Cigna International Health Services Data Protection Notice
- Cigna International Health Services BVBA., with corporate address in Belgium at Plantin en Moretuslei 299, 2140 Antwerp, with enterprise number 0414.783.183 (Register of Legal Entities Antwerp), and subject to the supervision of the Financial Services and Markets Authority in the field of consumer protection.
The types of personal information we collect
The Personal Information we collect includes:
- General information such as your name, address, contact details, date of birth, gender, relationship to the policyholder (where you are not the policyholder);
- Identification information such as your national identification number, passport number or driving license number;
- Information linked to the provision of the Services (for example, to review and pay your claims; to issue guarantee of payment/s when applicable);
- Information about your job including job title or any other that may be strictly required to provide the Services to you, provided that there is a connection between the access to the Services and your job or job title;
- Information relating to previous policies or claims;
- Financial information such as your bank or payment details;
- Telephone recordings and other logs of your correspondence with us; and
- Sensitive data including details of your current and past physical and/or mental health.
We collect the Personal Information outlined above from a number of different sources, including from:
- You directly, or from someone else on your behalf (such as a family member that you have formally authorised to do so);
- Healthcare providers and other medical providers, and other third parties that are required to provide the Services to you (for example loss adjusters, claims handlers, experts (including medical experts);
- Other third parties involved in the provision of the Services or linked to that provision such as a broker or another insurer, claimants, defendants;
- Your employer (as it may be applicable);
- Medical reports and counsel opinions;
- Emergency assistance;
- Other companies within the Cigna corporate group as may be appropriate to provide the Services to you; and
- Insurance industry fraud prevention and detection databases and sanctions screening tools.
As we are required to collect your Personal Information as a consequence of a contractual agreement with the employer, failure to provide this information may prevent or delay the fulfilment of these obligations. For example, if you do not provide certain Personal Information, we will not be able to provide you with the Services.
Purpose and use of personal information
- Provide insurance and assistance services including, for example, claim assessment, processing and settlement; and, where applicable, handle claim disputes;
- Communicate with you and others, including the employer, as part of our Services;
- Send you important information regarding changes to our policies, other terms and conditions and other administrative information;
- Make non-automated decisions about whether to provide the Services to you;
- Provide improved quality, training and security (e.g. with respect to recorded or monitored phone calls to our contact numbers);
- Continuously improve and test the quality of our Services (for example, conducting satisfaction surveys, research and analysis related to the Services);
- Protect our business against fraud. This includes searching claims or fraud registers when dealing with insurance requests or claims in order to detect, prevent and investigate fraud;
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; business continuity; and records, document and print management;
- Resolve complaints and handle requests;
- Comply with applicable laws and regulatory obligations, including those relating to anti-money laundering and anti-terrorism; and respond to requests from public and governmental authorities and litigation; and
- Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners; safeguard our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
As outlined above, we may use your Personal Information for a number of different purposes that are always connected with the Services we provide. Consequently, we will rely on the following legal grounds to use your Personal Information:
- The use of your Personal Information is necessary for the performance of a contract to which you are a party;
- We have a legal or regulatory obligation to use your Personal Information. For example, we will rely on this ground to comply with anti-money laundering and anti-terrorism obligations; and
- We have a legitimate interest in using your Personal Information. We may rely on this legal ground for the purpose of providing improved quality, training and managing our infrastructure and operations. When collecting and processing your Personal Information under this ground we put in place robust safeguards to ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Due to the nature of the Services you are entitled to, we may process sensitive data connected with the provision of such Services. In general, your consent is not required since we are permitted by applicable law to process such information as a healthcare insurance company. However we may collect your consent in specific situations where either the nature of the data to be disclosed and/or the requirements on the jurisdiction where you are on assignment or other applicable laws and regulations may require that consent.
Disclosure of your personal information
- Cigna group companies. Access to Personal Information within Cigna is restricted to those individuals and entities who have a requirement to access the information for the purposes described in this Data Protection Notice;
- Other insurance and distribution parties, such as other insurers; reinsurers; brokers and other intermediaries and agents and appointed representatives;
- Healthcare providers and travel and medical assistance providers;
- External third-party service providers, such as IT systems, support and hosting service providers; document and records management providers; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities;
- External professional advisors and partners such as medical professionals, accountants, actuaries, auditors, experts, consultants, lawyers; banks and financial institutions that service our accounts; claim investigators, adjusters and others;
- Investigative firms we brief to look into claims on our behalf in relation to suspected fraud;
- Our regulators and other governmental or public authorities where necessary to comply with a legal or regulatory obligation;
- The police and other third parties or law enforcement agencies, court, regulator, government authority or other similar third parties where necessary for the prevention or detection of crime or to comply with a legal or regulatory obligation; or otherwise to protect our rights or the rights of a third party;
- Debt collection & Subrogation agencies;
- Selected third parties in connection with any sale, transfer or disposal of our business;
- Other third parties, such as emergency providers (fire, police and medical emergency services) and travel carriers;
- Your employer or a company acting on your employer’s behalf to monitor, audit or otherwise administer the Services and fulfil contractual obligations in relation to the Services. Consequently, the Personal Information that may be shared will be the minimum necessary to perform the Services you are entitled to. Under no circumstances will Cigna provide any sensitive information (i.e. medical information related to you) to the employer without asking for previous express consent from you;
- In addition to the above, we may need to share limited Personal Information with the employer in case of an emergency medical evacuation or repatriation (“Emergency”) to ensure that your health and safety and the best outcome for you, in case of an Emergency when outside your home country, is achieved. Please be aware that during an Emergency we will try to prevent the immediate and significant effects of illness, injury or conditions which if left untreated would result in a significant deterioration of health and represent a threat to your life. During the complexity of those situations the interaction with your employer may be required to provide additional assistance to try to ensure the best possible outcome during an evacuation and/or assess whether to provide other assistance to you out-with the Cigna plan. The Personal Information that may be shared will be the minimum necessary to conduct the evacuation or repatriation in line with the Services you are entitled to. The information that will be shared may be: date of evacuation or repatriation; location where the patient will be evacuated or repatriated from or to; medical conditions which has resulted in the need for the evacuation or repatriation and the medical necessities of the patient during the Emergency. Once you are safely medically repatriated or evacuated that sharing of information will cease immediately; and
- Registers of claims which are shared with other insurers in order to check information to detect and prevent fraudulent claims. The Personal Information put on these registers may include details of injuries.
For any of the categories of the recipients listed above, it should be noted that some of them may be located in the European Economic Area, while others can process and access your Personal Information from outside the European Economic Area, as described in the following section of the Data Protection Notice.
International transfer of personal information outside the European Economic Area
Retaining your personal information
- Provide you with the Services;
- Fulfil the purposes outlined in this Data Protection Notice; and
- Comply with our legal obligations and/or protect our rights.
- The right to access your Personal Information
You are entitled to a copy of the Personal Information we hold about you and certain details about how we use it. There will not usually be a charge for dealing with these requests.
Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
- The right to rectification
We take reasonable steps to ensure that the Personal Information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
- The right to erasure
In certain circumstances, you have the right to ask us to erase your Personal Information. Please note that in some circumstances exercise of this right will mean we are unable to continue providing you with the Services as outlined above.
- The right to object to, and/or to request restriction of processing
In certain circumstances, you are entitled to object to our processing of your Personal Information, or ask us to stop using your Personal Information. Please note that in some circumstances exercise of these rights will mean we are unable to continue providing you with the Services.
- The right to data portability
In certain circumstances, you have the right to ask that we provide your Personal Information to you in a commonly used electronic format, and to transfer any Personal Information that you have provided to us to another third party of your choice.
- The right to object to marketing
However, we don’t use your data for marketing purposes.
- The right not to be subject to automated decision-making (including profiling)
You have a right in some circumstances to not be subject to a decision based solely on automated means, but we do not base our decisions only on automated means.
- The right to withdraw consent
As explained previously, we collect and process your Personal Information (including sensitive data) to provide the Services under different grounds, so that is why we do not ask for your consent.
- The right to lodge a complaint with a data protection authority
You have a right to complain to your local data protection authority if you believe that any use of your Personal Information by us is in breach of applicable data protection laws and regulations.
Making a complaint will not affect any other legal rights or remedies that you have.
Google Maps/Google Earth
We will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable data protection laws to protect your Personal Information.
Changes to this Data Protection Notice
We may update this Data Protection Notice from time to time to ensure that it remains accurate. Please check back each time that you provide additional Personal Information to us. Where changes to the Notice will have a fundamental impact on the nature of our processing of your Personal Information, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your Personal Information.
This Data Protection Notice was last updated May 2018 to comply with the European General Data Protection Regulation effective as of May 25th 2018.