images
Data Privacy Policy

Data Privacy Policy

  • Effective date : 22/01/2021   |  

  • Review Date : 17/03/2023

  • Document version 1.2 

Policy Statement

This policy states how to protect personally identifiable information (PII) of customer, suppliers, business contacts, employees and other people the organization has relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored.

Purpose

Purpose of this policy is to provide direction to the SLIC employees, various stakeholders and responsible personnel to protect SLIC from data security risks including

component-growth-building

Breaches of Confidentiality

For instance, information being given out inappropriately

meeting-financial

Failing to offer choices

individuals should be free to choose how the company uses data relating to them

Save

Reputational Damage

The company could suffer if hackers successfully gained access to sensitive data

Scope

This policy applies to all emplouyees of the SLIC and any Third party the processes the personally  identifiable information (PII).

Standard and Procedures

SLIC required adhering to the following principles of data protection. In accordance with those principles personal data shall be

  • Processed fairly and lawfully
  • Adequate,relevant and not excessive
  • Accurate and up to data must be processed
  • Processed in accordance with data subjects right
  • Not kept longer than necessary
  • All the PII data must be processed as per the governance guidelines
  • Optain consent for PII data e.g identification number (UIN),Biomatric,Pan,etc
  • Processed for specified purposes only

Data Collection

SLIC collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:

  • Collect the minimum PII personal data required to support business activity or as mandated by law
  • Collect PII personal data directly from the individual, when possible
  • Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, Unique Identification Number (UIN), biometric information & etc.)
  • Collection of Aadhaar data will be as per the Aadhaar Act 2016,amendment regulations and other circulars released by IRDAI, UIDAI from time to time
  • Verify that PII personal data collected from third parties is reliable andlegally obtained and mandated as per by law
  • Collect PII personal data in a fair and non-deceptive manner

Data Storage

All electronic files that contain Protected PII data (e.g. UIN, biometric information, PAN number, health details & etc) will reside within a protected SLIC DC information system location. All physical files that contain Protected PII will reside within a locked file cabinet or room when not being actively viewed or modified. Protected PII is not to be downloaded by employee, or contractor workstations or mobile devices (such as laptops, personal digital assistants, mobile phones, tablets or removable media) or to systems outside the protection of the organisation. Protected PII will also not be sent through any form of insecure electronic communication E.g. E-mail or instant messaging systems. Significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed of improperly. When disposing of PII the physical or electronic file should be shredded or securely deleted.

Data Retention

SLIC does not retain PII personal data any longer than is absolutely necessary. The retention period for PII personal data is determined by:

  • The purpose of the data collected
  • The fulfillment of that purpose
  • The mode of storage, archival and back up of personal data collected
  • Retention periods, as mandated by any contractual and/or regulatory requirements
  • All the guidelines will be followed for data retention as per IRDA, UIDAI, Cyber Security and ISO Standard

Data Disposal

SLIC Data Disposal requires managerial approval for the disposal, destruction and deletion of any personal data. Our data disposal procedures prevent the recovery, theft, misuse or unauthorized access of personal data. All the PII data will

References
  • Information Handling Policy
  • Media Disposal Policy
PERSONALLY IDENTIFIABLE INFORMATION (PII) DAT

All the PII data like UIN, PAN Number, Biometric Information, Health Details and other required details will be collected with proper consent from the owners, SLIC employees, any third party,and various stakeholders for processing the information as required by SLIC.

UIN along with demographic information or biometric information of an individual is submitted to the Central Identities Data Repository for its verification and such Repository verifies the correctness, or the lack thereof, on the basis of information available with it.

If required any biometric information will be collected, using the registered devices specified by UIDAI. The demographic details of the individual received from UIDAI as a response shall be used for identification of the individual for the specific purposes of providing the specific services for the duration of the services. e-KYC will be carried out by authentication facility provided by the authority or by trained SLIC employees at the SLIC office.

The identity information collected and processed shall only be used pursuant to applicable law and as permitted under the Aadhaar Act 2016 or its Amendment and Regulations given time to time. The identity information shall not be used beyond the mentioned purpose without consent from the UIN holder and even with consent use of such information for other purposes should be under the permissible purposes in compliance to the Aadhaar Act 2016.

Process shall be implemented to ensure that Identity information is not used beyond the purposes mentioned in the notice/consent form provided to the UIN holder. No financial information such as Bank account or credit card or debit card or other payment instrument details will be collected by SLIC employees at the time of providing the services.

No financial information such as Bank account or credit card or debit card or other payment instrument details will be collected by SLIC employees at the time of providing the service

All the PII personal data collected will be stored securely and confidentiality will be maintained.UIN will be masked in all the online application used by SLIC during the service being provided to the client. PII personal date shall not be shared in contravention to the Aadhaar Act 2016, its Amendment, Regulations and other circulars released by UIDAI from time to time.

Exception

Any exception to this policy shall be approved by Chief Information Security Officer (CISO)/ IT Team of Shriram Life Insurance Company Ltd.  
Note: All the guidelines will be followed for data privacy as per Cyber Security, ISO Standard, IRDAI, UIDAI, and Aadhaar Act 2016.

Disclaimer

For more details on risk factors, terms, and conditions please read the sales brochure carefully before concluding a sale.  

*Tax Benefits:  
Tax benefits are as per Income Tax Laws & are subject to change from time to time. Please consult your Tax advisor for details.  
You are eligible for Income Tax benefits/exemptions as per the applicable income tax laws in India, which are subject to change from time to time.

IRDAI Regn No: 128  
CIN No : U66010TG2005PLC045616 of the Company

The Trade Logo displayed above belongs to Shriram Value Services Limited (“SVS”) and used by Shriram Life Insurance Company Limited under a License agreement.”

BEWARE OF SPURIOUS PHONE CALLS AND FICTIOUS/FRADULENT OFFERS

  • IRDAI is not involved in activities like selling insurance policies, announcing bonus or investment of premiums. Public receiving such phone calls are requested to lodge a police complaint.