Privacy Policy
Your privacy is our top priority. Learn how we protect your personal information and maintain the highest standards of data security in our Privacy Policy
KNOW MORE
Privacy Policy
The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use personal information (“personal data”), and your rights under the UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
In this policy, “we”, “us”, AWNIC and “Al Wathba Insurance” refers to Al Wathba National Insurance Co. P.J.S.C.
By continuing to use our website and services, you agree to the terms outlined in this Privacy Policy. If you do not agree, please discontinue use.
Al Wathba Insurance is committed to serving you better and value you as our customer / user of our website. We respect your right to privacy. We’ve made our Privacy Policy as clear and transparent as possible. This Privacy Policy tells you, in broad terms, how we use personal information that we collect from your use of the domain https://www.awnic.com (the “Website”) and all sub-domains of the Website. If you provide us with personal information including your contact details and any other information enabling us to identify you and provide you with our services, we will treat it according to this policy.
We may make changes to this privacy statement from time to time. Such changes will be effective from the time they appear on the Site. You can check the effective date at the end of the document that allows you to determine whether there have been changes since the last time you reviewed the policy. Therefore, you should remember to check this privacy statement from time to time.
1. What Information Do We Collect and How?
We collect personal information directly from you (via forms, transactions, communication) and indirectly (via cookies and analytics). This includes:
- Personal identification Information (PII)- (e.g., name, email, address, phone, date of birth)
- Insurance data (e.g. policy history)
- Protected Health Information – PHI (with explicit consent only if required)
- Government ID (e.g., Emirates ID, passport)
- Internet activity (e.g., IP address, cookies)
- Device and browser information (e.g., operating system, session logs)
2. Legal Basis for Processing
We process personal data based on the following legal bases:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests
- Vital/public interest
We ensure that processing aligns with the specified purposes and is limited to what is necessary.
3.How We Use Your Information and With Whom We Share It
Uses include:
- Providing and managing insurance products
- Claims assessment and underwriting
- Customer support and communication
- Marketing and promotional activities (with consent)
- Regulatory compliance and fraud detection
We may share your data with:
- Group companies and service providers
- Regulatory authorities (e.g., UAE Data Office, UAE Central Bank)
- Approved third parties under contractual obligations
- External consultants or reinsurers
We ensure recipients apply appropriate safeguards and confidentiality.
4. International Data Transfers
We do not transfer your data outside UAE. We maintain compliance with PDPL cross-border data transfer regulations.
5. Data Subject Rights
Under the UAE PDPL, you have the right to:
- Access your personal data
- Correct or erase your data
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Not be subject to fully automated decisions with legal or significant effect
You may also request correction of health records to ensure the data held about you is accurate and complete Requests can be made via: DPO@awnic.com. A response will be provided within the timeline required by law.
6. Data Retention
Your data is retained only as long as necessary to:
- Fulfill processing purposes
- Comply with legal and regulatory obligations
- Establish, exercise, or defend legal claims
Health records and associated data are securely deleted or physically destroyed at the end of their retention period.
7. Security Measures
We implement appropriate technical and organizational measures, including:
- Applicable Data encryption at rest and in transit
- Role-based access controls
- Regular security assessments and audits
- Incident detection and breach response protocols
- All personal and health-related data is classified based on its sensitivity (e.g., public, confidential, restricted) and access is granted only on a need-to-know basis in line with role-based access control (RBAC).
- Access to personal and health data is logged and monitored to detect unauthorized use, in line with ADHICS auditing requirements.
- Physical records, where applicable, are stored in locked and access-controlled environments to prevent unauthorized access.
Despite safeguards, we advise users to take personal precautions when using the internet.
8. Use of Cookies
Cookies help personalize your web experience. See our Cookie Policy for details. You can disable cookies in your browser settings, but this may affect functionality.
9. Third-Party Links
We are not responsible for external websites linked through our site. Review their privacy policies separately. We do not endorse or assume liability for third-party practices.
10. Children’s Data
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors without verified consent from a parent or legal guardian. If such data is identified, it will be promptly and securely deleted. Where children’s health-related information is processed, we apply additional access restrictions and ensure appropriate consent is obtained in accordance with applicable laws.
11. Sensitive Personal Information
We will only use your personal or health information for the specific purpose it was collected. If we intend to use it for any other purpose, we will seek your explicit consent or ensure that such use is legally permitted. We do not share sensitive information about third parties without their consent, and all processing is subject to strict access controls and enhanced safeguards.
12. Automated Processing
If we use automated decision-making (e.g., for insurance underwriting), we will:
- Inform you at the time of collection
- Ensure fairness and transparency
- Provide you with the ability to request human review or object to decisions made solely by automated means.
13. Marketing Communications
You may opt in or out of marketing communications at any time. We will always provide the option to withdraw consent. Opt-out links are provided in all digital communications.
14. Consent
By using our services or website, you consent to the use of your personal data in accordance with this policy. You may withdraw consent by contacting us. Withdrawal does not affect prior lawful processing.
15. Policy Review and Updates
We review our privacy policy annually or upon material changes in law, practices, or operations. The most current version is always accessible on our website.
Last updated: July 2025.