1. Introduction
1.1 Troth Insurance Broking Private Limited is committed to protecting your privacy and maintaining the security of your personal information. This Privacy Policy explains how we collect, store, process, and use your data when you visit our website Trothinsurance.com or use our insurance services. By accessing our site, you confirm that you are at least 18 years old and have the legal capacity to enter into binding agreements. If you do not agree with our practices, please refrain from using our website.
1.2. In today’s digital world, privacy has become an increasing concern, we recognize the privacy requirements of individuals and treat this information with utmost respect and care. The personal data (“Personal Information” includes sensitive personal information) that we collect from you (our customer, their employees, channel partners, potential and prospective customers) is important to us for the fulfilment of various requirements and necessary safeguards are put in place to ensure that the privacy and security of the collected data are met.
1.3. This Privacy Policy is applicable to our insurance broking services that we provide to our customers and their employees, and to those who are not our customers but interact with us as part of running our business such as:
1.3.1. Availing our services – paid for by someone else;
1.3.2. Taking part in a survey or trial or wellness program
1.3.3. Entering a promotional event/activity
1.3.4. Reaching out to our helpdesk
1.3.5. Generally enquiring about our services
1.3.6. Prospective customers with whom discussions are ongoing and who might wish to engage our services in future.
1.3.7. Availing any services, either paid for by us or any other person, which requires sharing of personal information with us.
1.4. This privacy policy will also apply, if you need to give us personal information about someone else in relation to our products and services. And if we need the permission of the other person to use that information, we will assume that you have obtained their permission before sharing a third party’s personal information with us.
1.5. This Privacy Policy provides you with details about the manner in which your data is collected, stored, processed, transferred and / or used Troth Insurance Broking Private Limited Ltd. You are advised to read this Privacy Policy carefully.
2. Why Do We Have A Privacy Policy?
2.1. We are under a legal obligation to let you know what personal information we collect about you; what we use it for and to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it. This has been written in line with our obligations under the Information Technology Act 2000 and its amendments and the rules thereunder, as they apply in India.
2.2. The reasons we collect information are set out in this privacy policy. As an insurance broking service provider, most of what we do – from liaison with insurers and third-party administrators to developing and promoting our services – involves using personal information. And we believe that it is very important for our customers to trust us with that information. We want you to be confident that we will keep it secure and use it both lawfully and ethically, respecting your privacy.
2.3. Our support for the right to privacy, as part of our broader commitment to good corporate citizenship is stated in our privacy by design framework. And our privacy policy explains in detail how we use your personal information. It describes what we do (or what we may do) from the moment you ask for a service from us, when we may use your information for checking best available insurance options, through to providing and billing for that service. It also applies to marketing other products that we think will interest you.
2.4. But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you or the insurer for it as the case may be.
2.5. Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We tend to need permission when what is proposed is more intrusive (for example, sharing your contact details with other organizations so they can market their own products and services to you).
2.6. But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks). But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, or to ‘profiling you’ for marketing purposes, we must then stop.
2.7. This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.
2.8. The term “Process/Processing” and other variations of the word include ‘to collect, record, organize, structure, adapt, alter, retrieve, use, process, store, transfer, align, combine, index, and disclose (by transmission, dissemination or otherwise), make available, restrict, erase or destroy’.
2.9. This policy doesn’t apply to information about our employees or shareholders. It also doesn’t cover other companies or organizations (which advertise our products and services and use cookies, tags and other technology) collecting and using your personal information to offer relevant online advertisements to you.
2.10. If you link to other organizations’ websites, apps, products, services and social media from our websites, this privacy policy doesn’t apply to how those other organizations use your personal information.
2.11. You should review their privacy policies before giving them your personal information.
3. What Information We Collect and What We Use It For?
3.1. The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information.
3.2. We’ll use your personal information to provide you our services. This applies when you register for service from us. Or if you register for a wellness program with us or download and register on one of our apps.
3.3. This means we will:
3.3.1. record details about the services you use or structure through us;
3.3.2. send you service-information messages (we will send you messages to confirm your order and tell you about any changes that might affect your service, like when we have infrastructure work planned or need to fix something);
3.3.3. update you on when we’ll deliver the services;
3.3.4. let you create and log in to the online accounts we run;
3.3.5. charge you and make sure your payment reaches us where applicable;
3.3.6. filter any content you ask us to (any content our partners ask us to, such as your medical history for a wellness program);
3.3.7. give information to someone else (if we need to for the service you’ve registered to avail) or to the insurer or a third-party administrator during a claim.
3.4. We use the following to provide services and manage your account.
3.4.1. Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords, and credentials (such as the security questions and answers we have on your account).
3.4.2. Your health and financial information.
3.4.3. Your communications with us, including emails, webchats, and phone calls. We’ll also keep records of any settings or communication preferences you choose.
3.4.4. Details of the services you have registered to avail with us, how they are performing and how you use them – including your policy structuring and claims records.
3.4.5. Information from cookies placed on your connected devices that we need so we can provide a service.
3.5. We use this information to carry out our contract (or to prepare a contract) and provide services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the service you requested from us.
3.6. We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
3.6.1. Identify, and let you know about services that interest you;
3.6.2. share within our team for administrative purposes and to tailor the information we provide to you and inform you about products that may be of interest to you;
3.6.3. create aggregated and anonymized information for further use;
3.6.4. detect and prevent fraud including sharing with identified agencies/ law enforcement bodies so they can protect you against fraud and maintain accurate records; and
3.6.5. secure and protect our network.
3.7. To market to you and to identify permissible products and services that interest you, we will use your personal information to send you direct marketing and to better identify permissible services that interest you. We do that if you’re one of our customers or if you’ve been in touch with us another way (such as entering a wellness program, prize promotion or competition).
3.8. This means we’ll:
3.8.1. create a profile about you to better understand you as a customer and tailor the communications we send you (including our mailing and marketing messages);
3.8.2. tell you about other products and services you might be interested in;
3.8.3. recommend better ways to manage what you spend with us, like suggesting a more suitable product based on what you use;
3.8.4. try to identify products and services you’re interested in; and
3.8.5. show you more relevant content (both on our and other parties’ apps and sites) and work with other well-known brands to make theirs more suitable too.
3.9. We use the following for marketing and to identify the products and services you’re interested in, where applicable.
3.9.1. Your contact details. This includes your name, gender, address, phone number, date of birth and email address.
3.9.2. Your health and financial information.
3.9.3. Information from cookies and tags placed on your connected devices.
3.9.4. Information from other organizations such as aggregated demographic data, data brokers (such as DnB), our partners and publicly available sources like the LinkedIn and business directories.
3.9.5. Details of the products and services you have bought with us and how you use them – including your insurance policy structure and claims records.
3.10. We’ll send you information (about the services we provide) by phone, post, email, text message, online banner advertising or a notice using our apps. We also use the information we have about you to personalize these messages wherever we can as we believe it is important to make them relevant to you. We do this because we have a legitimate business interest in keeping you up to date with our products and services, making them relevant to you and making sure you manage your spending with us. We also check that you are happy for us to send you marketing messages by text or email before we do so. In each message we send, you also have the option to opt out.
3.11. We’ll only market other organizations’ products and services if you have said it is OK for us to do so and it is permitted under applicable laws and IRDA regulations.
3.12. You can ask us to stop sending you marketing information or withdraw your permission at any time, as set out above.
3.13. Read Section 4 for more details on how we use cookies.
3.14. To create aggregated and anonymized data, we will use your personal information to create aggregated and anonymized information. Nobody can identify you from that information and we’ll use it to:
3.14.1. make sure our services are working properly and continuously improve and develop our services for our customers;
3.14.2. run management and corporate reporting, research and analytics, and to improve the business; and
3.14.3. provide other organizations with aggregated and anonymous reports where required
3.15. We may have a legitimate interest in generating insights that will help us operate our network and business or would be useful to other organizations.
3.16. To develop our business and build a better understanding of what our customers want
3.17. This means we’ll:
3.17.1. maintain, develop and test our services, to provide you with a better service;
3.17.2. train our people and suppliers to provide you with services (but we make the information anonymous beforehand wherever possible);
3.17.3. create a profile about you to better understand you as our customer;
3.17.4. share personal information within us for administrative purposes, such as sharing contact details so we can get in touch with you and details of what you buy from different verticals within us; and
3.17.5. make and defend claims to protect our business interests.
3.17.6. run surveys and market research about our services.
3.18. If we use this information for market research, training, testing, development purposes, defend or bring claims, or to create a profile about you, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our customers’ needs.
3.19. We create a profile about you based on what you have registered to avail from us and how you use our services. This helps us tailor the offers we share with you. You can ask us to stop profiling you for marketing purposes at any time, as set out above.
4. Cookies and Tracking Technology
A cookie is a small data file that certain Web sites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you’ve visited, but the only personal information a cookie can contain is information you supply yourself. A cookie can’t read data off your hard disk or read cookie files created by other sites. Cookies save you time, for example, if you personalize a web page, or navigate within a Site; a cookie recalls your specific information on subsequent visits. www.prudentbrokers.com also uses cookies to track user traffic patterns. We do this to determine the usefulness of our website information to our users and to see how effective our navigational structure is in helping users find the information on our site. Most web browsers automatically accept cookies; however, you can modify your browser setting to decline cookies.
In addition to cookies, our site uses a variety of technical methods for tracking purposes, which may include web beacons. Web beacons are small pieces of data that are embedded in images on the pages of web sites. www.prudentbrokers.com also uses t
5. Who Do We Share Your Information With?
5.1. Being an insurance broker, requires us to liaise with our customer, the insurance company and appointed third party administrators and surveyors. To fulfill our role as a broker and to provide you with the contracted services, we will share your information with:
5.1.1. Identified personnel from your organization – (for corporate clients)
5.1.2. Insurance Company – for seeking quotes.
5.1.3. Third Party Administrator – as appointed by the Insurance Company
5.1.4. Insurance Surveyors and Valuers
5.1.5. Partnered agencies offering value added services like Wellness
5.1.6. Third Party service providers providing services to us. (Note: broking services and other core services are not outsourced)
5.2. We might have to release personal information about you to meet our legal and regulatory obligations.
5.3. With law enforcement agencies, for the investigatory powers conferred to them under various laws, we might have to share personal information about you to government and law-enforcement agencies, such as the police, to help detect and stop crime, prosecute offenders, and protect national security. They might ask for the following details.
5.3.1. Your contact details. This includes your name, gender, address, phone number, date of birth, email address, passwords, and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us.
5.3.2. Your communications with us, such as calls, emails, texts, chats and webchats.
5.3.3. Your health and financial information.
5.3.4. Details of the services you have availed and how you use them – including your policy and claims records.
5.4. The balance between privacy and investigatory powers is challenging. We share your personal information when the law says we have to, but we have strong oversight of what we do and get expert advice to make sure we’re doing the right thing to protect your right to privacy.
5.5. We’ll also share personal information about you where we have to legally share it with another person. That might be when a law says we have to share that information or because of a court order.
5.6. In limited circumstances, we may also share your information with other public authorities. However, we would need to be satisfied that a request for information is lawful and proportionate (in other words, appropriate to the request).
5.7. We will be required to share information with regulators like IRDAI when called upon and store all such collected information for a period as prescribed from time to time.
6. Where Is Your Information Processed?
6.1. We are an organization registered in India having business functions and processing facilities in India only. All information is processed by our employees in company owned assets having adequate security controls and in our private cloud hosted in India availed through a leading service provider in India.
6.2. We do not transfer your personal information outside India nor process any component outside India.
6.3. If we need to transfer your personal information to another organization for processing in other countries, we will only do so if we have model contracts or other appropriate safeguards (protection) in place and as permissible by prevailing law.
6.4. If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they will have to keep it confidential.
6.5. We always follow the law and delete your information when we no longer need to keep it.
7. Security of Your Information.
7.1. We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.
8. How Long Do We Retain Your Information.
8.1. We Retain information for the following time period, unless a longer retention duration is prescribed under applicable law or pursuant to an order of a court or authority:
8.1.1. All insurance related data and components associated with such are retained for 10 years.
8.1.2. Emails and communication for 10 years.
8.1.3. CCTV footages for 90 days
8.2. In other cases, we store personal information for the period needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we will keep it for longer if we need to by law, regulations or order of a court, or similar authority. Otherwise, we delete it.
9. Accessing And Updating Your Information
9.1. As allowed by law, you can access and update the information we hold about you are using our online form. Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.
9.2. We’ll always try to help you with your request, but we can refuse if we believe doing so would have a negative effect on others or the law prevents us. And even though we must complete your request free of charge, we are allowed to reject requests if:
9.2.1. they’re repetitive.
9.2.2. you don’t have the right to ask for the information; or
9.2.3. the requests made are excessive.
If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.
9.3. If you want a copy of your information, you may log in to your Account with Troth Insurance Broking Private limited you may reach out to the identified account manager for your organization, and we’ll send it to you. (You must be the account holder to ask for this information).
9.4. If you want to see what contact information we hold about you, you can also log in to your account. It’s quick and simple to access it this way.
9.5. You can also ask us for a copy of the information we hold about you are using our online form here.
9.6. If you work for one of our corporate customers, where possible, please ask your employer – they’ll ask for this on your behalf.
9.7. It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or you send us a lot of requests at once.
9.8. You can ask us to correct, complete, delete or stop using any personal information we hold about you by using our online form here.
9.9. If you’re worried about how we send you marketing information, have a look at the section above on how to check or change those settings.
9.10. If you want us to stop using personal information we’ve collected via cookies on our website or apps, you should either change your cookie settings here or change the settings for your app. In some cases, we might decide to keep information, even if you ask us not to. This could be for legal or regulatory reasons, so that we can keep providing our products and services, or for another legitimate reason. For example, we keep certain claims information to show we have advised you correctly. But we’ll always tell you why we keep the information.
9.11. We aim to provide our services in a way that protects information and respects your request. Because of this, when you delete or change (or ask us to delete or change) your information from our systems, we might not do so straight away from our back-up systems or copies on our active servers. And we may need to keep some information to fulfil your request (for example, keeping your email address to make sure it’s not on our mailing list).
9.12. Where we can, we’ll confirm any changes. For example, we’ll check a change of address against the Postal Address File, or we might ask you to confirm it.
9.13. If we’ve asked for your permission to provide a service, you can withdraw that permission at any time. It’ll take us up to 30 days to do that. And it only applies to how we use your personal information in the future, not what we’ve done in the past (for example, if we’ve run an eligibility check at the start of your contract).
10. Notification of Changes to the Privacy Policy
Troth Insurance Private Limited reserves the right to revise this Privacy Policy from time to time as per organization needs or to abide by new regulations, by posting notice of the amendment as appropriate. To the extent permitted by applicable law, such changes will be applicable from the time they are posted.
11. Contact Information
If you have any questions or suggestions regarding our privacy policy, please contact us at:
Email: [email protected]
ISMS Policy
- Information security is a business responsibility shared by all employees and third parties of Troth Insurance Private Limited. A management framework shall be established to initiate and control the implementation of information security within the organization.
- An Information Security Organization Structure shall be established comprising of all the identified business Groups and senior management personnel of the Organization.
- Roles and Responsibilities shall be clearly defined and communicated to the identified functionaries of the Information Security Organization.
- The management shall ensure that the ISMS (Information Security Management System) policies and procedures are reviewed at planned intervals or if significant changes occur to ensure that policies are suitable to current business environment and are effective and ensure adequacy in the establishment, maintenance and sustenance of Information Security in the organization.
- The management shall ensure that requisite support be provided in terms of manpower and resources for the implementation, execution, monitoring and review of ISMS in the Organization.
- The Information Security Organization shall ensure that in pursuant with the requirements of Information Security confidentiality agreements with relevant clauses protecting the interests of the Organization shall be developed.
- Contact with special interest Groups (where possible) like ISACA, CERT-IN, NASSCOM, SANS, NIST, Cyber-Cell shall be maintained/established to get updates on industry best practices in process optimization and on mitigation modalities for new threats and vulnerabilities identified and reported by these agencies.
- The policies and procedures so developed as a part of the ISMS along with the controls selected for mitigation of identified risks shall be reviewed independently by the Internal Audit Security team of the Organization or through an identified third party with a predefined periodicity or when there is any change to the business environment on account of regulatory changes or otherwise.
- Commissioning of new information processing facilities shall be done only after the approval from the identified members of the Information Security Organization.
- The review of ISMS shall be as per the standard agenda as mentioned in the Framework Document.
- At least one review shall be conducted where 75% of apex committee members should be required. There shall not be any absenteeism during the annual review of the ISMS.
Changes to this ISMS Policy
Our ISMS policy may change at any time without prior notification. To make sure that you are aware of any changes, kindly review the policy periodically. This ISMS Policy shall apply uniformly to PIBL organization.
Consent
If you have any questions or suggestions regarding our policy or any interested party who wish to see any of our policy may write to us at: [email protected]
