Purpose

IGI Life (hereafter referred as Company) is committed to protecting the privacy of personal data of our employees and all individuals whose personal data we process in the course of our business operations. This privacy policy is to provide you with information on how we collect, use, store, and protect your personal data.

Scope

This policy applies to all personal data that our company processes to provide our intended services, regardless of the format or medium in which it is stored or processed. This includes personal data that is collected from our employees, clients, suppliers, business partners, and any other individuals.

Interpretation

• Data Controller: A data controller is a person or organization that determines the purposes, conditions, and means of processing personal data.
• Data Processor: A data processor is a person or organization that processes personal data on behalf of the data controller.
• Data Subject: A data subject is an individual who is the subject of personal data that is processed by a data controller or data processor.
• Personal Data: Personal data is any information that relates to an identified or identifiable individual. This can include but not limit to a person’s name, date of birth, national identity card, address, email address, phone number, IP address, or hiring information, medical information, financial information, employee benefits, dependents, any other information that can be used to identify the Data subject.

• Process means any action performed on personal data. Such actions are included but limited to: Collecting, Recording, analyzing, organizing, modifying, gathering, handling, transferring, retaining, and deleting.

General Principle

The Company will only process personal data with the purpose or a reasonably related purpose for which they were collected. The company will not process such personal information in a manner that is incompatible with such purposes unless the relevant data subject has provided consent upon such action. In addition, the company will perform at its best endeavor to ensure personal data being processed is accurate and up to-date. Purposes for processing personal data must be legal and reasonable, which includes and not limit to

• performance of legitimate business interests of the company
• performance of legitimate operational interests of the company
• compliance with the legal. Regulatory, and statutory requirements/ obligations.

The company will document records of processing and such documentation will be stored with security measures in database to ensure confidentiality, processing integrity, availability, security and privacy of such sensitive information. They will be reviewed and accessed on a need-to-know basis.

Collection and Use of Personal Data

The Company may collect and process personal data for the following purposes:

• To manage our employees’ contracts, salaries, benefits, and performance
• To comply with legal and regulatory requirements
• To provide services to our clients
• To conduct research and analysis
• To improve our products and services

We may collect and process personal data such as:

• Personal/ Contact information (name, date of birth, national identity card, address, email, phone number, Personal Identification Number)
• Employment information (job title, department, employment history, educational background, and professional qualifications)
• Financial information (bank account details, tax information)
• Information about your preferences and interests

The company will not collect or process any personal data that is not necessary for the purposes stated above.

• Protection of Personal Data

The company takes appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction. This also require our employees and contractors to comply with our Information Security/ Privacy policy and applicable data protection laws.

• Sharing of Personal Data

Company may share personal data with third-party service providers who process personal data on our behalf, such as payroll processors and other service providers. This will only share personal data with third-party service providers who have agreed to comply with SLA/ NDA, our privacy policy and applicable data protection laws, regulations, and statutory requirements.

• Retention of Personal Data

The company will retain personal data for an adequate and relevant period of time for providing services to our clients and in compliance with legal, regulatory, and statutory requirements. Once, the data has completed its useful life, it will be disposed of in a manner that dissolves it ability to identify or re-identify data subject in compliance with data retention and disposal policy.

• Data Subject Rights

The individual has the right to:

• Access/ review personal data
• Correct or update personal data
• Request for data Erasure
• Object to the processing of personal data
• Request that we restrict the processing of personal data.
• Request that we transfer personal data to another data controller.

If any individual wishes to exercise any of these rights, his request will be entertained in compliance with local regulatory and statutory obligations and business requirements.

• Privacy with Vitality

• By engaging with the Program, information linked to customer and their interactions with the Program (e.g. physical activity, reward earning events and redemption, and form submission) will be collected or created by Vitality. Customer can also choose to allow certain devices and mobile applications, such as Google Fit, to sync data to a Vitality Application they use.
• Device’s information such as type of device, operating system, data that customer has synced, which may include health and fitness related information and location information, upon customer’s consent may be collected by Vitality.
• Vitality only utilizes personal information of the customer in accordance with the privacy policy.

Purpose for collecting personal information may include but not limit to:

• To administer and manage customer’s account
• To resolve any complaints or inquiries customer may have
• For management of debt owed to Vitality, if applicable
• To prevent, detect, and investigate fraud or security incident
• For Vitality company and management information purposes and internal analysis of products and services
• Incentive administration
• Improve customer experience
• Fulfilment and compliance against legal obligations
• Creating De-identified or Aggregated Datasets

• • Personal information of the customer is handled as strictly confidential and with adequate security.
  • Information during transmission between customer’s web browser and vitality shall be protected with SSL.
  • Personal information of customer shall be adequately protected using international and industry best practices.
  • In case if sub-contractor, agents, service providers, third-party partners, affiliates, subsidiaries, is required to be shared with customer’s personal information to enable them to function or provide service on behalf of vitality. Organization shall only share customer’s personal information such as: PI collected from Google Fit, for consented business purposes.

Training and Awareness

The company is dedicated for providing the training and awareness to employees and contractors on our privacy policy and applicable data protection laws who have access to personal data in order to meet their job requirement.

Compliance

The Company is committed to comply with all applicable data protection laws and regulations.

Privacy Policy is subjected to be reviewed every 18 months to ensure our security measures are in line with current laws and regulations.