Privacy and cookies

Privacy

We take our duty to safeguard your data seriously.  Our Privacy Policy sets out our privacy commitment to our customers, potential customers, business partners, employees, and other individuals whose data we may process,  and explains your rights. 

Who we are

This Privacy Policy relates to all International Financial Group Limited (“IFGL”) companies, with the exception of IFG Pensions Limited. 

IFGL is headquartered in the Isle of Man. IFGL and our Data Protection Officer can be contacted in writing at International House, Cooil Road, Douglas, Isle of Man, IM2 2SP, British Isles or by email at DPO@ifg-ltd.com.

How we use your personal information

This  Privacy Policy explains how International Financial Group Limited (IFGL) and its subsidiaries collect, use and store personal data (we call it personal information) if you are an IFGL customer (or prospective customer), a beneficiary of an IFGL product, their family members, claimants and other parties involved in a claim, appointed adviser or IFGL employee. When we refer to personal information, this means any personal information we obtain and use in connection with the products and services we provide for any living individual who is identifiable by us.

At IFGL, protecting your personal information is extremely important to us. We want you to be confident about how we use your personal information and take our responsibilities for the security and management of personal information very seriously. That is why we invest in our systems, processes and staff training to make sure the way we collect, use, share and store the information meets both regulatory and our own high standards. 

We may amend this Policy from time to time, for example to keep it up to date or to comply with legal requirements. You should regularly check this Policy for updates.  If there are any significant changes made to the use of your personal information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our websites.

Personal information rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

You have the right to:

  • Access the personal information we hold about you free of charge, or anyone connected to the contract in certain circumstances - we call this a Data Subject Access Request;
  • Correct inaccurate personal information we hold about you;
  • Delete personal information, in certain circumstances;
  • Restrict us processing personal information, in certain circumstances;
  • Receive personal information you have provided us in a commonly used machine-readable format;
  • Request an explanation of and challenge automated decisions;
  • Object to us processing personal information, in certain circumstances;
  • Obtain and reuse personal information for your own purposes across different services, in certain circumstances.

How we collect, use and share personal information

We only collect personal information that we need and we have robust controls to keep it safe. We collect personal information to provide and administer our products and services to you. Without the personal information we collect, it may delay or prevent us from fulfilling our contract with you or doing what we must do by law. 

Personal information we collect will be held in digital and / or paper files. We collect personal information such as name, address, date of birth, tax identification number, telephone number, email address, occupation or special category data about health, also known as sensitive personal data.

We collect contact details about you and any other individual linked to your contract with us or claim when you:

  • Apply for our products and services;
  • Use our websites and online services;
  • Write to us by email or letter;
  • Ask us a question on the telephone, including recorded calls and notes we make;
  • Make or inform us of a claim, including anyone associated with the claim;
  • Make a payment;
  • Update personal details;
  • Make other changes on your IFGL product or service;
  • Make a complaint;
  • Apply for a position of employment at an IFGL company.

When you apply for a policy or make a claim, we may ask you to provide information about your health and to verify your identity. The personal information we collect will be used by us, and we may share it with other IFGL subsidiary companies to provide operational services. We may also share your personal information with third parties who process personal information on our behalf.  These third parties may include:

  • Third party identity verification service providers;
  • Our IT suppliers, actuaries, reinsurers, auditors, lawyers, debt recovery agents or related third party service providers;
  • Law enforcement, courts, dispute resolution bodies, other parties involved in disputes and our regulators;
  • Anyone who gives instructions to us on your behalf (e.g. under power of attorney, financial advisers, lawyers or intermediaries); and
  • Anyone else that you instruct us to share your personal information with.

We never sell your personal information to anyone else.

Automated decision making and profiling

You have the right not to be subject to a decision which is based on automated profiling and which produces a legal (or similarly significant) effect on you.  We will tell you about any automated decision making that affects you. You have the right to:

  • Request human intervention;
  • Express your point of view;
  • Ask for the decision to be explained; and
  • Challenge the decision

These rights are not absolute. They do not apply if the decision is:

  • Necessary for us to enter into or perform a contract with you;
  • Authorised by law (e.g. for fraud prevention); or
  • Based on your explicit consent

IFGL may carry out automated processing on some policies or contracts, for example where underwriting is required or if an application is submitted online.  Where an automated decision results in an outcome of non-standard rights or risk, human intervention is always undertaken.

Legal grounds for processing personal information

By law, we must have a legal justification to process your personal information for the purposes described in this Privacy Policy.

We collect personal information to carry out our contractual obligations with you, for example, where you own the policy or contract. This includes arranging, underwriting, ongoing administration and handling of claims in accordance within the terms of the policy or contract.

Our legal and regulatory obligations include meeting responsibilities we have to our regulators, tax authorities and law enforcement, and any other legal responsibilities, such as the prevention, detection and reporting of financial crime (including the financing of terrorism or fraud).

We will process personal information for our legitimate interests, when we have a business reason to do so. This includes but is not limited to:

  • Developing, improving, and personalising our products, pricing and services;
  • Enhancing our customer service, experience, and relationship, for example through customer and market research, business analysis, providing relevant product and service information;
  • Improving the relevance of our advertising and marketing campaigns and identifying advertisement audiences;
  • Displaying personalised online advertisements on third party websites and social media platforms;
  • Helping to detect and prevent financial crime and fraud;
  • Developing and improving our administration, security systems and insurance applications;
  • Sharing it with third parties in the event of organisational change, for example if we bought or merged with another organisation; and
  • Analysis of marketing data.

If we need consent to process personal information, for example if we require information about your health, we’ll ask for this first. This consent can be withdrawn at any time. 

You have the right to opt-out at any time from legitimate interest-based processing, unless we can demonstrate a compelling legitimate ground, e.g. fraud detection.  In the case of marketing, you always have the right to opt-out.

We will process special category personal data to protect the vital interests of the customer or other individuals connected to the contract (for example a life assured on a policy) and for the purposes of arranging, underwriting and administering IFGL products and services, handling claims and complying with rights and obligations in connection with the terms of the contract.

To help us prevent and detect financial crime, we evaluate your conduct accessing our products or services if processing of your personal information: 

  • reveals your behaviour to be consistent with that of money launderers or financiers of terrorism;
  • is inconsistent with your previous submissions; or
  • reveals that you appear to have deliberately hidden your true identity.

This activity is essential to allow us to decide whether there is a risk of financial crime, which may result in us declining the product or service you have requested or to stop providing existing services to you.

International transfers

We may transfer personal information outside the Isle of Man, United Kingdom, European Economic Area (EEA) or country of data collection for the purposes of processing, storage, administration or any other use stated in this Policy.  The purposes and processing associated with any such transfer will comply with all applicable data protection regulations, and with our obligation to adequately protect and secure your personal information.   

Where required under applicable laws we will take measures to ensure that personal data handled in other countries will receive at least the same level of protection given in the Isle of Man, United Kingdom, EEA or country of data collection.  We will continue to protect your privacy rights either by ensuring that the country has equivalent data protection standards or by putting contracts in place with the recipients of the personal information. 

Sharing personal information with financial crime and fraud prevention agencies

The personal information we have collected about any customer or third party or representative may be shared with crime and fraud prevention agencies, including their members, law enforcement and other relevant organisations. IFGL and its subsidiaries use various techniques to assess and validate product applications and claims and will use personal information to prevent financial crime and fraud and to verify your identity. If financial crime or fraud is detected, we have the right to decline applications, stop providing existing services to you, cancel any contracts you may have with us, retain any premiums paid and not pay claims.

Advisers

If we obtain your details from your financial or investment adviser, personal information will be shared between us and the adviser.  This may include contract details, claims or payment information, suspected fraud and other financial crime information, and any other personal information the adviser may process as part of their relationship with you.  Information may be transferred between IFGL and your adviser but we will ensure this is done securely and in compliance with regulatory requirements. 

Security

Security measures are in place to protect against unauthorised access or damage to, disclosure of, or loss of personal information. Unless encrypted, communications over the internet, such as emails, are not secure and anything you send is done at your own risk.  Care should also be taken submitting personal information on third party websites that contain links to IFGL. These will be subject to their own privacy policies that might be different to IFGL.

Marketing

We do not carry out marketing campaigns and will only contact you in relation to your contract, or where we have important company, fund related or servicing information to share with you.

We may send you information by email, post, telephone and / or SMS about our products, services and business updates from IFGL. We may use your postal address, telephone numbers and email address to contact you. We do not use special category data about health for marketing purposes. 

Specialist services we use

We use other companies to provide some services, e.g. reinsurers or legal service providers. They will be given the personal information they, or their sub-contractors, need to provide their service.

Medical and other health services

Where applicable, if you apply for a policy, make a claim and give us consent, we may require medical information from the relevant health provider, e.g. doctor or hospital, to set up your policy or to assess your claim. 

Claimants

Where applicable, we collect and use personal information about claimants (including children under the age of 18), in order to process a claim.  This may include the receipt of relevant medical and treatment reports. These reports may need to be shared with other medical experts or treatment providers for assessment of the claim.

Other insured parties

Where applicable, an insured party on your policy (a life or lives assured) may notify us of a claim against your policy.

Giving someone permission to talk to us about your contract

We can only talk to you about the contract you have with us, or someone we’re satisfied that you have authorised to contact us on your behalf, after we’ve carried out data security checks.

Communications

When you contact us, personal information you give us will be recorded and stored on our systems. Calls may be recorded. This helps us improve our customer service, train our staff, respond to complaints and prevent fraud and other financial crime. Communications will usually be in English. 

How long we keep personal information

We will keep your personal information for as long as you have a product, are using a service from us or are employed by us, and up to ten years after, to make sure we meet our statutory and regulatory obligations, defend any legal proceedings, allow us to manage complaints and claims and to prevent fraud or crime. In exceptional cases, we may need to keep personal information for longer, for example when requested by a court of law or if the party, to whom the personal information relates, provides their consent.

If you contact us by telephone and the call is recorded, we will keep a copy of the call recording for up to seven years for the same purposes.

Following expiry of the retention period, personal information is destroyed or anonymised permanently and securely so that we nor anyone else can no longer use it.

Data Subject Access Requests

If you wish to know what personal data we hold about you, we will treat this as a Data Subject Access Request. We will provide you with details of the personal data that we hold free of charge* in a structured, commonly used and machine readable format. We aim to provide your personal information within one month of receiving your request or within three months for more complex requests. If we are going to take longer than one month we will let you know why we need more time or why we cannot provide the personal information. 

*We reserve the right to charge for such requests, for example if we consider the request to be excessive or repetitive.

Cookies

Cookies are small text files that websites place on your computer or other device when you visit to improve the experience or to remember aspects from current or previous visits.  This can include choices you’ve made or preferences you have chosen during that visit. We use cookies to:

  • Help us understand how our websites and other services can be improved; and
  • Enhance online security of your personal information

Our websites may not perform as expected if you opt to block or delete cookies.  Please see our Cookies Policy on our website or visit AboutCookies.org for more information.

Isle of Man Information Commissioner’s Office (ICO)

If you are unhappy about how we process your personal information or how we have responded to a Data Subject Access Request or complaint, you have the right to make a complaint to the Isle of Man's data protection regulator. You can find more details about how to contact them on their website https://www.inforights.im/

You may also have the right to complain to your local data protection regulator depending on your country of residence. Please contact us if you would like to find out more about this.

Contact us

If you want to find out more about our obligations to protect your personal information, or to exercise your rights, such as making a Data Subject Access Request, please contact us by writing to: Data Protection Officer, IFGL, Cooil Road, Douglas, Isle of Man, IM2 2SP, or by email at DPO@ifg-ltd.com.