manner by which you may raise queries or concerns regarding your Personal Data in our possession.
Personal Data Collection
“Personal information” is any information, whether recorded in a material form or not, from which your identity is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an you. “Sensitive personal information” refers to personal information (i) about your race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (ii) about your health, education, genetic or sexual life, or to any proceeding for any offense committed or alleged to have been committed by you,
the disposal of such proceedings, or the sentence of any court in such proceedings; and (iii) issued by government agencies peculiar to you which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns. “Personal Data” as used herein refers to all types of personal information.
As a consumer, insured person, claimant, commercial broker, or or other person transacting with us, Personal Data collected about you and your dependents may include:
- General identification and contact information
Your name; address; e-mail and telephone details; gender; marital status; family status; date of birth; passwords; educational background; physical attributes; driving and other activity records; photos; employment history, skills and experience; professional licenses and affiliations; relationship to the policyholder, insured or claimant; and date and cause of death, injury or disability.
- Identification numbers issued by government bodies or agencies
Social Security number; passport number; tax identification number; military identification number; or driver’s or other license number.
- Financial information and account details
Payment card number; bank account number and account details; credit history and credit score; assets; income; electronic wallet account number and other financial information.
- Medical condition and health status
Current or former physical or mental or medical condition; health status; injury or disability information; medical procedures performed; personal habits (for example, smoking or consumption of alcohol); prescription information; and medical history.
- Other sensitive information
In certain cases, we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information. In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud. We may also obtain sensitive information if you voluntarily provide it to us (such as your preference in medical treatment based on your religious beliefs).
- Telephone recordings and other communications
Recordings of telephone calls to our representatives and call centers, or any other form of correspondence, through digital means or otherwise, with any of our company representatives or third parties transacting on our behalf.
- Information enabling us to provide products and services
Properties; age categories of individuals you wish to insure; policy and claim numbers; coverage/peril details; cause of loss; prior accident or loss history; your status as director or partner, or other ownership or management interest in an organization; and other insurance you hold.
- Marketing preferences and customer feedback
You may let us know your marketing preferences, enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.
Personal Data Use
BIMA will only collect Personal Data which we believe to be relevant and necessary for us to understand your insurance needs and provide quality customer service and products. In this respect, the particular purposes for which Personal Data may be collected and used by BIMA and its affiliates are as follows:
- Provide the products and services for which you have registered (including but not limited to insurance and health)
- Communicate with you and others in the conduct of our business operations;
- Send you important information regarding changes to our policies, other terms and conditions, and other administrative information;
- Make decisions about whether to provide insurance and related services, including claim assessment, processing and settlement;
- Assess your eligibility for payment plans, and process your premium and other payments;
- Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage commercial risks;
- Carry out market research and analysis;
- Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with information in our possession that indicates your suitability for the products or services being marketed;
- Administering contests, prize draws and similar promotions in which you may participate;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;
- Resolve complaints, and handle requests for data access or correction;
- Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence);
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
Sharing of Personal Data
BIMA may make your Personal Data available to:
- Our group of companies
BIMA is responsible for the management and security of jointly used Personal Data. Access to Personal Data within BIMA is restricted to appropriate personnel or individuals who have a need to access the information for our business purposes.
- Other insurance and distribution parties
In the course of marketing and selling insurance products and processing claims, BIMA may make personal available to third parties such as other insurers; reinsurers; insurance and reinsurance brokers and other intermediaries and agents; appointed representatives; distributors; affinity marketing partners; and financial institutions, securities firms and other business partners.
- Our service providers
External third-party service providers, such as telecommunications companies, financial service providers, e-commerce entities, medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providers; call center service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; banks and financial institutions that service our accounts; third-party claim administrators; document and records management providers; claim investigators and adjusters; construction consultants; engineers; examiners; jury consultants; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Due to the global nature of our business, for the purposes set out above we may transfer Personal Data to data servers located outside of Sri Lanka. We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities. These entities shall be bound by the same privacy policies set forth.
- Governmental authorities and third parties involved in court action
BIMA may also share Personal Data with governmental or other public authorities (including, but not limited to courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
- Other Third Parties
We may share Personal Data with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.
BIMA will take appropriate technical, physical, and organizational measures, which are consistent with applicable privacy and data security laws. Please be aware that transmission of data over the Internet or data storage systems are never completely secure. If you have reason to believe that your interaction with us has been compromised, please immediately notify us. You may e-mail us at email@example.com.
Service providers will be carefully chosen and required to use appropriate measures to protect the confidentiality, security and integrity of your Personal Data.
Personal information of other individuals
We will provide you with regular opportunities to let us know your marketing preferences. You may reach us at firstname.lastname@example.org to inform us of us your marketing preferences or to opt out of receiving our marketing communications.
We aim to comply with your requests to opt out in as expeditious a manner as possible. Please understand, however, that if you do opt out of receiving marketing communications from us, we may still send you other important administrative communications regarding our transactions with you or your policies with BIMA.