BPI AIA Life Assurance Corporation, the issuer of your insurance policy - (hereinafter also referred to as “we”, “us” or “our”), is the controller and processor of your personal data and you may reach us via Bpiaia.dpo@aia.com. This Privacy Addendum forms part and parcel of the BPI AIA Personal Information Collection Statement and specific to individual customers (including individual directors and employees of a corporate customer) who are located in mainland China and receiving our products and/or services from Philippines. As required by the laws of mainland China, we may need to seek your consent on how we use your personal data and, in relation to certain personal data which is considered sensitive based on the laws in mainland China. Your personal data will be collected, accessed, processed, used, stored, and/or transferred outside of, mainland China. If you do not consent to this Privacy Addendum, we may not be able to provide you with the product(s) you are purchasing from us and offer you with the services associated with the product(s) and this would also include our inability to provide products or services to a corporate customer which is your employer if you (as an employee) do not consent to this Privacy Addendum. Under the applicable data protection laws in mainland China, we will process your personal data based on your consent, or your personal data are:
- necessary to conclude or perform a contract in which you are a party;
- necessary for us to comply with legal obligations;
- necessary to respond to public health emergencies;
- necessary to protect individuals’ life, health, and property safety;
- reasonably processed in news reporting and public opinion oversight for public interests; and
- publicly available, because of your voluntary disclosure or a legal requirement, and reasonably processed.
Certain personal data that we collect about you is sensitive personal data as defined in the applicable data protection laws in mainland China (“Sensitive Personal Data”), which is personal data that may materially impact your rights and interests, if breached or unlawfully used, including but not limited to financial accounts, identification number, health-related information, or any personal data of minors under the age of fourteen. We collect the Sensitive Personal Data only for specific purposes, such as assessing your application for the issuance of an insurance policy to you, investigation on any claims applications submitted to us. We will retain your personal data for the period necessary to fulfil the purposes outlined in the BPI AIA Personal Information Collection Statement and this Privacy Addendum. The criteria used to determine our retention periods may include one or more of the following: as long as we have an ongoing relationship with you; as required by a legal obligation to which we are subject; and as advisable in light of our legal position (such as in regard of the applicable statute of limitation, litigation, audits or regulatory investigation). We may also provide your personal data with our agents, brokers, insurers, third party service providers, medical institutions such as hospitals, medical clinics and laboratory testing facilities, parent companies, subsidiaries and affiliated companies, auditors, legal advisors, corporate customers (including their member companies) who maintain group insurance policy with us and, under which policy, you and your dependants receive insurance products or services from us, financial advisors, reinsurers, regulators, banks, payment settlement agents, third party payment service providers and claims investigation organizations (each, a “recipient”, collectively, “recipients”) for the purpose of the administration of your insurance policies, and the provision of products and services to you.
A list of personal data recipients is available at this table which will be updated from time to time.
| Third Party |
Service |
| 1ISA |
Rewards Program Provider |
| 2Go |
Courier |
| Avega |
Medical Provider |
| Entropia |
Marketing Consultant |
| Gift Away |
HR Third Party Provider |
| Global Payments |
Billing/Payments |
| Insight Asia |
Marketing Consultant |
| Medilink |
Medical Provider |
| Medius Health |
Medical Provider |
| Mind You MHS |
HR Consultant |
| Paynamics |
Billing/Payments |
| SP One Source Solutions |
Operations Third Party Provider |
The recipient(s) of your personal data may collect and process your personal data and return to us for the purpose of the administration of your insurance policies. The types of personal data that we provide to the recipients include without limitation personally-identifiable information, your medical information, your past health records/information, your financial information. We may deliver your personal data through electronic means or other mode of dispatch to the recipients. In compliance with the applicable rules and regulations of mainland China, we implement maximum security in controlling, processing and transferring of your personal data and Sensitive Personal Data. We also adopt our own security policies to safeguard your personal data and Sensitive Personal Data.
In addition to the access rights set forth in BPI AIA Personal Information Collection Statement, you have the right to obtain a copy of your personal data held by us and the right to request us to delete such personal data under any of the following circumstances:
- where the purposes of processing your personal data have been achieved or have failed to be achieved, or the personal data is no longer necessary for achieving the purposes;
- where we have ceased to provide the products or services, or the retention period has expired;
- where you have withdrawn your consent; and
- where we have violated the applicable data protection laws and regulations.
To the extent inconsistent with the provisions of this Privacy Addendum, including but not limited to definitions (e.g., sensitive personal information), China’s Cybersecurity Law, Personal Information Protection Law, Data Security Law, their implementing measures and other Chinese laws and regulations in relation to cybersecurity and data protection will prevail. We have the right to update this Privacy Addendum from time to time and we will notify you of our updates to this Privacy Addendum by posting it on our website or application platforms (as the case may be). You may withdraw your consent to our use of your personal data subject to relevant laws, rules and regulation, by contacting us through the contact details set out in this Privacy Addendum. Also, if you withdraw your consent to our processing of your personal data, we may not be able to provide the relevant products and/or services to you.
