SDC Personal Data Protection Obligations
The very nature of SDC’s business is such that the collection, use and disclosure of personal information is fundamental to the products and services we provide. We work hard to respect and maintain personal privacy and accordingly align this policy with the Dubai International Financial Centre Data Protection Law (DIFC Law No.1 of 2007, as amended) (“DPL”) when collecting, holding, processing or using Personal Data in the Dubai International Financial Centre (“DIFC Court”). We are equally committed to ensuring that all our employees and agents uphold these obligations. Under the SDC is bound to the following obligations with respect to your Personal Data:
- Purpose Limitation
- Access and Correction
- Transfer Limitation
Obligation 1 – Consent
This consent remains valid until you alter or revoke it by providing written notice to SDC (contact details provided below). Please note that if you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you, administer any contractual relationship in place or respond to a claim.
Obligation 2 – Purpose Limitation
The DPL limits the purposes for which and the extent to which an organisation may collect, use or disclose personal data. SDCcollects your Personal Data (which may include health information) when you apply for, change or renew an insurance policy with us, or when we process a claim. We collect your personal data to assess your application for insurance, to provide you with competitive insurance products and services and administer them, and to handle any claim that may be made under a policy. If you do not provide us with your personal data, then we may not be able to provide you with insurance products or services or respond to a claim.
Obligation 3 – Notification
Some information is collected automatically when you visit our website because your IP address needs to be recognized by the server. We may use the IP address information to monitor and analyze how parts of our website are used.
Obligation 4 – Access and Correction
Under the DPL, you have the right (subject to certain exemptions) to request:
- Access to some or all of your Personal Data in our possession;
- Information about the ways the Personal Data has been or may have been used or disclosed by us within a year before the date of your request.
Subject to certain exemptions under the DPL, we will grant access to and correct Personal Data as requested by you. If we hold Personal Data about you and you are able to establish that the Personal Data is not accurate, complete and up to date, we will take reasonable steps to correct your Personal Data so that it is accurate, complete and up to date. We will provide reasons for any denial of access or a refusal to correct Personal Data.
Your request to access or correct Your Personal Data will be actioned as soon as reasonably possible from the time the access request is received. If we are unable to respond within 30 days, we will inform you in writing of the time in which we will be able to respond to you request.
Obligation 5 – Accuracy
We will take practical steps to ensure that the Personal Data we collect, use or disclose is accurate, complete and up to date, having regard to the purpose (including any directly related purpose) for which the Personal Data is or is to be used. Please refer to Obligation 4 for details on how you can obtain and correct any Personal Data relating to you that we may hold.
Obligation 6 – Protection
We will take all practical steps to ensure that Personal Data we hold is protected against unauthorized or accidental access, processing, erasure or other use. We provide a highly secure online infrastructure for activities conducted via our website, including SSL (secure socket layer) encryption, IDS (intrusion detection system) and the use of firewalls and anti-virus software. We also adopt stringent security procedures with the use of user ID and passwords, time stamping and audit trails for all transactions, together with a dedicated internal transaction security policy. Our online infrastructure is closely monitored and maintained, with data backup and data recovery procedures and mechanisms.
Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us.
Obligation 7 – Retention
Obligation 8 – Transfer Limitation
Obligation 9 – Openness