Controller Contact Details
The Insurance Corporation of Barbados Limited (ICBL) is the data controller responsible for the personal information we process. As an organization we are committed to compliance with the Barbados Data Protection Act. This privacy notice describes:
- How ICBL collects uses, shares and secures your personal data
- The type of personal information we collect
- The lawful basis for processing your information
- Your rights as a data subject
Personal data is data, or a combination of pieces of information that could reasonably allow you to be identified.
If you have any questions about your rights or concerns about our use of your personal data or want to know more about our data processing activities, you can contact our Data Privacy Officer using the following information
Main number: (246) 434-6000
Postal Address: Roebuck St, P.O. Box 1221, Bridgetown, BB11000, Barbados
Data Subject Requests: Privacy Request Form
The type of personal information we collect
The type of information we collect and process from an individual may depend on the type of insurance we are offering or underwriting or the type of service or contractual relationship we are looking to procure. It may include any of the below:
Personal details: Your name, age, date of birth, place of birth, nationality, marital status, height, weight, political exposure status.
Government identifiers: Your government issued photo IDs such as passport, ID Card, driver’s license which will include your national registration number, passport number, license number, tax identification number, national insurance number.
Contact Information: Your home address, phone numbers, email address.
Information about your family, beneficiaries and dependents: Your family history, children’s, dependents or beneficiary’s name, age, gender and other personal details.
Employment Information: Employment history, occupation, employer and employer’s address.
Other information to conduct our business: Information relating to underwriting insurance products and to process insurance claims such as claims histories or information about vendors before entering contracts for products and services relating to our business.
Sensitive Personal Data
Some of the categories of information we collect are considered sensitive personal data. These include:
- Criminal records and convictions
- Health records such as you or your family’s medical history, genetic test results from local labs, death certificate and reports on medical diagnoses, tests and treatments acquired.
- Biometric information such as photo IDs
- Information about your personal lifestyle behaviours, mental and physical health and genetic information.
- Financial Information such as details pertaining to your bank and income.
Sources of the information we collect
Most of the personal data we process is provided to us directly by you to conduct business. For example, if you submit an application form for an insurance policy or contact us for quotations.
We also collect personal information from a variety of sources such as:
- From other insurance companies and financial institutions
- From third parties and attorneys who are involved in a claims process, which would include witnesses, third party evidence providers and independent surveyors
- From insurance brokers and administrators of companies who we provide group insurance products
- From healthcare service providers
- From various processing platforms used for policy administration, pensions and payment processing and other business functions
- From individuals you are associated with such as family members, spouse, beneficiaries and dependents
How we use personal information and the legal basis we use it
We use the information that you have given us in order to:
- To provide our services and fulfil our contractual obligations to customers, vendors and other third parties
- To conduct policy administration activities when onboarding and offboarding customers, along with the renewal and adjustments to existing policies
- To assist customers by ensuring their requests, issues and complaints are directed to the correct teams internally
- To conduct analysis of data that allows us to assess and underwrite risks, develop appropriate pricing for our products and services and to improve our services
- To maintain compliance with our legal and reporting obligations and to cooperate with regulatory bodies in an effort to detect and prevent terrorism, fraud, money laundering and other crimes
- To conduct Know Your Customer (KYC) processes
- For accounting and auditing purposes
- To execute procedures to review, process and manage claims
- To facilitate extensions of credit
- For the processing of payments and electronic funds transfers
- For the processing of pensions, loans and withdrawals
- For the valuation of pension plans
- To provide important notices to customers such as office closures and changes to branch operations
- For marketing purposes to provide updates on product related specials and information
- To conduct vendor management activities
Under the Barbados Data Protection Act, the lawful basis we rely on for processing this information are:
- Your consent. For example, you would give us consent to process your credit card and bank account information to receive payments via credit card or to make payments to your account.
You can remove your consent at any time. You can do this by contacting ICBL with the contact information provided.
- We have a contractual obligation. For example, to complete the necessary pre-contractual checks to ensure we can assess your suitability for the insurance products we offer and to provide the services you request. Fulfilment of contractual obligations may be delayed without the information required.
- We have a legal obligation. We have due diligence and reporting obligations from regulators and other government authorities.
- We have a legitimate interest. For example, to use information to improve products and services or to maintain accurate records.
- For the exercise of any functions conferred of a public authority.
Your rights over your personal information
Your rights under the Barbados Data Protection Act are as follows:
- Right to Access – You have the right to be informed about the details on the processing of your data.
- Right to Rectification – You have the right to ask us to rectify your personal information you think is inaccurate or incomplete.
- Right to Erasure – You have the right to ask us to erase your personal data in certain circumstances.
- Right to Restriction of Processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Right to Data Portability – You have the right to ask that we provide the personal data you provided in a structured, commonly used and machine-readable format to reuse for your own purposes.
- Right to Prevent Processing Likely to Cause Damage or Distress – You are entitled by written notice to request that we cease, or not to begin, processing of your data that may cause damage or distress to the data subject under certain circumstances.
- Right to Prevent Processing for Purposes of Direct Marketing – You are entitled by written notice to require that we cease processing of your data for the purposes of direct marketing.
- Rights Related to Automated Decision-Making and Profiling – You have the right not to be subject to a decision solely on automated processing, including profiling.
If you would like to discuss or exercise your rights, please contact us using the contact information provided or submit your data subject requests using the Privacy Request Form.
We encourage you to contact us to update or rectify your information if it changes or if the personal information, we have stored about you is inaccurate.
We use data processors who are third parties that provide elements of services for us, such as IT cloud platforms, software licenses, technical support and maintenance. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organization apart from us. They will hold it securely and retain it for the period we instruct.
ICBL may share your personal information with third parties under the following circumstances:
- We may share your information with other insurance companies, reinsurers, independent surveyors, intermediaries, financial institutions or other third parties in connection with the provision of insurance and processing of claims.
- We may share information with service providers that perform services such as actuarial and underwriting service providers, risk assessors, auditors, legal advisers and healthcare practitioners.
- We may also share you information with your insurance brokers and employers through their dedicated company administrators that facilitate the administration of group or individual plans.
- In some circumstances we are legally obligated to share information with regulatory bodies, public authorities or under a court order to facilitate settlements.
Your personal data may be transferred to be stored and processed in a country or territory outside of Barbados. In these scenarios we have put in place appropriate safeguards (such as contractual obligations) to ensure the security and the confidentiality of your personal data.
Information Security and Storage
We have implemented technical and organizational measures to ensure the appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
We will keep your personal data for as long as we have an ongoing relationship and for a period thereafter in accordance with our data retention policy.
We may modify or update this Privacy Notice as required. If changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you can exercise your rights under the Barbados Data Protection Act.
This privacy notice was updated on April 22nd, 2022