Cigna Middle East Data Protection Notice

We collect Personal Information in a variety of ways, including through our Services and from other sources, as set out below. We aim to only collect as much Personal Information as is necessary for the purposes for which we are collecting it.

We need to collect certain Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide some or all of the Services.

If you disclose any Personal Information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this notice.

We collect Personal Information from or about the following:

• Business contacts, if you are the Cigna contact at your company;
• Policyholders or scheme members, if you are the primary member of Cigna insurance policy or scheme; and
• Dependents, if you are covered by a Cigna insurance policy or scheme, but are not the primary member (e.g., you are the spouse or child of the primary member).

We collect a variety of Personal Information including information sensitive in nature. The Personal Information we may collect includes: 

• Name & contact details including Personal Information such as your date of birth, gender and relationship to the scheme member or policyholder, if you are a dependent.
• Identification information including your national ID and/or passport.
• Employment information such as employment status and related information that may be strictly required to provide the Services to you. This may include information about your job, including job title, employment history, education history and professional accreditations.
• Policy related information such as details about previous schemes you have been a member of or insurance policies you have held and any previous claims you have made, details about your family such as dependents or spouses, and scheme or policy specific information.
• Policyholder financial information such as your bank account and payment details and information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments.
• Claim information including photographic evidence or, for example, countries visited if you make a claim..
• Anti-fraud information such as information that is available publicly, for example, through internet search engines and social media where we need to investigate fraudulent claims.
• Health information such as information about your physical and mental health (to the extent necessary and relevant to your policy or scheme or a policy or scheme under which you are covered, health program you have registered for or any claims you make). In addition, the health data we collect may reveal certain other categories of sensitive personal information.
• Business contact details where you are our point of contact at an employer, your name, address, contact details and company name.
• Account information including your chosen username and password, and other information you share in your account.
• Preferences such as language, contact, and other preferences that you might express during your use of our Services.
• Marketing data such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication.
• Telephone call recordings such as audio recordings of telephone calls when you contact us.
• Device information such as information about your devices and your use of our Services. This includes data obtained through cookies and similar technologies, as described in our cookies and similar technologies policy.

Personal Information is collected through our Services and from other sources, such as:

• Third parties involved in your policy or scheme, such as your employer, brokers, another insurer (e.g., to ensure continuity of cover when switching from one insurance provider to another), and our own business partners;
• Publicly available databases (such as anti-fraud databases, sanctions lists, court judgements);
• Insurance industry bodies;
• The policyholder or scheme member (or prospective), where you are a beneficiary or a dependent.
• Third party organizations, when they share personal information with us to, for example, to facilitate mergers, acquisitions and other reorganization and restructurings of our business.
• A third party, such as a family member whom you have formally authorized to act on your behalf, or who has power of attorney over you;
• Credit referencing agencies;
• Third parties who assist with insurance claim handling, such as, claims services providers, third party administrators, medical experts, investigators, lawyers, insurers, advisory firms and loss adjusters.
• Other parties to a claim (claimant/defendant), witnesses, experts (including counsel opinions).
• Other health insurance/health benefit providers, where schemes or policies are transferred to Cigna for administration;
• Emergency assistance and medical services providers;
• Marketing / advertising service providers; and
• Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities.

We collect and process your Personal Information for legitimate business purposes including those listed, below.  

Kindly note that your Personal Information is collected for either mandatory (i.e legally obliged to collect your Personal Information) or optional (i.e for legitimate business purposes) (see the legal basis section for more information).

• Insurance quotation and policy commencement
• Pricing and risk modelling
• Claims management
• Policy administration
• Renewals, adjustments and cancellations
• Due diligence and anti-fraud checks
• Providing the functionality of our Websites
• Customer service
• Communicating important changes / sending service messages
• Operations and general business
• Marketing
• Personalization
• Improving and developing new products and services
• Aggregating and/or anonymizing Personal Information
• Security and fraud prevention
• Legal and compliance

We collect and process your Personal Information in accordance with certain legal bases that are set out in applicable data protection laws. These include:

• Performance of a contract such as to enter into or perform the insurance contract you, your employer or your sponsor have/has applied for, collect information required to pay your insurance claim and collect information to process insurance payments;
• Legal obligations for example regulatory requirements such as “know your customer” checks or the legal obligation of your employer or sponsor to provide you with health insurance, dealing with any of your requests to access your Personal Information, and to comply with legal processes;
• Legitimate interest such as to (i) determine the likely risk profile and appropriate insurance product and quote for you, (ii) assess the veracity and quantum of claims, (iii) correspond with policy holders, beneficiaries and claimants to facilitate the handling of claims or policy renewal, (iv) respond to your inquiries and complaints, (v) ensure our Services are used in accordance with our terms, conditions, and policies, (vi) provide tailored Services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation, (viii) develop and promote new and existing Services, (vii) generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual, (viii) identifying and/or preventing fraudulent transactions, and/or
• Your consent.

We may disclose your Personal Information within our group of companies and also to other third parties. Such disclosures are done in accordance with applicable law and this notice.

Examples of third parties who may receive and process your Personal Information include:

• The policyholder or scheme member, where you are a dependent;
• Your employer, or a company acting on your employer’s behalf, to monitor, audit or otherwise administer the Services and fulfil contractual obligations in relation to the Services;
• Third parties who we rely on to provide insurance and handle claims (such as such as brokers, insurers, reinsurers, third party claimants, defendants, witnesses, translators, appointed representatives or other companies who act as insurance distributors, and our own business partners);
• Third parties we appoint to assist with an insurance policy or claim (such as third party administrators, claims handlers, travel and medical assistance providers, medical experts, investigators and loss adjusters);
• Health insurance/health benefit providers, where schemes or policies are transferred from us;
• Our emergency assistance and medical services providers, and other third parties they use to assist with claims, including healthcare providers, overseas agencies and cost containment agencies;
• Information technology providers;
• Customer service or related benefits service providers;
• Law enforcement, public, regulatory, insurance industry bodies and government authorities (including government digital health platforms (e.g. digital records platforms)), courts or tribunals;
• External professional advisors and partners (such as medical professionals, accountants, actuaries, auditors, experts, consultants, lawyers, banks, payment processing service providers and financial institutions that service our accounts, and claims investigators, adjusters, debt collection and subrogation agencies and others);
• Credit referencing agencies, financial crime, fraud detection agencies and investigative firms, and sanctions check providers; and
• Our own insurers and companies who we have appointed to assist with arranging our insurance.

We may collect personal information through the use of cookies and similar technologies. Please see our Cookies and Similar Technologies Policy, for more information.

We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization.

We continually assess our data privacy, information management and security practices and train our employees on these requirements. Our security protocols relating to the Services include (but are not limited to) access management, encryption, physical security, logging and monitoring, vulnerability management and data loss prevention.

You are entitled to exercise certain rights (according to applicable data protection law) in relation to the Personal Information we hold about you. It should be noted that there are certain restrictions on how you can exercise these rights under applicable laws. These rights include some or all of the following rights:

• to request to access, correct, update, restrict, or delete Personal Information,
• to object to the processing of Personal Information,
• to withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or
• to request to receive a copy of your Personal Information for purposes of transmitting it to another company.

If you would like to exercise any rights, to the extent that you are permitted to do so under applicable law, you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.

In your request, please make clear what Personal Information your request relates to. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain Personal Information for recordkeeping purposes and/or to comply with legal or regulatory requirements, in which case we may not be able to delete your Personal Information. In some circumstances, exercising some of these rights (including the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with your policy and may therefore result in the cancellation of your policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

You may lodge a complaint with the relevant data protection authority where this policy is underwritten or where an alleged infringement of applicable data protection law occurs.

We may use your personal information to provide you with information about our products or services, or those of our partners which may be of interest to you where you have provided your consent for us to do so.

In certain circumstances, we may also use your personal information to contact you for marketing purposes where we have a legitimate interest to do so. This will include where you are our business contact with a prospective client, and we would like to provide you with information about our products, services or events which we consider may be of interest to you and / or your business. 

If you wish to unsubscribe from emails sent by us, you may do so at any time by clicking on the "unsubscribe" link that appears in all marketing emails. Otherwise you can always contact us to update your contact preferences by using the details in the "Contacting Us" section below. Please note, however, that we will continue to send you service related (non-marketing) communications.

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Once that period is expired, we will delete or otherwise destroy your Personal Data.

The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information for a reasonable period of time, even after your account has been deleted and/or we no longer provide the Services to you.

In some circumstances we will anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

This notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

We use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services.

Your Personal Information may be stored and processed in countries in which:

• we have affiliates;
• our Company operates in; or
• we engage service providers.

By using the Services, you understand that your Personal Information will be transferred to countries outside of your country of residence, including the countries where this policy is underwritten. These may include the United Kingdom, countries in the European Union, the United States of America, India and Hong Kong SAR; all countries which may have data protection rules that are different from those of your country.

Where this will involve transferring your Personal Information outside your country of residence, we ensure an appropriate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Adequate Jurisdictions: Some countries are recognized under applicable data protection laws as providing an adequate level of data protection (each an “Adequate Jurisdiction”). The approved list of, or criteria for, Adequate Jurisdictions may vary depending on the applicable data protection law. Where the data protection authority in your home jurisdiction has recognized the jurisdiction where your Personal Information is being transferred to as “adequate”, no additional safeguards are required before transferring your Personal Information to that Adequate Jurisdiction.
• Additional Safeguards: For transfers of your Personal Information to another country which is not considered an Adequate Jurisdiction, we will put in place adequate safeguards as required under applicable law. These may include standard contractual clauses to protect your Personal Information or obtaining your consent for the transfer.

We are continually improving our methods of communication and alongside with changes in the applicable laws and the changing nature of technology, our data practices and how we use your Personal Information will change from time to time. We will post the most up-to-date version of the notice on our website.

The “Last Updated” legend at the top of this notice indicates when this notice was last revised. Any changes will become effective when we post the revised notice.

United Arab Emirates

Dubai

Cigna Insurance Middle East S.A.L - Dubai Branch
Level 1, The Offices 3, One Central, DWTC, Sheikh Zayed Road, PO Box 3664,

Dubai, United Arab Emirates

Abu Dhabi

Cigna Insurance Middle East S.A.L - Abu Dhabi Branch
Level 17, The Offices World Trade Center in Hamdan Street, Central Market, Al Markaziya, PO Box 3876, Abu Dhabi, UAE

Sharjah

Cigna Insurance Middle East S.A.L – Sharjah Branch

Regus Office 4048, Megalmall Tower,

Plot 260, Bu Daniq, Al Qassimia, PO Box 73500,

Sharjah, United Arab Emirates

Kuwait

Cigna Insurance Middle East SAL
Al Hamra Tower,  Floor 35 Al Shuhada Street, Sharq, PO Box - 5819, Kuwait City, Kuwait

Oman

Cigna Insurance Middle East SAL - Oman Branch
7^th Floor, Al Fardan Heights, Gala, P.O Box 1101, PC 114 Jibroo, Sultanate of Oman

Bahrain

Cigna Life Insurance Company of Europe, S.A - Bahrain Branch
Bahrain World Trade Centre, Level 9 West Tower, Isa Al Kabeer Avenue Road 365 Block 316, Manama, Kingdom of Bahrain

Kingdom of Saudi Arabia

Cigna Worldwide Insurance Company Branch

Building S4 Roshn Front, Airport Road,

PO Box 13413,

Riyadh, Kingdom of Saudi Arabia

Lebanon

Cigna Insurance Middle East S.A.L.
Holcom Building, Corniche Al Nahr, Bloc B, 3rd floor, Beirut

Lebanon

If you have any questions about this notice, or wish to exercise any of your rights set out in this notice or otherwise under applicable data protection laws, please contact us at CignaGlobalPrivacyOffice@cignahealthcare.com

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.