FWD Insurance Berhad and FWD Takaful Berhad ("our", "us", "we") are committed to the implementation and compliance with the provisions of the Personal Data Protection Act 2010 of Malaysia ("the Act"). This Notice is issued pursuant to the requirements of the Act. In this context, our Personal Data Protection Officers are responsible for coordinating and overseeing compliance with the Act and upholding the Personal Data Protection Principles set out in the Act.

This Notice applies to all products and services and describes how we may collect, use, process, and disclose your personal information.

From time to time, you must supply us, our affiliates, agents and representatives acting on our behalf, or any selected third party (within or outside of Malaysia, including reinsurance/retakaful and claims investigation companies and industry associations and federations) with personal information and particulars in connection with our services and products as well as for compliance with any laws, guidelines or requests issued by regulators or any other governmental authority. Apart from data provided by you, we may obtain and/or verify your data with any third party, including but not limited to risk surveyors, medical practitioners, hospitals or medical institutions that have attended to you. Failure to supply such personal data or to agree to the collection of such personal data may result in we unable to provide or continue to provide these services and products to you, including the termination of your Insurance/takaful Certificate, in order to comply with any laws or guidelines issued by regulators or any other governmental authorities.

Personal information and particulars requested may include information concerning your personal details (such as name, age, identity card number, passport number, gender, date of birth, race, nationality, citizenship and marital status), contact details (such as address, email and phone numbers), family information (such as marital status, name of your spouse or child or immediate family members), occupation details (such as your employer's name, annual income, job title, nature and description of job) and financial information (such as bank account number and credit card number).

 

In addition, we may, from time to time, request for:

Information relating to your medical records or health condition in general from you or any medical practitioner, hospital, medical institution or any person (whether incorporated or not) who has ever attended to you or has records regarding your health or medical condition; and/or

Such other personal information may be relevant for us to consider your application for insurance coverage or the continuous provision of the insurance certificate and/or insurance/takaful services under an Insurance/takaful Certificate issued by us. This includes but is not limited to tax information about you, your designated beneficiary(ies) or any person entitled to any benefits/payment under the Insurance/takaful Certificate.

 

Personal information and data may also be collected from:

Other sources in the ordinary course of the continuation of the insurance relationship, for example, when you write cheques or provide your credit card or bank account details to us for contribution payment of the insurance/takaful coverage or when you nominate a nominee to receive insurance/takaful benefits payable under an insurance/takaful certificate; and/or

A person acting on behalf of the individual whose personal data is provided (and if you provide personal data on behalf of any person, you hereby confirm that you are either their parent or guardian or you have obtained that person's consent to provide that personal data for use by us; and/or

Other sources (including publicly available information).

 

Data may also be generated, processed or combined with other information available to us or any of our subsidiaries, holding companies, associated or affiliated companies and companies controlled by or under common control with us (collectively, the "Group").

 

The purposes for which your personal data may be used and/or processed are as follows:

Providing our services and products to you, including administering, maintaining, managing and operating such services and products;

Processing, assessing and determining any applications or requests made by you in connection with our services or products and maintaining your account with us;

Developing insurance/takaful and financial services and products;

Developing and maintaining credit and risk-related models;

Processing payment instructions;

Determining any indebtedness owing to or from you and collecting and recovering any amount due from you or any person who has provided any security or other undertakings for your liabilities;

Exercising any rights that we may have in connection with our services and/or products;

Carrying out and/or verifying any eligibility, credit, physical, medical, security, underwriting and/or identity checks in connection with our services and products;

Any purposes in connection with any claims made by or against or otherwise involving you in respect of any of our services or products, including making, defending, analysing, investigating, processing, assessing, determining, responding to, resolving or settling such claims;

Performing policy reviews and needs analysis (whether or not regularly);

Meeting disclosure obligations and other requirements imposed by or for the purposes of any laws, rules, regulations, codes of practice or guidelines (whether applicable in or outside malaysia) binding on us or any other member of the group, including making disclosure to any legal, regulatory, governmental, tax, law enforcement or other authorities (including for compliance with sanctions laws, the prevention or detection of money laundering, terrorist financing or other unlawful activities) or to any self-regulatory or industry bodies such as federations or associations of insurers/ insurance operators;

For any corporate exercise or transactions relating to us, e.g. Sale and purchase of assets, reorganisations or amalgamation or collaboration;

For statistical or actuarial research undertaken by us or any member of the group; and

Fulfilling any other purposes directly related to 6(i) to 6(xiii) above.

 

Personal data will be kept confidential, but to facilitate the purposes set out in paragraph 6 above, we may transfer, disclose, grant access to or share personal data with the following:

Other members of the Group;

Any person or company carrying on insurance-related and/or reinsurance-related business which we engage in connection with our business;

Any physicians, hospitals, clinics, medical practitioners, laboratories, technicians, loss adjustors, risk intelligence providers, claims investigators, legal advisors and/or other professional advisors engaged in connection with our business;

Any agent, contractor or service provider providing administrative, distribution, credit reference, debt collection, telecommunications, computer, call centre, data processing, payment processing, printing, redemption or other services in connection with our business;

Any official, regulator, ministry, law enforcement agent or other person (whether within or outside Malaysia) to whom we or another member of the Group is under an obligation or otherwise required or expected to make disclosures under the requirements of any law, rules, regulations, codes of practice or guidelines (whether applicable in or outside Malaysia); and/or

Third parties involved in any corporate exercise or transactions relating to us, e.g., sale and purchase of assets, reorganisations, amalgamation, or collaboration.

 

Your personal data may be transferred or disclosed to any assignee, transferee, participant or sub-participant of all or any substantial part of our business.

 

We are only allowed to:

Use your personal data in direct marketing; or

Provide your personal data to another person or company for its use in direct marketing if you consent or do not object in writing.

 

In connection with direct marketing, we intend:

To use your name, contact details, services and products portfolio information, financial background and demographic data held by us from time to time in direct marketing to market the following classes of services and products offered by us, other members of the Group and/or our business partners (being providers of the product and services described below):

Insurance/takaful services and products;

Wealth management services and products;

Pensions, investments, brokering, financial advisory, financial services and products;

Health check and wellness services and products;

Media, entertainment and telecommunications services;

Reward, loyalty or privileges programmes and related services and products; and

Donations and contributions for charitable and/or non-profit making purposes; and

To provide your name and contact details to any members of the Group and/or our business partners for their use in direct marketing the classes of services and products described in paragraph 10(i) above (including, in the case of our business partners, for money or other commercial benefit).

 

Suppose you do NOT wish us to use your personal data in direct marketing or provide your personal data to other members of the Group and/or our business partners for their use in direct marketing. In that case, you may notify us in writing via letter or email to our customer service or Data Protection Officer at any time.

 

To facilitate the purposes set out in paragraphs 6 and 9 above, we may transfer, disclose, grant access to or share your personal data with the parties set out in paragraphs 5, 8 and 9(ii), and you acknowledge that those parties may be based outside Malaysia and that your personal information and personal data may be transferred to places where there may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the Act.

 

Under the Act:

You have the right to request access to your personal data held by us and request correction of any of your personal data which is incorrect or to limit the processing of your personal data; and

We have the right to charge you a reasonable fee for processing and complying with your data access or correction request.

 

To access or correct your data held by us, you must write to us or contact our customer service personnel to complete the relevant form. For this purpose, we may charge a fee for processing your access request, and we also have the right to refuse or comply with your request for access and/or correction as provided for under the Act.

 

At any time effective upon Notice to you, we reserve the right to add to, change, update or modify the Notice.

 

Accuracy of Personal Information

We will ensure the accuracy of all personal data we collect and process. Appropriate procedures are implemented so that all personal data is regularly checked and updated to ensure that it is reasonably accurate regarding the purposes for which that data is used. In so far as personal data held by us consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

We will always endeavour to ensure the accuracy of personal data held by us. If such personal data is transferred to third parties, it will notify that third party of any correction to be made.

 

Retention of Personal Information

Personal data is kept for as long as necessary, and we will comply with all statutory and regulatory requirements in Malaysia concerning the retention of personally identifiable information.

Your personal data may be collected via, and stored in, an electronic or mobile application (FWD Smart) (the "App").

 

Data Security

We will ensure an appropriate level of protection for personal data to prevent unauthorised access, processing or other use of that data commensurate with the sensitivity of the data and the harm that would be caused by unauthorised access to that data. It is our practice to achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities and incorporating security measures into the equipment in which data is held. Measurements are taken to ensure the integrity, prudence, and competence of persons with access to personal data and that personal data is only transmitted by secure means. In addition, we take prudent security measures to ensure personal data collected via the App are stored and transmitted under protection.

For mobile app development, the App is developed by secure coding, and third-party security professionals conduct annual penetration testing.

The personal data collected via the App is stored in an encrypted database.

Data transfers between the App and us are made in SSL secured connection, and valid session key management is in place to ensure unauthorised access is restricted and prevented.

A multi-layered defence system is used in our data centre to secure transmission and ensure adequate data protection is in place.

 

Use of Cookies and Third Party Links

Our website may include hyperlinks to third-party websites. We have no control over the content, accuracy, opinion expressed, and other links provided by these third-party websites or how these third-party websites deal with your personal data. You should visit these third-party websites for details of their privacy policies in relation to their handling of your personal data.

We may use "cookies" to improve our internet service to you. Cookies are small data files automatically stored on your web browser in your computer that can be retrieved by our website. Cookies enable our website to remember you and your preferences when you visit the website and enable us to tailor the website to your needs. The information collected by cookies is anonymous visitors' personalised settings information. It contains no name or address information or any information that will enable anyone to contact you via telephone, email or any other means. No customer personal data is stored in cookies. However, you can disable cookies by changing your web browser's settings.

In case of discrepancies between the English and Bahasa Melayu versions, the English version shall apply and prevail.

Should you require any clarifications regarding our Personal Data Protection Policy and Practices, please do not hesitate to contact our Personal Data Protection Officer via email.