Annexure A1

Privacy Policy

We, at Ageas Federal Life Insurance Co Ltd (Ageas Federal Life Insurance) are committed to the protection of customer’s privacy. Towards that end, Ageas Federal Life Insurance has taken reasonable steps to protect customer’s online privacy of personal information provided by them. This privacy policy is applicable to Ageas Federal Life Insurance website (www.ageasfederal.com) and all products & services offered by Ageas Federal Life Insurance through its digital & physical modes. All customers using or availing the same are covered under this privacy policy.

Ageas Federal Life Insurance will be using certain defined terms as provided below:

“Customer” shall include individuals & other entities that purchase or intends to purchase goods & services from Ageas Federal Life Insurance as well as any individual & other entity entitled to receive benefits in connection with the insurance contract with Ageas Federal Life Insurance.

"Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

"Sensitive personal data or information" of a person means such personal information which consists of information relating to (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of this privacy policy.

Personal information that is collected from customers

Ageas Federal Life Insurance collect the following categories of personal information and sensitive personal data or information:

Sensitive Data collected & processed

Ageas Federal Life Insurance collects the sensitive personal data or information as mentioned above for the purpose of issuing the insurance policy to its customers, undertaking business transactions and making monetary payments.

The biometrics is required only in case the Aadhaar e-KYC authentication is to be undertaken. As per the security architecture of the eKYC the biometric is captured on Registered Device approved by UIDAI (Unique Identification Authority of India) and the biometric is captured in a PID (Personal Identity Data) block and the PID Block, once transmitted by Ageas Federal Life Insurance is not stored in any of the systems of Ageas Federal Life Insurance.

Use of Personal Information

The personal information provided will be used for the purpose of underwriting and arriving at the Premium amount to be paid. This information will be used for the purpose of issuing insurance policy to the customer. In case the customer is an online customer the information will be used to create a user id and password for customer to track his insurance policy. The mobile number and email provided will be used to send periodic updates specific to the insurance policy purchased and if opted for News and other updates then that also will be sent to the customer. The calls made to the customer by Ageas Federal Life Insurance shall be in compliance with the do not disturb norms prescribed by TRAI (Telecom Regulatory Authority of India), including the Telecom Commercial Communications Customer Preference Regulations, 2010. The customer will have the right to unsubscribe to generic information, if any, provided.

Legal Basis of Processing

Ageas Federal Life Insurance processes the Personal Information when it is necessary for the performance of a contract to which customers are the party or in order to take steps at customer’s request prior to entering into a contract.

Consequences of not providing Personal Information: If customer chooses not to provide the Personal Information that is mandatory to process customer’s request for issuance of insurance policy, Ageas Federal Life Insurance may not be able to provide the corresponding product and/or service.

Data recipients, transfer, and disclosure of Personal Information

To provide customer with the best experience of Ageas Federal Life Insurance products & services, it is necessary of Ageas Federal Life Insurance to engage third party vendors who provide specific products & services to support Ageas Federal Life Insurance’s business requirements. In this connection, Ageas Federal Life Insurance would make disclosure of sensitive personal data or information for the purposes of or in connection with activities such as – data entry, tele-calling, medical examination, printing, reinsurance, expert view, audit, legal proceeding, monetary payment, digital & physical communication, verification & collation of information, digital & physical storage.

The last 4 digits and the related demographic information including name, DOB and address shall be shared with Central Know Your Customer Registry (CKYC) maintained by CERSAI (Central Registry of Securitisation Asset Reconstruction and Security Interest of India) as per PML Act 2002 (Prevention of Money-Laundering Act, 2002) & related Rules. The same will be shared electronically as well as the image of the Aadhaar card (in case of image shared) else the output pdf/jpeg generated from the UIDAI site. This is a mandatory requirement under the legal provisions.

Ageas Federal Life Insurance will not share this information with any other entity, other than those mentioned above, whatsoever without customer’s explicit permission, except where the disclosure is mandated by law.

Presently, Ageas Federal Life Insurance does not transfer sensitive personal data or information to any other body corporate or person, whether in India or any other country. If in future, such transfer is made, the same would be (i) with the consent of the provider of sensitive personal data or information; (ii) effected only if it is necessary for the performance of the contract with such provider; and (iii) upon such transferee agreeing to be bound by the level of data protection prescribed under law.

Data Provider Rights

Subject to the laws of India, the data provider has the right to access, correct, delete or transfer the Personal Information that Ageas Federal Life Insurance holds, including the profile and preferences. The customer has the right to object to certain processing and, where the consent has been asked for processing the Personal Information, the customer has the right withdraw the consent. Where Ageas Federal Life Insurance processes customer’s Personal Information because Ageas Federal Life Insurance has a legitimate interest in doing so, customer also has a right to object to this. These rights may be limited in some situations – for example, where it can be demonstrated that there is a legal requirement to process the Personal Information or that it may restrict the usage of the products & services availed from Ageas Federal Life Insurance.

Collection of Data from Guardians on behalf of minors

The insurance policies offered by Ageas Federal Life Insurance also covers minors. In the event customer chooses to avail such policies, the parent or guardian of such minors would be required to provide personal information and sensitive personal data or information of such minors.

Reasonable Security Practices

Ageas Federal Life Insurance has a full-fledged Information Security Department in place which addresses the vital aspects of the Information security which includes the Personal data.

The Information Security related matters of Ageas Federal Life Insurance are audited annually by external auditor. The audit is conducted in accordance with checklist mandated by IRDAI (Insurance Regulatory and Development Authority of India).

Ageas Federal Life Insurance is certified for ISO 27001:2013 and the information security policy and practices are in line with the ISO 27001:2013 and is audited by the certification body.

Aadhaar Related services

Information to the customer

The PML Act 2002 is applicable to Ageas Federal Life Insurance, it being a financial institution engaged in life insurance business. Pursuant to same and recommendations made by the Financial Action Task Force (FATF), IRDAI issued Guidelines on Anti Money Laundering program for insurers. The same also mandates insurers to ‘Know Your Customer’. In other words, Ageas Federal Life Insurance is required to make reasonable efforts to determine the true identity of all customers requesting for its services. Due to the same, it is mandatory that every person purchasing the insurance policy or receiving monetary payment under the insurance policy has to comply with the KYC norms and as a result provide his/her proof of identity as well as proof of address.

Aadhar number is a legally recognized mode to comply with KYC norms. Instead of using physical copy of Aadhar number, the customer has the option for authentication of Aadhar number through CIDR (Central Identities Data Repository). The customer also has the option for offline verification of Aadhaar number, in accordance with Sec 8A of Aadhaar Act 2016 (Aadhaar (Targeted Delivery of Financial and other subsidies, benefits and services) Act 2016).

Ageas Federal Life Insurance will provide a notice to the customer (in a language understandable to customer) on the nature of information that may be shared upon authentication/offline verification and uses to which the information received may be put by Ageas Federal Life Insurance. This notice also will contain the alternatives to the submission of the Aadhaar number for authentication/offline verification. The customer can voluntarily agree to undertake eKYC or alternatively provide any other officially valid document to meet the KYC requirement.

In case of prospective customer, such customer should not be eligible for any subsidy from Government of India /or not applied for the Ayushman Bharat Scheme. In such cases, the Aadhaar details can be submitted voluntarily for submission and authenticating by such customer and as Ageas Federal Life Insurance is authorized by UIDAI to undertake the eKYC as a KUA (KYC User Agency).

Consent

The prospective customer has to give a specific consent for fetching the data from UIDAI after reading through the information given above. In case the eKYC is done of the child then the consent will have to be given by the parent or guardian. This is per Sec 8 of the Aadhaar Act 2016 and the related regulation as mentioned in para 8.7 above.

Information collected for fetching eKYC

In order to perform the eKYC the prospective customer will enter the Aadhaar number or virtual ID and can opt for OTP (one-time password) based or Biometric based authentication. In both the cases i.e. OTP and Biometric the same is captured in a PID Block and the PID block is not stored by Ageas Federal Life Insurance and is used for transmission only. The PID block in case of Biometrics is part of the registered device and cannot be extracted separately.

Information received from CIDR on authentication

On successful authentication/offline verification the demographic details including the photograph will be fetched from the CIDR and can also be used to pre-populate the application/proposal form for insurance.

Disclosure

The identity information collected from the CIDR will not be disclosed to any third party without the explicit permission of the Aadhaar holder unless the same is stipulated by Law. The information shall be shared, without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

Transfer /Sharing of Information

The Aadhaar is treated as the proof of Identity and Proof of Address, the last 4 digits and the related demographic information including name, DOB and address shall be shared with Central Know Your Customer Registry (CKYC) maintained by CERSAI as per PML Act 2002 & related Rules. The same will be shared electronically along with the image of the Aadhaar card.

Data Retention

Ageas Federal Life Insurance retains data in accordance with the laws of India and has a data retention policy approved by the Board of Ageas Federal Life Insurance. Generally, Ageas Federal Life Insurance retains data for a period upto 10 (ten) years from the date of cessation of the transactions between you and Ageas Federal Life Insurance. In the event you are keen in understand the exact duration of any specific data or information that Ageas Federal Life Insurance may store, you may write to the Grievance Redressal Officer at the contact details provided below.

Reasonable Security Practices (Aadhaar)

The reasonable security practices of the protection of the Identity information of Aadhaar is stipulated in the Aadhaar Act and the related regulations.

Ageas Federal Life Insurance shall abide by the same at all times. As on the date of this version of the privacy policy the following practices shall be adopted:

Grievance redressal

All interested parties can submit the grievances related to this privacy policy through the below channel:

Annexure A2

The form of consent is provided below.

Form of consent

  1. I voluntarily opt for Aadhaar Officially Valid Document, Know Your Customer(KYC) and/or eKYC and/or Offline Verification and submit to the Company my Aadhaar number, Virtual ID, e-Aadhaar, XML, Masked Aadhaar , Aadhaar details, demographic information, identity information , Aadhaar registered mobile number, face authentication details and/or biometric information (collectively, “information”).
  2. I am informed by the Company, that:
    1. Submission of Aadhaar is not mandatory and there are alternative options of KYC and establishing identity including by way of physical KYC with officially valid documents other than Aadhaar. All options were given to me.
    2. For eKYC /Authentication/offline verification, Company will share Aadhaar number and/or biometrics with Central Identities Data Repository (CIDR)/ Unique Identification Authority of India (UIDAI). CIDR/UIDAI will share with Company the authentication data, Aadhaar data, demographic details, registered mobile number, identity information, which shall be used for the informed purposes as mentioned in point no. 3 below.
  3. I authorize and give my consent to the Company( and its service providers), for the following informed purposes:
    1. KYC and periodic KYC process as per Prevention of Money Laundering Act, 2002 and rules there under and IRDAI guideline, or for establishing my identity, carrying out my identification, offline verification and/or eKYC and/or Yes/No authentication, demographic and/or other authentication /verification /identification as may be permitted as per the applicable Laws and all accounts, policies, facilities, services and relationships of/through the Company, existing and future.
    2. Collecting, sharing , storing , preserving information , maintaining records and using the information and authentication /verification /identification records:
      1. For the informed purpose above
      2. As well as for regulatory and legal reporting and filings and/or
      3. whenever required under applicable laws.
    3. Producing records and logs of the consent, information and/or of authentication, identification, verification, etc. for evidentiary purpose including before Court of Law, any Authority and/or in an arbitration proceeding;
  4. I understand that the Aadhaar number and core biometrics will not be stored/ shared except as per Law and for CIDR submission. I have downloaded the eAadhaar myself using the OTP on my Aadhaar registered mobile number. I will not hold Company or its officials responsible in the event this document is not found to be in order or in case of any incorrect information provided by me.
  5. The above consent and purpose of collecting information has been explained to me in my local language and is well understood.

I wish to purchase a Life Insurance policy for self from Ageas Federal Life Insurance Company Limited (herein referred to as Ageas Federal Life Insurance).

I am given to understand from them that as per the existing PML Act 2002 & related Regulations the proof of Identity and Proof of address is mandatory for obtaining the Insurance Policy.

  1. Alternatives to Aadhaar: I am also informed by Ageas Federal Life Insurance that as per PML Act 2002 & the related Rules & Regulations, that Aadhaar is not the only document which serves as the proof of Identity. I can choose any of the following officially valid document (OVD) in lieu of the Aadhaar in case the I am not desirous of availing any Subsidy from the Central/ State Government: Voter’s ID, or Driving License or Passport or NREGA card.

I am not eligible for any subsidy from Government of India /or not applied for the Ayushman Bharat Scheme. I am giving my Aadhaar details voluntarily for submission and authenticating me Ageas Federal Life Insurance is authorized by UIDAI to undertake the eKYC as a KUA (KYC User Agency), to fetch my Demographic details and Photograph from the CIDR maintained by UIDAI for the purposes mentioned above. The mode of authentication, in order to fetch the details shall be OTP.

The full 14-digit Aadhaar number or the 16-digit VID will be entered by me in the application of Ageas Federal Life Insurance and the Ageas Federal Life Insurance is authorized to store the Aadhaar number as per the guidelines issued by UIDAI with necessary security measures as defined by UIDAI.

In case of eKYC I am also given to understand that the hard copy of the Aadhaar card need not be submitted.

  1. Purpose of collection: The Aadhaar details are shared for the purpose of creating a insurance account /servicing the policy request and to comply with the PMLA aspects related to KYC
  2. Data collected from me
    1. eKYC: In case of e-KYC the Aadhaar number or the VID shall be captured by Ageas Federal Life Insurance and the related OTP.On successful validation of the OTP the UIDAI will share the information as mentioned in the Para below.In addition your Mobile number and email id as registered with the UIDAI also will be required to validate your mobile and emailid received from UIDAI
      In the event I am required use my biometric information , I am given to understand that Ageas Federal Life Insurance will not store the core biometric information and it will be transmitted to UIDAI system for authentication.

Also as Ageas Federal Life Insurance is a local - KUA, I am given to understand the aadhaar numper captured in the front end will not be stored by Ageas Federal Life Insurance. Data Collected from me related to Aadhaar- Non eKYC

    1. Offline e-KYC: In the event you have not done the eKYC you can also share the Offline XML which consists of the details as mentioned below . In additional the 4 digit passcode also neds to be shared with us as the ofllne eKYC comes with a passcode
    2. Image of Aadhaar Card: In the event you are sharing the Aadhaar card jpg / pdf in the form of upload please ensure that the same is redacted as required by PMLA and Aadhaar Regulations.
  2. Information shared by UIDAI: On successful validation of the OTP/ Biometric UIDAI will share the following information:- Name, Gender, Date of Birth, Anonymised mobile number and Anonymised email id
  3. Sharing of Aadhaar with external bodies: As you have voluntarily opted for The Aadhar as the proof of Identity and Proof of Address, the last 4 digits and the related demographic information including name, DOB and address shall be shared with Central Know Your Customer Registry (CKYC) maintained by CERSAI as per PMLA Act 2002 & related Rules. The same will be shared electronically as well as the image of the Aadhaar card (in case of image shared) else the output pdf/jpeg generated from the UIDAI site. This is a mandatory requirement and you cannot opt out of this.

I am also informed by the Ageas Federal Life Insurance that they will not share this information with any other entity, other than those mentioned above, whatsoever without my explicit permission, except where the disclosure is mandated by law like the Income Tax Act or any other Law enforcement agency, etc.

  1. Law enforcement agencies: In the event of any enquiry from Law enforcement agencies Ageas Federal Life Insurance has the right to share the information without your consent as per the Legal Provisions of PMLA, Income Tax, etc.
  2. Request Logs (applicable only for e-KYC): In the event I have opted for e-KYC, I am given to understand that I can request the logs of the same with full details within a period of two years from the date of the authentication request and Ageas Federal Life Insurance is not obliged to provide the same after the period of 2 years.