Privacy Policy

PURPOSE.  Sagicor Financial Corporation Limited and its affiliated companies (“Sagicor”) significantly value your trust in us. We truly understand our duty to protect and responsibly use the information that you share with us, and we pledge our commitment to fulfilling that responsibility. The purpose of this Privacy Statement, a policy shared by all of our affiliate companies, is to inform you on how we treat your personal information.

INFORMATION WE COLLECT AND HOW WE USE IT.  The types of personal information we may collect (directly from you or third parties) depend on the nature of the relationship that you have with Sagicor. Regardless of the source, we only collect information relevant for the purposes of processing information to which you have consented, except where required by law, to protect the interests of Sagicor or in the discharge of public duty.

Below are some of our sources for collecting personal information and, once collected, how we use it.

Customers.  In order to service your business, Sagicor obtains information (including financial and health) about you from some or all of the following sources:

  • Information you provide on the insurance application and other forms;
  • Information from your insurance intermediaries;
  • Information from your transactions with us;
  • Information from consumer reporting agencies;
  • Individually identifiable information when you apply for an insurance policy, investment, banking or mortgage product;
  • Individually identifiable health information from your health care providers; and
  • Information from our website, mobile applications, online customer portals, such as site visit data and information collection devices (cookies).

From these sources we may obtain information such as:

  • Name, address (e-mail address, if applicable), telephone number, date of birth, government identifier;
  • Driver’s License Number, and accident and violation history;
  • Telematics data;
  • Credit information and information about previous insurance transactions;
  • With your authorization, health information;
  • Banking information; and
  • Payment and account history, including claims information.

 

Websites and Mobile Applications. 

We collect two types of information about users of our sites and mobile applications:

  • Information that users provide through optional, voluntary These are voluntary submissions from disclosures regarding customers’ profile and participation in polls, surveys, completion of online forms and subscriptions for services.
  • Information that we gather through aggregated tracking and information derived mainly by tallying page views throughout our sites and telematics data. This information allows us to better tailor our content to user’s needs and to better understand the demographics of our Compiling such aggregated demographic data is essential to keeping our service up to date for our users.

We shall not disclose any information collected from any user unless such disclosure is permitted by law, required by an order of a court of competent jurisdiction or the disclosure is consented to by the owner of the information. 

Collection of information from websites and mobile applications

[1] Optional Voluntary Information.  We offer the following services, which require some type of voluntary submission of personal information by users:

  • Insurance products
  • Investment products
  • Banking products
  • Mortgages

 

[2] Usage Tracking.  We track user traffic patterns throughout all of our sites. However, we do not correlate this information with data about individual users. We break down overall usage statistics according to a user’s domain name, browser type, and MIME (Multipurpose Internet Mail Extension) type by reading this information from the browser string (information contained in every user’s browser).

[3] Cookies.  We may place a text file called a “cookie” in the browser files of your computer. The cookie itself does not contain personal information although it will enable us to relate your use of this site to information that you have specifically and knowingly provided. However, the only personal information a cookie can contain is information that you supply yourself. A cookie cannot read data off your computer or read cookie files created by other sites. When visiting one of our sites for the first time, you will be prompted with a pop-up box to accept or decline our use of cookies. Should you decline to allow cookies, some features of our sites may be unavailable to you. Should you consent to our use of cookies, the cookie will be deleted once you end your session by closing your browser. If you have set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You do not need to have cookies turned on to use this site. However, you do need cookies to participate actively in features such as but not limited to online message boards, forums, polling and surveys.

Use of information.  We use information provided by users through analytics to enhance their experience on our site, whether to provide interactive or personalized elements on the site; to better prepare future content based on the interests of our users or to develop new leads for potential sales.

Sharing of the Information.  We use the information provided by users to tailor our content to suit your needs. We will only share information about individual users with any third party in circumstances where we are legally permitted or required for business operations to provide information.

 Network Security.  We operate secure data networks which comply with the industry standards for information systems security. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by users. Notwithstanding the foregoing, every reasonable effort will be made to secure your data but we cannot guarantee that the information you share will be secure during transmission to our web-servers.

INFORMATION WE SHARE.  We will not disclose our current and former customers´ information to affiliated or nonaffiliated third parties, except as permitted by law. To the extent permitted by law, we may disclose to either affiliated or nonaffiliated third parties all of the information that we collect about our customers, as described in this section.

In general, any disclosures to affiliated or non-affiliated third parties will be for the purpose of them providing services for us so that we may more efficiently administer your policy or product and process the transactions and services you request. Our agreements with third parties require them to use this information responsibly and restrict their ability to share this information with other parties. We do not sell information to either affiliated or non-affiliated parties.

We also may disclose the information we obtain about you to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. The information we may share may include your name, address and phone number, and the product(s) you own.

We do not internally or externally share health information other than, as permitted by law, to process transactions or to provide services that you have requested or to facilitate transparency or risk mitigation. These transactions or services include, but are not limited to, underwriting insurance policies, obtaining reinsurance on life policies and processing claims for waiver of premium, accelerated death benefits, terminal illness benefits or death benefits.

You should know that if your intermediary is independent of Sagicor, he or she is responsible for the use and security of information you provide him or her. Please contact your intermediary if you have questions about his or her privacy policy.

RETENTION OF YOUR INFORMATION.  We will only retain your personal information as long as it is necessary or as required by law. When we destroy the information, we will use safeguards to prevent unauthorized parties from gaining access to the information during the process.

SAFEGUARDING YOUR INFORMATION.  Sagicor has security practices and procedures in place to prevent unauthorized access to your nonpublic personal information. Our practices of safeguarding your information help protect against the criminal use of the information. Sagicor administrative, technical and physical safeguards are designed to protect personal information that is received against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

Our employees receive training, are bound by a Code of Conduct requiring that all information be kept in strict confidence, and they are subject to disciplinary action for violation of the Code. We restrict access to information about you to only those employees who need to know that information to perform their job. We maintain physical, electronic, and procedural safeguards, which comply with local laws and regulations to guard your information.

CHANGES TO THIS PRIVACY STATEMENT.  We reserve the right to change our privacy policy in the future, but we will not disclose your nonpublic personal information as required or permitted by law without giving you an opportunity to instruct us not to do so.

QUESTIONS.  You have a right to know the information we have about you. You must request this in writing. If you believe any of the information is erroneous, please explain in writing. If we do not agree that it needs correction, we will notify you and you will be entitled to provide a statement of disagreement which we will file with the information.  

For requests about your information, or questions about this Privacy Statement, please write or call:

Sagicor Financial Corporation Limited

Attention: Chief Information Officer

c/o Sagicor Service Centre

Lower Collymore Rock

St. Michael, BB14004

Barbados

(246) 467-7577

PRIVACY NOTICE REGARDING PERSONAL INFORMATION FOR DATA SUBJECTS WHO RESIDE IN THE EUROPEAN UNION

EU GENERAL DATA PROTECTION REGULATION (“GDPR”).  Although we do not market or sell Sagicor products or services in the European Economic Area (“EEA”), in order to continue serving an existing business relationship, we may incidentally collect or transfer personal information from individuals (“Data Subjects”) located within the EEA.  Personal information that may be collected by us from a Data Subject in the EEA may include:

  • NAME
  • ADDRESS
  • PHONE NUMBER
  • EMAIL ADDRESS
  • SPECIFIC INFORMATION GATHERED ON AML QUESTIONNAIRE
  • OTHER DATA ELEMENTS

LAWFUL GROUNDS TO PROCESS AND OBTAIN CONSENT.  Data subjects whose personal information is collected in the EEA may withdraw consent at any time where consent is the lawful basis for processing his/her information.  Should a data subject withdraw consent for processing or otherwise object to processing that impedes Sagicor’s ability to comply with applicable regulations, a data subject may be unable to avail him/herself of the products or services that Sagicor provides.

DATA SUBJECTS’ RIGHTS.  All individuals whose personal information is held by Sagicor have the right to:

  • Ask what information Sagicor holds about them and why;
  • Ask for a copy of such information or access to such information;
  • Be informed how to correct or keep that information up to date;
  • Be informed on how Sagicor is meeting its data protection obligations.

Furthermore, for data collected in the EEA, data subjects have the right to:

  • Ask for a copy of such information to be sent to a third party;
  • Ask for data to be erased if possible and required under the GDPR;
  • Ask for processing of personal information to be restricted if possible and required under GDPR;
  • Object to processing of personal information if possible and required under GDPR;
  • Object to automated decision-making where applicable; and
  • Contact a supervisory authority in the EEA to lodge a complaint regarding Sagicor processing of your personal data.

AUTOMATED DECISION-MAKING. Sagicor does not engage in automated decision-making as defined by the GDPR.

NON-DISCLOSURE OF INFORMATION. Sagicor does not share any nonpublic personal information with any non-affiliated third parties, except in the following circumstances:

  • As necessary to provide the service that the customer has requested or authorized, or to maintain and service the customer’s account;
  • As required by regulatory authorities or law enforcement officials who have jurisdiction over Sagicor or as otherwise required by any applicable law; and
  • To the extent reasonably necessary to prevent fraud and unauthorized transactions.
  • To the extent reasonably necessary to facilitate business operations.

Sagicor employees are prohibited, either during or after termination of their employment, from disclosing nonpublic personal information to any person or entity outside Sagicor, including family members, except under the circumstances described above.  An employee is permitted to disclose nonpublic personal information only to such other employees who need to have access to such information to deliver our services to the customer.

SECURITY AND DISPOSAL OF INFORMATION. Sagicor restricts access to nonpublic personal information to those employees who need to know such information to provide services to our customers.  All electronic or computer files containing such information shall be secured and protected from access by unauthorized persons.  Electronic and paper records used for business purposes must not be left in places where they are visible to unauthorized persons.  Data printouts and files must be disposed of securely when no longer needed.

Sagicor’s information safeguarding standards encompass all aspects of its business and are adopted in its Information Security Standards document, which include the following key Standards:

  • Information Security
  • Ownership of Data
  • Business Use of Systems
  • Individual Identification and Authentication
  • Access Control
  • Information Management
  • Policy Awareness and Security Training
  • Security Incident Management
  • Availability
  • Monitoring
  • Logging and Auditing
  • Physical Security
  • Third Party Information Exchange
  • Systems Development and Maintenance of Infrastructure
  • Protection of Third Party Information
  • Acceptable Encryption
  • Information Risk Analysis
  • Forensics Investigation
  • Application and Information Access Control
  • Security of System Files

SAGICOR CONTACT INFORMATION FOR PERSONS LOCATED WITHIN THE EEA. If you are located in the European Economic Area (“EEA”) or Switzerland and have questions or concerns regarding the processing of your personal information, you may contact our EU Representative at: [email protected]; or write to us at:

Sagicor Financial Corporation Limited

Attention: Chief Information Officer

c/o Sagicor Service Centre

Lower Collymore Rock

St. Michael, BB14004

Barbados