This Privacy Addendum only applies to you if you are located in mainland China.
AIA International Limited, acting through its Hong Kong branch (hereinafter referred to as "we", "us" or "our"), the issuer of your insurance policy, is the controller and processor of your personal data and you may reach us via aiahk.compliance@aia.com. This Privacy Addendum forms part and parcel of our Personal Information Collection Statement and is specific to individual customers (including individual directors and employees of a corporate customer) who are located in mainland China and receiving our products and/or services from Hong Kong. As required by the laws of mainland China, we may need to seek your consent on how we use your personal data and, in relation to certain personal data which is considered sensitive based on the laws in mainland China, we may need your separate consent. Your personal data will be collected, accessed, processed, used, stored, and/or transferred outside of, mainland China. If you do not consent to this Privacy Addendum, we may not be able to provide you with the product(s) you are purchasing from us and offer you with the services associated with the product(s) and this would also include our inability to provide products or services to a corporate customer which is your employer if you (as an employee) do not consent to this Privacy Addendum.
Under the applicable data protection laws in mainland China, we will process your personal data based on your consent, unless your personal data are:
- necessary to conclude or perform a contract in which you are a party;
- necessary for us to comply with legal obligations;
- necessary to respond to public health emergencies;
- necessary to protect individuals' life, health, and property safety;
- reasonably processed in news reporting and public opinion oversight for public interests; and
- publicly available, because of your voluntary disclosure or a legal requirement, and reasonably processed.
Certain personal data that we collect about you is sensitive personal data as defined in the applicable data protection laws in mainland China ("Sensitive Personal Data"), which is personal data that may materially impact your rights and interests, if breached or unlawfully used, including but not limited to financial accounts, identification number, health-related information, or any personal data of minors under the age of fourteen. We collect the Sensitive Personal Data only for specific purposes, such as assessing your application for the issuance of an insurance policy to you, and investigation on any claims applications submitted to us.
We will retain your personal data for the period necessary to fulfill the purposes outlined in our Personal Information Collection Statement and this Privacy Addendum. The criteria used to determine our retention periods may include one or more of the following: as long as we have an ongoing relationship with you; as required by a legal obligation to which we are subject; and as advisable in light of our legal position (such as in regard of the applicable statute of limitation, litigation, audits or regulatory investigation).
We may also provide your personal data with our agents, brokers, insurers, contractors, your employer, third party service providers, medical institutions such as hospitals, medical clinics and laboratory testing facilities, parent companies, subsidiaries and affiliated companies, auditors, legal advisors, corporate customers (including their member companies) who maintain group insurance policy with us and, under which policy, you and your dependants receive insurance products or services from us, financial advisors, reinsurers, regulators, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations, actual or proposed assignee, transferee, participant or sub-participant of our rights or business, banks, payment settlement agents, third party payment service providers, claims investigation organizations, third party reward, loyalty, co-branding and privileges program providers, co-branding partners and/or marketing partners, insurance adjusters, health care professionals, accountants, financial advisors, solicitors, organizations that consolidate claims and underwriting information for the insurance industry, fraud prevention organizations, other insurance companies, the police and databases or registers (each, a "recipient", collectively, "recipients") for the purpose of the administration of your insurance policies, and the provision of products and services to you. Further, we may provide your personal data with certain recipients that can independently determine the purposes and means with respect to processing activities of your personal data. A list of such personal data recipients is available at this table.
The recipient(s) of your personal data may collect and process your personal data and return to us for the purpose of the administration of your insurance policies and the provision of products and services to you. The types of personal data that we provide to the recipients include without limitation personally-identifiable information, your medical information, your health records/information, your financial information. We may deliver your personal data through electronic means or other mode of dispatch to the recipients. In compliance with the applicable rules and regulations of mainland China, we implement maximum security in controlling, processing and transferring of your personal data and Sensitive Personal Data. We also adopt our own security policies to safeguard your personal data and Sensitive Personal Data.
While we carry out our business, we may use artificial intelligence ("AI") to process your personal data to fulfil the purposes of collecting your personal data. AI is a technology to simulate the human thought process to perceive, understand, reason and solve problems to augment, improve, or replace human decisions. Common examples for using AI include:-
- Customer interaction – natural language processing that converts voice to text and conducts appropriate interaction with customers;
- Digital onboarding and servicing processes – application and servicing processes using optical character recognition tool that recognizes text within digital images and validates the accuracy of form contents filled out against the supporting documents; and
- Product and portfolio recommendation – AI is used to conduct big data analysis based on our customer database and enables us to understand the needs of our customers.
In addition to the access and correction rights set forth in our Personal Information Collection Statement, you have the right to obtain a copy of your personal data held by us and the right to request us to delete such personal data under any of the following circumstances:
- where the purposes of processing your personal data have been achieved or have failed to be achieved, or the personal data is no longer necessary for achieving the purposes;
- where we have ceased to provide the products or services, or the retention period has expired;
- where you have withdrawn your consent; and
- where we have violated the applicable data protection laws and regulations.
To the extent inconsistent with the provisions of this Privacy Addendum, including but not limited to definitions (e.g., sensitive personal information), China's Cybersecurity Law, Personal Information Protection Law, Data Security Law, their implementing measures and other Chinese laws and regulations in relation to cybersecurity and data protection will prevail.
We have the right to update this Privacy Addendum from time to time and we will notify you of our updates to this Privacy Addendum by posting it on our website or apps (as the case may be). You may withdraw your consent to our use of your personal data by contacting us through the contact details set out in our Personal Information Collection Statement. If you withdraw your consent to our processing of your personal data, we may not be able to provide the relevant products and/or services to you.
Last updated: Oct 2024