Contents

About this Privacy Notice
Who We Are
How We Collect Your Persional Information
Definition of Personal Data and Sensitive Personal Data
Your Rights
   Transparency
   Access
   Correction
   Erasure and the right to be forgotten
   Review of Automated Decision Making
   Objection to processing on the basis of legitimate interest
   Restriction of Processing
   Direct Marketing
   Data Portability
   Withdrawal of Consent
Southern Caribbean Country-specific Information
   Sagicor Southern Caribbean Summary by Country, Data Controller, and Data Protection Regulator
Sagicor Life Country-specific information
   Antigua and Barbuda
   Aruba
   The Bahamas
   Barbados
   Belize
   Bermuda
   Dominica
   Grenada
   Saint Lucia
   St. Kitts & Nevis
   St. Vincent and the Grenadines
   Trinidad and Tobago
   Other Countries
Details of our Data Processing
   Types and sources of information that we collect
   Processing under legal obligation
   Data Sharing
   Transfers of data to other countries
Purpose for Processing
   General website visitors
   In-person visitors
   CCTV
   Individual life and health insurance
   Group life and health insurance via your employer
   Pensions provided via your employer
   Individual pensions
   General insurance
   Retail banking including lending and deposit-taking services
   Wealth and investment management
   Remittances
   Property sales and services
   Shareholders
   Job Applicants
   Whistleblowing
   Sagicor Events and Corporate Social Responsibility (“CSR”) Projects

 

About this privacy notice

We are committed to protecting and using your personal information responsibly. If you have any questions about this privacy notice, please email [email protected]

The Sagicor Southern Caribbean entities  (“Sagicor”, “we”, “our”, “us”) provide this privacy notice as a basis on which we will process your personal data. Please read it carefully to understand our practices regarding your personal data and how we will use it. The information we process, and the reasons why, may vary across our products and services. We explain any differences in this privacy notice.

This privacy notice is for:

  • anyone who buys, uses or contacts us about our products and services, or
  • someone who is a Sagicor job applicant, or
  • people who work with Sagicor, such as intermediaries or third party suppliers providing goods and services to Sagicor. If you are a Sagicor employee or financial advisor, you can find our privacy notice relating to employment on the Sagicor intranet.

This privacy notice was last updated on 12 March, 2024.

 

Who we are

Sagicor offers a wide variety of financial products and services across the Caribbean under one brand. Due to regulatory and licensing requirements, these products and services are provided by a number of different legal entities. We are required by law to inform you of the specific legal entities that are responsible for your personal data – these are called “data controllers.”

We address this in the country-specific information below, with specific entity information and contact details. However, for any data protection query related to any Sagicor product or service you should contact our Data Privacy Office directly at [email protected]. Our data protection function operates across and has responsibility for all of our legal entities and you do not need to be able to identify the appropriate legal entity in order to exercise your rights over your data; we will assist you in doing so.

 

How we collect your personal information

 

From You

 

We collect your personal information from you when you get in touch with us:

 

Third Parties

 

Depending upon the nature of your relationship with us and subject to applicable laws and regulations, we may also collect information about you from third parties:

  • By phone, where we may record or monitor phone calls for quality assurance and to make sure we’re keeping to legal rules, codes of practice and internal policies
  • By email
  • Through our websites, including webchats and virtual assistants
  • through our apps
  • By using our products and services
  • By post
  • By completing an application or other form(s) (e.g. recruitment application or applications for any of our products or services)
  • By entering competitions
  • through social media
  • Face to face, for example at Sagicor hosted events

 

  • Sagicor affiliated companies
  • Your parent or guardian (for children) or persons acting through a Power of Attorney
  • Your employer
  • Healthcare providers
  • Sagicor policyowners who name you as a dependant or beneficiary of their policy
  • Sagicor motor insurance policyowners who name you as an authorised driver on the motor policy
  • Re-insurers
  • Credit bureaus

 

Definition of personal data and sensitive personal data

Personal data is any information about you that is held in a way that allows you to be identified. We treat all personal data with great care and with the commitment to confidentiality that comes from our more than 180 years of experience and responsibility.

Data protection and privacy laws categorise some personal data as “sensitive.” This places additional duties on us to protect it and show that we are processing it for the right reasons. Please see below for the definition of how your country defines sensitive personal data.

 

Your rights

Your personal data belongs to you. We use it to provide products and services to you, to obey the law and to improve our services.

Different countries have different laws regarding personal data. Your legal rights will depend on where you live and where we process your data; you can find more details in the relevant country-specific sections below. To make things simple, wherever you live and whatever your relationship with us, we give you the following rights over your data:

Transparency

You have the right to a detailed explanation of what data we have about you, how and where we use it, how long we keep it and with whom it is shared. That information is contained in the details of our data processing below.

 

Access

You have the right to a copy of the data we hold about you. We will not charge you for providing this information in electronic form; we may charge for providing it on paper to reflect the costs and environmental impact of doing so. We may ask you to prove your identity before we release your data to you. If you want the data for a specific reason, you can help us by letting us know. Please be aware that no-one can force you to get a copy of your data and no-one should ask you to share it with them.

 

Correction

You have the right to have your data corrected. If you believe we have incomplete or incorrect information about you, please let us know. We may ask you to provide your identity and to provide evidence supporting the changes you would like made.

 

Erasure and the right to be forgotten

You have the right to have your data erased if we no longer need it. Note that in many cases we need to retain data about you in order to honour our obligations to you, because we are required to by law, or to protect your and our interests.

 

Review of automated decision making

You have the right to a human review of decisions we have made about you by purely automated means. Please note that almost all of our decision-making is already reviewed by a person – we use automation to support our team members.

 

Objection to processing on the basis of legitimate interest

You have the right to object to processing of your data where we use it to help us improve our services and develop our business. Technically this is known as processing on the basis of our legitimate interests and there is more information about this processing in the privacy notice. We are required carefully to consider and respond to your objection and show that we have taken care to protect you when doing such processing; you may also require that we do not process your data while we are considering your objection.

 

Restriction of Processing

You have the right, in certain other circumstances, to require us to stop processing your data. These circumstances are:

  • Where we disagree about the accuracy of the information we hold about you and while we are verifying that information.
  • Where we no longer require personal data that we hold about you and would normally erase it, but you wish us to retain it without otherwise processing it, for instance where you believe that you may need the information for your own purposes in a legal claim.
  • You believe that the processing of your data may cause you substantial harm or distress and that our processing is not justified in accordance with the law.

 

Direct Marketing

You have the right to opt out of direct marketing. Note that if you do not specify which marketing you no longer wish to receive, we will stop sending you any marketing information. You will need to tell us the email addresses, phone numbers and other relevant details, and you will understand that we will need to keep these details so that we can be sure not to add you back to marketing lists in error. You also, of course, have the right to opt back into marketing at any time. 

Please note that in relation to service communications, Sagicor may be required contractually or legally to continue to send you service related messages only for administrative or customer service reasons.

 

Data portability

In some circumstances you have the right to ask us to transfer your data to another service provider directly. This can only be done where it is technically possible both for us and for the other service provider; we and they will let you know when this is the case.

 

Southern Caribbean Country Details

Country-specific information

The following information is specific to your country of residence and the Sagicor products you have. 

Sagicor Southern Caribbean Summary by Country, Data Controller, and Data Protection Regulator

Country

Data Controller

Data Protection Regulator

Antigua and Barbuda

Sagicor Life (Eastern Caribbean) Inc

Sagicor General Insurance Inc

Sir Sydney Walling Highway

St John's

Antigua and Barbuda

 

 

N/A

Aruba

Sagicor Life Aruba NV

Avenida Milio Croes

#106 Suite 1, 2, 3 and 4

P.O. Box 166

Oranjestad

Aruba

 

N/A

The Bahamas

Sagicor Capital Life Insurance Company Ltd.

Sagicor General Insurance Inc

Mareva House

4 George Street

PO Box N-3937

Bahamas

 

FamGuard Corporation Limited

Corporate Centre

No. 1 Shirley Street

P.O. Box SS-6232

Nassau, Bahama

The Office of the Data Protection Commissioner

31A Poinciana House

North Building

East Bay Street

P.O. Box N-3017

Nassau

Bahamas

 

Tel: +1 (242) 604-1001

Email: [email protected]

 

There is also an electronic complaints form at the Commissioner’s website: https://www.bahamas.gov.bs/wps/wcm/connect/87dc045f-77d8-4a20-b8ad-a254496144e6/DPA-Privacy+Complaint+Form.pdf?MOD=AJPERES

 

Barbados

Sagicor Life Inc

Barbados Farms Ltd

Sagicor Asset Management Inc

Sagicor General Insurance Inc

The Estates (Group Holdings) Limited

Cecil F de Caires Building

Wildey

St. Michael

Barbados

 

Sagicor Bank (Barbados) Limited

Worthing Corporate Centre

Worthing

Christ Church

Barbados

 

Data Protection Commission

Ministry of Industry, Innovation, Science & Technology

5th Floor, SSA Building

Vaucluse

St. Thomas

Barbados

 

Tel: +1 (246) 536-1280

Email: [email protected]

Belize

Sagicor Life Inc

Coney Drive Business Plaza

Coney Drive

P.O. Box 1939

Belize City

Belize

 

N/A

Bermuda

Sagicor Financial Company Ltd

Clarendon House

2 Church Street

Hamilton HM11

Bermuda

 

Sagicor Reinsurance Bermuda Ltd

Point House

2nd Floor

6 Front Street

Hamilton HM 11

Bermuda

 

Office of the Privacy Commissioner

Maxwell Roberts Building, 4th Floor

1 Church Street

Hamilton, HM11

Bermuda

Tel: +1 (441)-543-PRIV [-7748]

 

Email: [email protected]

 

Dominica

 

Sagicor Life (Eastern Caribbean) Inc

WillCher Services Inc, 44 Hillsborough Street, Corner Hillsborough & Independence Street, Roseau,

Dominica

 

Sagicor General Insurance Inc

H.H.V. Whitchurch & Company Limited, P.O. Box 771, Roseau,

Dominica

 

N/A

Grenada

Sagicor Life (Eastern Caribbean) Inc

The Mutual/Trans-Nemwil Office Complex

The Villa

St George’s

Grenada

 

N/A

St. Lucia

Sagicor Life (Eastern Caribbean) Inc

Sagicor General Insurance Inc

Sagicor Asset Management Inc (Eastern Caribbean) Limited

Sagicor Financial Centre

Choc Estates

Castries

Saint Lucia

 

Sagicor Finance Inc

Daher Commercial Centre, 2nd Floor

Rodney Bay

Gros Islet

Saint Lucia

 

Attorney General’s Chambers

2nd Floor Francis Compton Building,

Waterfront,

Castries, Saint Lucia

Tel: +1 (758) 468-3200

 

Email: [email protected]

Email: [email protected]

 

St. Kitts and Nevis

Sagicor Life (Eastern Caribbean) Inc

TDC Building, Fort Street,

Basseterre,

St. Kitts

 

N/A

St. Vincent and the Grenadines

Sagicor Life (Eastern Caribbean) Inc

S.V. Browne Agency Limited, Frenches, Kingstown,

St. Vincent and the Grenadines

 

N/A

Trinidad and Tobago

Sagicor Life Insurance Trinidad & Tobago Limited

Sagicor Investments Trinidad & Tobago Limited

Sagicor Life Insurance Trinidad & Tobago Limited

Sagicor General Insurance Trinidad & Tobago Limited

Nationwide Insurance Company Limited

 

Sagicor Financial Centre
16 Queen's Park West
Port of Spain

Trinidad

 

N/A

 

Sagicor Life Country-specific information

The following information is specific to your country of residence and the Sagicor products you have.  

Antigua and Barbuda

Audience

This information is for residents of Antigua and Barbuda; note that you should also read the sections on Barbados, Saint Lucia and Trinidad to understand the rights that apply to you because we process some of your personal data in those countries also.  

Data protection law

The data protection law in Antigua and Barbuda is the Data Protection Act of 2013. This act defines sensitive personal data as information on a person’s: 

  • physical or mental health; 
  • sexual orientation; 
  • political opinions; 
  • religious beliefs or beliefs of a similar nature, or;  
  • commission or alleged commission of any offence. 

Antigua and Barbuda does not explicitly include financial records, biometric or genetic data in the definition of sensitive data but we at Sagicor will continue to treat any information of this kind that we hold about you in the strictest confidence and share it internally and externally only as needed to meet our contractual and service obligations to you and to comply with the law. 

There is no local data protection regulator at this time. 

 

Aruba

Audience

This information is for residents of Aruba; note you should also read the sections on Barbados and Trinidad to understand the rights that apply to you because we process some of your personal data in those countries also.  

 
Data protection law

The data protection law in Aruba is the National Ordinance Person Registration (Landsverordening persoonsregistratie). This act defines sensitive personal data as information on a person’s: 

  • religion or belief;
  • race;
  • political opinion;
  • sexuality;
  • personal data of a medical, psychological or disciplinary nature; or
  • data concerning trade union membership.

  There is no local data protection regulator.  

 

The Bahamas

Audience

This information is for residents of the Bahamas; note that you should also read the sections on Barbados and Trinidad to understand the rights that apply to you because we process some of your personal data in those countries also.  

 
Data protection law

The data protection law in the Bahamas is the Data Protection (Privacy of Personal Information) Act of 2003. This act defines sensitive personal data as information on a person’s: 

  • racial origin; 
  • political opinions or religious or other beliefs; 
  • physical or mental health (other than any such data reasonably kept by [the data controller] in relation to the physical or mental health of their employees in the ordinary course of personnel administration and not used or disclosed for any other purpose); 
  • trade union involvement or activities; 
  • sexual life; or 
  • criminal convictions, the commission or alleged commission of any offence, or any proceedings for any offence committed, the disposal of such proceedings or the sentence of any court in such proceedings. 

The Bahamas does not explicitly include financial records, biometric or genetic data in the definition of sensitive data but we at Sagicor will continue to treat any information of this kind that we hold about you in the strictest confidence and share it internally and externally only as needed to meet our contractual and service obligations to you and to comply with the law. 

If you are not satisfied with Sagicor’s response to any enquiry or complaint you make to us, you have the right to complain to the Office of the Data Protection Commissioner of the Bahamas, whose contact details are as follows: 

The Office of the Data Protection Commissioner 

31A Poinciana House 

North Building 

East Bay Street 

P.O. Box N-3017

Nassau

Bahamas

 

Tel: +1 (242) 604-1001 

Email: [email protected]  

There is also an electronic complaints form at the Commissioner’s website: https://www.bahamas.gov.bs/wps/wcm/connect/87dc045f-77d8-4a20-b8ad-a254496144e6/DPA-Privacy+Complaint+Form.pdf?MOD=AJPERES

 

Barbados

Audience

This information is primarily for residents of Barbados. If you are a customer of Sagicor in Barbados or the countries listed below, your data is also processed by Sagicor in Barbados and Trinidad & Tobago; you should read this section and that for Trinidad & Tobago as well as the relevant section for your country of residence applies to you.  

  • Antigua and Barbuda 
  • Aruba 
  • Bahamas 
  • Belize 
  • Bermuda 
  • Curaçao 
  • Dominica 
  • Grenada 
  • Saint Lucia 
  • St Kitts & Nevis 
  • St Vincent and the Grenadines 
  • Trinidad & Tobago 
 
Data protection law

The data protection law in Barbados is the Data Protection Act of 2019. This act defines sensitive personal data as information on a data subject’s: 

  • racial or ethnic origin; 
  • political opinions; 
  • religious beliefs or other beliefs of a similar nature; 
  • membership of a political body; 
  • membership of a trade union; 
  • genetic data; 
  • biometric data; 
  • sexual orientation or sexual life; 
  • financial record or position; 
  • criminal record; or
  • proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court of competent jurisdiction in such proceedings. 

Barbados does not include health records in the definition of sensitive data but we at Sagicor will continue to treat your health information in the strictest confidence and share it only with medical professionals and as needed to meet our contractual obligations to you and to comply with the law. 

If you are not satisfied with Sagicor’s response to any enquiry or complaint you make to us, you have the right to complain to the Data Protection Commissioner of Barbados, whose contact details are as follows: 

Data Protection Commission 

Ministry of Industry, Innovation, Science & Technology  

5th Floor, SSA Building 

Vaucluse 

St. Thomas 

Barbados

 

Tel:  +1 (246) 536-1280

Email: [email protected]

 

Belize 

Audience 

This information is for residents of Belize; note that you should also read the sections on Barbados, Saint Lucia and Trinidad & Tobago to understand the rights that apply to you because we process some of your personal data in those countries also.

Data protection law

The data protection law in Belize is governed by the Data Protection Act of 2021.

There is not yet an appointed Data Protection Commissioner for Belize.

 

Bermuda 

Audience 

This information is for residents of Bermuda; note that you should also read the section on Barbados to understand the rights that apply to you because we process some of your personal data in that country also.

Data protection law

The data protection law in Bermuda is governed by the Personal Information Protection Act of 2016. The law will only take full effect from the 1st of January 2025, but Sagicor is committed to operating in a compliant manner and protecting your privacy now.

If you are not satisfied with Sagicor’s response to any enquiry or complaint you make to us, you have the right to complain to the Office of the Privacy Commissioner of Bermuda, whose contact details are as follows:

Office of the Privacy Commissioner

Maxwell Roberts Building, 4th Floor

1 Church Street

Hamilton, HM11

Bermuda

Tel: +1 (441)-543-PRIV [-7748]

Email: [email protected]

There is also an electronic contact form at the Commissioner’s website: https://www.privacy.bm/contact-us

 

Sagicor data controller in Bermuda

Sagicor does not presently offer financial services in Bermuda. Our ultimate holding company is registered there and is the data controller for our shareholder register and associated processing. We also operate a reinsurance provider which may receive personal data from other jurisdictions.

 

Dominica

Audience

This information is for residents of Dominica; note that you should also read the sections on Barbados, Saint Lucia and Trinidad & Tobago to understand the rights that apply to you because we process some of your personal data in those countries also.

Data protection law

Dominica has no specific data protection laws at this time, so there is no specific definition of sensitive data or any additional rights that apply to you.

Grenada

Audience

This information is for residents of Grenada; note that you should also read the sections on Barbados, Saint Lucia and Trinidad & Tobago to understand the rights that apply to you because we process some of your personal data in those countries also.

Data protection law

The data protection law in Grenada is governed by the Data Protection Act of 2023.

Given the recent enactment of the Act, the Office of the Data Protection Commissioner has not yet been staffed, but this notice will be updated with contact details once available.

 

Saint Lucia

Audience

This information is for residents of Saint Lucia; note that you should also read the sections on Barbados and Trinidad & Tobago to understand the rights that apply to you because we process some of your personal data in those countries also.

If you are resident in any of the following countries, we may also process some of your personal data in Saint Lucia (in addition to Barbados):

  • Antigua and Barbuda
  • Belize
  • Dominica
  • Grenada
  • St Kitts & Nevis
  • St Vincent and the Grenadines

 

 Data protection law

The data protection law in Saint Lucia is governed by the Privacy and Data Protection Act of 2011 as amended in 2015. Saint Lucia has not at the time of writing appointed a Data Protection Commissioner. In the meantime you may contact the Attorney General if you are not satisfied with Sagicor’s response to any enquiry or complaint you may make to us:

Attorney General’s Chambers

2nd Floor Francis Compton Building,

Waterfront,

Castries, Saint Lucia

Tel: +1 (758) 468-3200

Email: [email protected]

Email: [email protected]

 

St. Kitts & Nevis

Audience

This information is for residents of St. Kitts & Nevis; note that you should also read the sections on Barbados, Saint Lucia and Trinidad & Tobago to understand the rights that apply to you as we process some of your personal data in those countries also.

Data protection law

The data protection law in St. Kitts & Nevis is governed by the Data Protection Bill of 2018. At the time of writing this Bill is not yet in force.

St. Kitts & Nevis has not yet appointed an Information Commissioner; when that appointment has been made we will update this privacy notice with the appropriate contact details.

 

St. Vincent and the Grenadines

Audience

This information is for residents of St. Vincent and the Grenadines; note that you should also read the sections on Barbados, Saint Lucia and Trinidad & Tobago to understand the rights that apply to you because we process some of your personal data in those countries also.

Data protection law

The data protection law in St. Vincent and the Grenadines is governed by the Privacy Act (No. 18), 2003.

St. Vincent and the Grenadines has not at the time of writing, appointed a Data Protection Commissioner. We will update this privacy notice with the appropriate contact details when an appointment is made.

 

Trinidad and Tobago

Audience

This information is for residents of Trinidad and Tobago; note that you should also read the section on Barbados to understand the rights that apply to you because we process some of your personal data in Barbados also. If you are a customer of Sagicor in the countries listed below, your data is also processed by Sagicor in Trinidad & Tobago; you should read this section as well as the relevant section for your country of residence.

  • Antigua and Barbuda
  • Aruba
  • Bahamas
  • Belize
  • Bermuda
  • Curaçao
  • Dominica
  • Grenada
  • Saint Lucia
  • St Kitts & Nevis
  • St Vincent and the Grenadines
Data protection law

The data protection law in Trinidad and Tobago is governed by the Data Protection Act of 2011. The law has not at the time of writing been brought into full effect, but Sagicor is committed to operating in a compliant manner and protecting your privacy now.

Trinidad and Tobago has not yet appointed an Information Commissioner; when that appointment has been made we will update this privacy notice with the appropriate contact details.

 

Other countries

The countries listed above are those where Sagicor is licensed to do business. If you bought a Sagicor product while resident in one of those countries and have now moved elsewhere, additional rights may apply to you based on your country of residence. However, this will depend on whether we are permitted to continue to offer our services to you in that country. Please contact us at [email protected] for further information.

 

Details of our data processing

Types and sources of information that we may collect

The information that we collect and process varies depending on the context. Each section below lists the categories that we may collect for the purposes listed. To understand which categories we collect and process about you, please refer to the details of processing for the specific products, services or circumstances that apply to you. The categories are as follows:

Category

Examples of data collected

Biometric information

Digital representations of your face, fingerprints, iris or retina used to identify you.

Browser data

Details provided by your computer or phone when using an app or internet browser including IP address and technical information about your device.

Call recordings

Audio and video recordings of inbound and outbound telephone and video conference calls

CCTV

Video recordings collected by cameras installed at our premises which may capture public areas surrounding our buildings as well as interior space.

Contact and demographic information

Your name, address, contact information such as telephone number, email address, social media details; your date of birth, marital status and gender. This also includes details of your family, dependents and relations. We will also collect your signature or other authorisation in various contexts.

Cookies

Small files placed on your computer or phone by us or third parties which are used to store information as part of delivering our website, app or services and to identify you during and between sessions.

Criminal records

Any record of a criminal offence of which you have been suspected, accused, tried or convicted.

Employment information

Your employment status, the name and details of your employer, your job title, remuneration and length of service, employer references, any unique identifying number or code provided by your employer.

Filiation information

Details of your familial relationships to other people.

Financial information

Your financial status, including credit score and references, assets and liabilities, income and outgoings; bank details for making and receiving payments; transactional information including specific payments and receipts as well as ongoing payment obligations and receipt entitlements.

Government-issued identification

Identity card or driver’s licence details, passport details, tax or other unique identifying reference numbers.

Health information

Your health records, details of health conditions, test results and family medical history; we may also collect genetic data in this context.

Photographs or videos

Your image, in video or still, and of the likeness and sound of your voice as recorded on audio or video tape, may be collected if you attend a Sagicor Event or CSR Project. Please note this excludes CCTV which is covered separately above.

Insurance information

Current and past policies held, claims and potential claims history including dates, nature of claim, amount, fault and details of any investigation undertaken.

Trade Union membership

Whether you are a member of a trade union, the name of that organisation and your position within it if applicable.

Vehicle information

Vehicle make and model, value, ownership, method of purchase and amounts owing, insurance status, registration mark or number, VIN, authorised drivers.

 

The examples given above are not an inclusive list; please contact us if you would like a complete list of the data we may hold about you.

 

Data sharing

Sagicor Group Entities

We will share your personal data with other entities within Sagicor in order to provide our products and services to you. This sharing is protected by binding agreements within Sagicor that ensure your data is protected and used only for the purposes stated in this notice. We will not share your information for the purposes of marketing without your prior consent.

Third Party Service Providers

Like most modern companies, Sagicor uses a number of technology and service partners to enable our services and products. Because of the breadth and complexity of our services it is not possible to provide a list of these partners in this notice; if you would like a list of the partners with whom your personal data are shared, please contact us.

Regulators

As a regulated financial services entity we are required to share your personal data with our regulators and other government functions including those listed in the country-specific section on “Laws requiring the processing of personal data.” If you would like a list of the government and regulatory parties with whom your data has been shared on this basis, please contact us.

Employers, Agents/Brokers and Credit Bureaus

We may also share your data with other parties such as your employer in group insurance plans, an agent or a broker, or with other financial services entities, such as credit bureaus. Where this is envisaged it is noted in the relevant section for the product or service. If you would like a list of the other parties with whom your data has been shared on this basis, please contact us.

 

Transfers of data to other countries

We transfer your personal data to other countries in a number of circumstances:

Within Sagicor to any of our locations to enable us to provide our services and products; these transfers are protected by binding agreements that include standard contractual clauses setting out the obligations of the sending and receiving parties and the safeguards that must be applied. If you would like more information on our internal transfers and safeguards as they apply to you, please contact us.

To the United States of America for the purposes of IT service provision and data resilience. Our primary data centre is located in the United States, as is our recovery facility. These transfers, which include third party service providers, are protected by binding agreements that include standard contractual clauses setting out the obligations of the sending and receiving parties and the safeguards, including specific technological measures, that must be applied. If you would like more information on our internal transfers and safeguards as they apply to you, please contact us.

To other countries as required to enable the use of technology and service partners. We conduct careful due diligence on all data sharing partners and ensure that appropriate protections are in place to keep your personal data secure. If you would like a list of the partners and countries with whom your data have been shared, please contact us.

 

Purpose for Processing

Subject to the applicable law in your jurisdiction, the legal bases we may rely on and which are specified in the sections below include:

Consent: where you have clearly consented to the processing of your Personal Information for a specific purpose. 

Contract: where our use of your Personal Information is necessary because you have asked us to take specific steps before entering into a contract or for performance of a contract that we have concluded with you such as insurance policies.

Legal obligation: where our use of your Personal Information is necessary to comply with law (not including contractual obligations).

Legitimate interest: where our use of your Personal Information is necessary to advance our legitimate interests or those of a third party (unless your right to privacy overrides our legitimate interest). 

 

General Website Visitors

Purposes of processing

When you visit our website, we process your data for the following purposes, and under the following legal bases:

Purpose of processing

Legal Basis

To deliver the website, manage and analyse traffic and protect us against digital risks

Legitimate interest

 

To place cookies on your device

Consent

When you ask to find out more about us and our products

Consent

When you contact us or book an appointment

Consent

Note that this does not include processing of your data in the context of using our product and service websites or apps as a customer; please refer to the relevant product or service for further details.

The categories of personal data we collect and process

We currently collect the following categories of data when you use our website:

  • Browser data
  • Cookies
  • Contact and demographic information if you ask for more information, contact us or book an appointment
Retention of data

We will retain browser data and cookies from the website for 90 days.  Personal data relating to requests for information and appointments will be retained for 3 years following the date of collection or your last interaction with us, whichever is the later.

Sharing your personal data with third parties  

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners

 

In-person visitors

Purpose of processing

When you visit any of Sagicor’s offices and branch locations, we process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Access controls and visitor logs

Legal obligation and legitimate interest

 

Prevention and detection of crime

Legitimate interest or legal obligation

Health and safety

Legal obligation

 
The categories of personal data we collect and process

We currently collect the following categories of data:  

  • Contact and demographic details
  • Government-issued identification
  • CCTV (refer to the CCTV  section also)
Retention of data

We will retain a visitor log and associated identifying information including biometrics for a period of 90 days, unless an incident is suspected.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Law enforcement if required
  • Our regulators if required

 

CCTV

Purpose of processing

We operate recorded CCTV systems at all of our physical locations. If you visit us, or come within the field of view of our cameras, we process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Prevention and detection of crime

Legitimate interest or legal obligation

Health and safety

Legal obligation and legitimate interest

 
The categories of personal data we collect and process

We currently collect the following categories of data:  

  • CCTV
Retention of data

We will keep recordings which may include your personal data for a period of 30 days, unless an incident is suspected, in which case the recording may be required for further investigation.

Sharing your personal data with third parties

We share your data with the following third parties only if required to do so by law:  

  • Our technology and service partners
  • Law enforcement if required
  • Our regulators if required

 

Individual life and health insurance

Purpose of processing

In order to offer you, consider you for and provide you with life and health insurance, we process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

To facilitate an efficient and effective insurance process and customer service  

Performance of a contract

To ensure current and future clients’ insurance coverage is matched to their requirements  

Legitimate interest (for marketing and product development), legal obligation and performance of a contract

To prepare and manage suitable insurance policies

Performance of a contract

To identify and communicate with beneficiaries

Performance of a contract

To manage claims against members' policies

Performance of a contract, and in rare cases the protection of vital interests of the data subject

To make and receive payments

Performance of a contract

To manage claims against clients’ policies

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To assess and improve business performance

Legitimate interest or performance of a contract

To meet our “know-your-customer” (KYC) and anti-money-laundering (AML) obligations

Legal obligation

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Health information
  • Insurance information
  • Criminal records
  • Call recordings
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the expiry of your policy or the closure of any claim, whichever is the later. If for any reason we collect your data but no policy is put in place for you, we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on termination of your policy or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your insurance broker and our agents
  • Other insurers either directly or via an industry association
  • Our regulators
  • Health professionals and providers

 

Group life and health insurance via your employer

Purposes of processing

We, along with your employer, are joint data controllers for group life and health insurance benefits and administration. We process your data, which may be obtained from your employer as well as directly from you, for the following purposes and under the following legal bases: 

Purpose of processing

Legal Basis

To facilitate an efficient and effective insurance process and customer service

Performance of a contract

To ensure current and future clients’ insurance coverage is matched to their requirements

Legitimate interest (for marketing and product development), legal obligation and performance of a contract.

To prepare and manage suitable insurance policies

Performance of a contract

To manage claims against members' policies

Performance of a contract, and in rare cases the protection of vital interests of the data subject

To identify and communicate with beneficiaries

Performance of a contract

To make and receive payments

Performance of a contract

To manage claims against members' policies

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To assess and improve business performance

Legitimate interest or performance of a contract

To meet our “know-your-customer” (KYC) and anti-money-laundering (AML) obligations

Legal obligation

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Health information
  • Insurance information
  • Call recordings
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the expiry of your policy or the closure of any claim, whichever is the later. If for any reason we collect your data but no policy is put in place for you, we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on termination of your policy or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your employer
  • Your employer’s insurance brokers and our agents
  • Other insurers either directly or via an industry association
  • Our regulators
  • Health professionals and providers

 

Pensions provided via your employer

Purposes of processing

We, along with the trustees of your pension fund, are joint data controllers for pensions administration. We process your data, which may be obtained from your employer as well as directly from you, for the following purposes and under the following legal bases: 

Purpose of processing

Legal Basis

To facilitate an efficient and effective pension process and customer service

Performance of a contract

To ensure current and future members’ pension provision is matched to their requirements

Legitimate interest (for marketing and product development), legal obligation and performance of a contract

To manage pension schemes

Performance of a contract

To make and receive payments

Performance of a contract

To identify and communicate with beneficiaries

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To assess and improve business performance

Legitimate interest or performance of a contract

To meet our “know-your-customer” (KYC) and anti-money-laundering (AML) obligations

Legal obligation

To report to regulators

Legal obligation

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Health information
  • Call recordings
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the expiry of your policy or the closure of any claim, whichever is the later. If for any reason we collect your data but no policy is put in place for you, we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on termination of your policy or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your employer
  • Other pension scheme providers either directly or via an industry association
  • Our regulators

 

Individual pensions

Purpose of processing

We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

To facilitate an efficient and effective pension process and customer service

Performance of a contract

To ensure current and future clients’ pension provisions are matched to their requirements

Legitimate interest (for marketing and product development), legal obligation and performance of a contract

To prepare and manage suitable pension schemes

Performance of a contract

To make and receive payments

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To assess and improve business performance

Legitimate interest or performance of a contract

To meet our “know-your-customer” (KYC) and anti-money-laundering (AML) obligations

Legal obligation

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Health information
  • Call recordings
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the expiry of your pension or the closure of any policy, whichever is the later. If for any reason we collect your data but no policy is put in place for you, we will retain at least some of your data for 10 years from the date on which a final payment was made to you. We retain this data to comply with our regulatory obligations and to provide for legal claims.

Sharing your personal data with third parties

We share your data with the following third parties:   

  • Within Sagicor
  • Our technology and service partners
  • Your broker or advisor and our agents
  • Your employer
  • Other pension scheme providers
  • Our regulators
  • Health professionals and providers if required

 

General insurance

Purpose of processing

We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

To facilitate an efficient and effective insurance process and customer service

Performance of a contract

To ensure current and future clients’ insurance coverage is matched to their requirements

Legitimate interest (for marketing and product development), legal obligation and performance of a contract

To prepare and manage suitable insurance policies

Performance of a contract

To manage claims against members' policies

Performance of a contract, and in rare cases the protection of vital interests of the data subject

To make and receive payments

Performance of a contract

To manage claims against clients’ policies

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To assess and improve business performance

Legitimate interest or performance of a contract

To meet our “know-your-customer” (KYC) and anti-money-laundering (AML) obligations

Legal obligation

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Health information
  • Insurance information
  • Vehicle information
  • Criminal records
  • Call recordings
  • Browser data
  • Cookies
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the expiry of your policy or the closure of any claim, whichever is the later. If for any reason we collect your data but no policy is put in place for you, we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on termination of your policy or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your insurance broker and our agents
  • Other insurers either directly or via an industry association
  • Our regulators
  • Health professionals and providers if required

 

Retail banking including lending and deposit-taking services

Purposes of processing

This information also applies to our lending and deposit-taking operations in countries where we do not provide a full banking service.
We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Due diligence, including KYC/ AML purposes

Legal obligation

For customer relationship management

Performance of a contract

Credit decision-making

Legal obligation (affordable lending) and legitimate interest

For loan servicing

Performance of a contract

To service savings and checking accounts as applicable

Performance of a contract

To provide online services where these are offered

Performance of a contract, legitimate interest and consent for cookies

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To report to regulators

Legal obligation

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Insurance information
  • Vehicle information
  • Criminal records
  • Call recordings
  • Browser data (if online services are provided)
  • Cookies (if online services are provided)
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the closure of your accounts or satisfaction any borrowing, whichever is the later. If for any reason we collect your data but no account is opened for you or credit issued, we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on closure of your account, satisfaction of your loan or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your advisors and brokers and our agents
  • Credit reference agencies
  • Your employer
  • Other financial institutions either directly or via an association
  • Our regulators

 

Wealth and investment management

Purposes of processing

We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Due diligence, including KYC/ AML purposes

Legal obligation

For customer relationship management

Performance of a contract

To provide investment advice

Performance of a contract and legal obligation

For credit approvals

Legal obligation (affordable lending) and legitimate interest

To make and receive payments

Performance of a contract

To service investment accounts and execute transactions

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To provide online services

Performance of a contract, legitimate interest and consent for cookies

To report to regulators

Legal obligation

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Insurance information
  • Criminal records
  • Call recordings
  • Browser data (if online services are provided)
  • Cookies (if online services are provided)
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the closure of your accounts or satisfaction of any borrowing, whichever is the later. If for any reason we collect your data but no account is opened for you or credit agreement entered into we will retain at least some of your data for 10 years from the date on which a final decision not to proceed was taken. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted immediately on closure of your account, satisfaction of all outstanding lending or at the moment that a final decision not to proceed is taken.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Your advisors and brokers and our agents
  • Credit reference agencies
  • Other financial institutions either directly or via an association
  • Our regulators

 

Remittances

Purposes of processing

We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Due diligence, including KYC/ AML purposes

Legal obligation

To facilitate an efficient and effective remittance process and customer service

Performance of a contract

To make and receive payments

Performance of a contract

For customer relationship management

Performance of a contract

To provide online services

Performance of a contract, legitimate interest and consent for cookies

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To report to regulators

Legal obligation

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Filiation information
  • Financial information
  • Browser data (if online services are provided)
  • Cookies (if online services are provided)
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following your most recent transaction, whether sending or receiving money. If for any reason we collect your data but no transaction is performed, we will retain at least some of your data for 10 years from the date on which the data was collected. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted 3 years after your last transaction or the collection of the information, whichever is the later.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Our remittance network
  • Other financial institutions either directly or via an association
  • Our regulators

 

Property sales and services

Purpose of processing

We process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Due diligence, including KYC/ AML purposes

Legal obligation

To sell or rent a property to you

Performance of a contract

To make and receive payments

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

For the purposes of direct marketing

Legitimate interest (selection and profiling) and consent (contact)

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Financial information
  • Insurance information
  • Browser data (if online services are provided)
  • Cookies (if online services are provided)
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following your most recent transaction. If for any reason we collect your data but no transaction is performed, we will retain at least some of your data for 10 years from the date on which the data was collected. We retain this data to comply with our regulatory obligations and to provide for legal claims.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Other financial institutions either directly or via an association
  • Our regulators

 

Shareholders

Purpose of processing

The entity in which you are a shareholder will process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

Statutory notice requirements for shareholders

Performance of a contract

Due diligence, including KYC/ AML purposes

Legal obligation

To make and receive payments

Performance of a contract

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To report to regulators

Legal obligation

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Financial information
Retention of data

Except where a different period is required by law or regulatory guidance, we will keep your personal data for a period of 10 years following the end of your shareholding. If for any reason we collect your data but no shares are owned by you or on your behalf, we will retain at least some of your data for 10 years from the date on which the data was collected. We retain this data to comply with our regulatory obligations and to provide for legal claims; any data that is not needed for these purposes will be deleted 3 years after your shareholding ends or the collection of the information, whichever is the later.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor
  • Our technology and service partners
  • Other financial institutions including stock exchanges, brokers and registrars either directly or via an association
  • Our regulators

 

Job Applicants

Purposes of processing

If you apply for employment with Sagicor, we process your data for the following purposes, and under the following legal bases: 

Purpose of processing

Legal Basis

In order to assess suitability for a role with Sagicor

Performance of a contract

Due diligence, including KYC/ AML purposes

Legal obligation

To detect, prevent and investigate fraud

Legal obligation and our legitimate interest

To report to regulators

Legal obligation

To provide online services

Performance of a contract, legitimate interest and consent for cookies

 
The categories of personal data we collect and process
  • Contact and demographic information
  • Government-issued identification
  • Employment information
  • Financial information
  • Health information
  • Browser data (if online application)
  • Cookies (if online application)
Retention of data

We will keep your personal data if you are a successful applicant in line with the Employee Privacy Notice retention period.  If you are an unsuccessful applicant, we will retain some of your personal data for up to 6 months from the date of your last application.

Sharing your personal data with third parties

We share your data with the following third parties:

  • Within Sagicor
  • Our technology and service partners
  • Your former employers
  • Our regulators

 

Whistleblowing

Purpose of processing

We process your data for the following purpose, and under the following legal basis: 

  • To enable the making by employees or the public of specified disclosures of improper conduct
    • Public interest and legal obligation
The categories of personal data we collect and process

We may collect any of the following categories of data:

  • Contact/ Demographic Data (unless complaint is made anonymously)

Other data may also be collected based on your disclosure; this will depend on the content of that disclosure but will always be collected from and therefore know by you. 

Retention of data

We will keep at least some of your personal data for as long as necessary to conclude our investigation.  After such time, your personal information will be deleted within 6 months.

Sharing your personal data with third parties

We share your data with the following third parties:  

  • Within Sagicor strictly as needed to support any investigation
  • Our technology and service partners
  • Regulators and law enforcement as required by law

 

Sagicor Events and Corporate Social Responsibility (“CSR”) Projects

Purpose of processing 

If you attend or participate at an event hosted by Sagicor, we process your data for the following purpose, and under the following legal basis: 
Marketing of our products and services via:

Purpose of processing

Legal Basis

Publicity and promotional materials, including advertising material and printed publications throughout Sagicor in the Southern Caribbean

Legitimate Interest, or consent if the former basis is not available in a specific jurisdiction

Websites, social media channels and digital communications materials

Consent via cookies acceptance or individual signup, or performance of a contract

Presentation and exhibition materials

Legitimate Interest, or consent if the former basis is not available in a specific jurisdiction

 
The categories of personal data we collect and process 

We may collect any of the following categories of data:

  • Photographs or videos with your image in video or still, and the likeness and sound of your voice as recorded on audio or video tape
  • Contact and demographic information
Retention of data
  • We will keep your personal data for a period of 5 years, or such longer period as may be necessary for legal, regulatory or audit purposes.  After such time, your personal information will be deleted within 6 months.
Sharing your personal data with third parties  

We share your data with the following third parties:  

  • Within Sagicor strictly in connection with Sagicor’s employee engagement and viewing of recorded footage by users of Sagicor’s corporate network.
  • Our technology and service partners