Data Privacy Policy

This Privacy Notice applies to Intl Risk Consultants Insurance Brokers Private Limited; hereinafter referred as IRC India.

In this Privacy Notice, we identify the personal data that we collect about you and how we use that data. This Privacy Notice applies to any personal data you provide to IRC India and any personal data we collect from other sources, unless you are provided a more specific privacy statement at the time of data collection. This Privacy Notice does not apply to any third-party websites, applications or portals ("Sites") linked to IRC India's Sites. If you provide personal data to us about other people, you must provide them with a copy of this Privacy Notice and obtain any consent required for the processing of that person's data in accordance with this Privacy Notice.

Who We Are

We are an insurance broking boutique company providing insurance broking services, risk and claims management.

How We Process Your Personal Data

Individuals in scope of this Privacy Notice

This Privacy Notice provides information for those individuals whose personal data we process, including:

• Business contacts: brokers, (re)insurers, experts instructed in relation to claims, service providers, suppliers, professional advisors, conference attendees, visitors to our offices, government officials and authorities
• Customers, claimants and plan beneficiaries: those in respect of insurance policies we place as part of our insurance business activity (e.g., parties covered under the policies, potential beneficiaries of the policies, claimants and other parties involved in claims in respect of the policies), and any other customers in relation to our various service offerings
• Users of our websites
• Other individuals: those requesting or receiving our marketing information, making general inquiries

How do we collect your personal data

We collect your personal data in a number of ways, which vary based on how you interact with us:

• Directly from you: when you provide your personal data to us, including from any of our websites, surveys, market research, and other direct communications
• From our clients and partners: commercial clients, employers, health service providers and third-party service providers
• Publicly available sources: social media platforms and claims and convictions records
• Other third parties

Personal data we collect

We collect the following types of personal data depending on the purpose of your interaction with us and as allowed by applicable law:

• Basic personal and demographic information: name, date of birth, age, gender and marital status
• Contact information: address, telephone number and email address
• Unique identifiers: Aadhar number, passport number, PAN, driver's license number, birth, death and marriage certificates
• Beneficiary information: details of relationships, family members and dependents
• Employment information: job title, employer, employment status, salary information
• Financial information: bank account numbers and statements
• Policy information: policy number, policy dates, premiums, individual terms, risk profile, underwriting history
• Claim information: claimant's relationship to policyholder, claims history and data, causes of death, injury or disability
• Commercial information: records of personal property, products or services purchased
• Events or meeting information: visits to offices (including CCTV), event attendance, audio recordings, photographs
• Lifestyle information: travel history and plans, general health data
• Special category data: health information, genetic or biometric data, racial or ethnic origin, political opinions, religious beliefs
• Criminal records information: criminal charges or convictions, driving offences
• Professional disciplinary information
• Background check information: sanctions screenings, politically exposed person status
• Marketing information: consent preferences, marketing interactions
• Website usage information: IP address, browser information, cookies data

How we use your personal data

Depending on the purpose of your interaction with us, we use your personal data to:

Perform services for you or our clients

• Provide services and fulfil our contractual obligations
• Facilitate placement of policies and ongoing policy management
• Provide consulting, administration, financial, and actuarial services
• Advise on business risk management and insurance arrangements

Manage our business operations

• Enter business relationships and perform due diligence
• Create, maintain and secure your account
• Maintain accounting records and comply with audit requirements
• Conduct data analytics, surveys, benchmarking, and risk modelling

Communicate and market to you

• Respond to inquiries and send event invitations
• Advertise and promote our services via email, LinkedIn, SMS, post or telephone
• Send newsletters and personalized content
• Monitor website usage and personalize your experience

Comply with legal obligations

• Comply with national security and law enforcement requirements
• Exercise and defend legal rights

Monitor and prevent fraud or wrongdoing

• Maintain safety, security and integrity of our systems
• Monitor premises, property, employees and visitors

Improve our services

• Develop and enhance services through research
• Improve technology systems and algorithms
• Improve quality, training and security

Legal basis for processing personal data

Our legal basis for processing your personal data will be one of the following:

• Legitimate Business Interest: For business operations, maintaining records, and improving services
• Contract performance: To perform contractual duties or take pre-contract steps
• Legal compliance: To meet regulatory requirements and legal obligations
• Fraud prevention: For detection and prevention of fraud
• Consent: Where we have obtained your explicit consent

Who we share your personal data with

We may share your personal data with:

• Within our company: For service provision, business operations, marketing, and compliance
• Your employer: As part of our service provision
• Professional advisors: Underwriters, actuaries, claims handlers, lawyers, accountants, auditors
• Service providers: IT software providers, debt collection agencies, background check agencies
• Fraud detection agencies and credit bureaus
• Industry bodies
• Insurers who provide you with insurance
• Regulators and authorities: Where required by law
• Asset purchasers: In case of business transfer
• Other third parties: With your consent or as required by law

How We Protect Your Personal Data

We use a range of technical security measures to protect your personal data:

• Restricted access: Limited to those who need to know, subject to confidentiality obligations
• AWS Cloud Security: Data stored on Amazon Web Services with robust security features
• Secured Email Services: Microsoft email services with advanced security
• Licensed Software: All devices have licensed operating systems and applications
• Total Security Software: Cloud-based security software on all devices
• Firewalls: To block unauthorized traffic to servers
• Physical Security: Servers in secure locations with restricted access
• Internal procedures: Governing storage, access and disclosure

Password Security: Where we provide you with a password, you are responsible for keeping it confidential. Please do not share your password with anyone.

International Data Transfers

We operate as a global business and may transmit your personal data across borders to our business partners and service providers. When required by applicable law, we will obtain your explicit consent before transferring your data.

The laws in destination countries may not be equivalent to those in India. Transfers will comply with applicable law and be subject to suitable safeguards including standard contractual clauses approved by local data protection regulators.

Marketing Activities

We may provide you with information about our products or services that we think will be of interest to you. We may send this information by email, LinkedIn, SMS, text, post or telephone. Our marketing activities comply with all applicable legal requirements.

Opt-out: You can opt out of receiving marketing communications from us at any time by contacting us. We will continue to send service-related communications where necessary.

Profiling and Automated Decision-Making

We compile and analyze data to model risk likelihoods and determine insurance limits, premiums and fraud patterns. This involves using personal and commercial data to create models and match data against models (profiling).

We will only make automated decisions about you where:

• Such decisions are necessary for entering into a contract
• Such decisions are required or authorized by law
• You give your consent for automated decision-making

These automated decisions may affect your eligibility for or access to products or services. You can contact us to request information about our automated decision-making, object to its use, or request human review of automated decisions.

How Long We Keep Your Personal Data

We keep your personal data for as long as reasonably necessary to fulfil the purposes set out in this Privacy Notice based on our business needs and legal requirements.

When we no longer need your personal data, we de-identify or aggregate the data or securely destroy it based on our retention policy. De-identified or aggregated data may be used for analytics purposes.

Your Personal Data Rights

You have certain rights in respect of your personal data under India data protection laws:

• Right to access: Request copies of your personal data to ensure accuracy
• Right not to supply data: Choose not to provide certain personal data or sensitive personal data
• Right to object: Object to processing for legitimate interests or marketing purposes
• Right to withdraw consent: Withdraw consent for specific processing activities

You can exercise these rights by contacting us. We will not charge you for processing these requests, though there may be cases where we cannot comply due to legal exemptions.