• 24*7 Digital Servicing Options – Covid 19

https://app.shriramlife.com/shriramgetaquote/summary

POLICY STATEMENT

This policy states how to protect personally identifiable information (PII) of customer, suppliers, business contacts, employees and other people the organization has relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored.

PURPOSE

Purpose of this policy is to provide direction to the SLIC employees, various stakeholders and responsible personnel to protect SLIC from data security risks including

  • Breaches of Confidentiality: For instance, information being given out inappropriately

  • Failing to offer choices: individuals should be free to choose how the company uses data relating to them

  • Reputational Damage: the company could suffer if hackers successfully gained access to sensitive data

SCOPE

This policy applies to all employees of the SLIC and any Third party that processes the personally identifiable information (PII).

STANDARD AND PROCEDURES

  • SLIC required adhering to the following principles of data protection. In accordance with those principles personal data shall be:

    • Processed fairly and lawfully

    • Processed for specified purposes only

    • Adequate, relevant and not excessive

    • Obtain consent for PII data e.g. Unique Identification Number (UIN),Biomatric, PAN, & etc

    • Accurate and up to date data must be processed

    • Not kept longer than necessary

    • Processed in accordance with data subjects rights

    • Processed and held securely

    • All the PII data must be processed as per the governance guidelines

  • Data Collection: SLIC collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:

    • Collect the minimum PII personal data required to support business activity or as mandated by law

    • Collect PII personal data in a fair and non-deceptive manner

    • Collect PII personal data directly from the individual, when possible

    • Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, Unique Identification Number (UIN), biometric information & etc.)

    • Collection of Aadhaar data will be as per the Aadhaar Act 2016,amendment regulations and other circulars released by IRDAI, UIDAI from time to time

    • Verify that PII personal data collected from third parties is reliable andlegally obtained and mandated as per by law

  • Data Storage: All electronic files that contain Protected PII data (e.g. UIN, biometric information, PAN number, health details & etc) will reside within a protected SLIC DC information system location. All physical files that contain Protected PII will reside within a locked file cabinet or room when not being actively viewed or modified. Protected PII is not to be downloaded by employee, or contractor workstations or mobile devices (such as laptops, personal digital assistants, mobile phones, tablets or removable media) or to systems outside the protection of the organisation. Protected PII will also not be sent through any form of insecure electronic communication E.g. E-mail or instant messaging systems. Significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed of improperly. When disposing of PII the physical or electronic file should be shredded or securely deleted

  • Data Retention: LIC does not retain PII personal data any longer than is absolutely necessary. The retention period for PII personal data is determined by:

    • The purpose of the data collected

    • The fulfillment of that purpose,

    • Retention periods, as mandated by any contractual and/or regulatory requirements

    • The mode of storage, archival and back up of personal data collected

    • All the guidelines will be followed for data retention as per IRDA, UIDAI, Cyber Security and ISO Standard

    • Data Disposal: SLIC Data Disposal requires managerial approval for the disposal, destruction and deletion of any personal data. Our data disposal procedures prevent the recovery, theft, misuse or unauthorized access of personal data. All the PII data will be disposed when not required as per the governance guidelines, amendment regulations and other circulars released by IRDAI, UIDAI from time to time.

References

  • Information Handling Policy.

  • Media Disposal Policy.

POLICY STATEMENT

All the PII data like UIN, PAN Number, Biometric Information, Health Details and other required details will be collected with proper consent from the owners, SLIC employees, any third party,and various stakeholders for processing the information as required by SLIC.

UIN along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it.

If required any biometric information will be collected, using the registered devices specified by UIDAI. The demographic details of the individual received from UIDAI as a response shall be used for identification of the individual for the specific purposes of providing the specific services for the duration of the services. e-KYC will be carried out by authentication facility provided by the authority or by trained SLIC employees at the SLIC office.

The identity information collected and processed shall only be used pursuant to applicable law and as permitted under the Aadhaar Act 2016 or its Amendment and Regulations given time to time. The identity information shall not be used beyond the mentioned purpose without consent from the UIN holder and even with consent use of such information for other purposes should be under the permissible purposes in compliance to the Aadhaar Act 2016.

Process shall be implemented to ensure that Identity information is not used beyond the purposes mentioned in the notice/consent form provided to the UIN holder.

No financial information such as Bank account or credit card or debit card or other payment instrument details will be collected by SLIC employees at the time of providing the services.

All the PII personal data collected will be stored securely and confidentiality will be maintained.UIN will be masked in all the online application used by SLIC during the service being provided to the client. PII personal date shall not be shared in contravention to the Aadhaar Act 2016, its Amendment, Regulations and other circulars released by UIDAI from time to time.

Exception

Any exception to this policy shall be approved by Chief Information Security Officer (CISO)/ IT Team of Shriram Life Insurance Company Ltd.

Note: All the guidelines will be followed for data privacy as per Cyber Security, ISO Standard, IRDAI, UIDAI, and Aadhaar Act 2016.