Blue Cross (Asia-Pacific) Insurance Limited (the “Company”, “we”, “us”, “our”) is a wholly owned subsidiary of AIA Group Limited. AIA Group Limited, together with its subsidiaries and affiliates (“AIA Group”) recognise our responsibilities in relation to the collection, use, disclosure and other processing and storage of personal data.
Among the most important assets of AIA Group is the trust and confidence placed to properly handle information. Customers and potential customers expect us to maintain their information accurately, protected against manipulation and errors, secure from theft and free from unwarranted disclosure. We protect data security of our customers and potential customers by complying with the all relevant data protection laws and regulations, and ensure compliance by our staff with strict standards of security and confidentiality.
This statement provides you with notice as to how and why your personal data is collected, how it is intended to be used, to whom your personal data may be transferred to, how to access, review and amend your personal data, and our policies on direct marketing and the use of cookies. You may be asked to consent to the practices and policies in this statement when you access, or interact with us via, this website. Otherwise, by using this website, you are accepting the practices and policies in this privacy statement. If you object to any practices and policies in this statement, please do not use this website to submit your personal information to the Company.
This website is for general information purpose only. While we use reasonable efforts to ensure the accuracy of the information on this website, the Company does not warrant its absolute accuracy or accept any liability for any loss or damage resulting from any inaccuracy or omission. Without prior permission from the Company, no information contained on this website may be copied, except for personal use, or redistributed.
The Company recognises its responsibilities in relation to the collection, holding, processing or use of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to provide information and services to you or to respond to your enquiries. The Company will not collect any information that identifies you personally through this website unless and until you use and browse the website, buy our products or services, register as a member, interact with us, sign-up to receive news about our products and services, or otherwise communicate with us (including where requesting technical support).
This website, and our social media platforms are not intended for persons in jurisdictions that restrict the distribution of information by us or use of such website or social media platforms. If this is applicable to you, we would advise you to make yourself familiar with and observe the relevant restrictions, and the Company does not accept liability in this respect.
We will collect and store your personal data either:
directly when you provide such information to us (for example, when you send us enquiries or communications);
indirectly through your use of our websites, apps or social media platforms; or
where you have provided it to us through any other means.
We may obtain lawfully collected personal or non-personal data about you from affiliated entities, business partners and other independent third parties' sources. We may also collect some information about your computer or other devices used when you visit this website, apps or social media platforms.
The personal data we collect (which includes sensitive personal data as defined under relevant applicable laws and regulations), includes the following:
name, address, contact details, credit information and claims history of customers or potential customers;
occupation, date of birth and nationality of customers, their identity card and/or passport numbers and place and date of issue thereof;
current employer, nature of position, annual salary and other benefits of customers;
details of properties, assets and investments held by customers;
details of all other assets and liabilities (actual or contingent) of customers;
information obtained by the Company in the ordinary course of the continuation of the business relationship (for example, when customers lodge insurance claims with the Company or generally communicate verbally or in writing with the Company, by means of documentation or telephone recording system, as the case may be);
information which is in the public domain; and
technical information – such as IP address, browser type and version, time zone settings, browser plugin types, operating systems and platform, device information (including where mobile device the IMEI number, wireless networks and general network information).
If you make use of any social media features or platforms, either on our website, an application we provide, or otherwise through a social media provider, we may access and collect information about you via that social media provider in accordance with their policies. When using a social media feature, we may access and collect information you have chosen to make available and to include in your social media profile or account, including but not limited to your name, gender, birthday, email address, address, location etc. Our access to this information may be limited or blocked based on your privacy settings with the relevant social media provider.
We will usually identify any information which is mandatory (i.e. information required for creating an account, and to enable you to access the features of the website and receive any services) when we collect the information from you. You may choose not to provide us with the
requested data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries.
Personal data is collected for the following purposes:
processing applications for insurance products and services;
providing insurance products and services to you and processing requests made by you in relation to our insurance products and services, including but not limited to requests for addition, alteration or deletion of insurance benefits or insured members, setting up of direct debit facilities as well as cancellation, renewal, or reinstatement of insurance policies;
processing, adjudicating, settling and defending insurance claims as well as conducting any incidental investigation, detecting and preventing fraud (whether or not relating to the policy issued in respect of this application);
performing functions and activities incidental to the provision of insurance products and services such as identity verification, data matching and reinsurance arrangement;
exercising the Company’s rights in connection with the provision of insurance products and services to you from time to time, for example, to recover indebtedness from you;
designing insurance products and services with a view to improving the Company’s service;
preparing statistics and conducting research;
membership registration, provision of club benefits and other information about the SmartClub;
marketing services, products, advice and other subjects (please see further details in paragraph (4) of the Personal Information Collection Statement);
complying with the obligations, requirements and/or arrangements for disclosing and using data that bind on or apply to the Company and/or the AIA Group or that it is expected to comply according to:
any law binding on or applying to it within or outside the Hong Kong Special Administrative Region (“Hong Kong”) existing currently and in the future (e.g. the Inland Revenue Ordinance and its provisions including those concerning automatic exchange of financial account information);
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers within or outside Hong Kong existing currently and in the future (e.g. guidelines or guidance given or issued by the Inland Revenue Department including those concerning automatic exchange of financial account information); or
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers that is assumed by or imposed on the Company or the AIA Group by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of
the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations;
complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the AIA Group and/or any other use of data and information in accordance with any group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
enabling an actual or proposed assignee, transferee, participant or sub-participant of the Company’s rights or business to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation;
providing you with access to the content on the website, apps or social media platforms;
communicating with you including to send you administrative and technical communications about any account you may have with us, to provide technical support or notify about future changes to this privacy statement;
monitoring your use of the website, apps and social media platforms and conducting analysis of the use of the website in order to operate, evaluate and improve the website and our services, understand your preferences and troubleshoot any problems;
personalising the appearance of our websites, providing recommendations of relevant products, information and services and providing targeted advertising on our website or through other channels;
other purposes as notified at the time of collection; and
other purposes directly relating to any of the above.
Unless permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this privacy statement.
The Company may retain your information for as long as necessary to fulfill the purpose(s) for which it is collected or as otherwise required to ensure compliance with applicable laws and regulations. The Company applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use including limiting physical access to data within the Company's systems and encryption of sensitive data when transferring such data. Reasonable steps will be taken to delete or destroy the information when it is no longer necessary for any of the purpose above.
For our policy on use of your personal data for promotional or marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.
Personal data will be kept confidential but may, where permitted by law or where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal data to the following parties:
any agent, contractor or third party service provider who provides services to the Company in connection with the operation of its business including administrative,
telecommunications, computer, payment, data processing, storage, investigation and debt collection services as well as other services incidental to the provision of insurance products and services by the Company (such as insurance adjusters, claim investigators, debt collection agencies, data processing companies and professional advisors);
any other person or entity under a duty of confidentiality to the Company or the AIA Group including a member of the AIA Group which has undertaken to keep such data confidential;
reinsurance companies with whom the Company has or proposes to have dealings;
any person or entity to whom the Company or the AIA Group is under an obligation or otherwise required to make disclosure under the requirements of any law or rules, regulations, codes of practice, guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers binding on or applying to the Company or the AIA Group or with which the Company or the AIA Group is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Company or the AIA Group with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of insurance or financial services providers, all of which may be within or outside Hong Kong and may be existing currently and in the future;
any actual or proposed assignee, transferee, participant or sub-participant of the
Company’s rights or business;
third party reward, loyalty, co-branding and privileges program providers;
co-branding partners and/or marketing partners of the Company and/or any member of the AIA Group (the names of such co-branding partners and/or marketing partners can be found in the application form(s) and/or promotional material for the relevant services and products, as the case may be);
external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Company engages for the purposes set out in paragraph (2)(viii) of the Personal Data Collection Statement; and
the following persons who carry out any of the purposes described in paragraphs (2) (i)-(2)(iii) of the Personal Data Collection Statement: insurance adjusters, agents and brokers, employers, health care professionals, hospitals, accountants, financial advisors, solicitors, organisations that consolidate claims and underwriting information for the insurance industry, fraud prevention organisations, other insurance companies (whether directly or through fraud prevention organisation or other persons named in this paragraph), the police and databases or registers (and their operators) used by the insurance industry to analyse and check information provided against existing information.
For our policy on sharing of your personal data for promotional and marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes”.
From time to time, we may purchase a business or sell one or more of our businesses (or portions thereof) and your personal data may be transferred or disclosed as a part of the purchase or sale or
a proposed purchase or sale. In the event that we purchase a business, the personal data received with that business would be treated in accordance with this privacy statement if it is practicable and permissible to do so.
Under applicable laws and regulations, you may have the right to:
verify whether the Company holds any personal data about you and to access any such data;
require the Company to correct any personal data relating to you which is inaccurate;
withdraw your consent for use or provision of personal data for direct marketing;
make a complaint about the Company's data handling; and
enquire about Company's policies and practices in relation to personal data.
Requests for access, correction, complaints, or other queries relating to your personal data should be addressed to:
The Corporate Data Protection Officer
Blue Cross (Asia-Pacific) Insurance Limited29th Floor, BEA Tower, Millennium City 5, 418 Kwun Tong Road,
Kwun Tong, Kowloon, Hong Kong
Fax: 2263 7762
Under applicable laws and regulations, the Company has the right to charge costs which are directly related to and necessary for the processing of any personal data request.
You also have the right to lodge a complaint with a supervisory authority in certain jurisdictions if you consider that the processing of your personal data infringes applicable law.
In addition to the purposes set out above, where permitted by law, the Company may use your personal data for promotional or marketing purposes including sending you promotional materials and conducting direct marketing in relation to the following products, services, advice and subjects: insurance; annuities; Mandatory Provident Fund/Occupational Retirement Schemes Ordinance Fund, wealth management; credit cards; financial, banking and related services and products; reward, loyalty, lucky draw programs or privileges programs and related services and products; services and products offered by the co-branding partners and/or marketing partners of the Company and/or any member of the AIA Group (the names of such co-branding partners and/or marketing partners can be found in the application form(s) and/or promotional material for the relevant services and products, as the case may be); medical/healthcare and wellness services and products; and charitable/non-profitable, educational, recruitment and training causes ("Classes of Marketing Subjects").
For the purposes of direct marketing, we may, where permitted by law, provide your personal information to any member of the AIA Group; third party reward, loyalty, co-branding or privileges program providers; co-branding partners and/or marketing partners of the Company and/or any member of the AIA Group (the names of such co-branding partners and/or marketing partners can be found in the application form(s) and/or promotional material for the relevant services and products, as the case may be); and/or medical/healthcare and wellness service providers (collectively “alliance program partners”), so that they can send you promotional materials and conduct direct marketing in relation to the products and services they offer (these materials may be sent to you by postal mail, email or other means). Where permitted by law, we may provide your personal data to all or any of the alliance program partners of any of the Classes of Marketing Subjects for gain.
Before using or providing your personal data for the purposes and to the transferees set out in this section, we may be required by law to obtain your written consent, and in such cases, only after having obtained such written consent, may we use and provide your personal data for any promotional or marketing purpose.
The types of personal data that the Company would use and provide for direct marketing purposes as described above are name, contact details, products and services portfolio information, transaction pattern and behavior, financial background and demographic data, although we may possess additional personal data.
If your consent is required, and you provide such consent, you may thereafter withdraw your consent to the use and provision to a third party by the Company of your personal data for direct marketing purposes and thereafter the Company shall cease to use or provide such data for direct marketing purposes.
If you have provided consent and wish to withdraw it or if you prefer not to receive marketing communications from us in any form, please inform us by writing to the address in the section on
“Access Rights to Personal Data”. Any such request should clearly state details of the personal data in respect of which the request is being made.
Cookies are small text containing small amounts of information which are downloaded and may be stored on any of your web browsers or internet enabled devices (e.g. your computer, smartphone or tablet) that can later be read by the server - like a memory for a web page.
The Company may use cookies and other tools on the website. By continuing to use the website, you are agreeing to us placing cookies on your computer. The information collected (including but not limited to: your IP addresses (and domain names), browser software, types and configurations of your browser, language settings, geo-locations, operating systems, referring website, pages and content viewed, and durations of visit) will be used to ensure operation of the website and enable you to log in securely, for compiling aggregate statistics on how our visitors reach and browse our websites for web enhancement and optimisation purposes, and to help us understand how we can improve your experience on it.
The cookies also enable our website to remember you and your preferences, and tailor the website for your needs. Advertising cookies will allow us to provide advertisements on our websites that are as relevant to you as possible, e.g. by selecting interest-based advertisements for you, or preventing the same advisement from constantly reappearing to you. You can fin d more information on the types of cookies we collect, what we use these for, and how to manage your cookie settings in our Cookie Policy.
If any part of this website contains links to other websites, those sites may not operate under this privacy statement. You are advised to check the privacy statements on those websites to understand their policies on the collection, usage, transferal and disclosure of personal data.
The Company reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, simply by notifying you of such change, update or modification. If we decide to change our personal data policy, those changes will be notified on our website so that you are always aware of what information we collect, how we use the information and under what circumstances the information is disclosed. Any such change, update or modification will be effective immediately upon posting. Where required by applicable law, we may also notify you in the event of material changes to this privacy statement and, where required, seek your consent to those changes.
Should you have any questions on any part of this privacy statement or would like additional information regarding the Company's data privacy practices please do not hesitate to contact us by the contact details above.
(07.2023)