PRIVACY POLICY

Pacific Cross Data Privacy Statement
We respect and value your need for utmost care when handling the information that you share with us.

At Pacific Cross, we make sure we only ask for pieces of information that are absolutely necessary for us to provide you with the right health or travel insurance and the most appropriate health assistance and/or services you need whenever and wherever you may be.

It may therefore be necessary to share some of that information to healthcare providers and/or our contracted administrators here and abroad. We ask for your trust - that we will handle your private data no less than if they were our very own.

Throughout this Statement, “Pacific Cross” refers to either Pacific Cross Insurance, Inc. or Pacific Cross Health Care, Inc. including its affiliated companies, branches, and subsidiaries.


Who is the Personal Information Controller?
Pacific Cross is the Personal Information Controller under the Data Privacy Act of 2012 (hereafter referred to as “DPA”), which means that it determines what purposes personal data held will be used for. It may also be that your personal data is disclosed to third parties under a data sharing agreement, in which case, such third parties are also the Personal Information Controllers.


What type of Information does Pacific Cross collect?
We collect personal information, including sensitive personal information, in order to service and administer the insurance policy you bought and provide you with appropriate and timely health care and/or travel services. In certain instances, personal data is collected in order to comply with legal requirements.

A. For Medical Insurance Clients
The personal information we collect include:

• Your name
• Your personal details, including gender
• The name of your dependents, beneficiary, spouse, authorized representative, parents, physician, principal applicant-payor (if the insured is a minor), insurance agent
• Your contact details, including your relevant addresses, zip code, e-mail address and contact numbers
• Your insurance policy details, insurance claims details and supporting documents
• Your government records, including adoption papers, birth certificate, death certificate and tax-related documents
• Your employment details, including your position/occupation, nature of work/business, name of employer and employee advances


We also collect the following sensitive information:

• Your personal details, including age, date of birth,
• Your medical history, disability information, hospital records, diagnostic records, health record for diagnosed illness or disability, previous availments from other health insurers, prescriptions and other relevant medical/diagnostic/hospital reports
• Government issued documents, including Marriage Certificate, Tax Identification Number, SSS Number, PhilHealth Number

How does Pacific Cross collect your information?
You may choose to give your personal data in a variety of ways. For example, you may give your name and contact information to communicate with us, to inquire about or to procure an insurance product, to make a complaint or give feedback. Whenever you request for services, we will ask you to provide relevant, detailed and accurate information pertinent to your request or we may ask you to update some information that we have already previously collected so that we can render your requested services. You may inform us of the specific personal data you do not want to be processed beyond the requested purpose. We will respect your request insofar as it is feasible to fulfill the purpose for which the personal data was collected.

The personal data we collect about you may also come from our contracted medical professionals and/or your attending physicians, intermediaries such as your broker or agent, your employer, your beneficiaries, affiliates or other third parties (such as Emergency Assistance providers, other insurance companies, etc.).

If you disclose personal data about other individuals (such as your employees, dependents, beneficiaries), you warrant that you have obtained their consent prior to your sharing of their personal data with us.

Pacific Cross may also obtain information online when you:

a. Visit the Pacific Cross Website or any of our online sites including our mobile application to purchase a policy, submit an application or claim form or inquire about our products, services and network. By using the Pacific Cross Website or any of Pacific Cross’s online sites and mobile applications, you agree to the processing of your personal and sensitive personal information as explained in this Statement.You also agree to our use of cookies and the Google web analytics as explained in [https://www.google.com/intl/en/policies/privacy/] so that we may analyze statistics on the usage of our websites so that we may improve our customers’ online and digital experience.Please be informed that the Pacific Cross websites and mobile applications may include links to other websites not owned and operated by Pacific Cross. These sites may also collect information about you in accordance with their privacy statements. We encourage you to read the privacy statements of these websites as Pacific Cross will not be responsible for the content or privacy practices of websites not directly administered by us.

b. Engage with Pacific Cross on Social Media. When you integrate your access to any of our online sites with your social media account, you allow us ongoing access to information in your social media accounts (e.g., photo, birthdays, likes or preferences). Except for information shared with us through private messaging, any personal data you share when you interact with us on social media will be made public. Please make sure to control whatever information you share with us on social media through your privacy settings.

c. Engage with Pacific Cross on Messaging Applications such as Viber, WhatsApp, or FB Messenger. Your engagement with us on these messaging applications will be subject to the privacy statements of these third-party applications. Please read through them as private information shared through these apps may be used by the operators of these applications for purposes other than what we intend at Pacific Cross.

d. Access of our Website or any of our online sites through your mobile devices. If you access our website or any of our online sites on your mobile phone or mobile device, we may also collect your unique device identifier and mobile device IP address, as well as information about your device’s operating system, mobile carrier, and your location information.

How does Pacific Cross use your personal data?
By providing Pacific Cross with personal data, you authorize and consent to our collection, use and processing of your personal data for the following purposes:

a. Process and evaluate applications for insurance products and services
• Carry out and/or verify any eligibility, credit, physical, medical, security, underwriting and/or identity checks in connection with our services and products
• Determine the amount of premium and inform you of the same
• Determine your insurance coverage and inform you of the same, including the exclusions from the coverage of the policy (if any)
• Deliver your Insurance Policy or Official Confirmation of Coverage
• Make payments of commissions to our insurance agents

b. Process billing and collection of insurance premiums and related fees
• Process your payment through credit card, debit notes and other means
• Issuance of receipts for payments made
• Generate, issue and deliver statements of account
• Reconcile our accounting records with actual collections and ensure completeness of amounts deposited

c. Process insurance claims, and any purpose in connection with any claims made in respect of any of our services and products, including making, defending, analyzing, investigating, processing, assessing, determining, responding to, resolving or settling such claims
• Obtain documents and validate information relevant to your claim from third parties such as (but not limited to) hospitals, other insurance providers and medical professionals
• Process payments for approved claims, including (but not limited to) reimbursements and issuance of letters of authority
• Review and resolution of denied insurance claims

d. Communicate with you regarding your insurance policy
• Update your account information
• Receive and attend to your questions, concerns, claims and feedback through calls, e-mail and other means
• Generate reports regarding your questions, concerns, claims and feedback
• Address your questions, concerns, claims and feedback
• Renew and/or amend your policy
• Cancel your insurance policy and refund amount paid

e. Engage in direct marketing of Pacific Cross products and services, as well as related information from our partners
• Inform you about our products and services, including marketing or promotional information regarding insurance products and related information or partnerships through phone calls, mail, e-mail, SMS, social media or other electronic or digital channels

f. Conduct statistical and actuarial research, including conducting surveys, data analytics, market studies that aim to provide you with better products and services

g. Carry out lawful business activities, including, but not limited to:
• Maintaining credit and risk models, maintaining and updating Pacific Cross’s information technology systems, product and business development and client servicing
• Develop intelligent and automated systems
• Conducting company audits or investigate a complaint or security threat
• Comply with policy administration requirements

h. Comply with statutory and regulatory requirements, including directives, issuances by, or obligations of Pacific Cross to any competent authority, regulator, supervisory body, enforcement agency, exchange, court, quasi-judicial body or tribunal

i. Enable Pacific Cross to exercise sound corporate governance over its businesses, ensure that risks arising therefrom are duly identified, measured, managed and mitigated, and enhance risk assessment and prevent fraud

j. Establish, exercise or defend legal claims

k. Fulfill any other purposes directly related to the above-stated purposes
For purposes outside of those identified above, we will ask for your specific consent.

Will Pacific Cross share your personal data?
Your personal data may be disclosed to third parties to enable Pacific Cross to achieve the purposes set out above, including but not limited to the following:

• Carry out lawful business activities
• Comply with statutory requirements like reporting to the Insurance Commission
• Respond to law enforcement authorities or other government regulatory bodies’ requests
• Prevent physical harm or financial loss
• As a requirement of business transfer involving mergers and/or product and service collaboration
• Process insurance and reinsurance claims
• Carry out digitization and storage processes
• Carry out data collection and analysis
• Conduct company audits or investigate a complaint or security threat
• Establish, exercise, or defend legal claims

When the processing of personal data is outsourced to a third party, the processing will be subject to written agreements between us and the third parties processing the data, in accordance with the requirements of the Data Privacy Act of 2012. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process your personal data on our specific written instructions.

We may also transfer your personal data to third parties as required by law or legal instrument, to protect our rights or assets, to facilitate the acquisition or disposition of our businesses and in emergencies where the health or safety of a person is endangered.

We will not sell, rent, share, trade, or disclose any of your personal data to any other party without your prior written consent, with the exception of entities within our company and any third-party service provider which we have engaged whose services necessarily require the processing of your personal data.

The following are the third parties to whom the information may be disclosed:

a. Service providers and partners. These are the medical specialists and other professionals who attend to your medical needs. These will include Emergency Assistance partners who provide assistance to our insured outside of Metro Manila or abroad.
b. Business partners. Your broker or agent who services you may be given private or sensitive information through communications to you that are coursed through them or where good business practice requires them to be provided with copies. Our business partners also include third party developers that create and operate mobile apps and online platforms. These mobile apps and online platforms aim to provide the following (without limitation): (i) a convenient way for you to access our products and services, (ii) ptions to avail of value-added features to your plan, and/or (iii) notifications on other products and services that Pacific Cross offers to its clients. Your personal data may be disclosed to these business partners when you download and use their apps or visit their online platforms. Please take time to read the terms of use and privacy policy relevant to these apps and online platforms.
c. Regulatory Bodies/Agencies and other Legal Bodies. The Insurance Commission who regulates the industry requires statistical reports and/or specific risk data information on a regular basis to help them review and/or modify regulations. The Bureau of Internal Revenue (BIR), Anti-Money Laundering Council, the Department of Health also require reports where private data maybe shared from time to time.

How does Pacific Cross store your data?
For the most part, electronic data are stored on premise in secure servers, secure cloud storage, and on the local drives of Pacific Cross employees and officers, while physical documents submitted to us are filed on premise in secure cabinets for a year after which, they are transferred to off-site document storage facilities with stringent data security measures in place.

Some of the collection and processing, and therefore initial storage, are done using cloud technology. We utilize three (3) cloud hosting facilities located in Manila, Singapore, and Australia. All are certified not only in the countries where they reside but also by US and EU data protection agencies. By providing us with your information or using our online sites and mobile applications or by purchasing a policy with international coverage, you consent to the collection, storage, and processing of your information here or abroad.

Generally, your personal data will be retained by Pacific Cross during the term of your policy or plan and/or until the expiration of the retention limit standards set by Pacific Cross and the industry and laws and regulations reckoned from account closure. After such periods, your information will either be destroyed or anonymized.

Are you allowed to access and update your information?
Pacific Cross encourages all its insured to keep their personal data current and updated. You may review personal data we have processed in your copy of the policy document. You may also check them out when you successfully register in any of our mobile applications. You may likewise call our Customer Service Department and validate any personal data we may have stored and request them to be updated. Finally, you may e-mail us to request your personal details updated. When you request for access to your personal data, we will take reasonable steps to confirm your identity before granting you access and updating your information.

How does Pacific Cross protect your personal data?
Pacific Cross utilizes the following known best practices to reasonably protect your data from unauthorized access, use, and disclosure.

a. Employee Data Security Awareness and Training. This is a basic required training program for all new employees. In addition, refresher courses are conducted especially to units who handle the personal data of clients.
b. Data Masking and Encryption. Only employees authorized to process personal data are actually allowed to view them. We employ data masking and e-mail encryption. Employees who handle such data go through additional training for data security handling.
c. User Access Control. We manage user access strictly with regular reviews and prompts for change passwords. Quarterly review by supervisors of authorized users ensures access updates are current.
d. Regular System and Operational Audits. Annual third party audits are conducted to ensure compliance and address any security weakness identified.
e. Data Sharing Contracts. When private data is required to be shared to service providers and business partners, this privilege is explicitly defined in a contract stating the conditions around data sharing, the limitations of usage, and the diligence required for its storage.

What are your rights as a Data Subject?
Under the Data Privacy Act of 2012, you have the right to:

1. Access Personal Data
Under the DPA, it is possible for individuals to request access to any of their personal data held by the Pacific Cross, subject to certain restrictions. A request for disclosure of such information is called a Subject Access Request. Any such requests should be addressed to Pacific Cross Customer Service.
2. Make corrections to Personal Data
The DPA requires Pacific Cross to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is your responsibility to inform us of any changes to the Personal Data that you have supplied during the course of your engagement.
3. Object to the processing of Personal Data
You shall have the right to object to the processing of your Personal Data, including processing for direct marketing, automated processing or profiling. You shall also be notified and be given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject.
4. Erasure or blocking of Personal Data
You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your Personal Data from our filing system.
5. Be informed of the existence of processing of Personal Data
You have a right to be informed whether Personal Data pertaining to you shall be, are being or have been processed, including the existence of automated decision-making and profiling.
6. Damages
Upon presentation of a valid decision, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of Personal Data, taking into account any violation of your rights and freedoms as a data subject.
7. Lodge a complaint before the National Privacy Commission


Contact Us
For questions or concerns relating to this Statement, you may get in touch with us through the following:


Pacific Cross Data Privacy Office
E-mail: DPO@pacificcross.com.ph
Tel. No.: +63 2 8230 8588
Address: 2nd Floor, 8 Rockwell Building, Hidalgo Drive,
Makati City, Metro Manila, Philippines


Atty. Lawrence Mari C. Santella
Data Protection Officer
for Pacific Cross Insurance, Inc. and Pacific Cross Health Care, Inc.
E-mail: DPO.insurance.rohq@pacificcross.com.ph; DPO.healthcare@pacificcross.com.ph
Tel. No.: + 63 2 8899-8001 loc. 8504


Changes to this Statement
The Pacific Cross Privacy Statement may be updated from time to time. Please periodically review our Privacy Statement (available at www.pacificcross.com.ph) to be apprised of our latest updates. This Statement was last updated on March 16, 2018.