This Privacy Policy outlines how Hayat Insurance Brokers Sdn. Bhd. (hereafter referred to as “Hayat”, “we” or “us”) manage Personal Information. It applies to any Personal Information you provide to us and any Personal Information that we collect, use, process or disclose from other sources.

Personal Information referred to in this Privacy Policy is defined as Personal Data and Sensitive Personal Data as defined in the Malaysian Personal Data Protection Act 2010.

Please read this Privacy Policy carefully. We recommend that you print and retain a copy of this Privacy Policy for your future reference. By continuing to communicate with us, you confirm that you have read, understood and agree to this policy in its entirety, unless you clearly and specifically indicate to the contrary in your communications with us.

This Privacy Policy is not applicable to any Personal Information that is already in the public domain.

Statement of Commitment

Hayat is committed to the highest level of integrity in all of our dealings with our clients, employees and business partners. This commitment extends to any Personal Information about our clients that we might possess or acquire. We are committed to abiding by the requirements of the Malaysian Personal Data Protection Act 2010 (“PDPA”), respecting personal privacy, protecting client record confidentiality and safeguarding system security. Accordingly, Hayat adheres to the following Privacy Guidelines and Principles:

(i) Hayat has developed policies and programs for the protection of client information.

(ii) Hayat strives to maintain the accuracy of client information and will promptly respond to any questions or concerns clients may raise with respect to the accuracy of such Personal Information.

(iii) Hayat employees are aware of their duty to protect client information, and each Hayat employee with access to personal client information is required to comply with our privacy policies and procedures.

(iv) Hayat expects all of its business partners and service providers to adhere to Hayat’s high ethical standards as to the confidentiality of Personal Information.

(v) Hayat will only use Personal Information in compliance with applicable law.

The information you provide about yourself or about third parties to us will only be used by us in accordance with this Hayat Privacy Policy.

Updates to this Privacy Policy

This Privacy Policy was last updated on 11th July 2014. We may update this Privacy Policy from time to time. When we do so, changes in our Privacy Policy will be effective immediately. Updates to our Privacy Policy can be accessed by contacting us at [email protected]

The Personal Information we hold and process includes Personal Information about you. This information includes and is not limited to Personal Data and Sensitive Data – as defined in the PDPA.

Personal Data is information about individuals where the individual can be identified. It may include information such as your name, contact details, age, insurance history or financial details. Sensitive Data is a particular kind of Personal Data and includes information about an individual's health; racial or ethnic origins and other Sensitive Personal Data as defined in the PDPA.

We collect Personal Information to offer, provide, manage and administer the many services and products that we are involved in. These include and are not limited to insurance broking, claims management, risk management consulting, employee benefits and other forms of insurance services such as the arranging of reinsurance.

If you would like more information on the services and products available please email us at[email protected]

We also collect Personal Information for the purposes of developing or identifying products and services that may interest you, conducting market or customer satisfaction research, developing, establishing and/or administering arrangements with other organizations in relation to the promotion, administration and use of our respective products and services

We may collect this information directly from you, your agents and/or a third party. For example, an insured's representative may tell us about other persons wanting the benefit of our service or the relevant product such as a nominated driver, a director or officer or professional or other staff member. Alternatively, we may collect this information through our own representatives, advisers or other third parties, such as insurers, loss adjusters, lawyers, publicly available sources or witnesses to a claim etc.

Dealing with us Anonymously

Where lawful and practicable to do so you can deal with us anonymously e.g. general inquiries about the services we can offer you.

Unless you specifically tell us not to, we may use or distribute your Personal Information to the extent required by law, and as described below:

(i) Provision of Products and/or Services. We may disclose this information to other organizations or third parties where we believe it is necessary to assist us and them in providing products and/or services and/or information about those products and/or services. Recipients may include and are not limited to our employees, insurers, reinsurers, other insurance providers, agents and service providers, consultants, market research and quality assurance companies, employers, health workers, investigators, lawyers and loss adjusters. These organizations in turn may need to disclose the information to other third parties, but we limit their use and disclosure to the purpose or purposes for which we supplied it (unless you or we consent). If these third parties wish to use your Personal Information for any other purpose, they have a legal obligation to notify you of this and, where required, to obtain your consent.

(ii) Other Service Providers. We may contract with other organizations and/or individuals to perform functions or services on our behalf. These may include and are not limited: hosting a website, managing databases, sending e-mail messages, IT and/or IT-related services, and making phone calls on our behalf. These organizations and/or individuals may have access to Personal Information needed to perform their functions, but they are restricted from using it for purposes other than providing services for Hayat.

(iii) Business Transfers. As we continue to develop our business, we may sell, buy or otherwise transfer assets – and this includes Personal Information. Also, if either Hayat itself or substantially all of Hayat’s assets were acquired, your Personal Information may be one of the transferred assets.

(iv) Legal Matters. Hayat reserves the right to disclose without your prior permission any Personal Information about you if Hayat has a good faith belief that such action is necessary to protect and defend the rights, property, safety or legitimate business interests of Hayat, our employees, clients, business partners and/or the public. We may also disclose Personal Information as we deem necessary to satisfy any law, regulation, legal process or governmental request. These instances may include and are not limited to: suspected crime, fraud prevention and related purposes. Relevant portions of your data may also be used for other secondary legal, administrative and management purposes such as audits and research.

If you do not want us to disclose your Personal Information to other organizations (including our own related companies) please email us at [email protected], clearly specifying your request.

Your Consent to the Collection, Use, Processing and Disclosure of Your Personal Information

By reading this Privacy Policy, you consent to the collection of your Personal Information by us, and the use, processing and disclosure of your Personal Information as set out in this Privacy Policy. If you do not consent to the collection, use, processing or disclosure of your Personal Information, please email us at [email protected]

If you provide us with Personal Information about others…

When you provide us with Personal Information about other individuals (“Data Owners” as defined by the PDPA), we rely on you to have obtained their consent for the following:

(i) That you will or may provide their Personal Information to us,

(ii) That we may disclose this Personal Information to third parties as set out in this Privacy Policy,

(iii) That we and/or the third parties may use or process this Personal Information for the purposes set out in this Privacy Policy,

(iv) That the third parties in turn may further disclose this Personal Information to other parties as set out in this Privacy Policy, and

(v) That the Data Owners may access their Personal Information in the manner set out in this Privacy Policy and subject to the terms therein.

By reading this Privacy Policy, you warrant and represent to us that you have obtained the necessary consent from Data Owners in respect of any of their Personal Information which you have disclosed to us. If any of these Data Owners withholds, withdraws or limits their consent, or disagrees with any aspect of their Personal Information being collected, processed, used or disclosed by us, you are required to notify us accordingly by emailing us at [email protected].com.my.

If We Provide You with Personal Information:

If you collect, use, disclose or handle Personal Information on our behalf, or receive it from us, you and your representatives must meet the relevant requirements of the PDPA and only use and disclose it for the purposes we agreed to. You must also ensure that your agents, employees, contractors and business partners meet all of these requirements.

If you wish to use this information for any purpose other than the purposes we agreed to, you are required to directly notify the data subject – as defined by the PDPA – of this and, where required by the PDPA, to obtain the data subject’s consent.

Any information provided by you to us may be transferred internationally to Hayat’s business partners where it is necessary for the purposes described above. For example, where your insurance cover involves an insurer, reinsurer or service provider that is based overseas.

Countries outside Malaysia may not have the same standard of data protection as the PDPA.

This information may be used by Hayat, its agents and/or its business partners to provide to you products, services and / or information about these products or services. If you do not provide the information requested, we or those involved with the provision of the service or product, may not be able to provide the appropriate type or level of service or product.

This information may also be used for purposes including system administration, research and statistical purposes and crime prevention or detection.

The details, which you provide may also be used in order to help us update our records and/or for marketing purposes. If we send you any information about services or products, or you do not want us to disclose your Personal Information to any other organization (including related bodies corporate) please contact us at [email protected], clearly specifying your request.

If you have any inquiries about this policy or practices, please email us at [email protected]

Information related to employment

If you have submitted your resume, curriculum vitae, an application form or any other Personal Information for the purposes of applying for a position with us, we will use this information to evaluate your qualifications and to contact you regarding any positions in which we believe you may be interested.

We may disclose and/or transfer your Personal Information to other members of Hayat for the purposes of considering your application. This includes and is not limited to transferring your Personal Information to our employees who will process your application on our behalf.

Your Personal Information may be stored in hard copy documents, as electronic data, or in our software or systems. We endeavor to protect any Personal Information that we hold from misuse, loss, data corruption, and from unauthorized access, modification and disclosure. Some of the ways we achieve this are:

(i) employee confidentiality requirements

(ii) policies and security measures controlling access to our systems

(iii) document storage security policies

(iv) controlling access to our premises

However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that Personal Information you supply will not be intercepted while being transmitted to us over the internet. We ask that you do your part by maintaining in strict confidence any computer passwords you use to access the Internet.

We take reasonable steps to ensure that your Personal Information is accurate, complete, and up-to-date whenever we collect, disclose or use it.

As Company Policy we archive our documents, correspondence and any other information records for seven (7) years. After that date, this information is then destroyed without further reference to you. This policy applies to all types of policy coverage other than personal injury.

Personal Injury Records are all documents and any other records whether broking, underwriting or claims pertaining to an insurance policy which provides cover for any injury to persons regardless of the class of that insurance policy.

If you have any questions about our file retention policy, please contact us at [email protected]

We will, on request, provide you with access to information we hold about you, unless there is an exception which applies under the PDPA. Things that may affect a right to access include and are not limited to:

(i) Granting access may pose a serious threat to the life or health of any individual;

(ii) Granting access may have an unreasonable impact on the privacy of others

(iii) A frivolous or vexatious request

(iv) The information relates to commercially sensitive decision making process

(v) Access would be unlawful or denying access is required or authorized by law (e.g. we have a duty of confidentiality to our client's and will not provide access to Personal Information about you if it will breach that duty)

(vi) Access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function, or negotiations with the individual

(vii) Legal dispute resolution proceedings

If we don't provide you with access, we will provide you with reasons for the refusal.

If you wish to access your Personal Information, submit a query on how your Personal Information is being collected or used, submit a complaint about a breach of your privacy, or even clarify any matter relating to our Privacy Policy, please contact us at [email protected]

We will respond to you as soon as is reasonably possible and we may recover from you our reasonable cost of supplying you with this information