Introduction

We are committed to protecting the privacy of all persons whose personal information we handle or process. The following notice outlines how we safeguard personal information:

As used in this policy, terms such as “we”, “our” and “Company” refer to the operations of Pacific Life Re International Limited which are based in Asia (including Southeast Asia, Korea, China and Japan) and/or relate to policyholders who are based in Asia and/or employees of Pacific Life Re Services Singapore Pte Limited and Pacific Life Re (Shanghai) Information Consulting Services Co., Ltd.

This privacy notice is not intended for individuals connected with, or employed by, cedants, insurance intermediaries and consultants, and other professional third parties, such as retrocessionnaires and service providers, with whom Pacific Life Re has a business relationship.

The Company’s main business is the provision of life and health reinsurance services to insurance companies. Reinsurance is essentially insurance for insurers. It is common for insurance companies to reduce the risk associated with a life insurance by reinsuring some of the risk with a reinsurer.

In the course of providing reinsurance services the Company may receive data containing personal information from insurance companies regarding individuals insured by them and/or individuals who have applied for insurance cover. We refer to these individuals as ‘policyholders’ and their personal information as ‘policyholder information’.

The Company may itself also obtain reinsurance for some of the risks that it has reinsured. The provision of reinsurance services to reinsurers is known as ‘retrocession’ and the providers are known as ‘retrocessionaires’. In order to obtain retrocession cover the Company will typically share policyholder information with retrocessionaires.

Set out below are further details of the policyholder information we receive and the ways in which we use that information for the purposes of providing reinsurance services and obtaining retrocession.

What personal information do we collect?

We collect, store, and use the following kinds of policyholder information (where applicable):

• basic personal details such as name and date of birth
• details of insurance policies and other insurance-related services policyholders have applied for or received
• information about policyholders’ claims and incidents that are subject to an insurance claim

In certain circumstances we may request and/or receive "sensitive" personal information about policyholders. For example, we may need access to health records for the purposes of deciding whether and on what terms we will reinsure a risk or to process reinsurance claims payable to our insurance company clients, or we may need details of any court judgments for the purposes of preventing, detecting and investigating fraud.

Please see below for a more detailed list of sensitive policyholder information we may collect (where applicable):

• details of policyholders’ current or former physical or mental health
• details of policyholders’ current and former marital status
• details regarding policyholders’ criminal offences, including alleged offences, criminal proceedings, outcomes and sentences
• information about policyholders’ health including treatment and care they may have received or need
• information about policyholders’ family history of illness or medical treatment

How do we use your personal information?

We will only use policyholder information for the following purposes:

• Discussion, negotiation and conclusion of reinsurance agreements (including retrocession)
• Deciding whether to provide reinsurance cover in relation to an individual or group of policyholders
• Administration, implementation and management of reinsurance and retrocession agreements
• Determining whether claims or other amounts are payable under reinsurance or retrocession agreements
• Establishing, exercising or defending our legal rights in connection with reinsurance or retrocession agreements, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves
• The detection and prevention of fraud and prevention of financial crime
• Any uses permitted by specific legal exemptions to process personal information for insurance purposes. A specific exemption applies where we need to process sensitive policyholder information as an essential part of providing insurance cover, for example using health data to assess whether to provide reinsurance cover or pay reinsurance claims
• Other business activities relating to reinsurance. These include, for example, financial reporting, compliance with legal and regulatory requirements, and research and statistical analysis to support and improve the Company’s reinsurance services and those of its affiliates, ensuring that our processes, procedures and systems are as efficient as possible and enhancing the service that we provide.

Where it is possible and proportionate to do so, we use anonymised data to carry out these purposes.

We do not use policyholder information to contact policyholders or allow any other person to do so on our behalf.

Our legal basis for processing

We rely on the ‘Legitimate Interests Exception’ basis for processing Personal Data. Financial backing and expertise from reinsurers improves the quality, cost-effectiveness and availability of products and services provided to new and existing policyholders. We take steps such as data minimisation to ensure that our use of data is proportionate and to respect the rights and interests of policyholders.

In order to provide reinsurance services required by the insurance industry, we need to be able to use policyholder information for the purposes set out in the preceding section.

Our processing of policyholder personal data is therefore necessary for the performance of the underlying insurance contracts which we reinsure.

Finally, in some relatively limited circumstances we will need to use policyholder information to be able to comply with our legal obligations (for example, to deal with any legal proceedings which may arise, and to establish or exercise our legal rights or defend against legal claims).

When do we disclose your personal information?

We only share policyholder information where it is lawful and necessary to do so in connection with the provision of reinsurance services.

We may disclose policyholder information under the following circumstances:

• Third-party service providers: We share information with third- parties to facilitate the provision of certain reinsurance services, for example, medical officers who help us to assess health claims. These companies and/or individuals are authorised to use policyholder information only as necessary to provide these services.
• Group companies: We may provide policyholder information to our affiliated companies for the purpose of facilitating the provision of reinsurance services.
• Compliance with laws and legal proceedings: We may need to disclose policyholder information when we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims or to meet our legal and regulatory obligations.
• Retrocession companies: In a small number of cases we share personal information with retrocessionaires who provide us with retrocession services. These companies will process policyholder information in accordance with the terms of their own privacy policies.

Policyholders should contact us using the contact details set out below if they require further information regarding third parties to whom we have disclosed their policyholder data.

International transfers

We may transfer policyholder information to third party data processors located in countries that are outside of the country of origin in connection with the above purposes.

Accordingly, when we transfer personal information outside of the country of origin, we ensure compliance with generally accepted UK General Data Protection Regulation (UK GDPR) transfer obligations, which include but is not limited to ensuring that the country in which policyholder information is handled has been deemed "adequate" as set out in Chapter 5, Article 45 of UK GDPR.

How is your personal information protected?

We have in place physical, electronic, and procedural safeguards to protect personal information that we hold against unauthorised disclosure or unlawful processing. Safeguards include only holding personal information on secure servers, the use of encryption, firewalls and access controls and the separation of duties within our organisation to ensure appropriate organisational controls are in place. When processing policyholder information we seek to use only pseudonymised data where knowledge of a policyholder’s identity is not required.

How long is your personal information retained?

Our retention periods for personal information are based on our legitimate interests and other legal requirements.

We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purposes. For example, we retain information relating to an insurance policy and related correspondence until the time limit for claims arising from the relevant insurance policy has expired (usually the life of the policy plus 6 years), or to comply with legal requirements regarding the retention of such information.

When we delete policyholder information it may persist on backup or archival media for legal, tax or business continuity purposes.

Access to your personal information

Subject to any relevant exemptions, policyholders are entitled to see a copy of the personal information we hold about them and to request details of how we use policyholder information including any disclosures made. To exercise the rights to access policyholder information, policyholders should contact us at the email address below. There will not usually be a charge for dealing with these requests.

Policyholder information will usually be provided to policyholders in writing, unless otherwise requested. Where a request is made by electronic means, policyholder information will be provided by electronic means where possible.

Right to rectification

We take reasonable steps to ensure that policyholder information that we hold is reliable and as accurate and complete as is appropriate for its intended use. Policyholders are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about them. To request us to update or amend any personal information, policyholders should contact us at the address below.

Other rights

Under certain conditions, policyholders may also have the right to:

• request deletion of any policyholder information that we are no longer legally entitled to retain
• object to any processing of policyholder information based on the legal ground of ‘legitimate interests’ unless our reason for undertaking that processing outweighs any prejudice to a policyholder’s data protection rights
• restrict how we use policyholder information whilst a complaint is being investigated

Please note - In the current circumstances we may take longer than usual to comply with access and erasure requests as some of our staff are working from home. We will inform you if the request takes longer than the permitted 30 days and provide an estimated date for completion.

Revisions to this privacy notice

We may update this privacy policy from time-to-time.

Contact

Any person who has any questions about this privacy policy or our use of personal data, may contact our Data Protection Officer, whose contact details are:

Email: dpo@pacificlifere.com.

Last updated: March 2024