Last Updated: This Term & Conditions was last updated on January, 10 2022.
Introduction
My Insurer Private Limited – Singapore based company No. 201903812R - (“we” or “us”) is the operator of the software MY INSURER & WELLNEX, a customer relationship tool.
We are committed to:
Queries
Should you have any questions regarding our compliance to PDPA, please feel free to contact us at: data@my-insurer.net
You may also write to us to request for the following:
Data Protection Trustmark Certification
Introduction
My Insurer Private Limited – Singapore based company No. 201903812R - (“we” or “us”) is the operator of the software MY INSURER & WELLNEX, a customer relationship tool.
We are committed to:
- Follow any best practices, guidelines, requirements of the privacy and insurance policy applicable in any countries where MY INSURER operates
- Comply to any Insurance rules, laws & regulations applicable in any countries where MY INSURER operates
- Comply to any Data (storage, flow, ownership) protection act, laws & regulations applicable in any countries where MY INSURER operates
- Make the user journey as enjoyable, safe, clear and lean as possible
Queries
Should you have any questions regarding our compliance to PDPA, please feel free to contact us at: data@my-insurer.net
You may also write to us to request for the following:
- Delete your personal data
- Transfer your data to a third party
- Know who is using your data,
- Rectify your incorrect data, and
- Complain about misused of your data
Data Protection Trustmark Certification
- The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification for organisations to demonstrate accountable data protection practices. The DPTM will help businesses increase their competitive advantage and build trust with their customers and stakeholders.
- Since August 2020, MY INSURER Data Trustmark Certified by IMDA: DPTM-00033-202008202008
- We are going under regular, systematic audit to ensure that it is up to date and compliant to IMDA requirement to keep the strictest DPTM protocol,
OUR DPTM COMPLIANCE
Principle 1: Governance and Transparency Appropriate Policies and Practices
Establish data protection policies and practices
Establish queries, complaints and dispute resolution handling processes
Establish processes to identify, assess and address data protection risks
Establish a data breach management plan
Appoint Data Protection Officer (DPO) Openness
Make available business contact information of the DPO to the public
Provide information on personal data protection policies to external stakeholders Internal Communication and Training
Communicate data protection policies and practices to all employees
Implement data protection training for all relevant internal stakeholders
Principle 2: Management of Personal Data Appropriate Purpose
Ensure collection of personal data is for purposes that are clear and appropriate in the circumstances Appropriate Notification
Ensure notification of the purposes for the collection of personal data, on or before the collection of personal data
Ensure notification of new purposes before the use or disclosure of personal data Appropriate Consent
Ensure that consent for the purposes has been obtained on or before collecting the personal data
Ensure that consent for personal data with special considerations has been obtained Appropriate Use and Disclosure
Ensure the use of personal data is for purposes for which consent has been obtained
Ensure the disclosure of personal data is for purposes for which consent has been obtained Compliant Overseas Transfer
Ensure appropriate personal data transfer policies are implemented as required under law
Principle 3: Care of Personal Data Appropriate Protection
Ensure reasonable security policies and practices are implemented
Ensure third parties make reasonable security arrangements to protect personal data
Ensure testing of security safeguards Appropriate Retention and Disposal Ensure personal data retention policies are implemented
Ensure appropriate implementation of processes and methods for the disposal, destruction or anonymisation of personal data when there are no longer legal or business purposes to retain the personal data Accurate and Complete Records
Ensure personal data for use or disclosure is accurate and complete
Ensure personal data disclosed to a third party organisation is accurate and complete
Principle 4: Individuals’ Rights Effect Withdrawal of Consent
Ensure provision for the withdrawal of consent for the collection, use or disclosure of individuals’ personal data Provide Access and Correction Rights
Ensure provision for individuals’ access to their personal data in the organisation’s possession or under its control on request
Ensure provision for individuals’ correction of their personal data in the organisation’s possession or under its control on request
- The certification requirements are based on parameters including relevance to PDPA (source: IMDA), international standards (e.g. APEC CBPR/PRP requirements) and industry best practices.
- The requirements are organised around 4 Principles, and each Principle is framed by a set of assessment criteria with controls under each criterion.
- MY INSURER ensures to have written documentation on policies, processes and practises for data protection.
- MY INSURER has demonstrated that their data protection policies, processes and practises are implemented and practised on the ground.
Principle 1: Governance and Transparency Appropriate Policies and Practices
Establish data protection policies and practices
Establish queries, complaints and dispute resolution handling processes
Establish processes to identify, assess and address data protection risks
Establish a data breach management plan
Appoint Data Protection Officer (DPO) Openness
Make available business contact information of the DPO to the public
Provide information on personal data protection policies to external stakeholders Internal Communication and Training
Communicate data protection policies and practices to all employees
Implement data protection training for all relevant internal stakeholders
Principle 2: Management of Personal Data Appropriate Purpose
Ensure collection of personal data is for purposes that are clear and appropriate in the circumstances Appropriate Notification
Ensure notification of the purposes for the collection of personal data, on or before the collection of personal data
Ensure notification of new purposes before the use or disclosure of personal data Appropriate Consent
Ensure that consent for the purposes has been obtained on or before collecting the personal data
Ensure that consent for personal data with special considerations has been obtained Appropriate Use and Disclosure
Ensure the use of personal data is for purposes for which consent has been obtained
Ensure the disclosure of personal data is for purposes for which consent has been obtained Compliant Overseas Transfer
Ensure appropriate personal data transfer policies are implemented as required under law
Principle 3: Care of Personal Data Appropriate Protection
Ensure reasonable security policies and practices are implemented
Ensure third parties make reasonable security arrangements to protect personal data
Ensure testing of security safeguards Appropriate Retention and Disposal Ensure personal data retention policies are implemented
Ensure appropriate implementation of processes and methods for the disposal, destruction or anonymisation of personal data when there are no longer legal or business purposes to retain the personal data Accurate and Complete Records
Ensure personal data for use or disclosure is accurate and complete
Ensure personal data disclosed to a third party organisation is accurate and complete
Principle 4: Individuals’ Rights Effect Withdrawal of Consent
Ensure provision for the withdrawal of consent for the collection, use or disclosure of individuals’ personal data Provide Access and Correction Rights
Ensure provision for individuals’ access to their personal data in the organisation’s possession or under its control on request
Ensure provision for individuals’ correction of their personal data in the organisation’s possession or under its control on request