LIFE & DISABILITY

Data Protection and Privacy Notice

The purpose of this Data Protection and Privacy Notice is to inform you of your statutory rights and the protections available to you in relation to your Personal Data when it is provided to Utmost Worldwide Limited (“Utmost Worldwide”) and to provide further information on how we use your Personal Data.

Personal Data is any information relating to you as an identifiable individual, and because your Personal Data has been provided to Utmost Worldwide, you are entitled to the statutory rights and protections afforded by applicable Data Protection Law.

Guernsey Head Office

If your Personal Data relates to a Plan or Policy that has been issued by our Head Office in Guernsey, you are entitled to the statutory rights and protections afforded by the Data Protection (Bailiwick of Guernsey) Law, 2017 which is equivalent to Regulation (EU) 2016/679, the General Data Protection Regulation or “GDPR”. If your Personal Data relates to a Plan or Policy that has been issued by a Branch or Office of Utmost Worldwide that is outside of Guernsey, you will be entitled to the same statutory rights and protections that are available in Guernsey in addition to those rights and protections offered by local Data Protection Laws in the relevant jurisdiction.

Hong Kong

If your Personal Data relates to a Plan that has been issued by our Hong Kong Branch, you are entitled to the statutory rights and protections afforded by the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong.

Singapore

If your Personal Data relates to a Plan that has been issued by our Singapore Branch, you are entitled to the statutory rights and protections afforded by the Personal Data Protection Act 2012 (PDPA) of Singapore.

Bahamas

If your Personal Data relates to a Policy that has been issued by our Bahamas Office, you are entitled to the statutory rights and protections afforded by the Data Protection (Privacy of Personal Information) Act, 2003 of The Bahamas.

Cayman Islands

If your Personal Data relates to a Policy that has been issued by our Cayman Islands Office, you will be entitled to the statutory rights and protections afforded by the Data Protection Law of the Cayman Islands that is expected to come into force in 2018.

British Virgin Islands

There are currently no dedicated Data Protection Laws in the BVI. However, if your Personal Data relates to a Policy that has been issued by our office in the BVI, it is protected by our duty and obligations of confidentiality under the Regulatory Code, 2009.

Cookies

This website makes use of cookies that helps us to distinguish you from other users of the website. Cookies are small non-executable files stored on your hard drive for the purpose of identifying your computer. Cookies also help us monitor what sections of the website you have visited, but do not hold any personal or confidential information about you. You are not obliged to accept cookies and can turn them off on your browser, although this may prevent access to areas that require registration.

How we use your Personal Data

Utmost Worldwide will collect and process your Personal Data lawfully and fairly to the extent necessary for the management and administration of a Plan or Policy (or the Policy that your data is linked to). We reserve the right to further process your Personal Data where we consider it necessary to protect your vital interests, such as in a medical emergency or where we are compelled to under applicable law.

In processing your Personal Data, Utmost Worldwide must comply with the applicable Data Protection Laws and the associated Data Protection Principles that are set out in the Appendix to this Data Privacy Notice.

Should Utmost Worldwide need to use Personal Data that is classified by law as a special category of ‘Sensitive Personal Data’ or process your Personal Data for purposes other than for the contractual performance of a Plan or Policy, such as direct marketing, then the reasons will be explained to you in writing and your specific consent will be required. You may withdraw such consent at any time by providing us with written notice.

When entering into or becoming a life assured, beneficiary or member of a Plan or Policy with Utmost Worldwide that relies upon the provision of your Personal Data, we confirm that your Personal Data will be used as a matter of necessity for the purposes of administering the relevant Plan or Policy and to comply with our statutory and regulatory obligations. We are required to inform you of your statutory rights as a data subject and provide you with a range of related information.

We will not retain more Personal Data than we need in order to operate the relevant Plan or Policy, or to meet our obligations under applicable law and regulation. If you wish to withdraw your consent to the use of your Personal Data in this respect, it will be necessary to either:

  1. Terminate the relevant Plan or Policy
  2. Cease participation in your Employer’s Policy
  3. Remove yourself as a beneficiary under the relevant Plan or Policy.

This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data. For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the premiums that have been contributed.

The Personal Data that we require about you will typically comprise of and may vary, depending on the nature of the Plan or Policy:

  • Full name and any former names or aliases
  • Permanent residential address, preferred email address(es), and telephone number(s)
  • Nationality, including any Dual Nationality
  • Date and place of birth
  • Gender
  • Tax domicile and Tax Identification Number (where applicable)
  • Documents which determine your identity and current or former residential address(es)
  • Information relating to the source(s) of your wealth, including but not limited to your current and former income and employment and details of any public position held by you either currently or in the past.

Depending on the nature of the relevant Plan or Policy, we may require additional Personal Data or require validation of your Personal Data at any time in order to ensure that the information is up to date, accurate and sufficient for us to manage and administer the Plan or Policy.

How we store your Personal Data

Personal Data records held by us will typically comprise, but not be limited to hard copy documents, scanned documents, transaction information, email communications, telephone voice recordings where applicable and CCTV images (if you visit our premises), that are stored on electronic and/or physical systems.

All Personal Data is held by us on a strictly confidential basis but may be transferred or disclosed by us in the following circumstances:

  • Between members of the Utmost Group for management and governance purposes
  • To your Financial Adviser or any third party as may be authorised by you
  • To your employer, where you are a member of an Employee Benefit Policy
  • To our service providers, meaning any agent, contractor or third-party service provider, including but not limited to our administration and claims outsourcing partners, investment fund managers, investment trustees and custodians, fiscal representatives or re-insurers, or any other party that provide services to us in connection with the provision of our insurance products and services, wherever they are located in the world
  • To statutory authorities wherever located in the world, including but not limited to, financial and other regulators, tax authorities and the police or other law enforcement agencies. Any disclosure will be limited to the extent as may be required for us to comply with applicable law, regulation, regulatory code, rule or official guidance, including in connection with tax information exchange and the prevention and detection of money laundering, terrorist financing, fraud and other financial crimes.

We are required to hold your Personal Data during the lifetime of the Policy or membership within the Policy and we will retain it for a period of up to 10 years after the business relationship ceases, which we deem to be necessary to meet our statutory and regulatory obligations. Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.

Your data protection rights

As the subject of Personal Data that has been provided to Utmost Worldwide, you are provided with the following rights of data protection:

Your Statutory Rights Our commitment to your rights

The right to information regarding the processing of Personal Data when collected from the data subject.
You are entitled to certain information about the intended use of your Personal Data when providing that data to an organisation.

When Personal Data is collected from you, you will be provided with clear and concise information regarding the intended use of your Personal Data, your rights as a data subject, our official contact details and the contact details of our Data Protection Officer.

The right to information regarding the processing of Personal Data when collected indirectly from the data subject.
Where your Personal Data is provided indirectly to an organisation, you are entitled to the same rights and information as other data subjects.

Where your Personal Data is provided to us by a third party on your behalf, such as your employer, independent financial adviser, an insurance broker, intermediary, or another party, you are entitled to the same information and rights as other data subjects.

The right to object to processing for direct marketing purposes.
You are entitled to object to the use of your Personal Data for direct marketing purposes.

We will ask you for your specific consent before we use your Personal Data for direct marketing purposes.

You are entitled to refuse consent or where given, you may withdraw this consent at any time by informing our Data Protection Officer at [email protected]

The right of access to the Personal Data of the data subject (subject to relevant exceptions).
You are entitled to know what Personal Data is recorded about you.

We will ordinarily provide a schedule of your Personal Data that is held by us upon request.

You are not ordinarily entitled to receive copies of our documentation, particularly where this may disclose the Personal Data of other individuals, but we may choose to provide you with such copies of documents at our sole discretion.

Please note: We can only provide data relating to recorded telephone calls or CCTV images if you provide the date and approximate time of the relevant interaction.

In addition, we are not required to respond to requests for Personal Data that we consider to be frivolous, vexatious, unnecessarily repetitive or excessive.

The right to data portability.
You might be entitled to receive your Personal Data from us in a portable format.

In the event, a right to data portability arises, we will provide you with details of your relevant Personal Data in portable format.

It should be noted that the ‘right to data portability’, is a limited right and is only valid when Personal Data is being processed by automated means.

The right to rectification.
You are entitled to require the rectification of any Personal Data that is inaccurate, incorrect or recorded in error.

If you become aware or suspect that any Personal Data held by us is inaccurate, incorrect, incomplete or recorded in error, you should inform our Data Protection Officer in writing at [email protected] and we will make such corrections, changes or additions as soon as it is practicable.

The right to data erasure.
You are entitled to have your Personal Data erased or otherwise put beyond use when we no longer have a need to use it.

We are required by law to hold your Personal Data during the lifetime of your Policy or membership and for a period of 10 years after our business relationship with you ceases, which we deem to be necessary to meet our statutory and regulatory obligations.

Your Personal Data will not be retained for longer than is necessary and it will be erased or otherwise put beyond use when it is no longer required.

The right to rectification of processing.
Where you wish to dispute the accuracy or integrity of Personal Data held about you, you are entitled to require the organisation to restrict the processing of that data until the issue is resolved.

Where you wish to dispute the accuracy or integrity of the Personal Data that we hold about you, please notify our Data Protection Officer in writing at [email protected].

If we do not agree to amend or remove the Personal Data in question, we will inform you of the reasons and restrict the processing of that data until the issue has been resolved.

The right not to be subject to decisions based on automated processing.
You are entitled to know if your Personal Data is used in any automated decision making process.

We do not currently utilise any Personal Data for automated decision making processes.

The right to object to processing on grounds of public interest, historical or scientific purposes.
In certain circumstances, you may object to your Personal Data being retained or disclosed for public interest, historical or scientific purposes.

We do not currently hold or expect to hold Personal Data that is likely to be of public interest, or of historical or scientific importance.

If you have provided Personal Data to us that you think may fall into these categories, please notify our Data Protection Officer in writing at [email protected]

The right to be notified of rectification, erasure and restrictions.
You are entitled to be informed when your Personal Data has been rectified, erased or restricted.

We will ordinarily confirm to you in writing when any rectification, erasure or restrictions have been carried out at your request.

Who is responsible for managing and controlling my Personal Data?

For Plans or Policies issued in Guernsey

Utmost Worldwide Limited
Utmost House
Hirzel Street
St Peter Port
Guernsey
GY1 4PA

For Plans issued in Hong Kong

Utmost Worldwide, Hong Kong Branch
Unit 2402B, Great Eagle Centre
23 Harbour Road
Wanchai
Hong Kong

For Plans issued in Singapore

Utmost Worldwide, Singapore Branch
#14-02
20 Collyer Quay
Singapore 049319

For Policies issued in the Bahamas

Utmost Worldwide – Bahamas Office
PO Box AP-59217 Slot 2052
2nd Floor, Campbell Maritime Centre
West Bay Street
Nassau, Bahamas

For Policies issued in the Cayman Islands

Utmost Worldwide at IHS Ltd.
PO Box 10212, Grand Cayman
2nd Floor, Bougainvillea Way
Grand Pavilion Commercial Center
802 West Bay Road, Cayman Islands

For Policies issued in British Virgin Islands

Utmost Worldwide Limited
c/o Harney Westwood & Riegels
Craigmuir Chambers
PO Box 71
Road Town, Tortola
British Virgin Islands
VG1110

How can I contact the Data Protection Officer?

You can contact our Data Protection Officer at: [email protected]

Is my Personal Data classified as ‘Sensitive Personal Data’?

We will not ordinarily ask you to provide ‘Sensitive Personal Data’ other than health data which may be required for medical underwriting purposes or in connection with a claim for benefits under a Plan or Policy, but if this does become necessary, we will inform you of the reasons and ask for your specific consent to use or process any Personal Data that qualifies as ‘Sensitive Personal Data’.

Note: ‘Sensitive Personal Data’ is defined as data revealing racial or ethnic origin, religious, political or philosophical beliefs, genetic, biometric, health data or data concerning an individual's sexual orientation.

How have you obtained my Personal Data?

We only accept Personal Data as provided to us by either you, a third party on your behalf, such as your independent financial adviser, an insurance broker, third party administrator, or another party such as your employer who has established a Policy with us.

We may also ask you directly for additional Personal Data where this is required to administer the relevant Plan or Policy or to provide benefits.

What is the purpose and legal basis for processing my Personal Data?

Your Personal Data will be collected and processed only in connection with fulfilling a Plan or Policy contract with Utmost Worldwide.

If we wish to use your Personal Data for any other purpose, we will advise you and seek your prior written consent.

Is it legitimate for my Personal Data to be disclosed to a third party?

We will only disclose your Personal Data to a third party in circumstances where we are compelled to do so by an applicable law, which includes for the purposes of international tax information exchange, or for the prevention of money laundering, the financing of terrorism, fraud or other financial crime, or where we consider it to be in your vital interests, such as in connection with a medical emergency.

Who are the recipients or categories of recipients of my Personal Data, if other than Utmost Worldwide?

Your Personal Data is controlled by Utmost Worldwide, but it may be necessary for your Personal Data to be processed by or passed to another Utmost Group affiliate in any country where our Group operates.

In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.

Will my Personal Data be transferred to a jurisdiction, other than a Member State of the European Union?

As noted above, we may transfer your Personal Data to another affiliate of the Utmost Group, in any jurisdiction but we will only do this where it is necessary for the purposes of administration of a Plan or Policy.

In any event, your Personal Data will remain confidential and will be covered by the applicable statutory rights and protections.

What is the period for which my Personal Data is expected to be kept?

Utmost Worldwide will not keep or use your Personal Data for longer than it is needed. However, we are subject to a range of legal obligations that require the retention of Personal Data, and it will typically be retained by us for at least 10 years after termination of the relevant Plan or Policy.

After this period, we will arrange for the secure destruction of documents containing your Personal Data and where stored electronically, these records will be erased or otherwise put beyond use.

Our Data Protection Officer will be happy to provide more details upon request to [email protected]

What are my rights as a data subject?

Your statutory rights as data subject are summarised within this Data Privacy Notice. Full details can be found in the text of the relevant Data Protection Laws. Our Data Protection Officer will be happy to provide more details upon request.

Can I withdraw my consent to the processing of my Personal Data?

You cannot withdraw your consent to the processing of your Personal Data by Utmost Worldwide except by either:

  1. Terminating the relevant Plan or Policy
  2. Being removed as a beneficiary under the relevant Plan or Policy.
  3. Ceasing your participation in the relevant Employee Benefit Policy

This is because we cannot operate a Plan or Policy without reference to the relevant Personal Data.

For Investment linked Plans, termination of a Plan under these circumstances may incur significant costs and/or a material loss that may be up to the value of the Premiums that have been contributed, our Data Protection Officer will be happy to provide more details upon request.

How can I complain about data protection issues?

If you are dissatisfied with the manner in which your Personal Data is processed by Utmost Worldwide, then you should lodge a complaint in the first instance with our Data Protection Officer at [email protected]

You are also entitled to lodge a complaint or an appeal against a decision made by our Data Protection Officer by directly contacting the relevant Data Protection authority:

Plans issued in Guernsey

Office of the Data Protection Commissioner
Guernsey Information Centre
North Esplanade, St Peter Port
Guernsey, GY1 2LQ
Email: [email protected]
Telephone: +44 (0)1481 742074

Plans Issued in Hong Kong

Office of the Privacy Commissioner for Personal Data
12/F, Sunlight Tower
248 Queen's Road East, Wanchai, Hong Kong
Email: [email protected]
Telephone: +852 2827 2827

Plans Issued in Singapore

Personal Data Protection Commission,
460 Alexandra Road #10-02 PSA Building,
Singapore 119963
Telephone: +65 6377 3131

Policy Issued in Bahamas

Office of the Data Protection
Cecil Wallace-Whitfield Building
West Bay Street
P. O. Box N-3017
Nassau, N.P., The Bahamas
Email: [email protected]
Telephone: +242 702 1522

Policy Issued in Cayman Islands

Cayman Islands Monetary Authority
PO Box 10052, 80 Shedden Road
Elizabethan Square,
Grand Cayman KY1 – 1001
Cayman Islands
Telephone: +345 244 1663

Policy Issued in British Virgin Islands

British Virgin Islands Financial Services Commission
Pasea Estate, P.O. Box 418
Road Town, Tortola, VG 1110, BVI
Email: [email protected]
Tel: 284-494-1324 or 284-494-4190

Does Utmost Worldwide base any decision about me using an automated processing system?

Utmost Worldwide does not currently utilise any automated decision making processes.

We will inform you if such processes are introduced in the future that may affect you or your Personal Data.

If you have any queries regarding this Data Privacy Notice, please contact our Data protection Officer at [email protected]