CXA Privacy Policy
General
-
CXA Group Pte Limited (Singapore registration no.: 201303355E and formerly known as Connexionsasia Pte Limited) (CXA) is committed to personal data protection. CXA continually strives to protect personal data in accordance with applicable laws, including the Singapore PDPA, the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) and US HIPAA, and best industry standards. By dealing with CXA in any way, whether as a supplier, user, distributor or in any other capacity, you agree to this Privacy Policy.
-
A reference to CXA includes a reference to CXA Singapore Pte. Ltd. (Singapore registration no.: 199503006R), CXA Insurance Brokers Singapore Pte. Ltd. (Singapore registration no: 198204706W), CXA Limited (Hong Kong registration no.: 2120109), CXA Insurance Brokers Limited (Hong Kong registration no.: 2185973), its other affiliates and group companies from time to time. including in all its grammatical forms is construed without limitation. Personal data includes any information that identifies or locates an individual or is capable of doing so.
Use of Personal Data
-
The main types of personal data that CXA deals with are names, email addresses, contact numbers, national ID numbers, medical information, benefits information, credit card information and delivery addresses. CXA does not store medical personal information or credit card information.
-
CXA obtains and uses personal data for (a) designing, developing and selling health benefits, employee benefits and wellness products, services and solutions (Key Businesses), (b) owning, operating and providing online services, eCommerce market places, support and other services related to the Key Businesses, (c) obtaining, analysing and dealing with data and other information (including those relating to Key Businesses), (d) distribution of its Key Businesses, insurances and related services, and (e) providing consultancy or advisory services on Key Businesses.
-
CXA may use personal data for correspondences related to claims, underwriting and related transactions (Permitted Communications).
-
CXA may use personal data to supervise, administer, assist with or otherwise manage the transactions on CXA's online or eCommerce services. In exceptional cases, including to prevent fraud, mitigate losses and in response to requests or complaints, CXA may use personal data to intervene in transactions on CXA's online or eCommerce services. For example, CXA may use personal data to enforce refunds.
-
CXA stores personal data, regardless of its form, with security appropriate to the sensitivity of the personal data. CXA retains personal data for the duration that is set out in its prevailing record retention policy (presently 7 years), which complies and is consistent with applicable laws and CXA's reasonable business requirements. Where CXA obtains employee personal data from an employer, CXA may continue to retain that employee's personal data for the retention period described under this clause, even if the applicable employment is terminated.
Disclosures
-
CXA does not sell, rent, license or otherwise deal with personal data for cash consideration or as inventory or stock-in-trade.
-
CXA discloses personal data to third parties where the disclosure is required for CXA's ordinary course of business, mainly:
- CXA discloses personal data to its subcontractors, suppliers, insurers and professional advisors;
- where CXA's online services and electronic market places are used, CXA discloses personal data to credit card processors, payment gateways (presently Stripe), delivery services and other service providers that perform, facilitate or support the applicable payment, delivery or other service; and
- supplier's or service provider's personal data to users or purchasers for purposes that are related to the relevant transactions, including delivery, consumer inquiries, payments and refunds.
-
CXA discloses anonymized and aggregated personal data to strategic, specialist and other partners, for analysis, processing, computation and other similar activities, for CXA's Key Businesses, product development and research.
-
When CXA discloses personal data to third-parties, the third-party recipients (other than natural person consumers) are required to protect personal data with substantially the same or higher standards as those stated in this policy.
-
CXA may provide personal data with or without consent in emergencies or legal processes, including:
- where requested by governmental agencies, subpoenas or court orders;
- for inquiries related to insurance or employment; and
- where necessary to ensure health and safety.
Do-Not-Call Registries
-
The consents for CXA to collect, keep and use personal data (including for the Permitted Communications) given under this Privacy Policy apply even if the relevant mobile numbers, contact or other personal data are listed with the Singapore Do-Not-Call registry (or any other similar registries or services), and override the DNC or similar listings. These consents apply to all dealings with CXA, including those through mobile apps, Internet portals and any other electronic systems or properties.
Contacting Us
-
For (a) questions or feedback, (b) withdrawal of consents, or (c) accessing or correction of personal data, please contact:
info@cxagroup.com;
+65 6659 8082;
CXA, 401 Commonwealth Drive, #05-03/05 Haw Par Technocentre, Singapore 149598, attention: Data Protection Officer; or
CXA HK, Unit 01, 29/F, 148 Electric Road, Hong Kong. -
If CXA received personal data from a third-party (including your insurer, employer or doctor), please contact that third-party to access or correct personal data on your behalf.
-
If you withdraw your consent relating to your personal data, CXA may become unable to provide you with its products or services or otherwise deal with you. It may also result in the termination of your agreements with CXA.
Responsibilities
-
CXA management is responsible for ensuring the compliance with all applicable data protection laws. This responsibility is shared with CXA's Privacy Officer, and its Information Technology and Human Resources departments.
-
All CXA employees are responsible for following data protection laws and complying with this policy. CXA employees are required to report to its management breaches of applicable data protection laws, which they are aware of.