Exim Credit Insurance’s privacy policy and your data Your privacy is important to us. This Privacy Policy explains how we handle and treat your data when you (i) register or visit our site, https://www.eximinsurance.com (the “Site”) or (ii) engage with us to use the products or services that Exim Credit Insurance provides (our “Services”). It also includes information about individuals whose personal information we may process as a result of providing the Services to third parties and individuals who apply to work at Exim Credit Insurance. 1. Purpose of this Policy This Privacy Policy (“Privacy Policy”) explains our approach to any personal information that we collect from you or which we have obtained about you from a third party and the purposes for which we process your personal information. It also sets out your rights in respect of our processing of your personal information. This Privacy Policy will inform you of the nature of your personal information that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it. This Privacy Policy is intended to assist you in making informed decisions when using the Site and our Services and/or to understand how your personal information may be processed by us as a result of providing the Services to third parties or when you apply to work at Exim Credit Insurance Company. Please take a moment to read and understand it. Please also note that this Privacy Policy only applies to the use of your personal information obtained by us. 2. Who are we and what do we do Exim Credit Insurance is an insurer and reinsurer registered in the Suite 1086 BP 304, Malouzin Moron, grand Comoros, Union of Comoro’s offering insurance services to both national and international clients. Exim Credit Insurance is the data controller responsible for your personal information processed via the Site. 3. How to contact us If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact us by: • sending an email to: [email protected] calling us on: Tel: +971 (04) 554 8909 4. What personal information do we collect? We may collect personal information from you in the course of our business, including through your use of our Site, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff or clients. Our primary goal in collecting personal information from you is to help us: • verify your identity • deliver our Services • improve, develop and market new Services • carry out requests made by you on the Site or in relation to our Services • investigate or settle inquiries or disputes • comply with any applicable law, court order, other judicial process, or the requirements of a regulator • enforce our agreements with you • protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services • with recruitment purposes, and • use as otherwise required or permitted by law. To undertake these goals, we may process the following personal information: • If you are a visitor to the Site: • Name and job title. • Contact information including the company you work for, email address and social media account where appropriate. • Demographic information such as your address, preferences and interests. • Other information relevant to the provision of Services. • If you are an individual client in receipt of our Services or prospective individual client: • Name and job title. • Contact information including the company you work for and email address, where provided. • Payment information. • Information that you provide to us as part of us providing the Services to you, which depends on the nature of your instructions to Exim Credit Insurance Company. • Relevant information as required by Know Your Client and/or Anti-Money Laundering regulations and as part of our client intake procedures. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from you or through the use of online sources or both. • Information you provide to us for the purposes of attending meetings and events, including dietary requirements which may reveal information about your health or religious beliefs. • Other information relevant to provision of Services. Exim Credit Insurance Company is primarily engaged by corporate entities and as such those instructors are not data subjects. However, as part of such engagements personal information may be provided to us (e.g. personal information relating to any of our corporate clients’ or prospective clients’ officers or personnel). If you are an individual whose personal information is processed by us as a result of providing the Services to others (including individual clients and corporate clients) we will process a variety of different personal information depending on the Services provided. This may include personal information relating, without limitation, to any of our corporate clients’ or prospective clients’ officers or personnel. We might also need to process personal information in relation to other third parties engaged either by our own clients or other persons or companies involved with us providing the Services to our client. For clients and prospects, we also collect information to enable us to market our products and Services which may be of interest to you. For this purpose, we collect: • Name and contact details. • Other business information such as job title and the company you work for. • Areas or topics that interest you. • Additional information may be collected such as events you attend and if you provide it to us, dietary preferences which may indicate data about your health or religious beliefs. If you are a potential recruit to join Exim Credit Insurance Company, we collect: • Name and job title. • Contact information including email address. • Curriculum vitae, including your age and/or gender if you provide it to us, your education, employment history and similar matters and similar information that you may provide to us. • Other information relevant to potential recruitment to Exim Credit Insurance Company. 5. How do we use your personal information? We may use your information for the following purposes: Fulfilment of Services We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services. Please note also that our contractual terms of business apply when we provide the Services. What is our legal basis? It is necessary for us to process your information to perform our obligations in accordance with any contract that we may have with you. It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others. Client services Our Site uses various user interfaces to allow you to request information about our Services including electronic enquiry forms and a telephone enquiry service. Contact information may be requested in each case, together with details of other personal information that is relevant to your Service enquiry. This information is used in order to enable us to respond to your requests. What is our legal basis? It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others. Business administration and legal compliance We use your personal information for the following business administration and legal compliance purposes: • to comply with our legal obligations (including any Know Your Client or Anti-Money Laundering or Anti-Bribery or similar obligations); • to enforce our legal rights; and • to protect the rights of third parties. What is our legal basis? Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us. Recruitment We use your personal information for the following recruitment purposes: • To assess your suitability for any position for which you may apply at Exim Credit Insurance Company and also any business support or services role whether such application has been received by us online, via email or by hard copy or an in-person application. • To review Exim Credit Insurance Company’s equal opportunity profile in accordance with applicable legislation to ensure that Exim Credit Insurance Company does not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment related decisions are made entirely on merit. What is our legal basis? Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions for Exim Credit Insurance Company. We will not process any special category data except where we are able to do so under applicable legislation or with your explicit consent. Marketing communications We carry out the following marketing activities using your personal information: • Postal marketing • Email marketing We use information that we observe about you from your interactions with our Site, our email communications to you and/or with Services (see the Client Insight and Analysis section below for more details of the information collected and how it is collected) to send you marketing communications. What is our legal basis? It is in our legitimate interest to use your personal information for marketing purposes. We will only send you marketing communications where you have consented to receive such marketing communications, or where we have a lawful right to do so. Client insight and analysis We analyse your contact details with other personal information that we observe about you from your interactions with our Site, our email communications to you and/or with our Services such as the Services you have viewed. Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal information from the computer hardware and software you use to access the Site, or from your mobile. This includes the following: • an IP address to monitor Site traffic and volume; • a session ID to track usage statistics on our Site; • information regarding your personal or professional interests, demographics, experiences with our products and contact preferences. Our web pages contain “cookies” “web beacons” or “pixel tags” (“Tags”). Tags allow us to track receipt of an email to you, to count users that have visited a web page or opened an email and collect other types of aggregate information. Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to the source email and the relevant Tag. In some of our email messages, we may use a “click-through URL” linked to certain websites administered by us or on our behalf. By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of offers our registered users like to see. We also use this information for marketing purposes (see the marketing section above for further details). What is our legal basis? Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients. Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details, where available. 6. What is our legal basis to use or process your personal information? It is necessary for us to use your personal information: • To perform our obligations in accordance with any contract that we may have with you. • It is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can. • It is our legal obligation to use your personal information to comply with any legal obligations imposed upon us. 7. Who do we share your personal information with? Exim Credit Insurance Company may share personal information with a variety of the following categories of third parties as necessary: • Our professional advisers such as lawyers and accountants. • Government or regulatory authorities. • Professional indemnity, reinsurers or other relevant insurers. • Regulators/tax authorities/corporate registries. • Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers. • Third party service providers to assist us with client insight analytics, such as Google Analytics. • Third party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter. Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can. 8. Third party contractors and other controllers As mentioned above, we may appoint sub-contractor data processors as required to deliver the Services, such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers, who will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations. Further, we may appoint external data controllers where necessary to deliver the Services. When doing so we will comply with our legal and regulatory obligations in relation to the personal information, including but without limitation, putting appropriate safeguards in place. What is our legal basis? It is necessary for us to perform our obligations in accordance with any contract that we may have with you. It is in our legitimate interest or a third party’s legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can. 9. Where do we transfer your data to? In order to provide the Services, we may need to transfer your personal information to locations outside the jurisdiction in which you provide it. If you are based within the European Economic Area (EEA), please note that where necessary to deliver the Services we will transfer personal information to countries outside the EEA. 10. How long do we keep your personal information for? For visitors to the Site, we will retain relevant personal information for at least three years from the date of our last interaction with you and in compliance with the EU General Data Protection Regulation or similar legislation around the world, or for longer if we are required to do so according to any regulatory obligations or professional indemnity obligations. For Service provision to any client, we will retain relevant personal information for at least six years from the date of our last interaction with that client and in compliance with the EU General Data Protection Regulation or similar legislation around the world, or for longer as we are required to do so according to any regulatory obligations or professional indemnity obligations. We may then destroy such files without further notice or liability. If personal information is only useful for a short period e.g. for specific marketing campaigns, we may delete it. 11. Confidentiality and the security of your personal information We are committed to keeping the personal information provided to us secure and we have implemented appropriate information security policies, rules and technical measures to protect the personal information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. All of our directors, employees, consultants, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information. 12. How to access your information and your other rights? You have the following rights in relation to the personal information we hold about you: • Your right of access If you ask us, we’ll confirm whether we’re processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee. • Your right to rectification If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly. • Your right to erasure You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly. • Your right to restrict processing You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly. • Your right to data portability You have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. • Your right to object You can ask us to stop processing your personal information, and we will do so, if we are: • relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or • processing your personal information for direct marketing purposes. • Your right to withdraw consent • If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. • Your right to lodge a complaint with any supervisory authority If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to any relevant supervisory authority. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations. 13. Changes to this Privacy Policy We may make changes to this Privacy Policy from time to time. To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.