Product Family

Privacy Statement - AXA XL Reinsurance China

XL Reinsurance (China) Company Limited (“we”, “us”) is part of AXA XL, a division of AXA. We recognize the importance of protecting the privacy and the rights of individuals in relation to their personal data and are committed to compliance with the Cyber Security Law, the Personal Information Protection Law and other laws and regulations. This Privacy Statement describes how we collect, use, store, transfer and/or disclose your personal data when we provide our services as an insurance business (before July 3rd, 2020) or a reinsurance business. It also describes your rights regarding access, duplication, correction, supplementation, deletion and other aspects of your personal data. Personal data refers to a variety of data related to the identified or identifiable natural person that is recorded electronically or by other means, excluding anonymized data.

Personal data we process

As an insurance business before and now a reinsurance business, we need to obtain data about the individuals covered in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim, or data of a beneficial owner of our reinsurance business partner. This is so that we can properly assess the risks associated with providing insurance or reinsuring a particular block of insurance policies and administer and manage our products and services. This privacy notice applies to any individual whose personal data, we process in the course of providing the services (each a data subject or you).

We may be required by law to collect certain personal data about you, or as a consequence of any contractual relationship we have with you. Failure to provide this data may prevent or delay the fulfilment of these obligations.

We may obtain your consent to process certain types of personal data when we are required to do so by law or regulations (for example, in relation to our direct marketing activities). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Statement.

Data we collect about you

The type of data we may collect and process about you will depend upon the type of insurance or reinsurance we are offering or underwriting. It may include any of the below (where permitted by law):
a) Personal details: Your name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
b) Identification data and criminal data: Your government-issued ID card, driving licence, driving record and criminal record (but only where it is lawful to collect this data).
c) Contact Information: Your address, telephone numbers and email address.
d) Information about your family and home: Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics.
e) Employment and experience data: Your employment history, job role, salary, employment benefit options, educational background and any professional licences and qualifications.
f) Financial data: Details pertaining to your bank account, annual income, investment/savings, tax payer ID, credit history and transaction history.
g) Data to conduct our business: Data relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims histories, services relating to our businesses and your business dealings or relationship with us. From the data we collect about you, we may also derive or generate further data such as risk ratings.

Sources of the information we collect

We collect personal data from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us. We also collect your personal data from a variety of legitimate sources:
a) From other insurance companies that we work with
b) From other reinsurers and retrocessionaries
c) From third party claims handlers who are involved in a claim or assist us in investigating or processing claims, including witnesses and external claims data collectors and verifiers
d) From our business partners with whom we work to provide insurance products
e) From public sources, such as public databases (where permitted by law)
f) From Lloyd’s Coverholders, insurance brokers or any other intermediaries
g) From third party evidence providers
h) From healthcare service providers
i) From financial institutions
j) From pension processing platforms
k) From individuals that you may be associated with (e.g. joint account holders, company employees or directors, family members, etc.)

Occasionally we may collect your personal data from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes.

How we use your personal data

We use your personal data to:
a) to provide our services and fulfil our contractual obligations to you and other third parties
b) to review, process and manage claims
c) to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services
d) to help us prevent and detect fraud, money laundering, terrorism and other crimes
e) to help develop new, and improve existing, services
f) to operate and expand our business activities
g) to carry out background checks, where lawful
h) to perform administrative activities in connection with our services
i) to exercise, defend and protect our legal rights or the rights of third parties
j) to comply with legal obligations and to cooperate with regulatory bodies to which we are subject
k) for research and development of new insurance products
l) to audit our business
m) for marketing purposes

Storage of personal data

Unless otherwise provided by laws and regulations, the storage period of your personal data is the shortest time necessary to achieve the processing purposes set forth in this statement. After the relevant storage period expires, we will delete or anonymize your personal data.

Your rights over your personal data

You have certain rights regarding your personal data. These include the following rights to:
a) access and duplicate your personal data;
b) correct and supplement the data we hold about you;
c) withdraw your consent to our process of your personal data.
d) delete your personal data
e) transfer your personal data to the designated personal data processor;
f) other rights provided by laws and regulations.

If you would like to discuss or exercise such rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information (such as verifying your identity) from you in order to honour your requests.

Information Sharing

We may share your personal data with third parties under the following circumstances:
a) AXA group companies. We operate as a global business, so we may share your personal data with group companies who may use this information for the purposes described in this Privacy Statement.
b) Insurance companies, Lloyd’s Coverholders, intermediaries, financial institutions, retrocessionaires and business partners. We may share your personal data with insurance companies, intermediaries, financial institutions, retrocessionaires and business partners that use your personal data in connection with the provision of insurance and processing of claims. For example, we may share your personal data with other reinsurance businesses for the purposes of settling claims.
c) Service providers. We may share your personal data with service providers that perform services and other business operations for us, for example, IT and analytics providers, actuarial service entities, auditors and advisers.
d) Any law enforcement agency, court, regulator, government authority or professional body. We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
e) Asset purchasers. We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Statement.
f) Customer companies. We may share our personal data with your company or employer in certain circumstances, for example, if your company has a corporate insurance product with us and you make a claim under that product.

Because we operate as part of a global business, the recipients referred to above may be located outside of China. See the section on "Personal Data Cross-border Transfer" below for more information.

Personal Data Cross-border Transfer

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data. We will meet the requirements of personal data cross-border transfer and put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

Our Cookies Policy

When you visit our website, we may collect usage information to help us understand how our website is navigated and used.

Our website uses "cookies" to enhance your viewing experience. A cookie is a tiny element of data that is sent to your browser to be stored on your hard drive so that we can recognise you when you return. You may set your browser to notify you when you receive a cookie or refuse cookies from all websites, if you wish. Please note, however, that if you reject cookies it is possible that some web pages may not properly load or load at all, and your access to certain information might be denied or you might have to enter information about you more than once.

We use session cookies, persistent cookies and Google Analytics.

Session cookies: Session cookies allow our website to link the various actions of a user during a browser session, including which pages the user visited before visiting this one. Session cookies expire when the browser session ends.

Persistent cookies: Persistent cookies are stored on a user's device in between browser sessions, storing information about the preferences or actions of the user across a site (or possibly across different AXA Group websites).

Google Analytics: Google Analytics is a popular web analytics service that uses cookies to count the number of people that visit and help analyse how they use it (e.g., we can determine which pages on our site are visited most frequently). The information generated by the cookies (including your IP address) is transmitted to and stored by Google on its servers. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Google uses this information to evaluate the way visitors use our website, compiling reports to us on website activity and providing other services relating to website activity and internet usage. The information also helps us improve this website. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google's behalf. Google undertakes not to associate your IP address with any other data held by Google.

Contact us

If you have questions about your rights or concerns regarding the way in which your personal data has been used, please contact us at