Skip Navigation
 

AIG CJSC PRIVACY POLICY

Last updated: July 11, 2016

AIG Insurance Company Closed Joint Stock Company (AIG CJSC) pays special attention to protection of personal data and committed to its obligations regarding non-proliferation of information constituting confidential insurance information and sensitive data. According to the current legislation of the Russian Federation, personal data shall mean any information related directly or indirectly to identified or identifiable natural person (personal data subject). Processing personal data shall mean any action (operation) or a set of actions (operations) performed with personal data with the use of automated means or without using such means, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

This Policy of AIG CJSC is designed to meet the requirements of the Federal Law On personal data No. 152-FZ dated July 27, 2006 and other regulations of the Russian Federation governing processing and ensuring security of personal data.

This Policy establishes the principles, procedures and conditions for processing of personal data of clients, employees and other parties by AIG CJSC in order to ensure protection of human’s and citizen’s rights and freedoms when processing their personal data, including protection of rights to privacy, personal and family secret. This Policy also establishes the responsibility of employees of AIG CJSC and other parties, who received access to personal data, processed by AIG CJSC, for violations of requirements of the current legislation of the Russian Federation and internal policies, procedures and other documents of AIG CJSC regulating the rules of processing and ensuring security of personal data.

In order to coordinate the actions to ensure security of personal data, AIG CJSC appointed a person responsible for organizing the processing of personal data and a person responsible for security of personal data in the information system of AIG CJSC.

Processing of personal data by AIG CJSC is carried out only with the consent of the subject of personal data when such consent is necessary in accordance with the requirements of the Federal Law On personal data No. 152-FZ dated July 27, 2006 and under other regulations of the Russian Federation governing the procedure of processing and ensuring security of personal data. Such consent shall be given for processing personal data for a period no longer than required by the purpose of processing.

AIG CJSC shall timely make changes to processed personal data in order to ensure its accuracy, reliability and relevance, including in relation to personal data processing purposes. Changes to the personal data shall be made by the authorized employee of AIG CJSC, only on the basis of provided properly executed documentation. AIG CJSC assumes no liability for any losses incurred as a result of provision of incomplete or inaccurate personal data by personal data subjects.

Withdrawal of consent for processing of personal data can be made by the personal data subject or its legal representative only by filing a written application to AIG CJSC.

Processing of personal data by AIG CJSC is carried out in accordance with the following principles:

  • processing of personal data is carried out on legal and equitable basis;
  • processing of personal data is limited to achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with collection purposes is not allowed;
  • it is not allowed to merge databases containing personal data, processing which is made for incompatible purposes;
  • only personal data that meet the purposes of processing shall be processed;
  • the content and scope of personal data processed correspond to the declared purposes of processing. Processed personal data is not excessive in relation to the declared purposes of processing;
  • when processing personal data, its accuracy and adequacy is provided, and, where necessary, relevance of personal data shall be provided in relation to personal data processing purposes. Measures are being taken to remove or clarify incomplete or inaccurate data;
  • storage of personal data is carried out in a form that allows to define the subject of personal data, for a period no longer than required by the purposes of processing personal data, unless the personal data storage period is established by the federal law or contract under which the subject of personal data is the beneficiary or surety. Processed personal data shall be destroyed or depersonalization after achieving the purposes of processing or in case of loss of necessity to achieve such purposes, unless otherwise provided by the federal law;
  • it is not allowed to use personal data for the purpose of inflicting property and (or) non-pecuniary damage to the personal data subject or making obstacles in exercising their rights and freedoms.

If it is necessary to provide assistance in event of insurance case occurrence, and if disclosure and processing of information on health condition of the insured person is required for claim settlement, AIG CJSC shall have the right to process personal data relating to the special category (information on health condition, marital status and other data).

AIG CJSC shall have the right to transfer the personal data of clients, employees and other persons to third party, including across the state border, only in order to provide high quality services regarding conclusion, maintenance and performance of insurance contracts, as well as provision of other insurance related services, to the extent which is necessary for the fulfilment of obligations of AIG CJSC. AIG CJSC shall have the right to provide personal data to affiliates and entities within the AIG group of companies, as well as to the following processors of personal data, acting as subcontractors of AIG CJSC:

  • insurance brokers and insurance agents;
  • call (contact) centres, banks, service companies, providing services in the framework of maintaining insurance contracts (including collection of insurance premium, advising clients, making amendments to insurance contracts or termination at the request of one of the parties to the contract);
  • assistance companies, expert organizations, appraisers, surveyors, detectives, and other parties involved in claim settlement;
  • telecommunications companies;
  • law firms;
  • reinsurers / co-insurers or other duly authorized processors of personal data

The above-mentioned parties shall have the right to use automated, mechanical, manual, and any other methods of processing of personal data received.

Personal data and media transfer procedures, as well as accounting shall be carried out in accordance with internal documents of AIG CJSC. In case of transfer of personal data across the national borders, AIG CJSC shall cooperate only with those business partners who provide adequate protection of the rights of subjects of personal data and take all possible measures to ensure such protection. Within the framework of the current legislation of the Russian Federation, AIG CJSC is also required to provide personal data of clients, employees and other third parties at the request of public authorities within the framework of their powers.

AIG CJSC shall take all necessary measures to ensure personal data security during storage, including protection against unauthorized access, modification or deletion. AIG CJSC shall provide secure transfer of personal data and financial information:

  • Only those employees and third parties who need to use personal data for the purposes specified in this Policy shall have the access to personal data;
  • AIG CJSC shall not use personal data for marketing purposes without the consent of personal data subject;
  • AIG CJSC shall not use personal data for sending newsletters if the data subject has expressed its refusal regarding such actions.

Personal data shall not be processed for a period longer than necessary for purposes of receiving the personal data, or required by the current legislation of the Russian Federation, or internal documents of AIG CJSC.

When a person visits AIG CJSC website, cookie files are saved by the visitor's browser on the hard drive; AIG CJSC receives the information sent by the browser and the visitor's computer to AIG CJSC website. AIG CJSC uses such information only for statistical purposes and to improve AIG CJSC website in accordance with requirements of its visitors.

The information thus obtained is not transmitted and is not disclosed to third parties. Cookies do not contain any information that would allow identifying the visitor, and is automatically deleted a few weeks after visiting the website. The visitor can also delete cookies from the browser.

If you have any questions regarding processing your personal data, please contact AIG CJSC by e-mail personaldata.ru@aig.com

This Policy, together with the local regulations of AIG CJSC governing the procedure for processing and ensuring security of personal data, shall be binding for all AIG CJSC employees. The responsibility for disclosure or loss of personal data processed by AIG CJSC lies with each employee of AIG CJSC, who allowed such disclosure or loss. Employees and other parties of AIG CJSC, who have access to personal data processed, are warned of possible disciplinary, administrative, civil or criminal liability in case of violation of regulations and requirements of the current legislation of the Russian Federation on processing and ensuring security of personal data processed.

This Policy shall be reviewed and updated in case of changes to the legislation of the Russian Federation on processing and ensuring security of personal data processed, as well in case of changing internal processes and procedures of AIG CJSC.