DATA PRIVACY STATEMENT

AROPE INSURANCE SAL (referred to as ‘we’, ‘us’, ‘our’, ‘AROPE’) is committed to protecting your privacy and handling your personal data in a fair, secure and transparent manner. The categories of personal data that we process depend on the product or service requested and agreed to be provided in each case.  

This privacy statement provides an overview of how we collect and process your personal data and your rights under the applicable data protection law. The information below is applicable to current and potential clients and employees of AROPE as well as to other individuals using our website.

This privacy statement is directed to ‘natural persons’ as well as to authorized representatives or agents/signatories or beneficial owners of ‘legal entities’.

For the purposes of this Privacy Statement

When we refer to “personal data”, “data” or “personal information” we mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

When we refer to “processing” we mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and 

When we refer to “sensitive personal data”, we mean personal data, which may reveal information about your racial or ethnic origin, political opinion, religious beliefs, trade union activities, physical or mental health, sexual life, genetic or biometric data. 

In our effort to be compliant with the applicable data protection laws, we adhere to the following principles:

The data we hold about you will be:

a) Processed lawfully, fairly and in a transparent way.

b) Collected only for valid purposes that we have clearly informed to you and not processed in any way that is incompatible with those purposes.

c) Relevant to the purposes we have informed you about and limited only to those purposes.

d) Accurate and kept up to date.

e) Kept only as long as necessary for the purposes we have informed you about.

f)  Securely processed with the appropriate technical and organizational measures.

Who we are

This privacy statement relates to the personal data collected and processed by AROPE Insurance S.A.L. with head office at Michel El-Murr Street, AROPE Building, P.O.Box 113-5686, Beirut – Lebanon, Telephone 009611905777, Fax 009611886786, email address arope@arope.com, RCB 32357, MoF 4940, Insurance Companies register No. 153 dated 30/07/1974 and subject to the provisions of the Insurance Regulation Law.

آروب للتأمين ش.م.ل. | السجل التجاري 32357 | الرقم المالي 4940 | شركة مسجلة بسجل هيئات الضمان تحت الرقم 153 تاريخ 30/07/1974 وخاضعة لأحكام قانون تنظيم هيئات الضمان

This privacy statement also contains information about when we share your personal data with other members of AROPE Group or other parties (for example, our service providers or suppliers).

“AROPE Group” comprises of:

AROPE Lebanon

AROPE Insurance S.A.L.

AROPE Egypt Subsidiaries

AROPE Insurance for Properties and Liabilities S.A.E.

AROPE Life Insurance S.A.E.

In this privacy statement, your data is sometimes referred as “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and store your personal data as “processing” such personal data.

When we refer to “our Website” or “Website” in this statement we mean the specific webpages of AROPE. 

www.arope.com is comprised of various regional, country, and practice specific websites, each of which is provided by AROPE. To learn more about the AROPE Group, please check the “About us” section of our website. 

Other areas of arope.com

Please note that the other websites contained within www.arope.com are provided by other entities within the Group. Such websites, as well as other websites that may be linked to this website, are governed by other specific privacy statements and we encourage visitors to review the privacy statements on each of these other websites before disclosing any personal data. Any possible differences between the privacy statements on the various websites will be due to local regulatory differences and/or product and service provisions. 

What personal data do we process and their sources

We collect and process different categories of personal data, which we receive from our clients in person or via web site, in connection with our prospective or existing business relationship. We may also collect and process personal data which we lawfully obtain not only from you but from other entities within the Group, or other third parties [e.g. employers, public authorities, brokers...]. We may also collect and process personal data from publicly available sources [e.g. Official Governmental portals, commercial registers, the press, media and the Internet], which we lawfully obtain and we are permitted to process. 

If you are a prospective client or a non-client counterparty in a transaction of a client [e.g. beneficiary, policyholder, or payer or security provider [e.g. a guarantor for a credit facility] or an authorized representative/agent of a legal entity, the relevant personal data which we collect may be the following:

Name, address, contact details [telephone, email] identification data, date and place of birth, nationality, marital status, employment status, tax information (Tax identification number..), authentication data [e.g. signature], financial information, specific information relative to existing/previous policies, such as travel information, policy numbers, products, premiums, properties, claims, claims history, dependents and health data which are collected only following your explicit consent or as permitted by regulation.

When we agree and provide products and services to you, then additional personal data may be collected and processed which may include:

For personal or for corporate policies issuance [for natural persons or as an authorized representative/agent or beneficial owner of a legal entity]:

Such personal data derive from our contractual as well as our legal obligations, being: Current income and expenses, employment history, employment position [e.g. as per corporate certificates of directors/shareholders], property ownership and personal debts, number of dependent children, personal investments and investment income, life insurances [life insurance companies, policy numbers, current surrender values], banking relationship details, tax residence and tax ID, residence or work permit, etc.

For individuals, AROPE will request personal data disclosing their economic and financial background and other personal data.

For paying insurance premiums [applying also for online insurance] either for ad hoc or for standing order/direct debit set up:

Personal data relative to the order data [e.g. payment and transfer orders], personal data as a result of our contractual obligations, as well as personal data of the beneficiary [ies].

Children’s data

We understand the importance of protecting children's privacy. We may collect personal data in relation to children only provided that we have first obtained their parents’ or legal guardian’s consent. Our Website is not designed for use by children nor do we provide any online services to children. 

You have an obligation to provide us with your personal data

In order that we may be able to proceed and conclude a business relationship with you, your personal data are required for the execution of a business relationship and the performance of our contractual obligations. We are furthermore obligated to collect such personal data due to the provision of the anti-money laundering laws and regulations, which require that we perform our background checks and verify your identity before we enter into a contract or a business relationship with you or the legal entity you represent or you are a beneficial owner of. You must, therefore, provide us at least with your identity card, passport, applicable residence, your name, place of birth, nationality and your residential address etc. so that we may comply with our legal obligation as mentioned above. 

Kindly note that if you do not provide us with the required data then we will not be in a position to provide any services to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.

Why do we process your personal data and on what legal basis

We are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the EU General Data Protection Regulation [GDPR], applicable laws & regulations, Lebanese Central Bank circulars, Insurance control commission circulars.

A. For the performance of a contract 

We process personal data in order to conclude a contract for insurance transactions and offer financial services based on contracts with our clients but also to be able to complete our acceptance procedure of prospective clients. The purpose of processing personal data depends on the requirements for each product or service.

B. For compliance with a legal obligation

There are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. the applicable insurance laws, the anti-money laundering law, the applicable securities law, and tax laws. There are also various supervisory authorities, depending on the region in which we operate and provide our services. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, tax law reporting obligations and anti-money laundering controls.

C. For the purposes of the legitimate interests

We process personal data in respect of our legitimate interests. Such examples are:

i.             Preparing for legal and defense claims and litigation procedures,

ii.           Systems we implement for the protection of the AROPE’s IT infrastructure for the prevention of potential crime, unauthorized access and methods we undertake for

asset security, admittance controls and anti-trespassing measures, 

iii.         Setting up video surveillance systems for the prevention of crime or fraud

iv.          Reviewing feedback for product demand and market research provided that you have given us your explicit consent by a statement or by a clear affirmative action,

v.           Methods for further developing products and services that will offer additional value either to our organization or our clients.

D. You have provided your consent

When you give us your specific or explicit consent for processing, then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected. It is important to note that revoking your consent may affect certain services provided to your good part.

Who receives your personal data  

In offering our products and services by performing our contractual and statutory obligations, your personal data may be provided to various offices and departments within AROPE as well as to other companies/ entities of the Group or Blom bank group.

We may also share your personal data with various service providers and suppliers so that we may perform our obligations. These service providers and suppliers are bound by contractual agreements with AROPE by which they observe confidentiality and data protection according to applicable laws

It must be noted, that we may transfer your data if we are legally required to do so, for the performance of a contract or if you have given your consent. All data processors appointed by us are bound by data protection contract clauses with us according to the provisions of applicable laws

The following recipients are examples of service providers, suppliers, processors as explained above: Supervisory and other regulatory and public authorities e.g. The Ministry of Economy, the Ministry of Finance.

Some processors or suppliers, to whom we transfer personal data with regards to our business relationship with you, are:

·        Banks

·        Insurance companies (external or belonging to the Group)

·        Reinsurance companies

·        For our anti-money laundering process, such as OFAC, EU, UNSC, UKHM, BDL 

·        External legal, HR consultants, and recruitment agencies/specialists/online services

·        Financial, tax and business advisors, 

·        Auditors and accountants,

·        Marketing operations,

·        Fraud prevention agencies,

·        File storage, archiving and/or records management companies,

·        IT specialist companies,

·        Purchasing and procurement and website and advertising agencies, and/or other agents working on our behalf from time to time.

·        Third party administrators ( Medical or motor related services)

·        Hospitals

Do we transfer your personal data to a third country or to any international organization Your personal data may be transferred to third countries only in such cases as e.g. to execute your payment or investment orders or if this transfer is required by law [e.g. reporting obligation under Tax law] or you have given us your consent to do so. Processors in third countries are obligated to comply with the data protection law and we will only disclose your personal information to third parties that have agreed in writing to provide an adequate level of privacy protection. 

Storing of your personal information

We store information in physical and electronic form, which are securely retained by us in accordance with the applicable laws and regulations. 

We will store your personal data as long as required by applicable international and local laws and regulations, and the business relationship with you is active.

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized process or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In the case of a potential customer or potential employee, we may store your personal information for 10 years, in case of incomplete application and/or not reviewed by AROPE. Noting that all rejected files are kept for reference and controls.

How do we treat your personal data for marketing activities 

We may provide information to you from time to time, about products, services and offers that may be of interest to you or your business. 

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so. 

You have the right to ask us to stop sending you marketing messages via any channel by contacting us at any time. 

Do we undertake automatic decision making including profiling utilizing your personal data We inform you that we do not make decisions based on automated processing in order that we may proceed into a business relationship and provide our products or services to you.

Protection of your personal information

We take all appropriate and lawful technical, physical, legal and organizational measures against accidental or unlawful destruction, accidental loss, alteration, unauthorized dissemination or access, and any other form of unlawful processing or violation of privacy. 

For access to our online portals or any of AROPE online digital services, we may give you a unique password to log in. It is your responsibility to always keep this password confidential. We recommend that you sign out of your account or service at the end of each session. 

If we believe that the security of your personal data that we hold about you may have been compromised, we will notify you as soon as possible in accordance with applicable laws and regulations. If you have reason to believe that your personal data have been compromised, please notify us immediately. 

Data Privacy rights

One of the main provision of the data privacy regulation is the formulation of the rights of the data subjects with regard to the collection and processing of their personal data.

These rights include:

• Right to access your personal information. 
• Right to request the correction or updating of personal information.
• Right to request your personal data to be erased or destroyed under certain circumstances as permitted by AROPE internal policies, without prejudice of international and local laws and regulations.
• Right to object to the processing of your personal data. By exercising this right, we may not be able to process your personal data unless we can demonstrate a legitimate purpose of the use of these information.
• Right to request copy of the personal data you provided to AROPE.
• Right to withdraw your consent at any time regarding the processing of your personal data. 
• Right to request the restriction of processing of your personal data under the reasons below:
• The personal data are not accurate
• The personal data are used under unlawful process but you do not want to delete them
• The personal data are not relevant, but you wish to keep them in our files for use in possible legal claims
• Withdrawal of consent or objection to the processing of personal data by us. 

You have the right to object (opt out) when AROPE is processing your personal data, for direct marketing purposes. As a result, we will stop the process of your personal data under such processes.

Individuals for whom we hold personal data can exercise their privacy rights at any time by submitting a written request. All requests relating to privacy rights will be dealt with promptly in accordance with applicable laws and regulations. 

How to contact us

We understand that you may have questions or queries about our data privacy statement or may wish to exercise your rights or may wish to file a complaint. Please feel free to contact our Data Protection Officer using the contact details provided DPO@arope.com

Updates to our data privacy statement

We may need to review our data privacy statement from time to time in order to take account of changes in our business and legal requirements. Any updates will be incorporated in this section of our website. We strongly recommend that you check back frequently to ensure that you have been notified of any updates or changes which may affect you. 

This privacy notice was last updated in April 2021.

Reference: COMP/AROPE-DPS/REV1/APR21