SICOM

Contact
Submit a claim

Privacy Policy

Home / Privacy Policy

Introduction 
SICOM Group is committed to safeguarding your personal data and adhering to the highest standards of data protection in all our operations.

This Privacy Policy outlines the types of personal data we collect, how we use and protect that data, and the rights you have under the Data Protection Act 2017 (the "Act"). Our data protection practices are overseen by our Board of Directors, ensuring accountability and compliance across the Group.

Scope
This policy applies to all stakeholders of the SICOM Group, including but not limited to: 

• Customers/Clients (Current, former and prospective)
• Vendors and Suppliers
• Third-Party Service Providers and Processors
• Board Members and Shareholders
• Regulators and Statutory Bodies, where applicable
• Website Users
• Any other individual or entity processing personal data on behalf of the organisation


Definition
Wherever used in this Policy, the following terms will have the meaning defined in this section.


• SICOM Group
The SICOM Group comprises of the State Insurance Company of Mauritius Ltd and its subsidiaries.


• Services
This policy applies to all products, services, platforms, and activities where personal data is collected, processed, stored, or transferred by SICOM Group, including but not limited to:

o Customer onboarding and account management
o Provision of core business services/products
o Marketing, communications, and promotional activities
o Customer support and feedback collection
o Online platforms, websites, and mobile applications
o Use of cookies and other tracking technologies
o Employee recruitment
o Vendor and third-party engagement and management
o Compliance with legal, regulatory, and contractual obligations
o Internal monitoring, auditing, and security operations


• Personal data
Any information relating to a data subject.


• Special categories of personal data
Personal data concerning an identified or identifiable individual and consisting of information such as his/her physical or mental health or conditions and criminal convictions.


Purpose
The purpose of collecting and processing personal data is to enable SICOM Group to operate efficiently, comply with legal obligations, and deliver high-quality services. Specifically, personal data is collected and used for the following main purposes:
• To provide and manage our services
• To comply with legal and regulatory obligations
• To manage business operations
• To enhance customer experience
• To ensure security and fraud prevention
• For recruitment and human resource management
• For marketing and communication (where consent has been obtained)


Information we collect
We collect personal data that is necessary to provide our services, meet legal obligations, and enhance user experience.  Should we need to use your personal data for any other purpose, your consent will first be sought. The types of personal data we may collect include, but are not limited to:

A. Personal Identification Information
• Full name
• National Identity Number / Passport Number
• Date of birth
• Nationality
• Gender

B. Contact Information
• Home and/or work address
• Email address
• Telephone and mobile number

C. Financial and Transactional Information (Where applicable)
• Bank account details
• Bank Statements

D. Employment and Professional Information (Where applicable)
• Job title and employer details
• Educational qualifications
• Work history

E. Regulatory and Compliance Information (Where applicable)
• Know Your Customer (KYC) documents
• Customer Due Diligence (CDD) information

F. Other Sensitive Personal Data (where applicable)
• Health information
• Offence / Court proceedings 


The special categories of personal data collected are those that would be necessary for us to process your application. If you do not provide all of the requested information, we may not be able to provide our services to you. We shall not collect more details than is necessary for the services stated above.


Disclosure of personal data
SICOM Group takes the confidentiality of personal data seriously and discloses such information only when necessary and in accordance with applicable laws. Personal data may be disclosed to the following categories of recipients:

A. Internal Recipients
• Employees and departments of SICOM Group with a legitimate need to access the data for the purpose of service delivery, compliance, or support.

B. Regulatory and Law Enforcement Authorities
• To comply with legal obligations, court orders, or requests from regulatory bodies (e.g. the Financial Services Commission, Bank of Mauritius, Financial Intelligence Unit, or law enforcement agencies).

C. Service Providers and Data Processors
• Trusted third parties who provide services on our behalf, such as IT providers, cloud storage services, payment processors, marketing agencies, consultants, professional advisers, reinsurers, agents and salespersons.

• Such parties are contractually bound to maintain confidentiality and comply with applicable data protection laws.

D. Auditors, Actuaries and Consultants
• For the purpose of audits, assessments, and regulatory compliance reviews.

E. Other Disclosures
• With the individual’s consent, under cover of confidentiality.
• If necessary to protect the rights, property, or safety of the Group, its clients, or other data subjects.


Accuracy of personal data
We will take all reasonable precautions to ensure accuracy of your personal data.
Should there be any changes in your personal data, please notify us promptly in order for us to update our records and ensure accuracy of your personal data at all times. Refer to the Contact Us section in this policy.


Period for which personal data will be retained
We will not retain your personal data for longer than is necessary for the purpose of the contract you hold with us.  However, in some circumstances, it may be necessary for us to keep your personal data for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.


Data storage and transfers
In order to deliver the service you requested, we may have to transfer/store your personal data outside Mauritius, e.g. When you complete and submit online forms on our Website or upon your registration on our Customer Portal, your personal data will be stored overseas or in Cloud Storage outside Mauritius where the servers are hosted.  We shall at all times ensure that this is done in compliance with the Act.


Protection of personal data
We have in place appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of your personal data.

However, the transmission of information via the internet is not completely secure and, therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is thus entirely at your own risk.  Where we have given you or where you have chosen a password so that you can access your account, you are responsible for keeping that password confidential.

In the case of a personal data breach which is likely to result in a high risk to your rights and freedom, we shall communicate such breach to you without undue delay.


Payment Procedures
If you are effecting an online payment through our Website / Customer Portal, you will be required to input your card details on a bank’s payment gateway, which is a secured platform for processing and approval.

You will be redirected from our Website/Customer Portal to the bank’s payment page/gateway that collects card information (whereby the cardholder shall input his/her card details) and the bank’s gateway shall send a message back to the Website / Customer Portal (landing page) showing if the payment was successful or not.  Both our Website/Customer Portal and the bank’s payment Site use encrypted Secure Socket Layer connections to keep all information secure.


Job applicants
If you are a job seeker and sending your job application to us, we will collect and hold your information, including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide.

We use this for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to enter into an employment exercise and perform our employment law obligations.

If you are successful in your application, your information will be used and kept in accordance with our internal policies.  If you are not successful in your application, your information will be held for up to 18 months after the relevant round of recruitment has finished, in order to notify you of any future vacancies within the SICOM Group which we think may be of interest to you.

If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant.  We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights.  Your information will be kept alongside the applicant’s information.

If you are listed as an emergency contact by someone who is employed by us, we will hold your name, contact details and details of your relationship with that employee.  We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that employee, and for our legitimate interests in administering our relationship with that employee.  

Your information will be kept until it is updated by that employee, or we no longer need to contact that employee after they have stopped working for us.


Personal data of third party
If, in the course of your relationship with us, you submit to us the personal data of another person, we shall assume that you have obtained the prior explicit authorisation of that person, e.g. consent of parent or guardian required for child below the age of 16 years, including for the transfer/storage of his/her personal data overseas or in Cloud Storage outside Mauritius where the servers are hosted.


Cookies
Cookies are small text files which are transferred from our Website/Customer Portal and stored on your device.  We use cookies to help us provide you with a personalised service, and to help make our Website/Customer Portal better for you.
Our cookies may be session cookies (temporary cookies that identify and track users within our Website/Customer Portal which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our Website/Customer Portal  to ‘remember’ who you are and to remember your preferences within our Website/Customer Portal and which will stay on your computer or device after you close your browser or leave your session in the application or service).

You may be able to configure your browser or our website/Customer Portal to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our Website/Customer Portal.


Third party links
You might find links to third party websites on our Website / Customer Portal.  These websites should have their own privacy policies which you should check before interacting with them. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.


Marketing
We will only contact you for marketing purposes with your consent.  You will always have the right to ‘opt out’ of receiving our marketing materials.  You can exercise the right at any time by contacting us at [email protected].  If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.

If you ‘opt-out’ of our marketing materials, you will be added to our suppression list to ensure we do not accidentally send you further marketing materials.  Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.  We may still need to contact you for administrative or operational purposes, but we will make sure that those communications do not include direct marketing.

We do use third party service providers to send out our marketing, but we only allow them to use that information as per our instructions and where they have agreed to treat the information confidentially and to keep it secure.


Your rights
The Act gives you a number of rights when it comes to personal data we hold about you.  The key rights, as applicable and subject to our legal obligations, are set out below:

• Request access to your personal data - this enables you to receive a copy of the personal data we hold about you.  You will not have to pay a fee to access your personal data.  However, we may charge a reasonable fee if your request for access is manifestly excessive, or alternatively, we may refuse to comply with the request.

• Request rectification of your personal data - this enables you to have any incomplete or inaccurate information we hold about you rectified.

• Request restriction of processing of your personal data - this enables you to ask us to limit the future processing of your personal data.

• Request erasure of your personal data - this enables you to ask us to delete personal data, however we may need to continue using your personal data to comply with our legal obligations.

• Object to processing of your personal data - where we do not have a legitimate basis for doing so which overrides your rights, interests and freedoms.  You also have the right to object where we are processing your personal data for direct marketing purposes.

• Withdraw consent - in the limited circumstances where we are relying on your consent (as opposed to the other instances set out above) to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have a legitimate interest in doing so.

• Object to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

• Lodge a complaint - if you think that we are using your personal data in a way which breaches data protection laws, you have the right to lodge a complaint with the Data Protection Officer.

If you want to make any of the above requests, please contact us at [email protected].  We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information.

We will respond to your request as soon as we can.  Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.


Electronic Communication and Transactions
If you subscribe to this service, we will be able to communicate and interact with each other in a faster and more efficient way. When you subscribe, you will be able to receive your policy and other documents in digital format. In addition, you also have the option to send us your instructions and communicate with us via email.


Terms & conditions to communicate and transact electronically
• To be able to communicate and transact with us effectively, you need a valid email account set up and the necessary software installed (e.g. a software which can read PDF files) on your computer/device.

• It is your responsibility to keep your email secure and your password confidential at all times. If your email account is compromised in any way, you should inform us immediately. In that case, for the protection of the both of us, your access to this service will be suspended. It will be reactivated upon receipt of your confirmation that any security issues have been resolved.

• You acknowledge that it is not possible for us to cross check/verify every email received by contacting you to confirm the email’s contents and attachments. Thus, when we receive an email from you, it will be assumed that it is indeed from you and we shall act upon the instructions and documents contained therein.

• There may be instances where it is not possible or desirable to act upon instructions received via email. In such cases, we will contact you so that you can provide us with signed formal instructions.

• Communicating and transacting over the internet is not secure and there is always the risk of hacking or viruses or other malicious software being introduced into a computer system. As a result, you understand and agree that we cannot be held liable for any losses whatsoever which may be incurred by you as a result of your use of this service.


Scope of Documents to Be Provided in Electronic Form
When you purchase a product or use a service to which this Consent applies, you agree that we may provide you with Documents in digital format (“E-Documents”) in lieu of paper documents. If later, you wish to receive your documents in paper form, please write to us at [email protected]


Method of Providing E-Documents to You
All E-Documents will be provided to you either (1) via your e-mail or (2) by accessing our Customer Portal to which you will have registered, or (3) via SICOM Email Encrypted Server.  However, we may where necessary or desirable, send all or part of future Documents in paper form.

How to Withdraw Your Consent?
You may withdraw your consent to receive E-Documents by sending us an email to [email protected]. No fees will be imposed to process the withdrawal of your consent.  Any withdrawal of your consent will be effective after a reasonable period of time to process your withdrawal, which process shall not normally take more than two days.


How to Update Your Records?
It is your responsibility to provide and maintain a current e-mail address. You can update this information under ‘Change User Profile’ which is available from ‘Services’ in the Customer Portal or by sending us an email at [email protected]


In Writing
All Documents in either electronic or paper format from us to you will be considered "in writing."


Consent
Your consent to receive E-Documents covers all Documents relating to any of our products and services and will also be applicable to any new product or service which you may purchase/subscribe to in future. Your consent remains effective until you give us written notice that you are withdrawing it.

We may, at any time, on written notice to you, suspend, modify, withdraw, cancel, discontinue, or terminate the above terms and conditions and arrangements.  


Maintenance of this Policy
This Policy is reviewed at least annually and updated as necessary to reflect legal, regulatory, and operational developments. Any material changes will be posted on this page, and where appropriate, communicated to you by email or other means. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.


Contact Us
If you have any questions regarding this Policy, please contact us at [email protected].