✔ “Aadhaar Number” means an identification number issued to an individual by UIDAI - An Aadhaar number, in physical or electronic form subject to Authentication and other conditions, as may be specified by regulations, may be accepted as proof of identity of the Aadhaar number holder
✔ “Aadhaar Number Holder” means an individual who has been issued an Aadhaar number under this Act
✔ “Authentication” means the process by which the Aadhaar number along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it;
✔ “Authentication Facility” means the facility provided by the Authority for verifying the identity information of an Aadhaar number holder through the process of Authentication, by providing a Yes/ No response or e-KYC data, as applicable;
✔ “Authentication Record” means the record of the time of Authentication and identity of the requesting entity and the response provided by the Authority thereto
✔ “Authentication Service Agency” or “ASA” shall mean an entity providing necessary infrastructure for ensuring secure network connectivity and related services for enabling a requesting entity to perform Authentication using the Authentication facility provided by the Authority
✔ “Biometric Information” means photograph, finger print, Iris scan, or such other biological attributes of an individual as may be specified by regulations
✔ “Core Biometric Information” means finger print, Iris scan, or such other biological attribute of an individual as may be specified by regulations
✔ “Central Identity Data Repository (CIDR)” means a centralized database maintained by the Government in one or more locations containing all Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto;
✔ “Demographic Information” includes information relating to the name, date of birth, address and other relevant information of an individual, as may be specified by regulations for the purpose of issuing an Aadhaar number, but shall not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history;
✔ “Identity Information” in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information;
✔ “Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person
✔ “Requesting Entity” means an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for Authentication
✔ “Sensitive Personal Data or Information” - Sensitive personal data or information of a person means such Personal Information which consist of information relating to:
Any information that is freely available or accessible in public domain like in telephone directories etc. or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purpose of this policy.
To have reasonable security practices in place to safeguard the confidentiality, integrity and availability of Sensitive Personal Data or Information of users available with the company thereby complying with applicable legal, regulatory and contractual obligations in place.
Type of Information Collected We and our authorized third parties may collect different types of Personal Information and/or Sensitive Personal Data or Information, for the purposes of our insurance business and as permissible under applicable laws. Such information may include but is not limited to:
Personal Information: Your name, age, gender, date of birth, photographs, information relating to our Know Your Customer (KYC) obligations, nationality, educational qualification, occupation, employment details, Aadhaar number/ Virtual id/ UID token and any other information which is capable of identifying You.
Contact Information: Your address, telephone numbers, email id etc.
Health Information: Your height, weight, blood group, alcohol & drug consumption, smoking, personal & family medical history, attending physician/treatment records etc.
Financial Information: Details related to your bank accounts, or other payment instrument details, annual income, investment/savings, income tax (PAN Card, Form 16 etc.).
Aadhaar information: In the capacity of acting as a requesting entity as per applicable laws & regulations, the Company may with your explicit & voluntary consent contain Aadhaar information for Authentication purpose. Details related to your Aadhaar number/ Virtual id including OTP or core biometrics submitted for the purpose of buffered Authentication only. Post which the results of Authentication including general demographic related information shall be shared by the Central Identity Data Repository (CIDR).
Other Information: Any information contained in documents used as proof of identity, address, age or income that may help to provide, improve and maintain our products and services which may ultimately be beneficial to You.
Other information may be collected in the form of various surveys which you agree to participate in or provide other feedback to Us regarding our products or services; when you register to receive news updates, when You submit enquiries through our website or when a candidate applies for a job through our website.
We may obtain Your consent for sharing your Sensitive Personal Data or Information in several ways, including but not limiting to the following such as in writing, online, through "click-through" agreements; orally, including through interactive voice response; or when your consent is part of the policy proposal form or product terms and conditions pursuant to which we provide You, Our products and services.
Use of "cookies"
Your visit to Our website may be recorded for analytics and to improve the user experience. Some of this information will be gathered through the use of "cookies". Sensitive data collected by cookies shall be cleared after closing the session. Cookies are small bits of information that are automatically stored on a person's web browser in their computer that can be retrieved by this site. Should you wish to disable these cookies you may do so by changing the settings on your browser. However, some of the functions might not properly work if you choose to disable the cookies.
We take the help of cookies & Internet Protocol ("IP") addresses to diagnose any problems with our server and to administer our web site, including by blocking certain addresses that we feel are inappropriately using our website. Cookies & IP addresses might be used to gather broad demographics information, such as browser types, visitor's country, visiting frequency, operating systems, etc.
The Personal Information and Sensitive personal Data or Information that we collect from You is held in accordance with applicable laws and regulations in India. The information collected may be used for a number of lawful purposes for providing services to you and connected with our business operations and functions, which include but are not limited to:
✔ Verifying your identity;
✔ To close sale as well as post sale related information gathering towards taking a decision pertaining to your insurance proposal form/ request as per relevant product terms & conditions
✔ Process transaction and respond to your insurance policy servicing requests, provide assistance or attend to grievance;
✔ To personalize your experience;
✔ Perform any market analysis, market research, business and operational analysis to help us improve our services & product offerings;
✔ To detect, prevent or otherwise address fraud risk, or security & system related issues;
✔ To send periodic emails & SMS's with respect to our product and services;
✔ To administer a contest, promotional campaign , survey;
The Company and its authorized employees may utilize some or all available Sensitive Personal Data or Information pursuant to their job role for internal assessments, measures, operations and related activities. If We do ask you to provide Sensitive Personal Data or Information, We will always specify the purpose for which such Sensitive Personal Data or Information is collected and use it for the purpose specified at the time of collection. In case You do not provide this information or provide consent for usage of Sensitive Personal Data or Information or Personal Information but later on withdraw Your consent by writing to the Company, then the Company reserves the right to withdraw/discontinue the services for which said information was sought.
In the capacity of acting as a requesting entity as per applicable laws & regulations, the Company may with your explicit & voluntary consent collect your Aadhaar information for Authentication purpose with Unique Identification Authority of India (UIDAI).
Before collecting your Aadhaar related information, Company shall explicitly inform you about the purpose & usage of Aadhaar related information including information received from UIDAI including its storage and use. You shall also be made aware of other options available in lieu of submitting Aadhaar to the Company in your local language as well. Subsequently in case you decide to proceed further with Aadhaar Authentication, the Company shall submit your Aadhaar number/ virtual id (VID) including OTP received or biometrics for the purpose of buffered Authentication only. Post submission, the results of Authentication including general demographic related information shall be shared by the Central Identity Data Repository (CIDR). However at no time shall Company shall be storing the biometrics or OTP with it which shall only be used for buffered Authentication purpose only. The Company shall further ensure that the Aadhaar information and/or identity information collected during E-KYC process for the purpose of Authentication is only used for submitting the same to the Central Identities Data Repository for the purpose mentioned.
Retention of such information including its security shall be governed as per guidelines outlined later in this policy.
The Company shall at all times have alternatives which you may avail in case you don't want to use Aadhaar based EKYC process / don't want to submit your Aadhaar information.
In case you want to opt out of our marketing campaigns you may do so by clicking on the unsubscribe option that appears at the bottom of such emails.
We might use social media for various customer engagement initiatives. We carry periodic awareness initiatives on usage of social media. Different social media platforms use different privacy and security mechanisms towards safeguarding of your data. Customer discretion is sought while posting information on public social media handles. We might communicate with you using such modes provided you have consented to receive such communication through that channel.
The Company shall ensure that your identity information collected during Aadhaar Authentication process and any other information generated during the same is kept secure and protected. Further the identity information received during Authentication shall only be used for the purpose specified to you as a part of your consent prior to EKYC Authentication. The same shall not be disclosed further, except with your prior consent & to the extent permitted.
Other informations collected may also be shared with third party for business purposes, operations and functions, which include but are not limited to:
✔ Risk sharing or risk transfer arrangements with Reinsurance agencies / Companies (Both Indian and Foreign);
✔ Sharing with affiliates/ group companies for business assessment, planning and evaluation;
✔ Third parties and outsourced entities for the reasons consistent with the purposes for which the information was collected and/or other purposes as per applicable law;
✔ To any other entity or organization in order for them to understand our environment and consequently, provide you with better services;
We may also share your Sensitive Personal Data or Information without seeking your prior written consent when such information is sought by or required by regulators, law enforcement & other such government agencies or in response to a legal query/ proceeding. This might be in connection with prevention, detection, investigation of any fraudulent, unlawful and illegal activities including cyber security related incidents noted and towards protection of our rights or property.
We may transfer your Sensitive Personal Data or Information or other information collected, stored, processed by us to any other third party, entity or organization located in India or outside India in case it is necessary for providing services to you or if you have consented (at the time of collection of information) to the same. This may also include sharing of aggregated information with them in order for them to understand our environment and consequently, provide you with better services. With respect to Aadhaar information or EKYC data the same shall be governed as per applicable guidelines laid down by UIDAI
The Company strives at all times to ensure that your Sensitive Personal Data or Information & personal information is protected against unauthorized or accidental access, processing or erasure by implementing appropriate technical, & administrative measures to safeguard and secure your personal data. These controls include but are not limited to the following:
✔ Our security practices and procedures limit access to Sensitive Personal Data or Information & Personal Information strictly on a need-to know basis.
✔ Further, our employees are bound by Code of Conduct and Confidentiality provisions which obligate them to protect the confidentiality & integrity of Sensitive Personal Data or Information & Personal Information.
✔ Technical controls implemented towards prevention, early detection & correction of any security related event
✔ The “PID Block” or the Personal Identity Data element which includes necessary demographic and/or biometric and/or OTP collected from You during Authentication is encrypted before being sent to CIDR via ASA in line with applicable guidelines
✔ Having requisite logs to demonstrate that consent was taken and requisite disclosure made
✔ Your Aadhaar data will be stored encrypted in a secure and centralized storage i.e. Aadhaar Vault and keys for the same managed via a HSM (Hardware Security Module) solution
✔ Aadhaar number/ virtual id collected voluntarily as a part of KYC and supporting documents should be appropriately masked.
✔ We take adequate steps to ensure that our third parties adopt reasonable level of security practices and procedures to ensure confidentiality, integrity & availability of Sensitive Personal Data or Information & Personal Information.
✔ Undergoing periodic internal as well as external reviews with respect to its Information & Cyber security policies, usage of Aadhaar data & associated procedures vis-a-vis requirements prescribed by applicable regulations.
We maintain the security of our internet connections & web pages by deploying reasonable technical controls including but not limiting to usage of SSL (Secure socket layer) certificates while accessing pages deemed as sensitive; however for reasons outside of our control, security risks may still arise. Any Sensitive Personal Data or Information transmitted to us by virtue of you availing any of our online products or services will therefore be at your own risk and Canara HSBC Oriental Bank of Commerce Life Insurance Company Limited, their directors, officers, employees, shareholders or affiliates’ will not be responsible for the same. However we observe reasonable security measures to protect your Personal Information against security breaches and virus dissemination.
The Company shall retain Sensitive Personal Data or Information & personal data collected in line with its record retention policy for business & operational reasons or as stipulated by relevant laws and regulations. The Company shall ensure that such Sensitive Personal Data or Information & Personal Information are safeguarded across the entire data lifecycle & post its retention period such records are securely deleted. With respect to Aadhaar, logs of Authentication transactions shall be maintained by the Company for a period of two years & upon expiry of two years the shall be archived for a period of five years and purged thereafter unless required owing to an ongoing litigation. The Company shall not share your Authentication logs with any person other than yourself upon your request or for grievance redressal and resolution of disputes or with the Authority for audit purposes.
We strive to keep our records updated with your latest information. To this end, if you see any discrepancy in your Personal Information or if a part of your Personal Information changes, we request you to reach our customer service at 1800-103-0003 or 1800-180-0003 (BSNL/MTNL) and communicate the change(s) for updating our records.
We are committed to safeguard your Sensitive Personal Data or Information & Personal Information collected and handled by Us and look forward to your continued support for the same. In case of any feedback or concerns regarding protection of your Sensitive Personal Data or Information or Personal Information or its usage, or towards retrieval of Aadhaar Authentication logs you can contact us at 1800-103-0003 or 1800-180-0003 (BSNL/MTNL). Alternatively, You may also direct Your privacyrelated feedback or concerns to the Grievance Redressal Officer whose details are as mentioned below:
Contact No. : +91 124 4535341
Working days: Monday to Friday
Working hours: 8:00 AM to 5:00 PM
We will strive to address your feedback and concerns in a timely and effective manner as mandated under applicable laws & regulations.