Privacy Policy

Last Updated: 29 January 2019

ECICS Limited is committed to protecting the privacy of the individuals We encounter in conducting
Our business.

This Privacy Policy sets out how ECICS Limited and its [related corporations and affiliates]
(collectively, (“We”, “Our”, “Us”) collect, use, disclose and retain Your personal data in accordance
with the Personal Data Protection Act 2012 (“PDPA”) and Our own policies and procedures.

“Personal Data” is any data that identifies and relates to you or other individuals such as your spouse
and dependants (“You”, “Your”, “Yours”). This Privacy Policy is designed to assist You in
understanding why and how ECICS Limited collects and uses Your Personal Data, to whom such
data is disclosed and to whom data access requests can be addressed.

You are deemed to consent to the collection, use or disclosure of Your Personal Data for a purpose if
You voluntarily provide Your personal information to Us for that purpose, albeit without expressly
providing Your consent; and it is reasonable that You would voluntarily provide the data.

1. Who To Contact About Your Personal Information

If You have any questions about Our use of Your Personal Information You can contact Us at:

ECICS Limited
Data Protection Officer
10 Eunos Road 8
#09-04A Singapore Post Centre
Singapore 408600
Email: dataprotection@ecics.com.sg

2. How We Collect Personal Data

The principal ways We collect Personal Data are through Our application forms for Our insurance
products, by phone through telephone applications, registrations made by You through Our claim
forms, ECICS Limited Electronic Services (not limiting to e-mails, websites, Software Applications and
social media pages) and other communications, as well as from other insurers, claims investigation,
medical professionals, witnesses and other third parties involved in Our business dealings with You.

We collect Personal Data through:

• this website (the “Website”);
• software applications made available by Us for use on or through computers and mobile
  devices (the “Software Applications”);
• social media pages post by Us on or through various social media platforms (Our “Social
  Media Content”)

     (collectively referred to as the “ECICS Electronic Services”); and

• other means (for example, from Your application form, claim form, telephone calls, short
  messaging service, e-mails and other communications with Us, as well as from claim
  investigators, medical professionals, witnesses or other third parties involved in our business
  dealings with You).

3. Personal Data That We Collect

Depending on Your business dealings with Us (for example, as a policyholder and/or potential
policyholder, non-policyholder insured or claimant, witness, broker or appointed representative, or
other person relating to Our business), the Personal Data collected may include but not limited to the
following:

• General identification and contact information such as name, address, telephone number,
  age, date of birth, gender, occupation, marital status, NRIC numbers, passport numbers or
  FIN, vehicle registration number;
• Financial information such as income, bank account numbers, CPF statements, bank
  statements, credit card, GIRO, credit history, credit score, assets and financial information;
• Employment information and employment history;
• Education background;
• Skills & experience;
• Medical information such as medical history, consultation history, prescriptions, notes,
  treatments, description of medical services rendered and medical reports;
• Professional licenses and affiliations;
• Claims related information;
• Personal data of a third party that You provide to Us in connection with the purchase of Our
  products and services or for referrals.
• Other information which We need to facilitate Our business dealings with You.

4. How We Use Personal Data

Personal Data may be processed, kept, transferred or disclosed in and to any country as We consider
appropriate, in accordance with the PDPA.

We may collect, use and/or process Your Personal Data in one or more of the following purposes

4.1  Communicating with You and others as part of our business

4.2 Providing insurance, financial services or related products and services to You and
administering, maintaining, managing and operating such products and/or services
including any renewals.

4.3 Sending you important information regarding changes to Our policies, other terms and
conditions, renewal of policies and other administrative information.

4.4 Processing, assessing and determining any applications or requests made by You for
insurance products or services.

4.5 Processing, assessing and determining any claims made under any insurance products or in
respect of any services provided by Us including, without limitation, making, defending,
analysing, investigating, processing, assessing, determining or responding to such claims.

4.6 Performing any functions and activities related to the insurance products and/or services
provided by Us including, without limitation, obtaining reinsurance, auditing, reporting and
general servicing and maintenance of online and other services.

4.7 Providing improved quality, training and security (for example, with respect to recorded or
monitored phone calls to Our contact numbers).

4.8 Assessing Your eligibility for payment plans, and processing Your premium and other
payments.

4.9 Preventing, detecting and investigating crime, including fraud and money laundering, and
analysing and managing other commercial risks.

4.10 Carrying out market research and analysis, including satisfaction surveys.

4.11 Providing marketing information to You including information about other products and
services offered by Us and/or third-party partners.

4.12 Personalising Your experience on ECICS Electronic Services by presenting marketing
information tailored to You.

4.13 Identifying You to anyone to whom you send messages through ECICS Electronic Services.

4.14 Facilitating social media sharing functionality.

4.15 Managing Our infrastructure and business operations, and complying with internal policies
and procedures, including those relating to auditing; finance and accounting; billing and
collections; IT systems; data and website hosting; business continuity; and records,
document and print management.

4.16 Resolving complaints, and handling requests for data access or correction.

4.17 Carrying out due diligence or other screening activities in accordance with legal or
regulatory obligations or risk management procedures that may be required by law or that
may have been put in place by Us.

4.18 Complying with applicable laws and regulatory obligations (including laws outside of
Singapore), rules (including stock exchange rules) such as those relating to anti-money
laundering and anti-terrorism.

4.19 Complying with legal process; responding to requests from public and governmental
authorities (including those outside of Singapore) and for audit, compliance, investigation
and inspection purposes.

4.20 Meeting the requirements to make disclosure pursuant to any law binding on Us or Our
related corporations and affiliates or for the purposes of complying with any regulations or
rules (including stock exchange rules) or guidelines issued by any regulatory or other
authorities which have jurisdiction over ECICS Limited and any of its related corporations
and affiliates.

4.21 Conducting background and identity checks, such as for the purposes of verifying Your
identity in order to respond to Your request to be provided with a duplicate policy or other
documentation, any request made by You to change your Personal Data in our records.

4.22 Conducting credit checks on You- such as analysing verifying and/or checking Your credit,
payment and/or status in relation to Your ability to use the services.

4.23 Matching any Personal Data held by Us relating to You from time to time for any of the
purposes listed in this Privacy Policy.

4.24 Recovering any and all amounts owing from You or any person who has provided security
or an undertaking for such liabilities of Yours.

4.25 Enforcing or defending the legal rights of Ours, contractual or otherwise.

4.26 Enabling any actual or proposed assignee or transferee of all or any part of Our rights or
obligations.

4.27 Any other purposes reasonably related to any of the above.

5. Disclosure of Personal Data

ECICS Limited may make Personal Data available to:

• ECICS Limited’s related corporations and affiliates and any of their director, officer, staff and
  relevant personnel

• third parties (whether in or outside Singapore) such as other insurers; reinsurers; insurance
  and reinsurance brokers and other intermediaries and agents; appointed representatives;
  distributors; affinity marketing partners; and financial institutions, securities firms and other
  business partners

• third party service providers such as medical professionals, accountants, actuaries, auditors,
  experts, lawyers and other outside professional advisors; travel and medical assistance
  providers; call center service providers; IT systems, support and hosting service providers;
  printing, advertising, marketing and market research and analysis service providers; banks
  and financial institutions that service our accounts; third-party claim administrators; document
  and records management providers; claim investigators and adjusters; construction
  consultants; engineers; examiners; jury consultants; translators; and similar third-party
  vendors and outsourced service providers that assist Us in carrying out business activities

• any regulators, law enforcement agency, statutory board, governmental or other public
  authorities, dispute resolution or industry bodies as necessary to comply with any laws, rules,
  regulations, agreements or schemes

• other third parties such as payees; emergency providers (fire, police and medical emergency
  services); retailers; medical networks, organizations and providers; travel carriers; credit
  bureaus; credit reporting agencies; and other people involved in an incident that is the subject
  of a claim;

• any purchasers and prospective purchasers or other parties in any actual or proposed
  reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating
  to all or any portion of our business, assets or stock.

To check information provided, and to detect and prevent fraudulent claims, Personal Data
(including details of injuries) may be shared with other insurers when dealing with claims to
detect, prevent and investigate fraud.

6. Security

We will take appropriate measures, which are consistent with applicable privacy and data security
laws. Unfortunately, no data transmission over the Internet or data storage system can be
guaranteed to be 100% secure. If you have reason to believe that your interaction with Us is no
longer secure (for example, if you feel that Your Personal Data might have been compromised),
please immediately notify us.

When We provide Personal Data to a service provider, the service provider will be selected carefully
and required to use appropriate measures to protect the confidentiality and security of the Personal
Data.

7. Retention of Personal Data

We will take reasonable steps to ensure that the Personal Data we process is reliable for its intended
use, and as accurate and complete as is necessary to carry out the purposes described in this
Privacy Policy.

Personal Data will be kept by Us only for so long as it is needed for the purposes for which it was
collected and as required for business or to comply with legal, regulatory and internal requirements.

Personal Data is purged from ECICS Electronic Services, manual, and other filing systems in
accordance with specific schedules based on the above criteria and Our internal procedures.

8. Personal Data of Other Individuals

If you provide Personal Data to Us regarding other individuals (e.g. insured persons, family members,
and beneficiaries), you agree:

• to inform the individual about the content of this Privacy Policy; and

• to obtain any legally-required consent for the collection, use, disclosure, and transfer
  (including cross-border transfer) of Personal Data about the individual in accordance with this
  Privacy Policy and has retained the proof of such consent which will be provided to Us upon
  Our request.

9. Withdrawal of Consent

9.1 On providing reasonable notice in writing to Us, You may at any time withdraw any
consent given, or deemed to be given, in respect of Our collection, use or disclosure of
Your personal data for any purpose.

9.2 You may submit the withdrawal of consent via mail or email to Our DPO.

9.3 On receipt of such notice, We shall inform you of the likely consequences of withdrawing
your consent.

9.4 Please allow up to 30 days for Us to process and update your request. You may continue
to receive marketing messages and other product information from Us within these 30
days.

9.5 We shall not prohibit You from withdrawing Your consent to the collection, use or
disclosure of Your Personal Data.

9.6 If You withdraw Your consent, then We shall cease collecting, using or disclosing Your
Personal Data unless otherwise required under the PDPA or other written law

9.7 Although You may have withdrawn consent for the collection, use or disclosure of Your
Personal Data, We may retain Your personal data for purpose of administering your
insurance products and/or services with Us and in accordance with Our internal
procedures.

10. Access and Correction of Personal Data

To the extent that the applicable law allows, You may request access to, and correction of, the
Personal Data. However, some Personal Data may be exempt from such access and correction rights
in accordance with the PDPA. All requests for access to, and/or correction of, the Personal Data can
be submitted to ECICS’ Data Protection Officer via email address at dataprotection@ecics.com.sg
Please note that ECICS Limited has the right to charge a reasonable fee for the handling and
processing of such requests.

11. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of Singapore.
Any dispute arising out of or in connection with this Privacy Policy including any question regarding its
existence, validity or termination, shall be referred to and finally resolved by the Courts of Singapore.

12. Changes to This Privacy Policy
We review this Privacy Policy regularly and reserve the right to make changes at any time to take
account of changes in our business and legal requirements.

Please take a look at the “LAST UPDATED” date at the top of this Privacy Policy to see when it was
last revised ; any change will be effective immediately upon being posted on this Website.

For the avoidance of doubt, where the Singapore personal data protection law permits an
organization such as ECICS Limited to collect, use, disclose or process Personal Data without
consent, such permission granted by the law shall continue to apply and nothing herein is to be
construed as limiting any of these rights.

Where written permission is required by law or otherwise for any such disclosure by ECICS Limited,
the signing of the relevant documents, Personal Data consent form and/or other methods of consent
notification, as well as in any other manner permitted by law shall constitute and be deemed to be
sufficient written permission for such disclosure.