Privacy Policy:

This privacy policy shall explain how Takaful International Company B.S.C. (“Takaful” or “the Company”) (“We” or “the Company”) shall use the personal data collected from you when you use our services through any of our branches, offices, our website, mobile applications, social media channels, or when you connect with us through other channels to start or manage your relationship with Takaful (All Takaful channels mentioned are hereinafter referred to as “Channels”).

Takaful is committed to respecting your privacy and protecting your personal information. The main purpose of this privacy policy is to provide a transparent way of how we manage your personal information and protect the privacy of personal information we gather in accordance with Bahrain’s Personal Data Protection Law and other applicable legal and regulatory laws.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by the Company.

By using our services through any of our Channels, you consent to the data practices described in this privacy policy. Please carefully read the following information to understand our views and current information management practices regarding your personal data and how we will treat it.

Who are We?

Takaful as defined under the law is the “data controller/ manager” who determines the means and purposes of processing your personal data and also the “data processor” who processes your personal data.

Collection of Your Personal Information:

Takaful collects your personal data directly from you via different communication channels such as emails, phone calls, face-to-face meetings or online when you request for proposal, throughout the issuance of insurance policy, during registration process and completion of application forms, in the payment process, and during your engagement with Takaful to provide you with services.

Takaful also collects your personal data indirectly from:

• Internet, social media, public records, brokers and agents, Third Party Administrators (“TPAs”), hospitals and Social Insurance Organisation (GOSI).
• Third party service providers.
• Banks for Decreasing Terms and Credit Life policies.
• Human Resources Department of Corporate Companies for issuing Group Life policy.

For third-party claims, Takaful may collect your personal data form other insurance companies, garages, lawyers, and courts.

Takaful’s website/mobile application collects your personally identifiable information, such as: Name, Email Address, Mobile Number and other contact information.

When you visit our website/mobile application, we may collect information about your computer, including where available, your IP address, operating system, and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify you personally.

Also, we collect your visits to our website/mobile application including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise to check the resources that you access.

The Lawful Basis for Processing Your Personal Data:

Takaful only processes your personal data including sensitive personal data based on one or more of following lawful basis under Bahrain’s Personal Data Protection Law ‘PDPL’:

Purpose	Lawful Basis
Fulfil obligations arising from contract agreements and policies between you and Takaful mostly for the provision of our services such as underwriting insurance policy, amendments, cancelations, or renewals to policies, opening of account, selling, or disposing salvage, roadside assist, and replacement vehicles.	•       Contractual obligations.
Process payment transactions and online payments.	•       Legal obligations.
Claims opening, processing, settlement & recoveries.	•       Legal obligations. •       Contractual obligations.
Carry out due diligence activities by performing Know Your Customer (KYC) verification.	•       Legal obligations.
Monitoring through CCTV cameras for the safety and security of individuals and assets.	•       Legitimate Interests. •       Data Owner Consent.
Providing access to Takaful facilities and assets through access cards.	•       Legitimate Interests. •       Data Owner Consent.
Initiating and following-up on any complaint, lawsuit, and criminal proceedings between you and Takaful and coordination with external lawyers to manage court cases.	•       Legal Obligations. •       Contractual Obligations.
Obtain confirmation from GOSI for any outstanding claim for the insured to ensure no duplication of indemnity.	•       Legal Obligations. •       Contractual Obligations.
Online backups and provide storage and maintenance of all data.	•       Legal Obligations. •       Legitimate Interests.
Takaful systems’ support and maintenance activities.	•       Legitimate Interests. •       Data Owner Consent.
Store your contact details electronically in our records.	•       Contractual Obligations. •       Legitimate Interests.
Share your details with reinsurers to share the risk and premiums.	•       Data Owner Consent. •       Legitimate interests.
Determine the premium rating and claims reserves and assess the risk.	•       Contractual obligations. •       Legitimate interests.
For Medical and Life insurance: Provide you with regular reports, and annual assessment on share of risk with respect to insurance and premium received.	•       Contractual obligation.
Social media and market research.	•       Legitimate interest. •       Data Owner Consent.
Send you notifications for renewals, new branches opening, or release of new products.	•       Legitimate interest. •       Data Owner Consent.
Upload your motor insurance details to the E-gov website.	•       Legal obligations.
Handle enquiries about policies and online business and ensure satisfaction.	•       Contractual obligations. •       Data Owner Consent.
Maintain the relationship with you as existing customer and provide you with advice about our insurance products and services.	•       Legitimate interest. •       Data Owner Consent.
Comply with Takaful internal policies and procedures.	•       Contractual Obligations. •       Legitimate Interests.

 

Use of Cookies:

We may obtain information about your general internet usage by using cookies, which is stored on your device’s hard drive or browser. They help us to improve our website/mobile application and to deliver a better and more personalized service. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. No personally identifiable information is stored in the cookies.

You can accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, if you choose to decline cookies, you may not be able to fully experience the interactive features of our website/mobile application.

Use of Your Personal Information:

We collect and use your information to deliver the services that you have requested and to maintain quality of the service.

If you provide information when filling in forms available on any of our channels, or when you report a problem in any of our channels, we may keep a record of that correspondence. We will not collect your personal information unless you choose to use the services that require it.

Contact information you provide is used to notify you of new products and services, or to communicate news. Demographic and profile data collected at our website/mobile application is used for marketing purposes only and will never be sold on an individual basis.

We use a credit\debit card processing companies to bill users for insurance services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.

We partner with other parties to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third parties to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.

Disclosure of your Information:

We may share your personal data including sensitive personal data for the below mentioned reasons:

1. Internally with Takaful’s subsidiaries when there is a legitimate business interest.
2. When we need to enforce or apply our Terms of Use and other agreements.
3. When we have to protect the rights, property, or safety of Group, our customers, or others.
4. When we sell or buy any business or assets; in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
5. Takaful or substantially all of its assets are acquired by another party, in which case personal data held by it about its customers will be one of the transferred assets.
6. Shared With third parties when required by the law, or where it is necessary to administer the relationship with you or where we have another legitimate interest in doing so. These third parties include external auditors, system support vendors, and governmental bodies and may include the following:

• External Actuarial for obtaining actuarial opinion.
• Insurance brokers to administer our relationship with you.
• Third Party Service Providers.
• Banks to process payment transactions including online payments and if Bank interest is involved, the original Policy may be delivered to the Bank.
• Reinsurers and reinsurers’ brokers to share the risks and premiums and further claims analysis.
• External surveyors to conduct the survey in order to conclude estimation value.
• Attorneys for managing court cases between you and Takaful.
• Other insurance companies for recovery and settlement of claim if the insured is not at fault.
• Garages to carry out vehicle repairs and deliver the vehicle to you.
• Third Party Administrators (“TPAs”) to provide us the list of medical providers/ hospitals/clinics along with membership cards, administer medical insurance claims, and keep track of policies due for renewal.

Automated Decision Making and Profiling:

Takaful may take decisions based on automated processing of personal data including profiling of an individual or group for the following processes:

1. Actuarial Unit department may determine the premium and claims reserves and assess the risks.
2. Medical Takaful department may perform profiling of databased on:
3. Age and gender (Age band & Gender premium rates) to calculate the premium for the purpose of policy underwriting, endorsement, or cancelation, or for reinsurance arrangements.
4. Gender and nationality for further analysis of claims.
5. Life Takaful department may perform profiling based on job designation to calculate the premium rates for the purpose of underwriting Group Life policy and reinsurance arrangements.
6. Motor Takaful department may perform profiling based on age to provide Takaful’s Management with reports on customers with specific age range have done accidents.
7. Motor Claims department may perform profiling based on age group and age of driving license group for the purpose of claim opening, processing, settlement, and recoveries.
8. Corporate Communications department may perform profiling as a follower on Takaful’s social media accounts to calculate the total number of customers based on the region, gender and age grouping of followers visiting the profile.

Retention Period of Your Personal Information:

Takaful keeps your personal data in accordance with the criteria that includes the validity of the contract, legal retention period requirements, to fulfil its intended purposes and historical archiving. We securely destroy and erase your personal data to ensure that it cannot be restored after exceeding the specified retention period.

Types of Personnel Data we Process

Based on the above specified lawful reasons of processing your personal data, Takaful may handle and process your:

1. Identity details: full name, contact details including telephone numbers and email addresses, gender, marital status, family details, job title(s), location of birth, photograph, video, relationship to the policyholder, beneficiary, or claimant.
2. Address details: residential address, employer address, correspondence address.
3. Identification details: identification numbers issued by government bodies (for example: CPR, passport copy, driver’s license number, other government-issued identity number).
4. Financial information: bank account information, income, and other financial information.
5. Insured risk: details about the insured risks which may include some personal data such as health data, criminal records data, and other special demographic and data categories.
6. Policy information: details about the insurance quotes and policies.
7. Anti-fraud data: details about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud databases, or regulators or law enforcement agencies.
8. Previous and current claims: details about current and previous claims which may include health data and criminal records.
9. Sensitive personal data such as ethnicity, religion, criminal records, and health data including medical conditions, medical results, testing and records.

Your Rights as a Data Subject:

You have the right to:

1. Request access to your personal data in which it will enable you to obtain a copy of your personal data held by us and to enable you to verify that Company is collecting and processing your data lawfully.
2. Request us to amend your data when it is inaccurate or incomplete.
3. Request us to remove your data when:
4. The purpose of which your data has been collected is no longer valid.
5. Your personal data is processed in an unlawful basis.
6. The deletion is necessary for compliance with the law.
7. Your data is inaccurate.
8. Request us to block or restrict further processing of your personal data.
9. Request us to provide you with your data in a structured format in order to be used and stored for further personal use.
10. Submit a complaint when your personal data is being used for the purpose of direct marketing resulting in financial loss or moral damage to you or for the purpose of making a decision which is based on automated processing including profiling where such processing may have legal ramifications or significantly affect your rights.
11. Withdraw your consent at any time to processing or transferring your personal data for specific reason.
12. We have the right to reject your request. We will inform you within 15 days of receiving the request on rejecting the request and explanation of the rejection.
13. In case your request is incomplete, we will inform you within 10 days if any documents are missing to complete your request. You have the right to lodge a complaint to Bahrain’s Personal Data Protection Authority. The Personal Data Protection Authority is the authority established under the provisions of Article (27) of the Personal Data Protection Law.

As part of the personal data security measures, we may request you to provide specific information to confirm your identity and to ensure that your personal data is not disclosed to any personnel who does not have the right to have it.

Links to Other Third-Party Website/Mobile Applications:

Our website/mobile application contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site or application and to read the privacy statements of any other site that collects personally identifiable information.

Security of Your Personal Information:

We will take all reasonable steps necessary to ensure that your data is treated securely, and in accordance with this privacy policy. The Company’s Channels has security measures in place to protect your personal information against any loss, misuse, and alteration of the information under our control.

The transmission of information via the Internet is not completely secure. Although, once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Your Role to Keep your Data Accurate:

It is essential for us to keep your personal data up to date and accurate. Therefore, kindly contact us in case there is any change to your personal data during your business relationship with us.

Changes to this Policy:

We will occasionally update this Privacy Policy to reflect the legal requirements in relation to data protection. We encourage you to periodically review this Policy to be informed about how we are protecting your information. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.

Contact Information:

We welcome your questions and comments regarding this Privacy Policy, the information management practices of our channels. We will use commercially reasonable efforts to promptly determine and remedy the problem.

If you believe that we haven’t adhered to this policy, please contact us through: https://gigtakaful.bh/feedback/

If you have any concern regarding processing your personal data, please do not hesitate to reach out to our Data Protection Guardian throughout his contact details mentioned below:

dps@gigtakaful.bh

or through our address provided below:

TAKAFUL

Building No. 680, Road 2811, Block 428 Seef, Manama

Kingdom of Bahrain.