At Caribbean Alliance Insurance, the health and well-being of our customers, business partners, and communities is our top priority. We are pleased to inform our customers that many of our offices have resumed normal office hours. However, we encourage you, our valued customers, to continue to implement social distancing. We strongly encourage you to call or email us with any queries. For current information on your specific territory please visit its respective page from the Branches/Agents Page.
- Data Collection
- Type of Data Collected
- Information Use
- Legal Requirements
- Information Sharing
- Data Storage
- Data Protection
- Data Subject Rights
Caribbean Alliance Insurance Company Limited (“CAIC”) takes its responsibility to protect personal data it collects very seriously.
This policy is issued on behalf of CAIC. When we mention “we”, “us” or “our”, we mean CAIC.
In order to be able to provide our clients with insurance services, CAIC requires to collect and process personal data. CAIC is therefore the data controller for the purposes of processing such data.
By enquiring about, or applying for, an insurance policy, we will require you to provide the following information relevant to your insurance application:
- Name, address, date of birth and gender
- Contact details
- Financial/payment information
- Information relating to your identity
- Employment details
- Information about you, as part of performing the necessary checks
- Sensitive personal data including criminal records and medical records
- Any other information relevant to your insurance application
In the event of a claim, information about the incident will be collected and if other people are involved in the incident, we will also need to collect additional information about them.
As an insurer, in order to be able to provide insurance services to its clients, CAIC is required to collect and use your personal information for the following purposes:
- Communication – to communicate with you.
- Quote – understand the type and level of insurance cover you require and provide you with an appropriate insurance quote.
- Processing of payment – ensure that the payment for any policy purchased directly from our website can be processed.
- Insurance Policy – ensure you are provided with the agreed policy.
- Insurance Terms – fulfill the conditions of the insurance policy.
- Specific Purpose – fulfill a specific purpose, where you have provided your consent to process such data.
- Improving our Services – assist us with improving the services we provide.
- Regulatory – allow us to comply with regulatory requirements.
- Crime – allow us to internally conduct fraud or other investigations.
CAIC must have a legal basis in order to process the personal information it collects. CAIC relies on one or more of the following legal grounds:
- Performance of Contract – CAIC needs to use personal information to provide insurance services and perform its obligations under the insurance contract it holds with you.
- Necessity to establish, exercise and/or defend a Legal Claim – CAIC may use personal information in either establishing its position or defending itself in relation to a legal claim.
- Legal Compliance – where CAIC has a legal or regulatory obligation to use such personal information.
- Legitimate Interests – CAIC may also process personal information where this processing is in its legitimate interests. In such circumstances, CAIC will carry out a balancing test of its interests in using such personal information against your rights and interests.
When the personal information that we process is considered to be “sensitive personal data”, we must have an additional legal basis.
- Public Interest – in respect of an insurance policy or claim there is a public interest to use such information.
- Legal Rights – in order to establish, exercise or defend legal rights.
- Unlawful Acts – for the purposes of preventing and detecting unlawful acts.
- Consent – you have provided your consent for your sensitive personal data to be processed.
In order to be able to provide insurance services, CAIC may be required to share your personal information with certain third parties. We will only share such data with third parties when necessary and they may include the following:
- Advisers and Analysts – to assist with developing and managing our service.
- Reinsurers, Agents and Brokers – to manage and underwrite our services or for administrative purposes.
- Regulators – to ensure we are compliant with the relevant regulations and laws.
- Financial Institutions – to process payments.
- Lawyers / Courts – to receive legal advice or where required by law.
- Loss Adjusters and Claims Experts – to assist with managing claims.
- IT Providers – to assist with operating our IT and back office systems.
- Medical Professionals – to assist with assessing health records (appropriate and relevant medical history).
- Employers and/or Third Parties – your employer(s) or such third parties who provide you with services or will assist with processing claims.
- Third Party Agencies – such as government agencies in partnership with such a third party.
CAIC complies with the requirements to process data lawfully and for it not to keep your data for longer than is necessary; relative to the purpose the data is being processed. It will therefore be retained under one or more of the following criteria:
- Insurance Policy - as long as it is required to fulfil the conditions of the insurance contract.
- Consent - as long as we continue to have your consent.
- Improving our Services – for a period of time where we are using some of your information to improve our services.
- Law – as long as required by law.
- Crime – as long as required to allow us to conduct fraud and other investigations.
If you require further information regarding the periods for which your personal information will be stored, please contact the Data Protection Officer (contact details below).
We have a number of technical and organizational measures in place to protect your personal information which we have adopted to comply with the latest data protection requirements. The measures cover various aspects of data security including the following:
- Encryption, data masking and activity logging as appropriate.
- Putting in place access controls and maintaining access logs.
- Having minimum password requirements and requiring regular changes to passwords.
- Having physical access controls to our offices.
- Implementing procedures for security management and back-up and recovery and having in place disaster recovery and business continuity plans.
- Use of firewalls and up-to-date virus scanning software and email filtering services.
- Providing regular security and privacy/data protection training for all our employees.
Our security measures are kept under periodic review and are regularly updated to reflect developments in technology and security and changes to our business. However, please be aware that there are inherent security risks in transmitting data, such as e-mails or via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties.
You as the data subject have the right to make the following requests:
- Request that we update any information that CAIC holds about you that you think is incorrect or incomplete.
- Request confirmation of what information CAIC holds about you, as well as obtaining a copy of such information; and
- Request that CAIC delete certain information it holds about you if you believe it is no longer required or restrict the purpose for which we can use your information if you believe such purpose is no longer valid. However, please be aware that we cannot fully comply with requests to delete all information about our clients, as being an insurer, we are legally required to maintain records of our clients. If you have any concerns with the information CAIC holds, please contact the Data Protection Officer.
In the event you would like to make any of these requests as set out above, please submit a written request to the Data Protection Officer (contact details set out below). To ensure that we do not disclose your personal information to someone who is not entitled to it, when you are making the request please provide us with:
- your name;
- your address;
- your date of birth;
- any policy IDs or reference numbers; and
- a copy of your photo identification.
All requests are free of charge, although we reserve the right to charge you a reasonable administrative fee for requests for the provision of personal information or where we believe you are making an excessive number of requests. Wherever possible, we will respond within one calendar month from receipt of the request, but if we don’t, we will notify you of anticipated timelines ahead of the one month deadline.
Please note that simply submitting a request doesn’t necessarily mean we will be able to fulfil the request in full on every occasion as we are sometimes bound by law which can prevent us from fulfilling some requests in their entirety, but in such an event we will notify you within our response.
The Data Protection Officer
Caribbean Alliance Insurance Company Limited
Caribbean Alliance House
Cnr. Newgate & Cross Streets
P.O. Box 1609
Or email the Data Protection Officer at: DPO@caribbeanalliance.com
In the event a complaint is raised, our Data Protection Officer will investigate your complaint and will give you additional information about how such complaint will be handled. We will respond within a reasonable time.
If you are not satisfied that we are handling your complaint in compliance with applicable laws, you may lodge a formal complaint with CAIC for the attention of the Managing Director.