Statement of AIA Group Data Privacy Principles
Updated: June 11, 2009
Among the most important assets of AIA Group is the trust and confidence that are placed in AIA companies to properly handle information. Customers expect our companies to maintain their information accurately, protected against manipulation and errors, secure from theft, and free from unwarranted disclosure.
In addressing data privacy and data security issues, in addition to complying with applicable privacy laws and regulations, AIA companies should follow these principles:
• Recognize the importance of privacy and data security to our customers;
• Limit the sharing of a customer’s personal information with third parties to those circumstances necessary to administer a customer’s account, enhance customer services, promote legitimate marketing activities, or otherwise in accordance with applicable law, and standard industry practices;
• When customer personal information is shared with third parties for marketing purposes, to the extent required by applicable laws, customers should be provided an opportunity to restrict the sharing of such information, or customer consent should be procured prior to the sharing of such personal information;
• Enter into agreements, where required by various laws and regulations, and as consistent with good business practices, with third parties (whether affiliated or non-affiliated) receiving customer personal information from AIA companies, including nonpublic personal information and protected health information, providing that the third party will handle that information in a manner that is consistent with AIA policies, applicable law, and industry practice;
• When transferring customer data cross-border, analyze the data flows to ensure compliance with laws applicable to the restriction of cross-border data flows;
• Comply with applicable laws, including any Do Not Call and Do Not Spam legislation, in relation to conducting business via the Internet, email marketing, telemarketing, direct mail marketing and legislation regarding identifying numbers;
• Establish procedures and safeguards consistent with applicable law and AIA policies to protect the security, confidentiality and integrity of customer information.
The AIA Group recognizes its responsibilities in relation to the collection, holding, processing or use of personal. You may choose not to provide us with the requested personal data, but failure to do so may inhibit our ability to do business with you.
From time to time we may use your personal information for purposes relating to our business with you including, but not limited to, for the purposes of processing your application, the assessment and processing of claims and any other administration relevant to any policy issued by AIA, for AIA’s internal purposes, to manage and promote the business activities of AIA, to meet requirements imposed by law and for marketing and promotional purposes. In connection with these purposes, the personal data may be made available, locally and overseas, to our subsidiary and affiliated companies and to any agent, contractor or third party who provides administrative or other services to AIA or any member of the AIA Group.
You have the right to access, and request the correction of your personal data. Requests for access and correction should be addressed in writing to:
Policy Owner Service Department
AIA Company Limited
AIA Tower, 181 Surawongse Road