Privacy Policy
Who we are
We are Honan Insurance Group (Asia) Pte Ltd (referred to as “Honan”, “we”, “us” and “our”) a business registered in Singapore, registration number 199303033N. Our registered office is located at 1 Raffles Place #20-03, Tower 1 One Raffles Place, Singapore 048616. This online portal allows businesses and individuals to manage employee benefits. As you are someone who accesses and uses this portal, we process some of your personal data. This privacy notice describes how we use your personal data. Please read it carefully along with our Cookie Policy. We may make changes to this notice from time to time, so please check it regularly. We will make you aware when it has been updated.
Your privacy
Honan is committed to the protection of your privacy. When we collect, handle, store, use or disclose Personal Data, we try at all times to comply with the Personal Data Protection Act 2012, and where applicable, the General Data Protection Regulation (GDPR). As we are your employer and have decided to use this portal to manage your employee benefits, we are considered to be the data controller of your Personal Data as defined by the GDPR, where applicable.
Your Personal Data will be:
- be processed lawfully, fairly and in a transparent manner by us;
- only be collected for the specific purposes we have identified in this policy, and will not be further processed in a manner that is incompatible with the purposes we have identified;
- be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the Personal Data is processed;
- be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your Personal Data);
- be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the Personal Data was collected;
- be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage.
This Privacy Policy sets out
- Our policy on the management of Personal Data; and
- The types of Personal Data we hold, the purposes for which we hold it and how we collect, store and handle that information.
In addition to the information in this Privacy Policy, there may also be specific additional information relating to privacy in the documents we use in dealing with you. If you require more information about the sort of Personal Data we hold, or the purposes for which and manner in which we collect, hold and use and disclose it, you should contact Honan’s Data Protection Officer on +65 6559 4500.
Definitions
Personal Data refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organization has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).
What is the Personal Data Protection Act?
The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognizes both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organizations to collect, use or disclose personal data for legitimate and reasonable purposes.
When, why and how we collect Personal Data
We may collect Personal Data in a number of circumstances. We will only collect the Personal Data that we need to:
- Quote on or assess an insurance proposal;
- Arrange an insurance policy;
- Assist with a claim; and
- Consider a job application.
Whenever we collect Personal Data, we do everything we can to let the person know:
- How to contact us
- Why we collect the information
- The organisation or types of organisations to which we usually disclose that kind of information
- The consequences if the information is not provided.
We generally provide this information in the form of a collection statement which we give the first time we collect information from an individual. From time to time we may need to collect sensitive information or health information about a person. We may need to collect sensitive information or health information when providing a quotation for an insurance proposal or assisting with a claim. We will only collect that information with the consent of the individual or where we are required by law to collect that information. We generally try to collect Personal Data directly from the individual and not from the third parties. However, there are situations where it is not reasonable and practicable to collect information directly. They include:
- When a person contacts us through a broker
- When we are seeking independent verification or appraisal of information provided
- When we are assisting with a claim. If we collect Personal Data from a third person, such as a company for whom the individual works, or a broker or assessor, we may rely on that third person to provide the collection statement to the individual. An individual or a company may elect to remain anonymous if making a general inquiry relating to our services. However, if the Personal Data is not provided, we may not be able to provide you with the appropriate services.
The purposes for which we use or disclose Personal Data
We collect Personal Data because we need it to:
- Provide quotation
- Arrange insurance
- Assist with a claim
- Manage benefits administration
Generally, we will not use or disclose Personal Data for any other purpose unless we have received the consent of the individual. We will not give Personal Data to any other organisation for marketing purposes. From time to time, we may use Personal Data to provide individuals with news or offers about products and services that we provide. However, we will only do that with the consent of the individual. If a person consents to us using Personal Data for that purpose, and subsequently change their mind, they can request us not to use the information for those purposes again. The Personal Data Protection Act allows us to disclose Personal Data for purposes relating to public safety and law enforcement.
The personal data we process
You have already provided, as part of your employment arrangements with us, some of the personal data that we process about you in providing you with access to and use of this portal. We may also collect some additional personal data from you while you are using the portal in order to be able to provide the service to you. We have described below the personal data that we process, what we use it for and where we get it from (which, in each case, may vary depending on the way in which you access the portal).
Personal data you provide when setting up your account on the portal, which may include your email address and date of birth | To identify that you and to link your account to your employee record in the portal | Your employment records |
Personal data you provide when you access and use the portal. This includes information you provide when using the portal to select your employee benefits, such as details of your dependents (eg. Your partner and/or children) | To allow us to correctly process your employee benefits | You and/or your employment records |
Personal data you provide when you contact us (including by email or telephone) about the portal. For example, when you open a support ticket. | To be able to communicate with you and assist you with your request. | You |
Details of your use of the portal. For example, the pages you visit and the time you spend viewing a page. | To help us to improve the portal and fix problems. | You |
Technical information about your computer or mobile device including details such as your operating system and web browser. This is statistical data and does not identify your individual device. | To help us to improve the portal and fix problems. | You |
Information used to identify how you are connecting to the portal, such as your IP address. | For security reasons, so that we can link any actions made by your account in the portal with your internet connection (for example, to allow us to identify suspicious behaviour). | You |
Your personal details such as your name, address and date of birth. | To uniquely identify you in the portal. | Your employment records |
Your email address | To communicate with you about the portal. For example, to let you know when it’s time to select your employee benefits | Your employment records |
Details about your employment, such as your job title, dates of employment and salary. | To determine your eligibility for employee benefits and to display information to you in the portal. | Your employment records |
Details relating to your employee benefits, such as your job title, dates of employment and salary. | To present you with your benefits options and your past selections, as well as to generate your Total Reward Statement. | Your employment records |
Data Retention
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your Personal Data, as set out below.
In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for analytics, research or statistical purposes in which case we may use this anonymised information indefinitely without further notice to you.
Your rights as a data subject
Where the GDPR is applicable, at any point while we are holding or processing your personal data, you have the following rights:
- Right of access
You have the right to request a copy of the information that we hold about you.
- Right of rectification
You have the right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing
Where certain conditions apply, you have the right to restrict the processing of your personal data (as an alternative to erasure). This means we would be allowed to store the data, but not use it.
- Right of portability
You have the right to have the data we hold about you transferred to another organisation.
- Right to object
You have the right to object to certain types of processing. This includes an absolute right to prevent your personal data being used for direct marketing.
- Right to object to automated processing, including profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, if this produces legal effects or similarly significantly affects you.
- Right to complain
You have the right to lodge a complaint with us (as the data controller) or with a supervisory authority.
- Right to judicial review
You have the right to take legal action against a controller or processor where you consider that any of your rights have been infringed as a result of your personal data being processed in a way that does not comply with the GDPR. You also have the right to take legal action against the supervisory authority if they do not handle your complaint in an appropriate or timely manner.
You can exercise any of the above rights by contacting us using the details found under the Complaint Process below. In cases where we have shared your data with a third party we may also share your request with that third party so that they can assist us in fulfilling it.
How we maintain the integrity of Personal Data
We do everything we can to ensure that the Personal Data we hold is accurate, complete and up-to-date. To achieve this, we:
- Periodically review our database and remove Personal Data that is no longer required; and
- Promise to correct any error that is brought to our attention.
Your access to your Personal Data
We will provide access to Personal Data we hold about you on request. Any request must be made in writing addressed to the Data Protection Officer. However, the Personal Data Protection Act allows us to refuse access in some circumstances, including where:
- The information relates to a legal dispute, and the information would not be acceptable by process of discovery in legal proceedings;
- Providing access would reveal our strategy in relation to negotiations in a way that prejudice the negotiations; and
- Providing access would be likely to prejudice an investigation of possible unlawful activity.
We will not charge you for providing access to Personal Data. However, we may charge you to comply with the access request (such cost will not be excessive).
If we refuse to give access to the Personal Data, we will give you a written notice that sets out:
- The reasons for the refusal except to the extent that it would be unreasonable to do so; and
- The mechanisms available to complain about the refusal.
How we keep Personal Data secure
We recognise that you are concerned about the security and confidentiality of the Personal Data provided to us. We recognise the value of that information and will do everything we reasonable can to prevent unauthorised access to, or disclosure, misuse or loss of that information. We try to do that by:
- Ensuring all staff who have access to your information understand the requirement of the Personal Data Protection Act;
- Requiring persons to whom we supply information or who process that information on our behalf to comply with the requirements of the Personal Data Protection Act;
- Using encryption and other data protection techniques whenever we store or transmit information electronically; and
- Storing Personal Data in hard copy form in secure facilities.
Correction of your Personal Data
We will do everything we can to ensure that the Personal Data we hold is accurate, complete and up-to-date. You may request correction of Personal Data which we hold about you. Such request must be in writing to the Data Protection Officer. If we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, we will correct it as far as reasonably practicable. If your Personal Data is corrected by us, you may request us to notify any other entity to which we had previously disclosed the information of the correction. If we refuse to correct the Personal Data as requested, we will give the personal a written notice that sets out:
- The reasons for refusal except to the extent that it would be unreasonable to do so; and
- The mechanisms available about the refusal. Where we do not amend the Personal Data, you may request us to make a notification in our records, noting that you have requested a change and what it was, and that we did not make the amendment. We will take such steps as are reasonable in the circumstances to notate the documentation to include your request and our reasons.
We may send your Personal Data outside Singapore
It may be necessary for us to transfer Personal Data held about you to an organisation outside Singapore. We may need to do this where information is stored in or processed in a database that is located outside Singapore. We will not transfer information outside Singapore without your consent unless we are satisfied, or have put arrangements in place to ensure, that the information will be handled in a manner that is consistent with the requirements of the Personal Data Protection Act.
Complaint Process
We take very seriously any complaints we receive about the way we treat Personal Data. If you have a complaint about the way we use or handle your Personal Data, you can contact us through one of the following methods: Tel: +65 6559 4500 Email: info@honan.com.sg. Address: 1 Raffles Place, #20-03 One Raffles Place, Tower 1, Singapore 048616