PRIVACY POLICY

1 Scope

This policy applies to all systems, people and processes that constitute information systems that belong to Sharjah Insurance Company PSC (hereafter referred to as SICO), including its employees and other third parties who have access to its systems

2 Purpose

To outline how to ensure data protection and privacy as required in relevant legislation, regulations and, if applicable, contractual clauses.

3 Policy

SICO regards as its responsibility to protect and secure all types of Personal information that it collates from its customers as well as its employees. The following policy mandates the basic requirements regarding handling of such information:

a. Collection Limitation:
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject concerned i.e., customers/employees.

b. Data Quality:
i. SICO shall measure data quality based on the following characteristics:
1) Timeliness: Ability of data to be processed within a provided timeframe
2) Accuracy: Required data is input/processed without an error
3) Completeness: When data is generated from multiple sources, all of them are processed without omission
4) Appropriateness: Data is ready for users as expected which appropriately meets their business objectives

ii. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes. It is to be ensured kept as accurate, complete and kept up to date as possible.

c. Purpose Specification: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes and as are specified on each occasion of change of purpose.

c. Use Limitation: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with clause C except: i. With the consent of the data subject; or ii. by the authority of law.

e. Security Safeguards: Personal data should be protected by reasonable security safeguards against risks such as information leakage/loss or unauthorized access, destruction, use, modification or disclosure of data.

f. Openness: SICO recognizes the need to have a general organizational understanding about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
SICO would require to collect personal data which would include personal identifiable data (PII) from its customers /employees for the purpose of its business engagements that includes policy underwriting & claims, employee management etc.

g. Individual Participation:
i. Every individual customers/employee should have the right: To obtain from SICO, or otherwise, confirmation of whether SICO has data relating to him;
ii. To have communicated to him/her, data relating to him/her
1)within a reasonable time
2) at a charge, if any, that is not excessive
3) in a reasonable manner
4) in a form that is readily intelligible to him

iii. To be given reasons if a request made under g.(i) and g. (ii) is denied, and to be able to challenge such denial

iv. To challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.

h.Accountability:
A data controller should be accountable for complying with measures which give effect to the principles stated above. SICO shall assign responsibility of data controller to Mr. Abdel Salam Al Hammadi, Compliance Officer for the period of 2020 to 2025.
i. SICO shall also strive to uphold its responsibilities regarding personal data protection by adhering/complying to its applicable legal/statutory/regulatory requirements: a) National Electronic Security Authority (NESA)
b) Others (If any)

4 Enforcement Violations of this policy will be dealt with in accordance with the company’s disciplinary policy and when applicable authorities will be notified, and legal action may be taken.