We understand that customers, potential customers, business partners and all other users and recipients of the products and services we offer (“you” and “your” shall be construed accordingly) may have concerns about the privacy of the personal information you provide.
Any personal information entered on our website, applications (whether developed by us or by any third party provider), our digital assistants (“Platforms”) or otherwise provided to us through any other channel shall be collected and stored by us.
What types of personal information do we collect?
We want you to know what personal information we may collect about you. Some examples of the personal information that we may collect about you include but are not limited to:
- name, telephone number, email address, residential address and correspondence address;
- identity card or passport number and birth data;
- occupation, gender, marital status, education and income level;
- in connection with certain products or services, such as when providing insurance, we may collect sensitive information about your health and medical history depending on the type of service provided;
- financial, banking and payment information, for example, when you purchase certain products or services through our Platforms, we may collect your credit or debit card details;
- personal opinions that you have expressed to us, for example, through a survey or feedback response;
- browsing history, patterns or other unique information (including information collected by cookies on our Platforms, such as the pages you clicked on and viewed, your location, the type of device you used to access our Platforms, information you may have entered and sent us via our Platforms, and the number of times you visit our Platforms);
- your internet protocol address and information associated with that address;
- records of your contact with us such as via our customer service center telephone number and, if you contacted us online using our online services or via our smartphone application, details such as your mobile phone location data, malware information, IP address and MAC Address;
- products and services, which you hold with us, and which you are interested in and have and the associated payment methods used;
- use of our products and services, any claim and whether or not the claim was paid (and details related to this);
- analysis of marketing-related data created for you, including the history of communications and whether you opened them or clicked on links;
- information we obtain from third parties, including information about insurance risk, prices, claims history, cases of suspected fraud, and usage history;
- personal information we obtain from credit reference agencies and fraud prevention agencies, including public (for example, defaults) and shared credit history, financial situation and financial history;
- fraud, debt and theft information, including details of money owed by you, suspected cases of fraud or theft, and details of any devices used for fraud;
- criminal record information, including alleged offences;
- information about your property, such as location, value, number of rooms, property type, and any building work you have done (if relevant to the product or service);
- financial details about you, such as your salary and other income details, your savings details, your spending details, and payment methods;
- information about your employment status (if relevant to the product or service);
- information about the occupant status of your property, such as whether you are a tenant, living with your parents, or an owner of the occupants of the property where you live at the time of application;
- information we purchase or rent from third parties, including demographic information, financial details outstanding, marketing lists, publicly available information, and information to help improve the relevance of our products and services;
- insights about you and our customers obtained from customer analysis or profiling;
- third party transactions; such as when someone other than the account holder uses the service, information about that person and their transactions;
- other personal information that is reasonably necessary for us to provide the products or services requested by you;
- any other personal information permitted by or required to comply with foreign, national, state or local laws, rules, regulations, notices, circulars, directives, guidelines, codes, and/or government regulations any local or foreign authority, or any other authority in any jurisdiction, whether having the force of law or not, as may be amended from time to time (“Applicable Laws”).
At any time, we only collect personal information on a “need to know” basis and for the purpose of providing our products and services to you.
In addition, certain of our Platforms (such as our mobile application) may ask for your permission to collect and use the following:
- your GPS location to support searching for nearby services;
- bluetooth, camera and audio to enable communication; and/ or
- your files and images to enable the uploading of files.
How do we collect your personal information?
We collect your personal information:
- when you call us, visit our Platforms, view our online advertisements or otherwise sign up or interact with our products or services;
- when you sign up or create a personal profile with us;
- when you enter into a transaction with us;
- when you request products, services or information from us;
- from third-parties including, but not limited to, affiliates, partners, contracted service providers, and financial/insurance institutions necessary to process your insurance application and provide you with your required services; and/or
- from other sources, such as commercially or publicly available sources, government agencies and medical information sharing facilities.
Providing personal information for the purposes of seeking insurance coverage/ enrolment is a voluntary submission of personal information under Applicable Laws. If you choose not to provide your personal information to us, we may not be able to provide you with the requested products, services or information.
How do we use your personal information?
We shall only use any personal information collected by us from you for the legitimate purpose informed to you. Your personal information shall be used for any purpose not prohibited by the DPA including but not limited to:
- for processing any requests or transactions with us or otherwise fulfilling our obligations in respect to the provision of products or services to you and providing you with the services and benefits of your products (e.g., insurance applications, policy issuance and delivery, claims adjudication, premium payments or refunds);
- following up and assisting you with your application for our products and services – we use internet technologies to track your use of our Platforms and information filled in by you, whether submitted or not;
- for all official communications in relation to any account / insurance policy with Oona (e.g. billings, notices, and other documents necessary for a customer’s continued use of our products and services);
- for training and security purposes;
- for data analytics, profiling, historical and scientific research that will then be used to: (a) develop and enhance our existing products and services; (b) improve our customer service and experience; (c) improve our internal systems and processes; (d) use in internal and external management reporting; (e) develop business strategies and attain business-related company goals; and (f) improve the operation and usability of our Platforms, your browsing or user experience and the provision of products or services requested by you;
- for the management of business relationships between our customers / potential customers;
- for marketing and promotional communications such as e-mail, telephone calls and SMS containing news, offers, promotions, to sell, cross-sell, and up-sell and events offered by us, our affiliates and service providers in relation to our insurance products and services;
- carrying out market research and conducting questionnaires, surveys, feedback forms either through e-mails, telephone calls and SMS for the purpose of improving our overall customer experience, the Oona experience, and providing feedback on how Oona can share more information about our products, services and promotions;
- for conducting due diligence, including performing AML/ CFT and sanction screening checks in compliance with Applicable Laws;
- facilitating any potential acquisition or merger with another organisation, or upon any acquisition or merger with another organisation;
- facilitating any enhancement of our Platforms or other system infrastructure and business operations that allows us to provide you with improved services;
- protecting and defending the rights of the Oona Group;
- if compelled by a court of law or requested by any governmental entity in accordance with the PDPA or for compliance with Applicable Laws, Oona’s risk management, identity verification and protection against fraud and other policies and procedures applicable within the Oona group; and
- for any other purposes directly related to any of the above.
We will not use, disclose or process any personal information for any other purpose. If your personal information needs to be used, disclosed, or processed for any other purpose, we will obtain your permission.
Retention of personal information submitted to us shall be fully secured in our systems.
How do we protect your personal information?
We understand that the security, integrity and confidentiality of your personal information are very important to you and we want to protect it. Here’s how:
- we seek to use technical, administrative and physical security measures to protect your personal information from unauthorized access, disclosure, use or changes;
- we regularly review our security practices. We test our apps regularly to mimic attempt to breach our security. We also have robust disaster recovery plans in place. Despite our best efforts though, note that no security measures are perfect or 100% sure; and
- we require our third-party providers to practice the same level of technical, administrative and physical security measures in handling your personal information.
Your Legal Rights
You have the right to make certain requests regarding your personal information as follows:
- Right to INFORMATION – You are well informed about how your personal information provided to us shall be processed. Personal information shall be processed only for the declared legitimate purpose.
- Right to ACCESS – You can freely access the personal information that we hold by submitting a request to our data protection officer.
- Right to OBJECT – You are empowered by Oona in the event that there is a need to object on how we process your personal information.
- Right to RECTIFY – You are given the right to request any rectification of personal information processed by us to ensure that such personal information is accurate, complete and updated.
- Right to ERASURE or BLOCKING – You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our records or system.
- Right to DATA PORTABILITY – You can freely request from us a copy of an electronic or structured format which is commonly used by us in processing the personal information that you have provided to us.
- Right to file a COMPLAINT – You are well informed of your right to file a complaint against us on the handling and processing of the personal information that you have provided to us. You can either file a complaint through our complaint management unit.
- Right to DAMAGES – You shall be indemnified if there is inaccurate, incomplete, outdated, false unlawfully obtained or unauthorized use by us of your personal information, considering any violation of your rights and freedom as data subject.
Oona also acknowledges the transmissibility rights of our data subjects, that the lawful heirs and assigns of each data subject may invoke the privacy rights which any of the heir or assignee, at any time after the death of the data subject, or when the data subject is incapacitated or incapable of exercising the rights as enumerated above.
Disclosure / Sharing of Personal Information
- any of our directors, officers, employees, representatives, agents or delegates;
- any of our shareholders or associated companies and any of their successors or assigns, and their directors, officers, employees, representatives, agents or delegates;
- employees, contractors and agents of Oona and other members of the Oona Group who may be given access to any personal information which we collect but their use shall be limited to performance of their duties in relation to the products and services provided by us;
- any service providers, agents, contractors, delegates, suppliers or third parties (or sub-contractors of the foregoing) which we may appoint from time to time to provide us with services or the services that we offer to you, and their directors, officers, employees, representatives, agents or delegates;
- business partners (including reinsurers, brokers and bank partners), associates and third party service providers when reasonably necessary and on a “need to know” basis;
- our professional advisers, consultants and auditors and any person who we believe in good faith to be your legal advisors or other professional advisors;
- to another entity in the event Oona is intended to be acquired by or merged with or is acquired by or is merged with another entity;
- in case of motor insurance policies, to the other party in the event of an accident claim where you do not exchange information with that other party;
- any relevant governmental or regulatory authority pursuant to a request by any relevant governmental or regulatory authority, or any person to whom we are, in our good faith belief, under an obligation to make disclosures as required by Applicable Laws; and
How can you access and update your personal information
You can update the personal information provided to us — just send an e-mail to our data protection officer at to firstname.lastname@example.org or update your online profile.
How can you withdraw your consent
If you do not want your personal information to be used, disclosed or processed at any time, you may contact our data protection officer at email@example.com. However, with this withdrawal, any pending transactions, requests, inquiries will no longer be processed.
If you do not want your personal information to be used for marketing and promotional activities, you can contact our data protection officer at firstname.lastname@example.org or you may opt not to tick the box for the “News and Updates”.
Cookies and other technologies
- enhance web and mobile navigation;
- personalize your experience;
- understand how you use our services;
- diagnose problems;
- measure the success of our marketing campaigns;
- deliver online content on services/ products that may interest you; and
- otherwise administer our services.
When you visit our Platforms, we may assign one or more “cookies” to your computer. Cookies are text files or bits of data that we can send to your browser to store your preference. Cookies by themselves can’t get any personal information on your computer unless you choose to provide this information to us.
We use the following types of cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Platforms. They include, for example, cookies that enable you to log into our secure Platforms.
- Analytical/ performance cookies. These allow us to recognise and count the number of visitors to our Platforms and to see how visitors move around our Platforms when they are using this. This helps us to improve the way our Platforms work, for example by ensuring that you can find what you are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Platforms. This enables us to personalize our content for you, greet you by name and remember your preferences, for example your choice of language or region.
By accessing our Platforms, you agree that we can place such cookies on your computers.
Most browsers automatically accept cookies, but you can modify this in the browser setting to decline cookies. If you choose not to allow us to place a cookie on your computer, you may be restricted from accessing some services and/ or interactive features that are being offered by our Platforms.
Collecting IP addresses is also a standard practice and is done automatically be many websites and apps. We use IP addresses to administer our services, measure service levels and help diagnose server problems. Your IP address is a number that is automatically assigned to the computer that you are using by your internet services provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses our services, along with the time of the visit and the page(s) visited.
Our services use tracking technologies to collect and record your activities and movements across our Platforms throughout your browsing session. We use this information to provide us with analytics and to improve our products, services and your experience.
Other websites and apps
The products and services provided by us may contain links to, or otherwise make available, third party websites, services or other resources not operated by us or operated on our behalf (“Third-Party Services”).
We are not responsible for the privacy or security of any personal information you provide to them or their handling of your personal information.
In addition, we are not responsible for the information, collection, use, disclosure or security policies and practices of other organisations including Apple, Google, Facebook, Microsoft, RIM or any other app developer, app provider, operating system provider, wireless service provider or device manufacturer.