MetLife Global Benefits: Cayman Privacy Notice

Last Updated October 30, 2023

⤶ Back to Privacy Center

 

 

This privacy notice (the “Cayman Privacy Notice”) explains the manner in which MetLife Global Benefits. LTD and its service providers, affiliates, and delegates (collectively, “MGB”) collects, processes and maintains Personal Data about you pursuant to the Data Protection Law, 2017 of the Cayman Islands, as amended from time to time and any regulations, codes of practice or orders promulgated pursuant thereto (the “DPL”).

MGB is committed to processing Personal Data in accordance with the DPL. In its use of Personal Data, MGB will be characterized under the DPL as a “Data Controller” and MGB’s service providers, affiliates and delegates may act as “Data Processors.”

Interpretation

For the purpose of this Cayman Privacy Notice you or your shall mean, you, the insured or potential insured under any MGB insurance policy, your family members, your health care providers and any individuals affiliated with your employer, vendors, and other third parties that work with or are employed by MGB. We, us, or our means MGB.

Personal Data

By virtue of your relationship with MGB, we may collect, record, store, transfer and otherwise process information by which you may be directly or indirectly identified (“Personal Data”). Examples of the type of Personal Data that we may process about you include your name, date of birth, age, gender, nationality, likeness, national identification number, email and residential address, telephone number, bank account information, medical information, employment information, information that you send to us, information that we need to process your claims, information that allows MGB to insure you, employ you or work with your employer.

We may combine Personal Data that you provide to us with Personal Data that we collect from, or about you. This may include Personal Data collected in an online or offline context including from health care providers, credit reference agencies and other available public databases or data sources, such as news outlets, websites and other media sources and international sanctions lists.

Why is your Personal Data processed

 Your Personal Data will be processed fairly and for lawful purposes, including:

  • where the processing is necessary for MGB to perform a contract to which you are a party or for taking pre-contractual steps at your request, which may include the following circumstances:
    • to operate MGB, including managing and administering MGB on an on-going basis which enables MGB to satisfy its contractual duties;
    • to process your insurance claims; and
    • to send you explanation of benefits.
  • where the processing is necessary for compliance with any legal, tax or regulatory obligation to which MGB is subject, which may include the following circumstances:
    • to comply with requests from regulatory, governmental, tax and law enforcement authorities; o to prevent and detect fraud;
    • to carry out audit checks and to instruct auditors;
    • to comply with FATCA, CRS and other comparable legislation; and/or
    • to comply with applicable sanctions and embargo legislation.
  • where you otherwise consent to the processing of Personal Data for any other specific purpose.

As a data controller, we will only use your Personal Data for the purposes for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will contact you.

Use and Disclosure of Personal Data

We will not sell or disclose your Personal Data to any third-party for its use in marketing its products to you.

Any transfer of Personal Data outside of the Cayman Islands shall be in accordance with the requirements of the DPL. Where necessary, we will ensure that separate and appropriate legal agreements are put in place with the recipient of that data. For example, where data is to be transferred to a person in a country which does not provide an adequate level of data protection, MGB will ensure it puts in place appropriate safeguards, such as contracts which seek to ensure that any data processor is contractually bound to provide an adequate level of protection in respect of the Personal Data transferred to it and that any such transfer complies with the requirements of the DPL.

We protect your Personal Data from inappropriate use or disclosure. Our employees, and those of companies that help us service your MetLife Coverage, are required to comply with our requirements that protect the confidentiality of Personal Data. They may look at your Personal Data only when there is an appropriate reason to do so, such as to administer our products or services.

The main reasons we may use and disclose your Personal Data are to evaluate and process any requests for coverage and claims for benefits you may make or in connection with other health-related benefits or services that may be of interest to you. The following describe some of the more typical uses and disclosures.

  • For Payment: We may use and disclose Personal Data to pay benefits under your Coverage. For example, we may review Personal Data contained in claims to reimburse providers for services rendered. We may also disclose Personal Data to other insurance carriers to coordinate benefits with respect to a particular claim. Additionally, we may disclose Personal Data to a health plan or an administrator of an employee welfare benefit plan for various payment-related functions, such as eligibility determination, audit, and review, or to assist you with your inquiries or disputes.
  • For Health Care Operations: We may also use and disclose Personal Data for our insurance operations. These purposes include evaluating a request for our products or services, administering those products or services, and processing transactions requested by you.
  • To Affiliates and Processors: We may disclose Personal Data to Affiliates and to Processors outside of the MetLife family of companies if they need to receive Personal Data to provide a service to us and will agree to abide by the DPL. Examples of Processors are: billing companies, data processing companies, companies that provide general administrative services, health information organizations, e-prescribing gateways, or personal health record vendors that provide services to covered entities. Personal Data may be disclosed to reinsurers for underwriting, audit or claim review reasons. Personal Data may also be disclosed as part of a potential merger or acquisition involving our business in order that the parties to the transaction may make an informed business decision.
  • To Plan Sponsors: We may disclose summary health information such as claims history or claims expenses to a plan sponsor to enable it to obtain premium bids from health plans, or to modify, amend or terminate a group health plan. We may also disclose Personal Data to a plan sponsor to help administer its plan if the plan sponsor agrees to restrict its use and disclosure of Personal Data in accordance with federal law.
  • To Individuals Involved in Your Care: We may disclose your Personal Data to a family member or other individual who is involved in your health care or payment of your health care. For example, we may disclose Personal Data to a covered family member whom you have authorized to contact us regarding payment of a claim.
  • Where Required by Law or for Public Health Activities: We disclose Personal Data when required by federal, state, or local law. Examples of such mandatory disclosures include notifying state or local health authorities regarding particular communicable diseases or providing Personal Data to a governmental agency or regulator with health care oversight responsibilities.
  • To Avert a Serious Threat to Health or Safety: We may disclose Personal Data to avert a serious threat to someone’s health or safety. We may also disclose Personal Data to federal, state, or local agencies engaged in disaster relief, as well as to private disaster relief or disaster assistance agencies to allow such entities to carry out their responsibilities in specific disaster situations.
  • For Health-Related Benefits or Services: We may use your Personal Data to provide you with information about benefits available to you under your current coverage or policy and, in limited situations, about health-related products or services that may be of interest to you. However, we will not send marketing communications to you in exchange for financial remuneration from a third party without your authorization.
  • For Law Enforcement or Specific Government Functions: We may disclose Personal Data in response to a request by a law enforcement official made through a court order, subpoena, warrant, summons or similar process. We may disclose Personal Data about you to federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
  • When Requested as Part of a Regulatory or Legal Proceeding: If you or your estate are involved in a lawsuit or a dispute, we may disclose Personal Data about you in response to a court or administrative order. We may also disclose Personal Data about you in response to a subpoena, discovery request, or other lawful process, but only if efforts have been made to tell you about the request or to obtain an order protecting the Personal Data requested. We may disclose Personal Data to any governmental agency or regulator with whom you have filed a complaint or as part of a regulatory agency examination.
  • Personal Data about Deceased Individuals: We may release Personal Data to a coroner or medical examiner to assist in identifying a deceased individual or to determine the cause of death. In addition, we may disclose a deceased’s person’s Personal Data to a family member or individual involved in the care or payment for care of the deceased person unless doing so is inconsistent with any prior expressed preference of the deceased person which is known to us.

Your rights

You may have certain rights under the DPL, including:

  • the right to be informed as to how we collect and use your Personal Data;
  • the right to obtain a copy of your Personal Data;
  • the right to require us to stop direct marketing;
  • the right to have inaccurate or incomplete Personal Data corrected;
  • the right to withdraw your consent and require us to stop processing or restrict the processing, or not begin the processing of your Personal Data;
  • the right to be notified of a data breach (unless the breach is unlikely to be prejudicial);
  • the right to obtain information as to any countries or territories outside the Cayman Islands to which we, whether directly or indirectly, transfer, intend to transfer or wish to transfer your Personal Data, general measures we take to ensure the security of Personal Data and any information available to us as to the source of your Personal Data,
  • the right to complain to the Office of the Ombudsman of the Cayman Islands. You can access their website here: ombudsman.ky; and
  • the right to require us to delete your Personal Data.

Please note that if you do not wish to provide us with requested Personal Data or subsequently withdraw your consent, you may not be able to be insured by MGB as it will affect our ability to provide our services to you.

Retention of Personal Data: The Personal Data shall not be held by MGB for longer than necessary with regard to the purposes of the data processing.

Changes to Cayman Privacy Notice: We reserve the right to change the terms of this notice at any time. We reserve the right to make the revised or changed notice effective for Personal Data we already have about you, as well as any Personal Data we receive in the future. The effective date of this notice and any revised or changed notice may be found on the last page, on the bottom right-hand corner of the notice. If a change materially impacts your rights, we will send you a copy of any revised notice from MetLife by mail or e-mail.

Contact us: Please contact MGB at MetLifeWorldwide@metlife.com if you have any questions about this Cayman Privacy Notice, the Personal Data we hold about you or to discuss your data protection rights.