Data Privacy Policy

Eagle Insurance Limited (“EIL”, “we”, “us”, “our”) respects the privacy of all persons, and is committed to protecting the privacy, confidentiality, and security of the personal data it collects on its clients, their dependents, and prospective clients.

This Privacy Notice serve to inform you as to how we look after your personal data and about your privacy rights and how the law protects you in relation to your personal data. It applies to any personal information you provide to EIL and that we collect from other relevant sources that are subject to local laws and regulations.

All capitalized terms used in this Notice shall have the meaning assigned to them in the Data Protection Act 2017.

EIL is an insurance company registered with the Registrar of Company in Mauritius and having its registered office address at IBL House, Caudan Waterfront, Port Louis, Mauritius.

We may collect the following personal data for the purposes of our activities (refer to section 3
below):

• your name, surname and date of birth;
• your gender
• your national identity card number;
• your driving licence number;
• your employment details and profile
• your contact details (phone, email and residential addresses); Information related to your employment and financial history
• Information on your vehicle (including registration number)
• Information relating to the drivers of the vehicle;
• your medical conditions;
• your signature;
• your claims details, including photos
• Recorded calls and voice notes;
• your banking details;
• any other personal data necessary to fulfil your special requests; and
  any other personal data that you choose to provide to us

In accordance with EIL’s activity, we use your personal data to be able to fulfil our core objective which is to carry out and provide our services and products to you. For instance, underwriting of insurance products and claims. To that effect, during our interaction with you, we will be collecting your personal data when:

• treating your insurance application;
• verifying your eligibility to be insured by EIL;
• administering your claims and processing payments of your claims;
• improving our claims management;
• understanding and assessing your ongoing needs so as to upgrade the Policy Schedule (where possible);
•  communicating with you on all updates regarding EIL or its services and Policy Schedule;
• assisting you with your queries or concerns;
• complying with contractual obligations;
• complying with any legal or regulatory obligations imposed on us, such as due diligence obligations relating to the Financial Intelligence and Anti-Money Laundering Act; and
• fulfilling our legitimate commercial interests.

Your personal data may be shared with:

• business partners who assist us in fulfilling our objectives such as reinsurers, insurance agents,
  insurance brokers, actuaries, surveyors, salespersons, investigators, tracers, law enforcement
  authorities, insurance companies, vehicle dealers and repairers, towing companies, rental
  companies, garages, advisers such as loss adjusters, accountants and others involved in the
  application, regulatory authorities, including the National Insurance Claims Database, administration of
  insurance and claims handling processes;
• service providers we have retained to perform services on our behalf. These service providers are
  contractually restricted from using or disclosing the personal data except as necessary to perform
  services on our behalf or to comply with legal requirements;
• your employer if the latter pays for the insurance cover as may be relevant for the purposes set out
  in section 3 and to facilitate our activities;
• companies forming part of the IBL Group as may be relevant for the purposes set out in section 3
  above and to facilitate our activities or relationship, but we shall only do so on a strictly need to
  know basis; and
• agents, advisers, accountants, auditors, lawyers, debt collectors, other professional advisors,
  contractors or third- party service providers for the purpose of assisting us in complying with our
  legal and regulatory obligations.

We will ensure that your personal data is kept safely. Only the above-mentioned designated persons will have access to your personal data on a strictly need-to-know basis for the purposes of fulfilling our objective or promoting our activities with you.

In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.

Some disclosures do not require your consent. This happens when we share your personal data with (i) law enforcement bodies/agencies and other statutory authorities, if required by law; (ii) if required or authorized by law or if we suspect any unlawful activities on your part; (iii) in the event that EIL is merged with another similar company, personal data would be transferred to the new company; (iv) for company audits or complaint investigations or security threat notifications.

From time to time, we could use your name and contact information to send you either via emails, post, or social media information that we think may be of interest to you, including stories, events, products and services offered by IBL, its subsidiaries and affiliates as well as special offers and promotions and surveys but we can only do so with your consent. You will also be able to opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications or by contacting us in accordance with the section “Contact Us” below.

In some cases, we may need to transfer your personal data with organisations located in countries outside our territorial limits in order to provide our services to you. We will take appropriate safeguards in order to secure the personal data being transferred.

Your personal data will be stored for as long as required to fulfil our activity purposes and for the period required by law. We shall take reasonable steps to destroy or anonymise personal data in a secure manner when we no longer need it for the purposes for which it was collected (as set out in section 3 of this notice) and retention is no longer necessary for legal or business purposes.

We shall only process your personal data where we are satisfied that we have an appropriate legal basis to do so, such as:

(i) for the performance of a contract between us;
(ii) where you have provided us with your express consent to process your personal data other than for specific purposes;
(iii) our use of your personal data is necessary to fulfill our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies such as the Motor Vehicle Insurance Arbitration Committee (MVIAC));
(iv) for forthcoming Alternative Dispute Resolution hosted by the Insurers Association of Mauritius; or
(v) sharing of personal data to third party insurance companies, salespersons, investigators, tracers;
(vi) Our use of your personal data is in our legitimate interest as an association.

EIL has in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss, or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring.

Children have the same rights as adults regarding the protection of their personal data. We only process Minors’ personal data with the permission of their parents or guardians. We may also process personal data of minors where minors are involved in claims.

Our website may contain links to other websites, apps, content, services or resources on the internet which are operated by subsidiaries and affiliates of IBL or third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal
data which may be collected through these sites. Please check these policies before you submit any personal information to these other websites.

You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Data Protection Officer and specify the information you would like to have. We will take all reasonable steps to confirm your identity before providing details of your personal data. You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to ask us to update, correct or delete your personal data. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up to date by notifying us of any changes, we need to be aware of.

You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data.

However, we may not be able to fulfil our contractual obligations to you if you entirely withdraw your consent or ask us to delete your personal data entirely. To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will strive to grant these rights within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we
reserve the right to charge a fee (as mentioned above regarding access).

There may be circumstances where we might not be able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.

Our website uses cookies:

• What is a cookie?
  Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

• Why do we use cookies?
  We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. The cookies we use are Session cookies which allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new page you visit. The Session Cookies only last until you close your browser.

• How are third party cookies used?
  For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third party websites for data regarding their use of cookies.

• How do I reject and delete cookies?
  We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.

You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For data on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not
work correctly.

We may amend this privacy notice from time to time. Any amendment will be posted on our website so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on our website.

This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.

We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this notice. If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:

The Data Protection Officer, Eagle Insurance Limited
Eagle House, Hyvec Business Park, 15 A5 Wall Street, Ebene Cybercity.

dpo@eagle.mu/+230 4609223]

If you believe we have not handled your request in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.