É«¶à¶àÊÓƵ

 
É«¶à¶àÊÓƵ
É«¶à¶àÊÓƵ
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

Hong Kong Privacy Statement

XL É«¶à¶àÊÓƵ Company SE, Hong Kong Branch and Catlin Hong Kong Limited (“we”, “us” or the "Insurer") are part of É«¶à¶àÊÓƵ a division of AXA. We recognize the importance of protecting the privacy and the rights of individuals in relation to their personal data and are committed to compliance with the Personal Data (Privacy) Ordinance (Cap. 486), its subsidiary legislation and the guidelines issued by the Privacy Commissioner for Personal Data. This Privacy Statement describes how we collect, use, store, transfer and/or disclose your personal data when we provide our services as an insurance and reinsurance business. It also describes your choices regarding use, access and correction of your personal data. Personal data is data, or a combination of pieces of data that could reasonably allow you to be identified.

Data Controllers responsible for the Processing of your Personal Data

XL É«¶à¶àÊÓƵ Company SE, Hong Kong Branch
2401 Dorset House
Taikoo Place
979 King’s Road
Hong Kong

Catlin Hong Kong Limited
2401 Dorset House
Taikoo Place
979 King’s Road
Hong Kong

Personal data we use

As an insurance and reinsurance business, we need to obtain data about the individuals covered in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This is so that we can properly assess the risks associated with providing insurance or reinsuring a particular block of insurance policies and administer and manage our products and services. This privacy notice applies to any individual whose personal data, we process in the course of providing the services (each a data subject or you).

We may be required by law to collect certain personal data about you, or as a consequence of any contractual relationship we have with you. Failure to provide this data may prevent or delay the fulfilment of these obligations.

Data we collect about you

The type of data we may collect and process about you will depend upon the type of insurance we are offering or underwriting. It may include any of the below (where permitted by law):

  • Personal details: Your name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
  • Identification data and criminal data: Your government-issued ID card, driving licence, driving record and criminal record (but only where it is lawful to collect this data).
  • Contact Information: Your address, telephone numbers and email address.
  • Information about your family and home: Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics.
  • Employment and experience data: Your employment history, job role, salary, employment benefit options, educational background and any professional licences and qualifications.
  • Financial data: Details pertaining to your bank account, annual income, investment/savings, tax payer ID, credit history and transaction history.
  • Data to conduct our business: Data relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims histories, services relating to our businesses and your business dealings or relationship with us. From the data we collect about you, we may also derive or generate further data such as risk ratings.

Artificial Intelligence

Artificial Intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action or input. Certain tasks are increasingly being supported by AI. AI can be used for a number of different functions, for example, grouping data (identifying common characteristics or properties), classifying or labelling data, or using data to come to or recommend a decision or determine an action.

'Generative AI’ AI’ is a particular type of AI involving systems or models that are capable of creating new content (based on the data that they have been trained on) when given an instruction or input prompt by the user. The difference between generative AI and other AI technologies is that generative AI creates or generates ‘net-new’ outputs, which could be text or graphics. Generative AI analyses the data that it has been trained on (using machine learning algorithms) in order to create something entirely new based on the instruction that it has been given and its analysis, mimicking human creativity and intelligence.
We may use AI systems and tools (including generative AI) to support our activities and for different purposes which we explain in more detail below.

I. Business process improvement and efficiency, information security

We use AI to improve our business processes with a particular focus on simplifying complex processes, ensuring consistent standards and driving efficiencies. For example, we use AI to help triage, organise and compile documents, extract data for entry into the relevant systems and translate or summarise text. We also use AI to support our business management and development initiatives with activities such as idea generation and trends prediction, the creation of content and for research tasks, including internal and external communications. We also use AI to support our information security practices (for example, by automatically detecting potential data loss).

Sources of the information we collect

We collect personal data from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us. We also collect your personal data from a variety of sources:

  • From other insurance companies that we work with
  • From other reinsurers and retrocessionaries
  • From third party claims handlers who are involved in a claim or assist us in investigating or processing claims, including witnesses and external claims data collectors and verifiers
  • From our business partners with whom we work to provide insurance products
  • From public sources, such as public databases (where permitted by law)
  • From Lloyd’s Coverholders, insurance brokers or any other intermediaries
  • From third party evidence providers
  • From healthcare service providers
  • From financial institutions
  • From pension processing platforms
  • From individuals that you may be associated with (e.g. joint account holders, company employees or directors, family members, etc.)

Occasionally we may collect your personal data from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes. 

How we use your personal data and the basis on which we use it

We use your personal data to:

  • to provide our services and fulfil our contractual obligations to you and other third parties
  • to review, process and manage claims
  • to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services
  • to help us prevent and detect fraud, money laundering, terrorism and other crimes
  • to help develop new, and improve existing, services
  • to operate and expand our business activities
  • to carry out background checks, where lawful
  • to perform administrative activities in connection with our services
  • to exercise, defend and protect our legal rights or the rights of third parties
  • to comply with legal obligations and to cooperate with regulatory bodies to which we are subject
  • for research and development of new insurance products
  • to audit our business
  • for marketing purposes

We may obtain your consent to collect and use certain types of personal data when we are required to do so by law (for example, in relation to our direct marketing activities). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Statement.

Your rights over your personal data

You have certain rights regarding your personal data. These include the following rights to:

  • access your personal data;
  • correct the data we hold about you;
  • withdraw your consent to our use of your personal data.

If you would like to discuss or exercise such rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests.

Information Sharing

We may share your personal data with third parties under the following circumstances:

  • AXA group companies. We operate as a global business, so we may share your personal data with group companies who may use this information for the purposes described in this Privacy Statement.
  • É«¶à¶àÊÓƵ companies, Lloyd’s Coverholders, intermediaries, financial institutions, retrocessionaires and business partners. We may share your personal data with insurance companies, intermediaries, financial institutions, retrocessionaires and business partners that use your personal data in connection with the provision of insurance and processing of claims. For example, we may share your personal data with other reinsurance businesses for the purposes of settling claims.
  • Service providers. We may share your personal data with service providers that perform services and other business operations for us, for example, IT and analytics providers, actuarial service entities, auditors and advisers.
  • Any law enforcement agency, court, regulator, government authority or professional body. We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
  • Asset purchasers. We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Statement.
  • Customer companies. We may share our personal data with your company or employer in certain circumstances, for example, if your company has a corporate insurance product with us and you make a claim under that product.

Because we operate as part of a global business, the recipients referred to above may be located outside of Hong Kong. See the section on "International Data Transfer" below for more information.

International Data Transfer

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data under Hong Kong Personal Data (Privacy) Ordinance. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

Where we transfer personal data from Hong Kong or EU countries to AXA companies and service providers outside of Hong Kong or the European Economic Area (EEA), we provide safeguards to ensure the security and the confidentiality of your personal data, by framing the transfer through either (i) the or (ii) through when your personal data is transferred to other entities of the AXA Group.

Our Cookies Policy

When you visit our website, we may collect usage information to help us understand how our website is navigated and used.
Our website uses "cookies" to enhance your viewing experience. A cookie is a tiny element of data that is sent to your browser to be stored on your hard drive so that we can recognise you when you return. You may set your browser to notify you when you receive a cookie or refuse cookies from all websites, if you wish. Please note, however, that if you reject cookies it is possible that some web pages may not properly load or load at all, and your access to certain information might be denied or you might have to enter information about you more than once.

We use session cookies, persistent cookies and Google Analytics.

Session cookies: Session cookies allow our website to link the various actions of a user during a browser session, including which pages the user visited before visiting this one. Session cookies expire when the browser session ends.

Persistent cookies: Persistent cookies are stored on a user's device in between browser sessions, storing information about the preferences or actions of the user across a site (or possibly across different AXA Group websites).

Google Analytics: Google Analytics is a popular web analytics service that uses cookies to count the number of people that visit axaxl.com and help analyse how they use it (e.g., we can determine which pages on our site are visited most frequently). The information generated by the cookies (including your IP address) is transmitted to and stored by Google on its servers. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google uses this information to evaluate the way visitors use our website, compiling reports to us on website activity and providing other services relating to website activity and internet usage. The information also helps us improve this website. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Google undertakes not to associate your IP address with any other data held by Google.

Contact us

If you have questions about your rights or concerns regarding the way in which your personal data has been used, please contact our Data Protection Officer at dataprotectionAsia@axaxl.com.

Privacy Pages
THIS AXA WEBSITE USES COOKIES

É«¶à¶àÊÓƵ as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users’ social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings