PRIVACY NOTICE – R.E. LEE INTERNATIONAL (MIDDLE EAST) LTD.

This Privacy Notice is provided by R.E. LEE INTERNATIONAL (MIDDLE EAST) LTD. (RE Lee International, 'we' or 'us'). We are a 'Controller' for the purposes of the DIFC Data Protection No 5 of 2020 (also referred to as the "Data Protection Law"). We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our Processing and your rights.

How to contact us
If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact:

Data Protection Manager Mary Wilson
Address: R.E. Lee International Group
RM 605 Fairmont House
8 Cotton Tree Drive
Central Hong Kong
Telephone number: + 971 4388 9040
Email: data@releeinternational.com

Changes to the Privacy Notice
The latest version of the Privacy Notice can be found here on our website at https://www.releeinternational.com/en/ We may change this Privacy Notice from time to time. We therefore recommend that you check this Privacy Policy on a regular basis.

Current Version: June 2021

USEFUL WORDS AND PHRASES

We have listed below certain words and phrases that have particular meanings in the Data Protection Law and are used throughout this Privacy Notice: 

Term

Definition

Commissioner 

This means the DIFC commissioner, appointed by the President of the DIFC pursuant to article 43 (1) of the Data Protection Law to administer and enforce the Data Protection Law. 

Controller 

This means any person who alone or jointly with others determines the purposes and means of the Processing of Personal Data. In this case, we are the Controller.

Data Protection Law

This means the DIFC Data Protection Law No. 5 of 2020 as may be amended.

Data Subject

This means the person to whom the personal data relates.

Identifiable Natural Person 

This means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and "Identified Natural Person" is interpreted accordingly).

Personal Data

This means any information any information referring to an identified or Identifiable Natural Person.

Processing

This means any operation or set of operations performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored personal data with the aim of limiting Processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on personal data by:

(a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or

(b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security.

Special Categories of Personal Data

This means any information relating to:

  • racial or ethnic origin or communal origin; 

  • political affiliation or opinions;

  • religious beliefs or beliefs of a similar nature;

  • criminal record;

  • trade union membership;

  • physical or mental health or condition;

  • sexual life; and

  • genetic data or biometric data to uniquely identify you.

WHAT PERSONAL DATA WE COLLECT AND WHAT WE USE IF FOR:  

We may collect, use, store and transfer different kinds of personal data about you, which we have been provided with as follows: 

 


 

HOW WE KEEP YOUR PERSONAL DATA SECURE:

We implement appropriate technical and organisational measures in order to protect your Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of Processing. We aim to ensure that the level of security and the measures adopted to protect your Personal Data are appropriate for the risks presented by the nature and use of your Personal Data.

 

WHY DO WE PROCESS YOUR PERSONAL DATA:

We use your Personal Data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is Processing your data lawful' for further detail): 

 

Origin of Data 

Why do we need it? 

Lawful basis for Processing

Application Form and 

Insurability Questionnaire 

to respond to your enquiries, to provide you with our advisory services 

  1. Processing is necessary for the performance of a contract we have with you; 

  2. Processing is necessary to fulfil our legitimate business interests;

  3. Processing is necessary to comply with a legal obligation (Tax and VAT collection);

  4. Processing is required for the purposes of preventive or occupational medicine, the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or the treatment or the management of health or social care systems and services;

  5. Processing is required for protecting members of the public against dishonesty, malpractice, incompetence or other improper conduct of persons providing insurance, investment, management consultancy including any resulting financial loss.

to communicate with you

  1. We have your consent to do so;

  2. Processing is necessary for the performance of a contract we have with you; 

  3. Processing is necessary to fulfil our legitimate business interests.

to screen the information you provided for potential risk or fraud

  1. Processing is in our business legitimate interests;

  2. To comply with our legal obligation; 

  3. Processing is required for protecting members of the public against dishonesty, malpractice, incompetence or other improper conduct of persons providing insurance, investment, management consultancy including any resulting financial loss.

Device Information

to help us screen for potential risk and fraud (in particular, your IP address)

Processing is in our business legitimate interests;

To comply with our legal obligation.

to improve and optimise our Site (for example, by generating analytics about how our customers browse and interact with the Site..

Processing is in our business legitimate interests.

Information collected via comments/feedback

to manage and improve our services and the way we communicate with you. 

Processing is in our business legitimate interests.

 

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL:

We are allowed to Process your Personal Data and any Special Categories of Personal Data based on the following legal bases for the purposes explained in this Privacy Policy. 

 

You can object to Processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.

 

 

 

ORGANISATIONS THAT WE MAY SHARE YOUR DATA WITH:

We use processors to support our IT systems and operate our website, such as website hosting and our IT services providers. Some of these service providers may Process your Personal Data as part of the services they offer to us. We take steps to ensure that our service providers treat your Personal Data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our other service providers, please contact us (see section "How to Contact Us"). 

 

Your Personal Data is transferred outside of the DIFC and the UAE for us to provide you with our services : 

 

Any transfer of your Personal Data outside the DIFC and the UAE will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms.]

 

RETENTION AND DELETION OF YOUR PERSONAL DATA:

We only retain your Personal Data for as long as we need it by law. The following categories of Personal Data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period: 

Data we Process 

How long this will be held for

Device Information (cookies/analytics data)

Thirty (30) days. 

Contract Information

Six (6) years after the last of the following: 

  1. an application is withdrawn or declined;

  2. a claim is settled;

  3. a policy is surrendered or cancelled;

  4. the policy service obligations are transferred to another distributor or service provider. 

Information from enquiry forms

Until the enquiry has been completed and no further responses are received for a reasonable period. If you are an existing customer, the enquiry may be added to the other contract information that we hold about you as a customer.

Complaints data

For a period of up to 6 years after resolution of the complaint. If you are an existing customer, the complaint and its resolution may be added to the other contract information that we hold about you as a customer.

 

YOUR RIGHTS:

You have the following legal rights under the Data Protection Law in relation to your Personal Data. You can exercise these rights free of charge, by contacting us (please see "How to contact us"). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months (in accordance with Article 33 (7) of the Data Protection Law). 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Law.

 

YOUR DATA PROTECTION RIGHTS

WHAT DOES THIS MEAN?

  1. Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data and what your rights are. This is why we are providing you this Privacy Notice.

  1. Right of access

You have the right to obtain access to your personal data we Process and certain other information (similar to that provided in this Privacy Notice).

This is so you are aware and can check that we are using your information in accordance with Data Protection Law. 

You may ask for:

  • A copy of your information;

  • Details of the purpose for which it is being Processed;

  • Details of the recipients or classes of recipients to whom it is or could be disclosed, including if they are overseas and what protections they have in place;

  • The period for which it is held (or the criteria which determines this);

  • Any information available about the source of the data; and

  • Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling. 

To help us find the information, please give us as much information as possible about the type of Personal Data you would like to see. 

  1. Right to rectification

You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section "How to Contact Us").  

  1. Rights to ask us to stop contact you with direct marketing 

You can ask us to stop contacting you for direct marketing purposes. If you would like to do so, please contact us. Alternatively, you can also click the 'unsubscribe' button at the bottom of the email newsletter. It may take up to 7 days for this to take place. 

  1. Right to erasure

This is also known as the 'right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where: 

  • You do not believe that we need your data in order to Process it for the purposes set out in this Privacy Notice;

  • If you had given us consent to Process your Personal Data, you withdraw that consent and we cannot otherwise legally Process your Personal Data;

  • You object to our Processing and we do not have any legitimate interests that mean we can continue to Process your Personal Data; or

  • Your Personal Data has been Processed unlawfully or have not been erased when it should have been. 

  1. Right to restrict Processing

You have rights to 'block' or suppress further use of your information. When Processing is restricted, we can still store your information, but may not use it further. You may request that we stop Processing your Personal Data temporarily if: 

  • You do not think your Personal Data is accurate. We will start Processing again once we have checked whether or not the Personal Data is accurate;

  • The Processing is unlawful but you do not want to erase your Personal Data;

  • We no longer need the Personal Data for our Processing, but you need the data to establish, exercise or defend legal claims; or 

  • You have objected to the Processing because you believe that your interests should override RE Lee International's legitimate interests. 

  1. Right to data portability 

You have rights in certain circumstances to obtain and reuse your Personal Data for your own purposes across different services. 

  1. Right to object to Processing

You have the right to object to certain types of Processing, including Processing based on our legitimate interests only. 

  1. Right to withdraw consent

If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your Personal Data with your consent up to that point is unlawful.)

We will contact you via electronic means (SMS or email) to allow you to assess the consent, which you have given us. 

  1. Non-Discrimination 

You have the right not to be discriminated against if you decide to exercise any of the rights mentioned above, including being:

  1. denied any products or services; 

  2. charged different prices or rates for goods or services;

  3. provided with a less favourable level or quality of products or services; or

  4. suggested that you will receive a less favourable price or rate for products or services because of your exercising of your rights. 

 

Notification to the Commissioner

It is important that you ensure you have read this Privacy Notice. If you do not think that we have Processed your Personal Data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to notify the Commissioner's Office of our breach by phone: +971 4 362 2222 or by email: commissioner@dp.difc.ae