Política de privacidad y protección de datos

Privacy Policy and Data Protection

As a provider of international insurance coverage and associated services, (herein called “Services”), Cigna Healthcare and its subsidiaries (“Cigna”, “The Company”, “We”) will process and protect the Personal Data that our clients, customers, and third parties share with us. 

The Company, acting as Data Controller, that collects and uses your Personal Data depends on the Company that provides your insurance coverage and can be found in your member booklet or certificate of insurance or is in contact with You if you are our point of contact as a prospective client. Our contact details are included under the “Contact Us” section below. 

This notice sets out details of the Personal Data that we may collect from you and how we may use that information. 

 

COLLECTION AND PROCESSING OF PERSONAL DATA 

 “Personal Data” is any information that identifies you as an individual or relates to an identifiable individual.  We collect Personal Data from or about the following: 

-. Policyholders or customers. Previous, current, and prospective policyholders/customers. 

-. Dependents, if you are covered by a Cigna Healthcare insurance policy or scheme, but are not the primary member (e.g., you are the spouse or child of the primary member). 

-. Users of our Websites, Apps, and Platforms. 

-. Claimants

-. Business contacts if you are the Cigna Healthcare contact at your company. 

-. Providers.
 

We collect a variety of Personal Data, including sensitive information. The Personal Data we collect includes: 

-. General information such as your first and last name, title, address, email address, telephone numbers, date of birth, gender, and relationship to the policyholder (where you are not the policyholder). 

-. Identification information such as your national identification number and passport number or driving license number. 

-. Information linked to the provision of the Services (e.g., to review and pay your claims; to issue a guarantee of payment/s when applicable). 

-. Information relating to your Scheme or Policy: details about previous schemes you have been a member of or insurance policies you have held and any previous claims you have made; details about your family such as dependents or spouses; and scheme or policy specific information, e.g. details of pre-existing conditions where we are handling claims. 

-. Information about your job including job title or any other information that may be required to provide Services to you if there is a connection between the access to Services and your job or job title. 

-. Information relating to previous policies, claims; and reimbursement of expenses (e.g., if you claim under your travel policy, we will need to know which country you visited). 

-. Anti-Fraud Information: Such as information that is either available publicly, for example, through internet search engines and social media, or shared by you, where we need to investigate fraudulent claims. 

-. Financial information such as your bank or payment details. 

-. Business Contact Details: where you are our point of contact at an employer, information such as your name, address, contact details, and company name. 

-. Account Information: Such as your chosen username, and other information you share in your account. 

-. Preferences: such as language, contact, and other preferences that you might express during your use.

-. Marketing Data: Such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication. 

-. Telephone Call Recordings such as audio recordings of telephone calls when you contact us. 

-. Device Information such as about your devices and your use of our services. This includes data obtained through cookies and similar technologies.

-. Sensitive data including details of your current and past physical and/or mental health.

 

We collect the Personal Data outlined above from several different sources, including: 

-. You directly, or from someone else on your behalf (such as a family member).

-. Healthcare providers or other medical providers, and other third parties that are required to provide the Services to you (for example loss adjusters, claims handlers, experts (including medical experts). 

-. Other third parties involved in the provision of the Services or linked to that provision such as a broker or another insurer, claimants, or defendants. 

-. Your employer (as it may be applicable). 

-. Medical reports and counsel opinions. 

-. Emergency assistance

-. Other companies within The Cigna Group as may be appropriate to provide the Services to you; and 

-. Insurance industry fraud prevention and detection databases and sanctions screening tools.

-. Insurance industry bodies

-. Marketing/advertising service providers

-. Public and/or government and/or regulatory authorities, including courts, tribunals, regulators, and government authorities. 

 

If you do not provide the information requested, we may not be able to provide Services to you. 

If you disclose any Personal Data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information per this Data Protection Notice. 

 

PURPOSE FOR PROCESSING YOUR PERSONAL DATA 

We collect and process your Personal Data for legitimate business purposes, including those listed below.  We use your Personal Data to: 

-. Provide insurance and associated services, (e.g. Insurance Quotation, Claims Management, policy administration, customer service). 

-. Communicate with you and others, including health care providers, as part of our Services. 

-. Send you important information regarding changes to our policies, other terms and conditions, and other administrative information. 

-. Make non-automated decisions about whether to provide the Services to you. 

-. Provide improved quality, training, and security (e.g. concerning recorded or monitored phone calls to our contact numbers).

-. Continuously improve and test the quality of our Services (e.g. conducting satisfaction surveys, research, and data analysis related to the Services).

-. Protect our business against fraud. This includes searching claims or fraud registers when dealing with insurance requests or claims to detect, prevent, investigate, and report fraud, if any or all applicable.

-. Resource allocation, healthcare management and financial risk control. We use predictive model to analyze members historical claims data, identify potential risk factors and calculate risk scores within the framework of providing health insurance services.  

-. Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; business continuity; and records, document, and print management. 

-. Resolve complaints and handle requests. 

-. Comply with applicable laws and regulatory obligations, including those relating to anti-money laundering and anti-terrorism; and respond to requests from public and governmental authorities and litigation; and 

-. Establish and defend our legal rights; protect our operations or those of any of The Cigna Group of companies or insurance business partners; safeguard our rights, privacy, safety, or property, and/or that of our group companies, you, or others; and pursue available remedies or limit our damages. 

-. Manage the relationship with You/Dependents, the Data Subject through the members customer portals available for our policyholders/certificate holders from where you can manage reimbursements and authorizations and carry out other procedures related to the Services.

-. Automated decision-making. We may use automated decision-making processes to make decisions. This involves, for example, using software to process your personal information, to evaluate your personal aspects and to predict risks or outcomes. We use automated decision-making processes: in the context of auto-renewal of certain types of policies, including to determine what the cost of renewing the policy will be; and for the purposes of fraud prevention. 

These decisions may have legal or similar effects for you. For example, we may use them to decide what the cost of renewing your policy will be. 

We will, however, only make these kinds of automated decisions where: they are necessary for entering into, or performance of, a contract with you; they are authorized by law; you give your consent to us carrying out automated decision-making. 

You can contact us to request further information about automated decision-making. In some circumstances you can object to our use of automated decision-making processes, or request that an automated decision is reviewed by a human being.

 

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA.

As outlined above, We may use your Personal Data for several different purposes that are always connected with the Services we provide. Consequently, we will rely on the following legal grounds to use your Personal Data: 

-. The use of your Personal Data is necessary for the performance of a contract to which you are a party or to take steps prior to enter into a contract. (e.g. such as to enter into or perform the insurance contract you, your employer or your plan sponsor have/has applied for, collect information required to pay your insurance claim, and collect information to process insurance payments. 

-. We have a legal or regulatory obligation to use your Personal Data. For example, we will rely on this ground to comply with anti-money laundering and anti-terrorism obligations; and

-. We have a legitimate interest in using your Personal Data. We may rely on this legal ground to provide improved quality, and training, and manage our infrastructure and operations. When collecting and processing your Personal Data under this ground we put in place robust safeguards to ensure that your privacy is protected and that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

-. Due to the nature of the Services, we may process Sensitive Personal Data connected with the provision of such Services. Sometimes, your consent is not required since we are permitted by applicable law to process such information as an insurance company. However, we will collect your consent where necessary to comply with the requirements of the jurisdiction in which you are located.

 

DISCLOSURE OF PERSONAL DATA 

If necessary for providing you with the Services, or for any of the purposes described in this Data Protection Notice, We may disclose your Personal Data with certain other parties. Disclosing your Personal Data means that will provide your Personal Data to and/or that your Personal Data will be accessed by: 

-. The policyholder/certificate holder or scheme member, where you are a dependent. 

-. The Cigna Group. Access to Personal Data within Cigna is restricted to those individuals and entities who have a requirement to access the information for the purposes described in this Data Protection Notice. 

-. Other insurance and distribution third parties, such as other insurers; reinsurers; independent agent/brokers, and other intermediaries’ agents and appointed representatives. 

-. Healthcare providers and travel and medical assistance providers. 

-. External third-party service providers, such as IT systems, support, and hosting service providers; document and records management providers; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities. 

-. External professional advisors and partners such as medical professionals, accountants, actuaries, auditors, experts, consultants, and lawyers; banks and financial institutions that service our accounts; claim investigators, adjusters, and others. 

-. Investigative firms to investigate claims on our behalf concerning suspected fraud. 

-. Our regulators and other governmental or public authorities where necessary to comply with a legal or regulatory obligation.

-. The police and other third parties or law enforcement agencies, court, regulator, government authority or other similar third parties where necessary for the prevention or detection of crime or to comply with a legal or regulatory obligation; or otherwise, to protect our rights or the rights of a third party. 

-. Debt collection & Subrogation agencies. 

-. Selected third parties in connection with any sale, transfer or disposal of our business. Other third parties, such as emergency providers (fire, police and medical emergency services) and ravel carriers. 

-. Your employer or a company acting on your employer’s behalf (as it may be applicable) to monitor, audit or otherwise administer the Services and fulfill contractual obligations concerning the Services. Consequently, the Personal Data that may be shared will be the minimum necessary to perform the Services you are entitled to. In the case of a fraud investigation, in some specific cases, we may disclose fraudulent cases to your employer, while enforcing minimization principle in the disclosure process. Cigna will share the minimum of necessary data to manage any fraud case. In addition to the above, we may need to share limited Personal Data with your employer in case of an emergency medical evacuation or repatriation (“Emergency”).  The Personal Data that may be shared will be the minimum necessary to conduct the evacuation or repatriation in line with these Services; and

 -. Registers of claims which are shared with other insurers to check information to detect and prevent fraudulent claims. The Personal Data put on these registers may include details of treatment. 

 

JURISDICTION AND CROSS-BORDER TRANSFER 

Your Personal Data may be stored and processed in countries where: we have affiliates; we operate; or we engage service providers. By using the Services, you understand that your Personal Data can be transferred to and stored in countries outside of your country of residence, including the countries where your insurance policy/certificate or scheme is underwritten. These may include countries with data protection rules different from your country of residence. 

Where Personal Data is transferred outside your country of residence, we guarantee an appropriate degree of protection is afforded to it, in accordance with applicable laws, by ensuring at least one of the following safeguards is implemented: 

-. Adequacy Decisions: Some countries are recognized under applicable data protection laws as providing an adequate level of data protection (each an “Adequate Jurisdiction”). The approved list of, or criteria for, Adequate Jurisdictions may vary depending on the applicable data protection law.  Where the relevant data protection authority has recognized the jurisdiction where your Personal Data is being transferred to as “adequate”, no additional safeguards will normally be required before transferring your Personal Data to that Adequate Jurisdiction. 

-. Additional Safeguards: For transfers of your Personal Data to another country that is not considered an Adequate Jurisdiction, we will put in place adequate safeguards as required under applicable law (“Additional Safeguards”). These may include standard contractual clauses to protect your Personal Data or obtain your consent to the transfer, for specific situations. 

 

RETENTION PERIOD 

We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Data Protection Notice unless a longer retention period is required or permitted by law, for example, to satisfy any legal, regulatory, tax, accounting, reporting requirements, or for fraud prevention. 

The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (i.e., for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (i.e., certain laws require us to keep records of your transactions for a certain period before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as regarding applicable statutes of limitations, litigation or regulatory investigations). 

In some circumstances, where a legal obligation arises or retention is advisable considering our legal position, we must retain certain Personal Data for a reasonable period, even after your account has been deleted and/or we no longer provide the Services to you.

If you would like further information regarding the periods for which your Personal Data will be stored, please contact us using the details in the “Contact Us” section below. 
 

YOUR RIGHTS 

You are entitled to exercise certain rights (according to applicable data protection laws) in relation to the Personal Data we hold about you. It should be noted that there are certain restrictions on how you can exercise these rights under applicable laws.   

These rights include some or all of the following rights:

-. The right to access your Personal Data. You are entitled to a copy of the Personal Data we hold about you and certain details about how we use it or with whom your data has been shared.  

-. The right to rectification. We take reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, you are entitled to modify your personal data, should they appear incomplete or inaccurate. 

-. The right to erasure. You have the right to ask us to erase your Personal Data. If the request for erasure is exercised, in certain circumstances, it will prevent us from delivering the Services as outlined above. 

-. The right to object to, and/or to request restriction of processing. In certain circumstances, you are entitled to object to our processing of your Personal Data or ask us to stop using your Personal Data. Please note that in some circumstances the exercise of these rights may mean that we are unable to continue providing you with the Services. 

-. The right to data portability. In certain circumstances, you have the right to ask that we provide your Personal Data to you in a commonly used electronic format, and to transfer any Personal Data that you have provided to us to another third party of your choice. 

-. The right not to be subject to automated decision-making (including profiling). You have a right in some circumstances to not be subject to a decision based solely on automated means. 

-. The right to withdraw consent to the processing of your Personal Information (which will not affect the lawfulness of processing prior to the withdrawal). 

-. The right to lodge a complaint with a data protection authority. You have a right to complain to your local data protection authority if you believe that any use of your Personal Data is not in compliance with applicable data protection laws and regulations. 

 

You may exercise, these rights (as applicable) at any time by contacting us using the details set out in the “Contact Us” section below. 

 

COOKIES AND SIMILAR TECHNOLOGIES 

In addition to this Data Protection Notice, some of our products and services may have their own notices (for example, the Cigna Online and Mobile Privacy Notice and The Cigna Group Cookie Notice, which describe in more detail how your Personal Data is used.

 

MARKETING ACTIVITIES 

We may use your personal information to provide you with information about our products or services, or those of our partners which may be of interest to you where you have provided your consent for us to do so.

In certain circumstances, we may also use your personal information to contact you for marketing purposes where we have a legitimate interest to do so. This will include where you are our business contact with a prospective client, and we would like to provide you with information about our products, services or events which we consider may be of interest to you and / or your business. 

If you wish to unsubscribe from emails sent by us, you may do so at any time by clicking on the "unsubscribe" link that appears in all marketing emails. Otherwise you can always contact us to update your contact preferences by using the details in the "Contacting Us" section below. Please note, however, that we will continue to send you service related (non-marketing) communications.
 

THIRD PARTY SERVICES 

This notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link from the Services to any third-party website or service does not imply endorsement of the linked third-party site or service by us or by our affiliates. 

 

SECURITY 

We will take appropriate technical, physical, legal, and organizational measures, which are consistent with applicable data protection laws to protect your Personal Data. We continually assess our data privacy, information management and security practices and train our employees on these requirements. Our security protocols relating to the Services include (but are not limited to) access management, encryption, physical security, logging and monitoring, vulnerability management and data loss prevention. 

 

UPDATES TO THIS DATA PROTECTION NOTICE  

We may update this Data Protection Notice from time to time to ensure that it remains accurate. Where changes to the Notice will have a fundamental impact on the nature of our processing of your Personal Data, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights concerning your Personal Data. 

This Data Protection Notice was last updated November 2024 

If you would like further information regarding the steps we take to safeguard your Personal Data, please contact us using the details in the “Contact Us” section below.

 

CONTACT US 

If you have any questions about this notice or you want to contact our Data Protection Officer (DPO) responsible for your country or region, if applicable, please contact us at:

CignaGlobalPrivacyOffice@Cigna.com.

If you wish to exercise any of your rights set out in this notice or otherwise under applicable data protection laws, please contact us at:

Data.Privacy.Request.and.DSAR@Cigna.com 

 

Your Personal Data may be processed by the following entities: 

Cigna International Health Services BV, with corporate address in Belgium at Plantin en Moretuslei 299, 2140 Antwerp, with enterprise number 0414.783.183 (Register of Legal Entities Antwerp), and subject to the supervision of the Financial Services and Markets Authority in the field of consumer protection. 

Cigna Life Insurance Company of Europe S.A.-N.V., with corporate address in Belgium at Plantin en Moretuslei 309, 2140 Antwerp, with enterprise number 0421.437.284 (Register of Legal Entities Antwerp), and subject to the prudential supervision of the National Bank of Belgium and to the supervision of the Financial Services and Markets Authority in the field of consumer protection. 

Cigna Life Insurance Company of Europe S.A.-N.V., UK Branch, the UK branch of Cigna Life Insurance Company of Europe, S.A. N.V., with corporate branch address at 5 Aldermanbury Square, 13th Floor, London, England, EC2V 7HR. Authorized by the Prudential Regulation Authority. Subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. 

Cigna Life Insurance Company of Europe, S.A.-N.V., Spanish Branch with corporate Branch address at Parque Empresarial La Finca, Paseo del Club Deportivo, 1 -Building 14- Floor 1, 28223, Pozuelo de Alarcón – Madrid.

Cigna Life Insurance Company of Europe, S.A.-N.V., French Branch  with corporate Branch address at 19 Boulevard Malesherbes, 75008 Paris.

Cigna Life Insurance Company of Europe, S.A.-N.V., Italian Branch with corporate Branch address at Via Santa Maria Valle 3, 20123 Milano. 

Cigna Europe Insurance Company S.A.-N.V., with corporate address in Belgium at Plantin en Moretuslei 309, 2140 Antwerp, with enterprise number 0474.624.562 (Register of Legal Entities Antwerp), and subject to the prudential supervision of the National Bank of Belgium and to the supervision of the Financial Services and Markets Authority in the field of consumer protection. 

Cigna Europe Insurance Company S.A.-N.V., UK Branch, the UK branch of Cigna Europe Insurance Company S.A.-N.V., with corporate branch address at 5 Aldermanbury Square, 13th Floor, London, England, EC2V 7HR and authorized by the National Bank of Belgium and subject to limited regulation by the Financial Conduct Authority and Prudential Regulation Authority in the UK.

Cigna European Services (UK) Limited,  with corporate address at 5 Aldermanbury Square, 13th Floor, London, England, EC2V 7HR.

Cigna Europe Insurance Company S.A.-N.V., Antwerp, Zurich Branch, the Swiss branch of Cigna Europe Insurance Company S.A.-N.V., with corporate branch address at Europaallee 41, 8004 Zurich, Switzerland, existing under the laws of Switzerland and registered in the commercial register of Canton Zurich. 

Cigna Global Insurance Company Limited - PO Box 155, Mill Court, La Charroterie, St Peter Port, Guernsey, GY1 4ET. Global Insurance Company Limited is a private limited by shares company under Guernsey law and is authorized and regulated by the Guernsey Financial Services Commission for the conduct of insurance business in Guernsey.