Looking at the EU’s data privacy law
The GDPR, if you haven’t heard of it, is the EU’s latest regulation on data and privacy. The main aspect of this law is that it gives people the right to view, modify, and request deletion of their personal data. In short, it gives people more control over their personal data while also requiring companies to implement less ambiguous privacy policies and stronger data privacy systems.
A key component of this law is that unlike privacy policies in other countries, the GDPR applies to all citizens and residents of the EU, regardless of their location. It also applies to all companies (foreign and domestic) that collect, track, and utilize data of those from the EU.
This is incredibly far reaching because it affects many companies who don’t even have operations in the EU but do sell to, or work with residents or citizens. For example, if a company has operations in Hong Kong but has European customers who live in the city, they are now required to be compliant with GDPR regulations.
As a global insurance broker, we offer a variety of products to people from all over the world, one of the most popular being international private medical insurance (IPMI). These products are designed to cover health care anywhere in the world, which makes them popular with expats and companies alike.
Due to their international nature and the large number of expats we work with, we have many clients from the EU. This means we are required to ensure that our data collection and privacy methods are compliant.
To explain this, we have broken our policy down into the following sections:
- Our stance on data collection, processing, and protection
- What data we collect
- Who collects the data
- How data is collected
- Consent and data
- Why we collect data
- How we use the data collected
- When we share data
- How you can view, edit, or delete your data
- How we utilize cookies
The sections above all contain a fairly large amount of information to take in and process. To summarize: Pacific Prime only collects data that is contractually necessary – in order for an insurer to offer and underwrite a plan they require specific data. As a broker, we are required to collect this data if you purchase a plan from us – or for marketing purposes.
Data collected by us is never sold to third parties and we will only provide third parties the data they require. For example, if you already have a plan through Pacific Prime and are looking to secure another one, we will only provide/request the necessary data. We never ask for data that is not necessary.
Be aware however, that if you are in the process of applying for insurance and request that we delete your data we might not be able to complete the process or there may be delays and complications with the process.
Is Pacific Prime GDPR compliant?
We have taken every step possible to ensure that the data collection, processing, and storage operations we have implemented are compliant with the GDPR and any relevant local privacy policies where we have offices.
I am not from the EU, does this law apply to me?
Do I need to provide Pacific Prime with any extra private data?
We have actually been following the general data collection principles set out by the GDPR for a number of years now – namely, we only collect personal data that is contractually necessary. This means that if you have already provided data to us, there is nothing else you need to provide at this time.
If you are not a client or are a new website user, we will only request data that is required to start the insurance application process.