We are committed to ensuring your privacy is protected. This Data Protection Notice (“DPN”) sets out details of the personal information that we may collect from you and how we may use that information. Please take your time to read this DPN carefully
Cigna is a wide group of companies (the “Cigna group”) and, as set out in more detail in this DPN, personal data is shared between companies within the Cigna group in order to provide you with your policy.
You can find permanently updated information about the Cigna group on the following website: www.cignaglobal.com
By providing your personal information to us, you acknowledge that we may use it in the ways set out in this DPN. We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in or opt-out of selected uses, such as marketing, when we collect your personal information.
In addition to this DPN, some of our products and services may have their own notices (for example, the Cigna Online and Mobile Privacy Notice), which describe in more detail how your personal information is used in a particular context).
From time to time we may need to make changes to this DPN, for example, as a result of government regulation, new technologies, or other developments in data protection laws or privacy generally. If we change this DPN, we will notify you of the changes. Where changes to the DPN will have a fundamental impact on the nature of our processing of your personal information, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your personal information.
In this DPN references to "we" or "us" refers to the relevant Cigna group entity that is the controller of your personal information. Depending on the specific terms and conditions of the policy you are covered by, one of the following Cigna entities will be the controller for any of the personal information you provide:
- Cigna Life Insurance Company of Europe S.A.-N.V. (Registration Number 0421.437.284) is registered in Belgium with limited liability and authorized under license number 0938, having it’s registered office at Avenue de Cortenbergh52, 1000 Brussels, Belgium and subject to the prudential supervision of the National Bank of Belgium and the supervision of the Financial Services and Markets Authority in the field of consumer protection and subject to limited regulation by the Financial Conduct Authority.
- Cigna Europe Insurance Company S.A./N.V. (Registration Number 0474.624.562) is registered in Belgium with limited liability and authorized under licence number 2176, having it’s registered office at Avenue de Cortenbergh 52, 1000 Brussels, Belgium and subject to the prudential supervision of the National Bank of Belgium and the supervision of the Financial Services and Markets Authority in the field of consumer protection and subject to limited regulation by the Financial Conduct Authority. • Cigna Europe Insurance Company S.A.-N.V. (Swiss Branch), with corporate address in Freigutstrasse 20, 8002 Zurich, registered with FINMA under number CH- 020.9.001.879-2.
- Cigna Global Insurance Company Limited, with corporate address at St Martin’s House, Le Bordage, St Peter Port, Guernsey,GY1 4AU and regulated by the Guernsey Financial Services Commission under number41925.
- Cigna European Services (UK) Limited (Company Number 00199739). Registered office at 5 Aldermanbury Square, London EC2V 7HR
- Cigna Life Insurance Company of Europe S.A.–N.V., (UK branch) (BR000754) having its principal place in of business at 5 Aldermanbury Square, London EC2V 7HR and its corporate address at 52 Avenue de Cortenbergh, 1000 Brussels, Belgium
The company collecting your personal information depends on the insurance entity which provides your insurance cover and can be found in your member booklet or certificate of insurance. This Cigna entity is the controller of your personal information. The Cigna group entity which is the controller for the purposes of this DPN can be found in your Policy Documents and certificate of insurance. If you have any questions or queries about which Cigna group entity listed above is the controller in relation to your personal information, please do not hesitate to get in touch with us using the details set out the “Contacting Us” section below.
As the controller we are responsible for complying with data protection laws. This DPN describes what personal information we may collect from you, why we use your personal information, your rights in relation to it, and more generally the practices we maintain and ways in which we use your personal information.
We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your personal information, you may contact our data protection officer using the details set out in the “Contacting Us” section below.
Who do we collect information about?
We collect personal information about:
- Previous, current and prospective policyholders
- Previous, current and prospective covered parties under policies
- Users of the www.cignaglobal.com website
When do we collect personal information?
We collect information about you:
- On application for a policy
- On underwriting of a policy
- If a claim is made under a policy
- On renewal of a policy
- When you contact us to make a mid-term alteration to your policy
- When you use our website
- When you respond to a customer survey
- When you contact us, including when you get in touch to ask questions or update your personal information
- When you make a complaint
- From third parties (you can find out more about this in the sections below)
What personal information do we collect and use?
The personal information that we collect will depend on your relationship with us. We will collect different information depending on whether you are a policyholder, a covered party under a policy, claimant, witness, broker or other third party.
Please note, in certain circumstances we may request and/or receive "sensitive personal information" about you. For example we may need access to health records for the purposes of providing you with a policy or processing claims.
If you provide personal information to us about other individuals you agree:
(a) to inform the individual about the content of this DPN; and
(b) to obtain any consent where we indicate that it is required for the processing of that individual's personal information in accordance with this DPN.
- General information such as your name, address, contact details, date of birth, gender, relationship to the policyholder (where you are not the policyholder)
- Identification information such as national insurance number, passport number or driving license number
- Information about your job including job title, employment history, education history and professional accreditations
- Information relevant to your insurance policy Information relevant to your claim (for example a medical report)
- Information relating to previous policies or claims
- Financial information such as your bank details, payment details and information obtained as a result of our credit checks
- Any correspondence via email or telephone with our Customer Contact Centres
- Your marketing preferences and information about the types of Cigna products and services in which you may be interested
- Details of your current and past physical and/or mental health
- Data concerning your sex life and/or sexual orientation
How do we collect your information?
We collect the personal information outlined above from a number of different sources including:
- Directly from you or from someone else on your behalf such as:
- From other third parties involved in your insurance policy or claim such as your broker or another insurer, claimants, defendants or witnesses
- From other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, experts (including medical experts), healthcare providers and other service providers
- From medical reports and counsel opinions
- From emergency assistance and medical services providers
- From claims services providers
- Via publically available sources such as internet search engines, social media sites
- From other companies within the Cigna group
- Through customer surveys
- From credit reference agencies
- Via insurance industry fraud prevention and detection databases and sanctions screening tools
We may be required by law to collect certain personal information about you, or to collect your personal information as a consequence of a contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. For example, if you do not provide certain personal information, we will not be able to provide you with a policy. We will inform you at the time your personal information is collected whether certain data is compulsory and the consequences of the failure to provide such data.
What are the purposes for which your personal information is used?
We may process your personal information for a number of different purposes. For each purpose we must have a legal ground for such processing. When the information that we process is classed as sensitive personal information, we must have an additional legal ground for such processing.
Generally we will rely on the following legal grounds:
- Where the use of your information is necessary for the performance of a contract to which you are a party, or in order to take steps at your request before entering into a contract. For example, we will use this legal ground to provide your insurance policy and our services, and for activities such as assessing your application, managing your insurance policy and handling claims
- Where we have a legitimate interest in using your personal information. If we rely on this legal ground, we will put in place robust safeguards to ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. We may rely on this legal ground for the purpose of maintaining our business records or developing and improving our products and services or where we have a legal or regulatory obligation to use your personal information
- In exceptional circumstances, where our use of your personal information is in your, or another person's vital interests
- Where the use of your personal information is necessary to establish, exercise or defend our legal rights
- Where you have provided your consent to our use of your personal information. If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this DPN.
We may use automated decision making processes to make decisions or conduct 'profiling' about you. This involves using software to process your personal information, to evaluate your personal aspects and to predict risks or outcomes. We use automated decision making processes:
- in the context of auto-renewal of certain types of policies, including to determine what the cost of renewing the policy will be;
- for the purposes of fraud prevention.
These decisions may have legal or similar effects for you. For example, we may use them to decide what the cost of renewing your policy will be. We will, however, only make these kinds of automated decisions where:
- they are necessary for entering into a contract with you;
- they are authorised by law;
- you give your consent to us carrying out automated decision-making.
You can contact us to request further information about automated decision-making. In some circumstances you can object to our use of automated decision-making processes, or request that an automated decision is reviewed by a human being.
Who do we share your information with?
From time to time, we may share your personal information with third parties for purposes consistent with those described in this DPN. If you would like further information regarding the disclosures of your personal information, please get in touch with us directly.
Disclosure within our group
From time to time, we may share your personal information within Cigna group companies for purposes consistent with those described in this DPN. You can find permanently updated information about the Cigna group on the following website: http://www.cigna.com/aboutus. Access to personal information within Cigna is restricted to those individuals and entities who have a requirement to access the information for the purposes described in this DPN.
Disclosures to third parties
We also disclose your personal information to the third parties listed below for the purposes described in this DPN. This might include:
- Our insurance partners such as brokers, other insurers and intermediaries and agents, reinsurers, reinsurance brokers, appointed representatives or other companies who act as insurance distributors
- Other third parties who assist in the administration of your insurance policy or claim or to whom the administration of your insurance policy or claim is outsourced, such as loss adjusters, claims handlers, accountants, auditors, lawyers and other experts
- Fraud detection agencies and other third parties who operate and maintain fraud detection registers
- External law firms who are assisting us with recoveries, fraud matters or disputed claims issues
- Investigative firms we brief to look into claims on our behalf in relation to suspected fraud
- Health providers (for example, a hospital which is responsible for any treatment you receive through your policy)
- Our emergency assistance and medical services providers, and other third parties they use to assist with claims including healthcare providers, overseas agencies and cost containment agencies.
- Our regulators and other governmental or public authorities where we believe it necessary to comply with a legal or regulatory obligation
- The police and other third parties or law enforcement agencies where we believe it necessary for the prevention or detection of crime or to comply with a legal or regulatory obligation
- Third parties involved in court actions where we believe to be necessary or appropriate to comply with legal process
- Debt collection agencies
- Credit referencing agencies
- Professional advisors such as actuaries, auditors, lawyers, accountants and tax advisers
- Our third party services providers such as IT suppliers, marketing agencies, translators, document management providers and the print provider(s) that print policy documents and customer communications on our behalf
- Third parties who undertake analysis on our behalf for the purposes of improving our services and products
- Selected third parties in connection with any sale, transfer or disposal of our business
What marketing activities do we carry out?
We may also use your personal information to provide you with information about our products or services, or those of our partners which may be of interest to you where you have provided your consent for us to do so.
If you wish to unsubscribe from emails sent by us, you may do so at any time by clicking on the "unsubscribe" link that appears in all marketing emails. Otherwise you can always contact us to update your contact preferences by using the details in the “Contacting Us” section below. Please note, however, that we will continue to send you service related (non-marketing) communications.
How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this DPN and in order to comply with our legal and regulatory obligations. Our default retention period is 10 years. However, depending on the jurisdiction that governs our contract with you and the type of information involved, our general retention period may vary between 7 to 10 years. If you would like further information regarding the periods for which your personal information will be stored, please see the details in the “Contacting Us” section below for our contact details.
What is our approach to sending information overseas?
Due to the global nature of our services, your personal information may be shared with and/or accessed by parties located in other countries outside the European Economic Area. The countries to which we may transfer your personal information may not be regarded by the European Commission as ensuring an adequate level of protection for personal information (for instance, the United States).
Where we transfer your personal information to any of these countries, we will conduct the transfer in accordance with applicable data protection law. This may include ensuring that appropriate safeguards, such as contractual obligations, are put in place with respect to the protection of your personal information and your fundamental rights and freedoms, and your rights in relation to your personal information. If you would like further information regarding the steps we take to safeguard your personal information, or to obtain a copy of the safeguards we put in place to protect it when it is transferred, please contact us using the details in the “Contacting Us” section below.
Depending on your location and the compliance requirements that may apply there you may receive additional privacy notices from us or from our partners.
Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in the “Contacting us” section below.
- In some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why
- In some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with your policy and may therefore result in the cancellation of your policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.
- The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details about how we use it. There will not usually be a charge for dealing with these requests. Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
- The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
- The right to erasure
In certain circumstances, you have the right to ask us to erase your personal information. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with your policy and may therefore result in the cancellation of your policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.
- The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal information. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with your policy and may therefore result in the cancellation of your policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.
- The right to data portability
In certain circumstances, you have the right to ask that we provide your personal information to you in a commonly used electronic format, and to transfer any personal information that you have provided to us to another third party of your choice.
- The right to object to marketing
You can ask us to stop sending you marketing messages at any time.
- The right not to be subject to automated decision-making (including profiling)
You have a right in some circumstances to not be subject to a decision based solely on automated means. Please note that personal information, including sensitive personal information, may be used in the context of auto-renewal of certain types of policies which involves automated decision making to determine what the cost of renewing the policy will be. We will ask you when you purchase your policy if you would like to opt into auto-renewal. However, even if you opted in at this point, you have the right to opt out at any time.
- The right to withdraw consent
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with your policy and may therefore result in the cancellation of your policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.
- The right to lodge a complaint with a data protection authority
You have a right to complain to the Information Commissioner's Office (ICO), or to the data protection authority in the Member State in which you live or work, or in which you consider your complaint arose, if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.
How we protect your information
We use a range of physical, legal, organisational and technical security measures which are consistent with applicable data protection laws to protect your information. Firewalls are used to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel and our internal procedures cover the storage, access and disclosure of your information.
If you have any questions about how we collect, store or use your personal information, you may contact our data protection officer at:
Data Protection Officer / Cigna
52 Avenue de Cortenbergh / Kortenberglaan 52
B-1000 Brussels Belgium Email: firstname.lastname@example.org
Updates to this DPN
We may update this DPN from time to time to ensure that it remains accurate. If we change this DPN, we will notify you of the changes. Where changes to the DPN will have a fundamental impact on the nature of our processing of your personal information, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your personal information.