There is a good chance that over the past few weeks and even months you have received more than one email regarding the update or introduction of new privacy policies for websites and tweaks/clarifications on how a website/company collects, stores, and utilizes personal data. This is not a coincidence, and actually has to do with the European Union's latest data privacy regulation: the General Data Protection Regulation (GDPR).
About the GDPR
First introduced a few years ago, the GDPR is an EU regulation that becomes enforceable on May 25th, 2018. This law focuses on protecting the private data of EU residents and citizens, as well as on giving people much more control over their own data. The regulation also sets out how businesses should store this private data.
While many countries have adopted privacy laws that aim to address data in the modern era, e.g., Hong Kong has the Personal Data (Privacy) Ordinance, the GDPR is different in that it does not apply to just one country, but rather all EU citizens and the companies who they work with on a global basis.
This means that companies who don't have a presence in the EU but do have clients/hold data on people who are citizens of the region are required to be compliant with the new regulation.
Here at Kwiksure, we offer a variety of insurance solutions for all residents of Hong Kong, including expats. Of the expats in the city, and those whom we call our clients, we do have clients who are from the EU.
Due to this, we are required to be compliant with the regulations set out by the GDPR. This includes private data collection, storage, and the privacy of our customers.
What does the new policy cover?
In order to do this, we have broken the policy down into the following sections:
Our stance on data collection, processing, and protection
What data we collect
Who collects the data
How data is collected
Consent and data
Why we collect data
How we use the data collected
When we share data
How you can view, edit, or delete your data
How we utilize cookies
You will find that the sections above all contain a fairly large amount of data to process. To summarize, we strive to only collect data for two reasons:
It is contractually necessary - Insurers have set requirements regarding the relevant data that is necessary to obtain in order to underwrite and offer plans.
For marketing purposes - Data collected in order to execute marketing activities.
Any data collected by Kwiksure is never sold to third parties, and only collected and shared with third parties like insurers when necessary. Also, the data collected and shared is only done so when contractually necessary.
If you have already provided Kwiksure with personal data - e.g., you have a car insurance plan - you have the right to view, edit, and even request deletion of the data we have collected on you. Be aware, however, that if you do request the deletion of your data while in the process of securing a plan, we might be unable to finish the process.
Is Kwiksure GDPR compliant
We have taken every possible step to ensure that we are compliant with the regulations set by the GDPR and the local Hong Kong data privacy act. In fact, we have implemented a number of systems that aim to ensure we have leading security features that ensure the security of your data.
I am not from the EU, does the GDPR apply to me?
What this means is that you have the same rights to see, edit, and request deletion of your data as those under the GDPR.
Do I need to provide Kwiksure with extra data?
No, Kwiksure does not require you to provide any extra data at this time. The only time we will ask for data is when you want to secure a new plan and the potential insurer is requesting data that you have not provided.
If you are not a client at this time, you will not be required to provide data that is not contractually necessary, and you will also retain the rights to edit, view, or request the deletion your own data.