Last updated: July 11, 2016
AIG Insurance Company Closed Joint Stock Company (AIG CJSC) pays special attention to protection of personal data and committed to its obligations regarding non-proliferation of information constituting confidential insurance information and sensitive data. According to the current legislation of the Russian Federation, personal data shall mean any information related directly or indirectly to identified or identifiable natural person (personal data subject). Processing personal data shall mean any action (operation) or a set of actions (operations) performed with personal data with the use of automated means or without using such means, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
This Policy of AIG CJSC is designed to meet the requirements of the Federal Law On personal data No. 152-FZ dated July 27, 2006 and other regulations of the Russian Federation governing processing and ensuring security of personal data.
This Policy establishes the principles, procedures and conditions for processing of personal data of clients, employees and other parties by AIG CJSC in order to ensure protection of human’s and citizen’s rights and freedoms when processing their personal data, including protection of rights to privacy, personal and family secret. This Policy also establishes the responsibility of employees of AIG CJSC and other parties, who received access to personal data, processed by AIG CJSC, for violations of requirements of the current legislation of the Russian Federation and internal policies, procedures and other documents of AIG CJSC regulating the rules of processing and ensuring security of personal data.
In order to coordinate the actions to ensure security of personal data, AIG CJSC appointed a person responsible for organizing the processing of personal data and a person responsible for security of personal data in the information system of AIG CJSC.
Processing of personal data by AIG CJSC is carried out only with the consent of the subject of personal data when such consent is necessary in accordance with the requirements of the Federal Law On personal data No. 152-FZ dated July 27, 2006 and under other regulations of the Russian Federation governing the procedure of processing and ensuring security of personal data. Such consent shall be given for processing personal data for a period no longer than required by the purpose of processing.
AIG CJSC shall timely make changes to processed personal data in order to ensure its accuracy, reliability and relevance, including in relation to personal data processing purposes. Changes to the personal data shall be made by the authorized employee of AIG CJSC, only on the basis of provided properly executed documentation. AIG CJSC assumes no liability for any losses incurred as a result of provision of incomplete or inaccurate personal data by personal data subjects.
Withdrawal of consent for processing of personal data can be made by the personal data subject or its legal representative only by filing a written application to AIG CJSC.
Processing of personal data by AIG CJSC is carried out in accordance with the following principles:
If it is necessary to provide assistance in event of insurance case occurrence, and if disclosure and processing of information on health condition of the insured person is required for claim settlement, AIG CJSC shall have the right to process personal data relating to the special category (information on health condition, marital status and other data).
AIG CJSC shall have the right to transfer the personal data of clients, employees and other persons to third party, including across the state border, only in order to provide high quality services regarding conclusion, maintenance and performance of insurance contracts, as well as provision of other insurance related services, to the extent which is necessary for the fulfilment of obligations of AIG CJSC. AIG CJSC shall have the right to provide personal data to affiliates and entities within the AIG group of companies, as well as to the following processors of personal data, acting as subcontractors of AIG CJSC:
The above-mentioned parties shall have the right to use automated, mechanical, manual, and any other methods of processing of personal data received.
Personal data and media transfer procedures, as well as accounting shall be carried out in accordance with internal documents of AIG CJSC. In case of transfer of personal data across the national borders, AIG CJSC shall cooperate only with those business partners who provide adequate protection of the rights of subjects of personal data and take all possible measures to ensure such protection. Within the framework of the current legislation of the Russian Federation, AIG CJSC is also required to provide personal data of clients, employees and other third parties at the request of public authorities within the framework of their powers.
AIG CJSC shall take all necessary measures to ensure personal data security during storage, including protection against unauthorized access, modification or deletion. AIG CJSC shall provide secure transfer of personal data and financial information:
Personal data shall not be processed for a period longer than necessary for purposes of receiving the personal data, or required by the current legislation of the Russian Federation, or internal documents of AIG CJSC.
When a person visits AIG CJSC website, cookie files are saved by the visitor's browser on the hard drive; AIG CJSC receives the information sent by the browser and the visitor's computer to AIG CJSC website. AIG CJSC uses such information only for statistical purposes and to improve AIG CJSC website in accordance with requirements of its visitors.
The information thus obtained is not transmitted and is not disclosed to third parties. Cookies do not contain any information that would allow identifying the visitor, and is automatically deleted a few weeks after visiting the website. The visitor can also delete cookies from the browser.
If you have any questions regarding processing your personal data, please contact AIG CJSC by e-mail firstname.lastname@example.org
This Policy, together with the local regulations of AIG CJSC governing the procedure for processing and ensuring security of personal data, shall be binding for all AIG CJSC employees. The responsibility for disclosure or loss of personal data processed by AIG CJSC lies with each employee of AIG CJSC, who allowed such disclosure or loss. Employees and other parties of AIG CJSC, who have access to personal data processed, are warned of possible disciplinary, administrative, civil or criminal liability in case of violation of regulations and requirements of the current legislation of the Russian Federation on processing and ensuring security of personal data processed.
This Policy shall be reviewed and updated in case of changes to the legislation of the Russian Federation on processing and ensuring security of personal data processed, as well in case of changing internal processes and procedures of AIG CJSC.