Scope
This Privacy Policy applies to personal data provided by you to any member of the SICOM Group (hereinafter referred to as ‘we’/ ‘us’/ ‘our’ as appropriate) and describes how we handle your personal data in line with the Data Protection Act 2017 (hereinafter referred to as ‘the Act’), including taking appropriate measures to ensure confidentiality and security of such data.
Definition
Wherever used in this Policy, the following terms will have the meaning defined in this section.
SICOM Group
The SICOM Group comprises of the State Insurance Company of Mauritius Ltd, SICOM General Insurance Ltd and SICOM Financial Services Ltd.
Services
Services include the provision of advice and quotation, online facilities, the processing and assessing of your application, and the administration of the contract you hold with us and the handling of a claim.
Personal data
Any information relating to an identified or identifiable individual.
Special categories of personal data
Personal data concerning an identified or identifiable individual and consisting of information such as his/her physical or mental health or conditions and criminal convictions.
Purpose
We will use your personal data in order to provide you with services as defined above and to comply with any legal requirements. Should we need to use your personal data for any other purpose, your consent will first be sought.
Information we collect
- Information that you provide to us, or that we collect from you or when you upload a document on our Website/Customer Portal;
- Details of your visits to our Website/Customer Portal and the resources and pages that you access
- Information provided when you communicate with us.
We may also need to collect special categories of personal data concerning you that would be necessary for us to process your application. If you do not provide all of the requested information, we may not be able to provide our services to you.
We shall not collect more details than is necessary for the services stated above.
Disclosure of personal data
Access to your personal data is limited to those persons whom we reasonably believe need to use that data in order to provide you with the service you requested.
Where disclosure is required by law or in connection with legal proceedings, we shall have to disclose your personal data to relevant governing and regulatory bodies.
In addition, in order to deliver the services described above, we may have to share your personal data with specific third parties such as the Insurers' Association of Mauritius through the Motor Recovery Portal, sub-contractors, service providers, intermediaries, surveyors, reinsurers, other insurers, off-site security storage providers and website hosts, whether in Mauritius or in another country.
Where your personal data, including any special category of your personal data, needs to be shared, this will be done under cover of confidentiality.
Accuracy of personal data
We will take all reasonable precautions to ensure accuracy of your personal data.
Should there be any changes in your personal data, please notify us promptly in order for us to update our records and ensure accuracy of your personal data at all times.
Period for which personal data will be retained
We will not retain your personal data for longer than is necessary for the purpose of the contract you hold with us. However, in some circumstances, it may be necessary for us to keep your personal data for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.
In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
Data storage and transfers
In order to deliver the service you requested, we may have to transfer/store your personal data outside Mauritius, e.g. When you complete and submit online forms on our Website or upon your registration on our Customer Portal, your personal data will be stored overseas or in Cloud Storage outside Mauritius where the servers are hosted. We shall at all times ensure that this is done in compliance with the Act.
Protection of personal data
We have in place appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of your personal data.
However, the transmission of information via the internet is not completely secure and, therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is thus entirely at your own risk. Where we have given you or where you have chosen a password so that you can access your account, you are responsible for keeping that password confidential.
In the case of a personal data breach which is likely to result in a high risk to your rights and freedom, we shall communicate such breach to you without undue delay.
Payment Procedures
If you are effecting an online payment through our Website / - Customer Portal, you will be required to input your card details on a bank’s payment gateway, which is a secured platform for processing and approval.
You will be redirected from our Website/Customer Portal to the bank’s payment page/gateway that collects card information (whereby the cardholder shall input his/her card details) and the bank’s gateway shall send a message back to the Website / Customer Portal (landing page) showing if the payment was successful or not. Both our Website/Customer Portal and the bank’s payment Site use encrypted Secure Socket Layer connections to keep all information secure.
Job applicants
If you are a job seeker and sending your job application to us, we will collect and hold your information, including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide.
We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations.
If you are successful in your application, your information will be used and kept in accordance with our internal policies. If you are not successful in your application, your information will be held for up to 12 months after the relevant round of recruitment has finished, in order to notify you of any future vacancies within the SICOM Group which we think may be of interest to you.
If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information.
If you are listed as an emergency contact by someone who is employed by us, we will hold your name, contact details and details of your relationship with that employee. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that employee, and for our legitimate interests in administering our relationship with that employee. Your information will be kept until it is updated by that employee, or we no longer need to contact that employee after they have stopped working for us.
Personal data of third party
If, in the course of your relationship with us, you submit to us the personal data of another person, we shall assume that you have obtained the prior explicit authorisation of that person, e.g. consent of parent or guardian required for child below the age of 16 years, including for the transfer/storage of his/her personal data overseas or in Cloud Storage outside Mauritius where the servers are hosted.
Cookies
Cookies are small text files which are transferred from our Website/Customer Portal and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our Website/Customer Portal better for you.
Our cookies may be session cookies (temporary cookies that identify and track users within our Website/Customer Portal which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our Website/Customer Portal to ‘remember’ who you are and to remember your preferences within our Website/Customer Portal and which will stay on your computer or device after you close your browser or leave your session in the application or service).
You may be able to configure your browser or our website/Customer Portal to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our Website/Customer Portal.
Third party links
You might find links to third party websites on our Website / Customer Portal. These websites should have their own privacy policies which you should check before interacting with them. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Marketing
We will only contact you for marketing purposes with your consent. You will always have the right to ‘opt out’ of receiving our marketing materials. You can exercise the right at any time by contacting us at [email protected]. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.
If you ‘opt-out’ of our marketing materials, you will be added to our suppression list to ensure we do not accidentally send you further marketing materials. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications do not include direct marketing.
We do use third party service providers to send out our marketing, but we only allow them to use that information as per our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Your rights
- The Act gives you a number of rights when it comes to personal data we hold about you. The key rights, as applicable and subject to our legal obligations, are set out below:
- Request access to your personal data - this enables you to receive a copy of the personal data we hold about you. You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is manifestly excessive, or alternatively, we may refuse to comply with the request.
- Request rectification of your personal data - this enables you to have any incomplete or inaccurate information we hold about you rectified.
- Request restriction of processing of your personal data - this enables you to ask us to limit the future processing of your personal data.
- Request erasure of your personal data - this enables you to ask us to delete personal data, however we may need to continue using your personal data to comply with our legal obligations.
- Object to processing of your personal data - where we do not have a legitimate basis for doing so which overrides your rights, interests and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Withdraw consent - in the limited circumstances where we are relying on your consent (as opposed to the other instances set out above) to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have a legitimate interest in doing so.
- Object to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
- Lodge a complaint - if you think that we are using your personal data in a way which breaches data protection laws, you have the right to lodge a complaint with the Data Protection Officer.
If you want to make any of the above requests, please contact us at [email protected]. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information.
We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
Electronic Communication and Transactions
If you subscribe to this service, we will be able to communicate and interact with each other in a faster and more efficient way. When you subscribe, you will be able to receive your policy and other documents in digital format. In addition, you also have the option to send us your instructions and communicate with us via email.
Terms & conditions to communicate and transact electronically
- To be able to communicate and transact with us effectively, you need a valid email account set up and the necessary software installed (e.g. a software which can read PDF files) on your computer/device.
- It is your responsibility to keep your email secure and your password confidential at all times. If your email account is compromised in any way, you should inform us immediately. In that case, for the protection of the both of us, your access to this service will be suspended. It will be reactivated upon receipt of your confirmation that any security issues have been resolved.
- You acknowledge that it is not possible for us to cross check/verify every email received by contacting you to confirm the email’s contents and attachments. Thus, when we receive an email from you, it will be assumed that it is indeed from you and we shall act upon the instructions and documents contained therein.
- There may be instances where it is not possible or desirable to act upon instructions received via email. In such cases, we will contact you so that you can provide us with signed formal instructions.
- Communicating and transacting over the internet is not secure and there is always the risk of hacking or viruses or other malicious software being introduced into a computer system. As a result, you understand and agree that we cannot be held liable for any losses whatsoever which may be incurred by you as a result of your use of this service.
Scope of Documents to Be Provided in Electronic Form
When you purchase a product or use a service to which this Consent applies, you agree that we may provide you with Documents in digital format (“E-Documents”) in lieu of paper documents. If later on, you wish to receive your documents in paper form, please write to us at [email protected]
Method of Providing E-Documents to You
All E-Documents will be provided to you either (1) via your e-mail provided below, or (2) by accessing our Customer Portal to which you will have registered, or (3) via SICOM Email Encrypted Server. However, we may where necessary or desirable, send all or part of future Documents in paper form.
How to Withdraw Your Consent?
You may withdraw your consent to receive E-Documents by sending us an email to [email protected]. No fees will be imposed to process the withdrawal of your consent. Any withdrawal of your consent will be effective after a reasonable period of time to process your withdrawal, which process shall not normally take more than two days.
How to Update Your Records?
It is your responsibility to provide and maintain a current e-mail address. You can update this information under ‘Change User Profile’ which is available from ‘Services’ in the Customer Portal or by sending us an email at [email protected]
In Writing
All Documents in either electronic or paper format from us to you will be considered "in writing."
Consent
Your consent to receive E-Documents covers all Documents relating to any of our products and services and will also be applicable to any new product or service which you may purchase/subscribe to in future. Your consent remains effective until you give us written notice that you are withdrawing it.
We may, at any time, on written notice to you, suspend, modify, withdraw, cancel, discontinue, or terminate the above terms and conditions and arrangements.
Maintenance of this Policy
We may change this Policy as and when required. Such changes will be posted on this page and, where appropriate, notified to you by email or otherwise. Please check back frequently to see any updates or changes to this Policy.
Contacting us
If you have any questions regarding this Policy, please contact us at [email protected].