Canara HSBC Life Insurance - Privacy and Security

Privacy and Security

Canara HSBC Life Insurance Company Limited Privacy Principles

Our business has been built on trust between our customers and ourselves and We understand the importance of keeping your Personal Information secure and confidential. Hence, the Company's privacy policy is designed and developed to address the privacy & security of Your Sensitive Personal Data or Information & Personal Information provided to Us. This policy describes our approach towards collection, using, maintaining, sharing and disclosing such information, handling or dealing with the same. The policy is designed to help you become aware of the following: A. The Company's Information & Cyber Security policy statement B. Type of information collected C. Use of Information D. Sharing of Information E. Security procedures followed to preserve privacy & secrecy of Sensitive Personal Data or Information & personal information collected F. Record retention including its storage & disposal G. Third party websites H. Grievance management

Definitions:

Aadhaar Number Aadhaar Number means an identification number issued to an individual by UIDAI - An Aadhaar number, in physical or electronic form subject to Authentication and other conditions, as may be specified by regulations, may be accepted as proof of identity of the Aadhaar number holder Aadhaar Number Holder Aadhaar Number Holder means an individual who has been issued an Aadhaar number under this Act Authentication Authentication means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it; Authentication Facility Authentication Facility means the facility provided by the Authority for verifying the identity information of an Aadhaar number holder through the process of Authentication, by providing a Yes/ No response or e-KYC data, as applicable; Authentication Record Authentication Record" means the record of the time of Authentication and identity of the requesting entity and the response provided by the Authority thereto Authentication Service Agency or ASA Authentication Service Agency or ASA shall mean an entity providing necessary infrastructure for ensuring secure network connectivity and related services for enabling a requesting entity to perform Authentication using the Authentication facility provided by the Authority Biometric Information Biometric Information means photograph, finger print, Iris scan, or such other biological attributes of an individual as may be specified by regulations Core Biometric Information Core Biometric Information means finger print, Iris scan, or such other biological attribute of an individual as may be specified by regulations Central Identity Data Repository (CIDR) Central Identity Data Repository (CIDR) means a centralized database maintained by the Government in one or more locations containing all Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto; Demographic Information Demographic Information includes information relating to the name, date of birth, address and other relevant information of an individual, as may be specified by regulations for the purpose of issuing an Aadhaar number, but shall not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history; Identity Information Identity Information in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information; Personal Information Personal Information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person Requesting Entity Requesting Entity means an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for Authentication Sensitive Personal Data or Information" - Sensitive personal data or information of a person means such Personal Information which consist of information relating to: Password; Financial information such as Bank account or credit card or debit card or other payment instrument details; Physical, physiological and mental health condition; Sexual orientation; Medical records and history; Aadhaar related information including Biometric information Any detail relating to the above as provided for providing service Us or We or Company Us or We or Company means Canara HSBC Life Insurance Company Limited You or Your or Users You or Your or Users means any person accessing the Website Any information that is freely available or accessible in public domain like in telephone directories etc. or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purpose of this policy.

Information & Cyber Security policy statement To have reasonable security practices in place to safeguard the confidentiality, integrity and availability of Sensitive Personal Data or Information of users available with the company thereby complying with applicable legal, regulatory and contractual obligations in place Type of Information CollectedWe and our authorized third parties may collect different types of Personal Information and/or Sensitive Personal Data or Information as permissible under applicable laws, for the purposes of our insurance business. Such information would include: Personal Information:Your name, age, gender, date of birth, photographs, information relating to our Know Your Customer (KYC) obligations, nationality, educational qualification, occupation, employment details, Aadhaar number/ Virtual id/ UID token and any other information which is capable of identifying You. Contact Information: Your address, telephone numbers, email id etc Health Information:Your height, weight, blood group, alcohol & drug consumption, smoking, personal & family medical history, attending physician/treatment records etc. Financial Information:Details related to your bank accounts, or other payment instrument details, annual income, investment/savings, income tax (PAN Card, Form 16 etc.). Aadhaar information:In the capacity of acting as a requesting entity as per applicable laws & regulations, the Company may with your explicit & voluntary consent seek Aadhaar information for Authentication purpose. Details related to your Aadhaar number/ Virtual id including OTP or core biometrics submitted for the purpose of buffered Authentication only. Post which the results of Authentication including general demographic related information shall be shared by the Central Identity Data Repository (CIDR). Other Information:Any information contained in documents used as proof of identity, address, age or income that may help to provide, improve and maintain our products and services which may ultimately be beneficial to You. Other information may be collected in the form of various surveys which you agree to participate in or provide other feedback to Us regarding our products or services; or when you register to receive news updates, or when You submit enquiries through our website or when a candidate applies for a job through our website. We may obtain Your consent for sharing your Sensitive Personal Data or Information in several ways, including but not limiting to the following such as in writing, online, through "click-through" agreements; orally, including through interactive voice response; or when your consent is part of the policy proposal form or product terms and conditions pursuant to which we provide You, Our products and services. In case You are visiting our website from outside India, Your visit will necessarily result in the transfer of information across international borders. In such scenarios, You consent that by sharing any information on the website, Your sensitive personal Data or Information & Personal Information shall be governed by the terms of use as outlined in this privacy policy, and be bounded by applicable laws and regulation of the land in which the Company operates. Use of "cookies" Your visit to Our website may be recorded for analytics and to improve the user experience. Some of this information will be gathered through the use of "cookies". Sensitive data collected by cookies shall be cleared after closing the session. Cookies are small bits of information that are automatically stored on a person's web browser in their computer that can be retrieved by this site. Should you wish to disable these cookies you may do so by changing the settings on your browser. However, some of the functions might not properly work if you choose to disable the cookies. We take the help of cookies & Internet Protocol ("IP") addresses to diagnose any problems with our server and to administer & protect our web site, including by blocking certain addresses that we feel are inappropriately using our website. Cookies & IP addresses might be used to gather broad demographics information, such as browser types, visitor's country, visiting frequency, operating systems, etc.
Use of Information The Personal Information and Sensitive personal Data or Information that we collect from You is held in accordance with applicable laws and regulations in India. The information collected may be used for a number of lawful purposes for providing services to you and connected with our business operations and functions, which include but are not limited to: Verifying your identity; To close sale as well as use information gathered towards taking a decision pertaining to your insurance proposal form/ request as per relevant product terms & conditions Process transaction and respond to your insurance policy servicing requests or claims, provide assistance or attend to grievance; Logistical activities such as printing of your policy documents, Courier of documents etc. To personalize your experience; Perform any market analysis, market research, business and operational analysis to help us improve our services & product offerings; To detect, prevent or otherwise address fraud risk, or security & system related issues; To send periodic emails & SMS's with respect to our product and services; To administer a contest, promotional campaign , survey; The Company and its authorized employees may access and / or process some or all available Sensitive Personal Data or Information pursuant to their job role for internal assessments, measures, operations and related activities. If We do ask you to provide Sensitive Personal Data or Information, We will always specify the purpose for which such Sensitive Personal Data or Information is collected and use it for the purpose specified at the time of collection. In case You do not provide this information or provide consent for usage of Sensitive Personal Data or Information or Personal Information but later on withdraw Your consent by writing to the Company, then the Company reserves the right to withdraw/discontinue the services for which said information was sought. In the capacity of acting as a requesting entity as per applicable laws & regulations, the Company may with your explicit & voluntary consent collect your Aadhaar information for Authentication & EKYC purpose with Unique Identification Authority of India (UIDAI). Before collecting your Aadhaar related information, Company shall explicitly inform you about the purpose & usage of Aadhaar related information including information received from UIDAI including its storage and use. You shall also be made aware of other options available in lieu of submitting Aadhaar to the Company in your local language as well. Subsequently in case you decide to proceed further with Aadhaar Authentication, the Company shall submit your Aadhaar number/ virtual id (VID) including OTP received or biometrics for the purpose of buffered Authentication only. Post submission, the results of Authentication including general demographic related information shall be shared by the Central Identity Data Repository (CIDR). However at no time shall Company shall be storing the biometrics or OTP with it which shall only be used for buffered Authentication purpose only. The Company shall further ensure that the Aadhaar information and/or identity information collected during E-KYC process for the purpose of Authentication is only used for submitting the same to the Central Identities Data Repository for the purpose mentioned. Retention of such information including its security shall be governed as per guidelines outlined later in this policy. The Company shall at all times have alternatives which you may avail in case you don't want to use Aadhaar based EKYC process / don't want to submit your Aadhaar information. In case you want to opt out of our marketing campaigns you may do so by clicking on the unsubscribe option that appears at the bottom of such emails. We might use social media for various customer engagement initiatives. We carry periodic awareness initiatives on usage of social media. Different social media platforms have different privacy and security mechanisms towards safeguarding of your data. Customer discretion is sought while posting information on public social media handles. We might communicate with you using such modes provided you have consented to receive such communication through that channel. In case you want to revoke such consent either with respect to use of social media handles/ applications for communication or with respect to E-KYC data and its usage or have queries about it, you can reach us at the numbers appended below in the grievance management section of this privacy policy.
Sharing of Information The Company shall ensure that your identity information collected during Aadhaar Authentication process and any other information generated during the same is kept secure and protected. Further the identity information received during Authentication shall only be used for the purpose specified to you as a part of your consent prior to EKYC Authentication. The same shall not be disclosed further, except with your prior consent & to the extent permitted. Other informations collected may also be shared with third party for business purposes & operations, may include but not limited to: Risk sharing or risk transfer arrangements with Reinsurance agencies / Companies (Both Indian and Foreign); Sharing with affiliates/ group companies for business assessment, planning and evaluation; Third parties and outsourced entities for the reasons consistent with the purposes for which the information was collected and/or other purposes as per applicable law; To any other entity or organization in order for them to understand our environment and consequently, provide you with better services; We may also share your Sensitive Personal Data or Information without seeking your prior written consent when such information is sought by or required by regulators, law enforcement & other such government agencies or in response to a legal query/ proceeding. This might be in connection with prevention, detection, investigation of any fraudulent, unlawful and illegal activities including cyber security related incidents noted and towards protection of our rights or property. We may transfer your Sensitive Personal Data or Information or other information collected, stored, processed by us to any other third party, entity or organization located in India or outside India in case it is necessary for providing services to you as outlined while collecting such data or information. This may also include sharing of aggregated information with them in order for them to understand our environment and consequently, provide you with better services. With respect to Aadhaar information or EKYC data the same shall be governed as per applicable guidelines laid down by UIDAI
Security practices and procedures followed to ensure user's privacy & secrecy The Company strives at all times to ensure that your Sensitive Personal Data or Information & personal information is protected against unauthorized or accidental access, processing or erasure by implementing appropriate technical, & administrative measures to safeguard and secure your personal data. These controls include but are not limit to the following: Deploying security practices and procedures that limit access to Sensitive Personal Data or Information & Personal Information strictly on a need-to know basis. Ensuring that our employees are bound by Code of Conduct and Confidentiality provisions which obligate them to protect the confidentiality & integrity of Sensitive Personal Data or Information & Personal Information. Ensuring that, the users are provided with periodic training in area of Information Security Ensuring that periodic awareness initiatives undertaken for internal as well as external Customers Implementing technical controls towards prevention, early detection & correction of any security related event Ensuring that the "PID Block" or the Personal Identity Data element which includes necessary demographic and/or biometric and/or OTP collected from You during Authentication is encrypted before being sent to CIDR via ASA in line with applicable guidelines Ensuring that requisite logs demonstrating obtaining of Customer consent and making requisite disclosure are maintained Ensuring that Your Aadhaar data is encrypted and stored in a secure and centralized storage i.e. Aadhaar Vault and keys for the same are managed via a HSM (Hardware Security Module) solution Ensuring that the Aadhaar number/ virtual id collected voluntarily as a part of KYC and supporting documents are be appropriately masked. Taking adequate steps to ensure that our third parties/ vendors/ service providers are adopting reasonable security practices and procedures to ensure confidentiality, integrity & availability of Sensitive Personal Data or Information & Personal Information Ensuring that periodic security testing and internal as well as external reviews with respect to its Information & Cyber security policies, usage of Aadhaar data & associated procedures vis-a-vis requirements prescribed by applicable regulations are carried out We maintain the security of our internet connections & web pages by deploying reasonable technical controls including but not limiting to usage of SSL (Secure socket layer) certificates while accessing pages deemed as sensitive; however for reasons outside of our control, security risks may still arise. Any Sensitive Personal Data or Information transmitted to us by virtue of you availing any of our online products or services will therefore be at your own risk and Canara HSBC Life Insurance Company Limited, their directors, officers, employees, shareholders or affiliates will not be responsible for the same. However we observe reasonable security measures to protect your Sensitive Personal data or Information & Personal Information against security events and virus dissemination as required by applicable guidelines.
Record retention including its storage & disposal The Company shall retain Sensitive Personal Data or Information & personal data collected in line with its record retention policy for business & operational reasons or as stipulated by relevant laws and regulations. The Company shall ensure that such Sensitive Personal Data or Information & Personal Information are safeguarded across the entire data lifecycle & post its retention period such records are securely deleted/erased. With respect to Aadhaar, logs of Authentication transactions shall be maintained by the Company for a period of two years & upon expiry of two years the same shall be archived for a period of five years and purged thereafter unless required owing to an ongoing litigation. The Company shall not share your Authentication logs with any person other than yourself upon your request or for grievan We strive to keep our records updated with your latest information. To this end, if you see any discrepancy in your Personal Information or if a part of your Personal Information changes, we request you to reach our customer service at 1800-103-0003 or 1800-891-0003 or 1800-180-0003 (BSNL/MTNL) and communicate the change(s) for updating our records.
Grievance management We are committed to safeguard your Sensitive Personal Data or Information & Personal Information collected and handled by Us and look forward to your continued support for the same. In case of any feedback or concerns regarding protection of your Sensitive Personal Data or Information or Personal Information or its usage, or towards withdrawal of consent provided or retrieval of Aadhaar Authentication logs you can contact us at 1800-103-0003 or 1800-891-0003 or 1800-180-0003 (BSNL/MTNL). Alternatively, You may also direct Your privacy-related feedback or security measures undertaken by the Company or concerns to the Grievance Redressal Officer whose details are as mentioned below: E-Mail: cru@canarahsbclife.in Working days: Monday to Saturday Working hours: 8:00 AM to 8:00 PM We will strive to address your feedback and concerns in a timely and effective manner as mandated under applicable laws & regulations.
Third Party websites Our website may offer links to other websites which are not managed by the Company. In such a case collection & usage of Sensitive Personal Data or Information & Personal Information shall be governed as per the privacy policy and terms of use of the said website(s). Consequently, We are not responsible for any direct or indirect damages that may result from your access to another site connected by a hypertext link.

Policy Changes

We reserve the right to change this policy at any time. We encourage the users to visit this page for the latest version of the privacy policy and be aware of the latest terms & conditions. The Company shall not be liable in any way for any such lapses on part of the users. . Thank you for choosing Canara HSBC Life Insurance Company Limited.