DATA PRIVACY NOTICE
Please read this privacy notice carefully as it contains important information on how Eagle Insurance, as a registered data controller with the Data Protection Office, handles the personal data of its clients, visitors, potential candidate for employment or its business partners. We are committed to being transparent about how we process the personal information of our stakeholders and to meeting our data protection obligations under the Mauritian Data Protection Act 2017 (DPA).
1. Who are we?
Eagle Insurance Limited ("Eagle Insurance", "we", "us", "our", “the Company”) is a public company incorporated in Mauritius. We are one of the leading insurance companies in Mauritius which provides comprehensive insurance solutions across a broad range of sectors. Our registered office is located at IBL House Caudan Waterfront, Port Louis, Mauritius and principal place of business is situated at Eagle House, Hyvec Business Park, 15 A5 Wall Street,Ebene Cybercity, Mauritius.
Eagle Insurance respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide us when you use our website, when you contact our office, or when you otherwise interact with us.
2. Which personal data we collect?
Personal data is defined in the Data Protection Act 2017 (DPA) and it refers to data about an individual who can be identified from either that particular data, or from that data and other information which we have or are likely have access to.
Personal health information means identifying information about an individual relating to their physical or mental health.
Personal data is collected where reasonably necessary for our functions and activities. Personal data that we may hold include the following:
Your name, address, signature and contact details;
Your age and date of birth;
Your national identity card number, your passport details;
Personal Health Information:
information related to your health conditions,
current medication or treatments used by the patient;
previous/current medical history, including, where relevant, a family medical history;
the name of any health service provider or medical specialist to whom the patient is referred
- Your contact details (phone and fax numbers, email addresses);
Photos and video recordings;
CV, pictures and qualifications details when you either spontaneously apply for a job at Eagle Insurance or respond to a vacancy notice;
Other personal data as may be provided by an individual from time to time;
Your photos and videos when you participate to corporate events, cocktails, sports events organised by Eagle Insurance;
Your name, surname, signature and national identity card details in our visitors’ log book when you visit us;
Any other personal data necessary to fulfil your special requests; and
Any other personal data that you choose to provide to us.
Eagle Insurance records may include relevant information that you have told us, or information provided on your behalf by your guardians or parents if you are a minor, or from health professionals involved in your care and treatment.
Your records may be held by Eagle Insurance either in paper-form or electronically in a computer system.
3. Why we collect information?
Wherever possible, we will collect personal data directly from you. However, in some cases we collect information from third parties being our trusted partners such as our health insurance administrator, insurance agents, clinics and hospitals, medical practitionersinsurance or reinsurance brokers, surveyors, or other service providers engaged in your insurance process/ service.
We will only collect, use and disclose personal data because we are satisfied that we have an appropriate legal basis to do so, or with your consent, your deemed consent or as may be otherwise permitted under the DPA or other applicable laws.
In addition to the personal data you provide to us, certain information related to you that is not considered personal data under the DPA may also be collected. We collect this information to improve our website. Such non-personal data may include information such as your IP address, the internet browser you use, details of your interaction with our website and other types of non-personal data.
3.1 General purposes
In using our services and providing us with your personal data, you hereby agree that Eagle Insurance may collect, store, process, disclose, access, review and/or use personal data (including special categories of personal data) about you, whether obtained from you or from other sources, for the purposes set out below and/or any other administrative or operational purposes and/or the purpose of managing your relationship as a client with Eagle Insurance:
We use your personal data in the course of our business activities and interaction with you for the following purposes:
providing comprehensive insurance solutions to you;
to carry out and administer our services and products to you. These may include claims management, risk management consulting and other forms of insurance services (including underwriting of insurance products and reinsurance), employee benefits program administration;
work effectively with others providing you with care;
resolving complaints and dealing with enquiries made by you;
provide information and services as requested by you;
determine eligibility and process applications for products and services;
understand and assess your ongoing needs and offer products and services to meet those needs;
assess the quality of services provided to you;
maintenance and updating of the data;
administrative or operational purposes;
collection of fees, charges and expenses for services provided;
verification and identification purposes;
collecting payments by credit card, cheque, bank transfers or other means,
carrying out billing, accounting, auditing and the maintenance of proper book-keeping for Eagle Insurance operations and business;
the disclosure of the relevant books, documents, records and information (in hard or soft copy) to the auditors for the preparation of financial reports;
compliance with the applicable laws and regulations;
performing our agreement with you;
promoting eventual business relationships;
treating your applications for specific job vacancies or on a spontaneous basis;
performing recruitment analytics with CVs received;
ensuring security of our offices and people;
keeping an accurate evacuation list in case of emergency;
promoting our corporate and marketing initiatives (events, cocktails etc) on Eagle Insurance social medias;
fulfilling our legitimate commercial interests; and
sending you communications if you have consented to receiving same, and for any other purposes for which we obtain your consent.
3.2 Marketing Purposes
Where you have subscribed for our marketing communications (by providing Eagle Insurance with your telephone number or email address and have indicated to us that you consent to receiving marketing communications via these channels) Eagle Insurance may contact you from time to time, whether by SMS, email or otherwise, to inform you about our new developments, services and events that we think may be of interest to you.
You will also be able to opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications or by contacting us in accordance with the section “Contact Us” below.
4. To whom do we disclose personal data?
Your personal data may be shared:
With those involved in your health treatment for insurance and claim management purposes.
Health insurance administrator involved in your health assessment for insurance purposes;
With external companies such as our Health insurance administrator, insurance and reinsurance brokers, surveyors, reinsurers, police authorities, private investigators, loss assessors / loss adjusters for the management of your claims, your insurance covers or to investigate a claim.
We may share with our agents and service providers, other insurers and their agents, and with any intermediary acting for you, and with recognised trade, governing, and regulatory bodies (of which we are a member or by which We are governed), information we hold about you and your claims history.
We may also participate in industry databases under the supervision of the Insurers' Association for the purpose of sharing of information among insurance companies as a check against non-disclosure and in respect of fraud.
Between and among other departments of Eagle Insurance as may be relevant for the purposes set out in section 3 above and to facilitate our activities or relationship, but we shall only do so on a strictly need to know basis;
With our employees for purposes of fulfilling our business activities, treating job applications or conducting internal analysis with a view to improving our company and services;
With law enforcement bodies/agencies, regulatory authorities and other statutory authorities upon request; and
With our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors, or third-party service providers for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations.
We will ensure that your personal data is kept safely. Only designated persons will have access to your personal data on a strictly “need-to-know” basis for the purposes of fulfilling our agreement, treating job applications or promoting our business relationship with you. In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.
Some disclosures do not require your consent. This happens when we share your personal data with (i) law enforcement bodies/agencies and other statutory authorities, if required by law and (ii) if required or authorised by law or if we suspect any unlawful activities on your part.
5. Overseas transfers of your personal data
In some cases, we may need to transfer your personal data with organisations located in countries outside our territorial limits in order to provide our services to you. We will take appropriate safeguards in order to secure the personal data being transferred.
Please note that:
The anti-spam and anti-virus filtering are done by a service provider located in South Africa.
E-mails servers and e-filling system servers are transferred on Microsoft data cloud based in Europe.
Personal data collected through our website is transferred to servers based in Mauritius.
Some personal data may be shared with reinsurers located in South Africa, United Kingdom.
6. How long do we keep your information?
Your personal data will be stored for as long as required to fulfil our business purposes and for the period of time required by law. To the extent required by law, we will take reasonable steps to destroy or anonymise personal data in a secure manner when we no longer need it for the purposes for which it was collected (as set out in section 3 of this notice) and retention is no longer necessary for legal or business purposes.
7. Processing of personal data must be justified
We will only process your personal data where we are satisfied that we have an appropriate legal basis to do so, such as (i) for the performance of a contract between us; (ii) where you have provided us with your express consent to process your personal data for a specific purpose; (iii) our use of your personal data is necessary to fulfill our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities; (iv) our use of your personal data is in our legitimate interest as an organisation; (v) for the purpose of medical diagnosis, the management of health or social care systems and services or pursuant to a contract with a Health insurance administrator, health professional; (vi) for the purpose of carrying out the obligations and exercising specific rights of Eagle Insurance or of the patient or any individual; or (vii) protecting the vital interests of our patient or of another person where the patient is physically or legally incapable of giving consent.
Where we process special categories of personal data, we will do so in compliance with the requirements of section 29 of the DPA.
8. Security of personal data
Eagle Insurance has in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring.
We cannot guarantee that our website will function without disruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
9. Children and Minors
We may collect and process personal data from minors during the course of our activity and the purpose detailed in section 3, but we will only do so with the permission of your parent or guardian.
In addition, if you are a minor and you are using this website, you may only use do so with the permission of your parent or guardian.
10. Links to other websites
11. Access to your personal data
You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Data Protection Officer and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
12. Correction of your personal data
You have the right to ask us to update, correct or delete your personal data. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.
13. Withdrawal of consent and request for deletion of personal data
You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to fulfil our contractual obligations to you if you entirely withdraw your consent or ask us to delete your personal data entirely. To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).
Whenever reasonably possible and required, we will strive to grant these rights within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee (as mentioned above regarding access).
There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer at the address set out under section 17 below.
14. Cookies policy
What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
What type of cookies do we use?
On this website, we use the following cookies:
Necessary cookies: help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistic cookies: help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies: are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
How are third party cookies used?
How do I reject and delete cookies?
Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.
15. Amendments to this Privacy Notice
We may amend this privacy notice from time to time. Any amendment will be posted on our website so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on the website. Use of our website following such changes constitutes your acceptance of the revised privacy notice then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.
This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.
17. How to contact us?
We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this notice. If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:
The Data Protection Officer
Eagle Insurance Limited
Hyvec Business Park, 15 A5 Wall Street,
+230 460 9223
If you believe we have not handled your request in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.
Version dated 01 June 2022