PRIVACY & SECURITY POLICY

NATIONAL PRIVACY COMMISSION - CERTIFICATE AND SEAL OF REGISTRATION

for Electronic Commerce of Insurance Products for CY 2019

PARAMOUNT LIFE & GENERAL INSURANCE CORPORATION protects the data security of its clients and potential clients by complying with the Data Privacy Act and all relevant local laws, and ensures compliance by its employees, officers and directors with strict standards of security and confidentiality.

PARAMOUNT LIFE & GENERAL INSURANCE CORPORATION recognizes its responsibilities in relation to the collection, holding, processing or use of personal data. The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with or provide services to you.

If you object to any practices and policies in this Privacy and Security Policy, please do not use this website to submit your personal information to Paramount Life & General Insurance Corporation.

This website is for general information purpose only. While we use reasonable efforts to ensure the accuracy of the information on this website, we do not warrant its absolute accuracy or accept any liability for any loss or damage resulting from any inaccuracy or omission.

By accessing our website and submitting your personal information, you authorize Paramount Life & General Insurance Corporation to keep, record, use, and process the information, including the sharing of the same to its employees, officers, directors, affiliates, partners, contractors and/or sub-contractors for legal purposes.


SECURITY

We maintain appropriate technical safeguards to ensure the security of your personal information or any information we collect through the website. Accordingly, we reserve the right to restrict or cancel access to the website without providing notice, especially if there is reason to believe that your data may be at risk.

We encourage you, the customer, to also take steps in protecting your information:

  • Email

  • We will never ask you to update your information through e-mail or through a web link provided by e-mail. We will not send you e-mail requesting confidential information. Should you receive a suspicious message that appears as if it may be coming from PLGIC, please contact our nearest office.

  • Virus Protection

  • We are not responsible for any electronic virus or viruses that you may encounter. Hence, we encourage you to routinely scan your PC and removable devices using a reliable virus product to detect and remove any viruses. It is also good practice to regularly update your virus protection software. Undetected or unrepaired viruses corrupt and destroy your programs, files, and even your hardware. Additionally, you may unintentionally transmit the virus to other computers.


COLLECTION OF PERSONAL INFORMATION

We collect your personal data when you access our website, when you inquire on the status of your policy and when you input data in our online forms. We may also collect some information about your computer or other devices used when you visit our website.

We collect information from you depending on the transaction/process/service you are requesting. For mere browsing of the website, we only collect data we feel necessary such as date and time of browsing, page/s browsed, and other statistical and technical data to further improve our services to you.

For transactions such as payment, application submission, policy status inquiry and other similar services, we ask for your personal data such as your email address, name, contact number, birthdate and policy number.


USE AND PROCESS OF PERSONAL INFORMATION

We collect, use, process, and store your personal data such as e-mail address, name, contact number, birthdate and policy number, (1) to verify your identity, (2) to evaluate and assess the application for insurance and other insurance-related services, (3) for the delivery of the policy and other materials, (4) in assessing your interest in our products and services, (5) for customer research or satisfaction surveys; (6) for direct marketing; (7) for customer profiling; and (8) in compliance with applicable laws.

We may retain your email address to facilitate communications, provide you with information regarding services, and to better serve you.

Our system does not store any credit card data. Online payments are coursed through Paynamics Technologies, Inc. (Paynamics), a leading Filipino Payment Solutions Provider which develops, implements and manages secure, efficient and reliable payment solutions to entities that need an end to end solution for their business. Paynamics provides a multi-channel collection (Pay-in) and disbursement (Pay-out) solutions. Paynamics was founded in 2010 by a group of entrepreneurs who collectively has over 30 years of experience in the online payment processing industry. Paynamics uses Paygate, a one stop shop payment gateway solution that is robust and connected to multiple financial institutions and service providers. Paygate offers you multiple payment options (pay-in) in a single interface.

Paynamics payment network connects to multiple acquiring banks and financial institutions:

  • Credit (Visa, Mastercard, AMEX, JCB)
  • Bancnet ATMs
  • Gcash
  • Over the counter payment (banks and non-banks, 7Eleven, ECPay, BDO, BPI, Metrobank, Unionbank, UCPB etc.)
  • Global alternative payment options (Bank transfer, voucher, wallet etc)
  • Below are Paynamics’ Payment Gateway Security Features

  • PCI DSS level 1 version 3.2 CERTIFIED.
  • All API endpoints are implemented on the highest TLS encryption level (1.2).
  • Implements an HSTS (HTTP Strict Transport Security) policy in its webservice endpoints. HSTS web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking.
  • Payment Gateway is hosted in PCI-DSS Level 1 version 3.2 cloudbased data center.
  • Implements Digital Signature Authentication communication on its webservices which assures high level security and non-repudiation with its merchant integration to avoid "man-in-middle" attacks.
  • All sensitive data is encrypted at rest. Payment Gateway cryptograpghic operations utilizes secure key that adheres to the latest security practices for Key Management.
  • All secure applications are built under OWASP (Open web application security project) guidelines.
  • Online payments may also be coursed through Coins.ph, a licensed remittance agent which offers cash-in and cash-out services, mobile air-time top ups, remittance services, bill payments and Virtual Currency exchange. Although Coins.ph may accept and transact virtual currency for their other clients, Paramount’s Agreement with Betur or Coins.ph is to accept payments in the form of electronic money that is withdrawable by Paramount Life & General Insurance Corporation in cash. Our transactions through coins.ph do not involve the use of virtual currencies.

    Coins.ph stores and processes personal data on computers in the Asia Pacific and elsewhere in the world where Coins.ph facilities or service providers are located. Coins.ph protects personal information by maintaining physical, electronic and procedural safeguards. Coins.ph uses computer safeguards such as firewalls and data encryption. Coins.ph uses SSL connections, AES-225 Encryption and 2-Factor Authentication to secure its customers information and experience. Coins.ph enforces physical access controls to their buildings and files, and authorizes access to personal information only for those employees who require it to fulfill their job responsibilities.

    When you share personal data with us, we use the data we collect to provide, maintain, protect, improve and develop our services, and to protect Paramount Life & General Insurance Corporation and our users. We also use your personal data for verification/authentication purposes in order to smoothly process the transaction/service you are requesting.

    The personal data we collect will be processed by the various concerned departments of Paramount Life & General Insurance Corporation and may be processed on a server located outside the country where you live. It may also be processed by our reinsurers, as may be applicable. We will ask for your consent before using information for a purpose other than those set out herein.

    We assure our clients that information shall not be disclosed to third parties or other affiliates for purposes other than the aforementioned transactions, unless authorized — specifically and expressly — in advance, through a clearly worded opt-in process. When the client’s express consent is provided, we shall list the information to be disclosed, the uses to which it may be needed, and all parties to whom the information may be disclosed.

    The processing of your personal data may be conducted for the duration of your availment of our products, services, facilities and/or channels. We shall also store your personal data for an additional period of at least ten (10) years or for a longer period if the personal data is related to or required to be preserved for litigation or to comply with legal or regulatory requirement.


    WARRANTIES

    By using and accessing this website, you warrant that:

    1. All information given by you are true and correct to the best of your knowledge, and the same were freely and voluntarily;
    2. If purchasing, transacting and/or acting in behalf of other person(s), you hereby warrant that you are duly authorized to purchase, transact, and/or act for and in the latter's behalf, and further warrant that you are duly authorized to give their information to Paramount Life & General Insurance Corporation;
    3. You will advise all other persons in whose behalf you have acted, transacted with and/or purchased any product from Paramount Life & General Insurance Corporation of all the terms and conditions set forth above.


    REVIEW AND AMENDMENTS OF PERSONAL INFORMATION

    You have the right to:

    1. Verify whether we hold any personal data about you and to request a copy of such data;
    2. Require us to correct any personal data relating to you which is inaccurate;
    3. Enquire about our policies and practices in relation to personal data; and
    4. Request the deletion of any personal data.

    Please address all requests for access, correction, deletion or other queries relating to your personal data to:

    Paramount Direct
    11th floor, Sage House Building
    110 V.A. Rufino Street, Legaspi Village
    1229, Makati City, Philippines
    Tel. No: +632 8539 5200
    Mobile Nos: +63917 5583969; +63998 8421957

    We may charge costs directly related to and necessary for the processing of any request.


    For inquiries or concerns relating to the privacy and security of your personal data or information submitted to Paramount Life & General Insurance Corporation (PLGIC), please contact the office of the Data Protection Officer (DPO) thru the following:

    The Data Protection Officer
    15th Floor, Sage House Building
    110 V.A. Rufino Street, Legaspi Village,
    Makati City 1229

    E-mail: dataprotectionofficer@paramount.com.ph
    Tel. No.: +632 8772 9267
    Mobile Nos.: +639176764846