Collection and Use of Personal Data
- The main types of personal data that CXA collects and deals with are names, email addresses, contact numbers, national ID numbers, lab results and health risk assessments information, claims and benefits information, credit card information and delivery addresses. CXA does not collect or store medical records other than as specified herein.
- CXA obtains and uses personal data for (a) designing, developing and offering employee benefits, employee benefits and wellness products, services and solutions (Key Businesses), (b) owning, operating and providing online services, eCommerce market places, support and other services related to the Key Businesses, (c) obtaining, analysing and dealing with data and other information (including those relating to Key Businesses), (d) distribution of its Key Businesses, insurances and related services, and (e) providing consultancy or advisory services on Key Businesses.
- CXA may use personal data for correspondences related to claims, underwriting, benefits administration and related transactions (Permitted Communications).
- CXA may use personal data to supervise, administer, assist with or otherwise manage the transactions on CXA's online or eCommerce services. In exceptional cases, including to prevent fraud, mitigate losses and in response to requests or complaints, CXA may use personal data to intervene in transactions on CXA's online or eCommerce services. For example, CXA may use personal data to enforce refunds.
- CXA may, either by itself or by working with or through collaborative partners, use personal data to conduct research and data analytics in order to provide targeted services and/or for research.
- CXA stores personal data, regardless of its form, with security appropriate to the sensitivity of the personal data. CXA retains personal data for the duration that is set out in its prevailing record retention policy (presently 7 years), which complies and is consistent with applicable laws and CXA's reasonable business requirements. Where CXA obtains employee personal data from an employer, CXA may continue to retain that employee's personal data for the retention period described under this clause, even if the applicable employment is terminated.
- CXA does not sell, rent, license or otherwise deal with personal data for cash consideration or as inventory or stock-in-trade.
- CXA discloses personal data to its agents, subcontractors, service providers, suppliers, insurers, collaborative partners and professional advisors;
- where CXA's online services and electronic market places are used, CXA discloses personal data to credit card processors, payment gateways (presently Stripe), delivery services and other service providers that perform, facilitate or support the applicable payment, delivery or other service; and
- Where CXA's online services and electronic market places are used, CXA discloses supplier's or service provider's personal data to users or purchasers for purposes that are related to the relevant transactions, including delivery, consumer inquiries, payments and refunds;
and such recipients are contractually restricted from using or disclosing the personal data except as agreed with CXA or to comply with legal requirements. Such recipients are contractually bound to maintain the confidentiality of personal data and may not use the personal data for any unauthorized purpose.
CXA discloses anonymized and aggregated personal data to clients, and strategic, specialist and other partners, for analysis, processing, computation and other similar activities, for CXA's Key Businesses, product development and research.
When CXA discloses personal data to third-parties, the third-party recipients (other than natural person consumers) are required to protect personal data with substantially the same or higher standards as those stated in this policy.
CXA may provide personal data with or without consent in emergencies or legal processes, including:
- where requested by governmental agencies, subpoenas or court orders;
- for inquiries related to insurance or employment; and
- where necessary to ensure health and safety.
CXA may store cookies in your browser in order to identify it and associate activity with it. The activity data may be combined with other information, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Third Party Sites
Transfer outside Singapore
Before CXA transfers personal data to a territory outside of your country of residence including for the purpose of business continuity planning and/or disaster recovery planning, CXA shall take appropriate steps to ensure that any transfers of personal data to such territory will be in accordance with the applicable data protection law so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under that data protection law.
For (a) questions or feedback about how we are handling your personal data, or any complaint about such matters, (b) withdrawal of consents, or (c) accessing or correction of personal data, please contact:
With respect to CXA Hong Kong Limited & CXA Insurance Brokers Hong Kong Limited:
Chief Executive Officer
Unit 01, 29/F, 148 Electric Road, Hong Kong.
With respect to CXA Benefits Malaysia Sdn. Bhd.:
c/o CXA Data Protection Officer
401 Commonwealth Drive, #05-03/05, Haw Par Technocentre,
With respect to CXA Consulting (Shanghai) Co., Ltd & CXA companies in the PRC:
c/o Chief Executive Officer
523 Lou Shan Guan Rd (Arch Shanghai),
Building 1, Rm 1602, Shanghai
The People’s Republic of China
With respect to CXA Group Pte. Limited, CXA Singapore Pte. Ltd. & CXA Insurance Brokers Singapore Pte. Ltd.:
The Data Protection Officer at DataProtection@cxagroup.com
401 Commonwealth Drive, #05-03/05 Haw Par Technocentre, Singapore 149598
As CXA relies on your personal data to provide products and services to you, you shall ensure that at all times the personal data provided by you to us is correct, true, accurate and complete. You shall update us in a timely manner of all changes to the information given to us.
If CXA received personal data from a third-party (including your insurer, employer or doctor), please contact that third-party to access or correct personal data.
- If you withdraw your consent relating to your personal data, CXA may become unable to provide you with its products or services or otherwise deal with you. It may also result in the termination of your agreements with CXA.
CXA management is responsible for ensuring the compliance with all applicable data protection laws. This responsibility is shared with CXA's Data Protection Officer (as may be applicable), and its Information Technology and Human Resources departments.