Privacy & Cookies Policy 

1. Introduction 

MS First Capital Insurance Ltd (“MS First Capital”, “we”, “us” or “our”) operates as a general insurance company, including the conduct of reinsurance business (both as a reinsurer and as a reinsured/ceding company). 

We are committed to protecting personal data and complying with the Personal Data Protection Act 2012 of Singapore (“PDPA”). This Privacy & Cookies Policy (“Policy”) explains how we collect, use, disclose, retain, transfer, and safeguard personal data in the course of our insurance, reinsurance, and related business activities. 

By interacting with us, entering into insurance or reinsurance arrangements, submitting claims, or using our website, you acknowledge that you have read and understood this Policy and that we may collect, use, and disclose your personal data in accordance with this Policy and applicable laws. 

2. Scope of This Policy 

This Policy applies to personal data relating to: 

• policyholders and insured persons 
• claimants and thirdparty claimants 
• cedants, reinsureds, and their policyholders 
• reinsurers, retrocessionaires, and reinsurance intermediaries 
• insurance and reinsurance brokers, agents, and distribution partners 
• business partners, service providers, and website visitors 

It applies to general insurance and reinsurance business, including but not limited to motor, travel, property, liability, marine, engineering, specialty risks, facultative reinsurance, and treaty reinsurance. 

3. What Is Personal Data? 

“Personal data” refers to any data, whether true or not, about an individual who can be identified: 

• from that data; or 
• from that data and other information to which we have or are likely to have access. 

Depending on the context, this may include, but is not limited to: 

• Name, address, email address, and contact details 
• NRIC, FIN, passport number, nationality, and date of birth 
• Employment, occupation, and financial information 
• Policy, underwriting, and riskrelated information 
• Claims information and incident details 
• Limited medical or health information only where relevant to claims (e.g. motor or work injury claims) 
• Information contained in reinsurance bordereaux, underwriting slips, or loss notifications 
• Banking, settlement, and payment details 
• Records of communications with us 
• Website usage data, IP address, and cookiebased information 

4. How We Collect Personal Data 

We may collect personal data through various means, including but not limited to:  

• directly from individuals (e.g. claim forms, correspondence, surveys) 
• from insurance or reinsurance brokers, agents, or intermediaries 
• from cedants, reinsureds, or reinsurers as part of underwriting, placement, or claims administration 
• via our website, online portals, and digital platforms 
• from third parties such as:  
• reinsurers, retrocessionaires, or coinsurers 
• loss adjusters, surveyors, investigators, workshops, or service providers 
• industry databases or insurance associations 
• from regulators, courts, or public authorities 
• from publicly available or lawful sources 

5. Purposes of Collection, Use and Disclosure 

We may collect, use, and disclose personal data for purposes reasonably necessary in the course of our insurance and reinsurance business, including but not limited to: 

• evaluating, underwriting, pricing, placing, administering, and servicing insurance and reinsurance arrangements; 
• managing and administering policies, contracts, accounts, premiums, recoveries, and settlements; 
• assessing, investigating, managing, defending, and settling insurance and reinsurance claims; 
• detecting, preventing, and investigating fraud, financial crime, suspicious or exaggerated claims, or misuse of services; 
• conducting business operations, analytics, risk management, audits, research, and product development; 
• complying with applicable laws, regulations, Monetary Authority of Singapore requirements, PDPA obligations, and responding to lawful requests from authorities; and 
• communicating with you, including for servicerelated and marketing purposes where permitted by law. 

These purposes apply whether personal data is collected directly from you or obtained from third parties in accordance with applicable laws. 

6. Legitimate Interests Exception 

In compliance with the PDPA, MS First Capital may collect, use, or disclose personal data without obtaining your consent where such collection, use, or disclosure is necessary for the legitimate interests of MS First Capital or another person, and where those legitimate interests outweigh any adverse effect on the individual. 

Where we rely on the legitimate interests exception, we will: 

• assess the purpose of the collection, use, or disclosure to determine that it constitutes a legitimate interest; 
• consider the likely adverse effects on the individual; and 
• take reasonable measures to mitigate any identified adverse effects. 

Pursuant to the legitimate interests exception, MS First Capital may collect, use, or disclose personal data for purposes including, but not limited to: 

• fraud detection, investigation, and prevention; 
• detection and prevention of misuse of our systems, services, or insurance arrangements; 
• network, behavioural, or transactional analysis to prevent fraud or financial crime, and to conduct credit, underwriting, or exposure analysis; and 
• monitoring and collection of data on companyissued devices or systems for information security, operational integrity, and data loss prevention purposes. 

These purposes may continue to apply for a reasonable period after your relationship with us has been terminated or otherwise altered, to the extent reasonably necessary. 

7. Disclosure of Personal Data 

We may disclose personal data, on a needtoknow basis, to the following categories of recipients, including but not limited to:  

• insurance and reinsurance brokers, agents, and intermediaries 
• cedants, reinsureds, reinsurers, coinsurers, and retrocessionaires 
• thirdparty service providers, including but not limited to:  
• adjusters, surveyors, investigators 
• workshops, repairers, and specialist service providers 
• IT and administrative service providers 
• professional advisers such as auditors, lawyers, and consultants 
• industry bodies or shared insurance databases for underwriting, claims processing, and fraud prevention 
• regulatory authorities, government agencies, courts, or law enforcement bodies where required or permitted by law 

We do not sell personal data to any third party. 

8. Overseas Transfers of Personal Data 

Personal data may be transferred outside Singapore in the course of our insurance and reinsurance business, including but not limited to claims processing, reinsurance placements, claims recoveries, engagement of overseas service providers, or where otherwise required or permitted under applicable laws. 

Where this occurs, MS First Capital will take reasonable steps to ensure that the recipient provides a level of data protection that is comparable to the PDPA, including contractual and operational safeguards. 

9. Marketing Communications 

We may send marketing or promotional materials via mail or email. 

• You may opt out at any time. 
• We will obtain your clear and unambiguous consent before sending marketing messages via phone calls or phonebased messaging services (e.g. SMS or messaging applications), unless permitted by law. 

Optout requests will be processed within a reasonable timeframe. 

10. Cookies and Website Usage 

Our website uses cookies and similar technologies to collect information such as: 

• IP address 
• browser and device type 
• pages visited and navigation behaviour 
• session duration and referring websites 

These technologies are used to: 

• improve website functionality and performance 
• analyse usage patterns and trends 
• enhance digital security and user experience 

You may disable cookies via your browser settings, but certain website features may be affected. 

11. Protection of Personal Data 

To safeguard personal data, we implement appropriate administrative, physical, and technical measures, including access controls, encryption, authentication mechanisms (e.g. OTP, 2FA/MFA), malware protection, secure disposal of storage media, and regular security reviews and testing. 

While no method of transmission or storage is completely secure, we continuously review and enhance our security measures. 

12. Accuracy of Personal Data 

We generally rely on personal data provided by you or your authorised representatives. Please notify our Data Protection Officer if your personal data changes. 

13. Retention of Personal Data 

We retain personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, or as required or permitted under applicable laws. 

Personal data may be retained for purposes including, but not limited to: 

• insurance and reinsurance business operations; 
• claims handling, investigation, defence, and recovery; and 
• compliance with legal, regulatory, audit, risk management, and governance requirements. 

Where personal data is no longer required for these purposes, it will be securely disposed of or anonymised. 

14. Data Breach Management 

MS First Capital will assess all data breaches in accordance with the PDPA. Where a breach is assessed to be notifiable, the Company will notify the PDPC and/or affected individuals, as required under applicable laws and regulations, and take appropriate mitigation measures

15. Access to and Correction of Personal Data  

You may request access to your personal data and information on how it has been used or disclosed within the preceding year, or request correction of any error or omission in your personal data. 

All access or correction requests must be submitted in writing or via email to our Data Protection Officer at the contact details provided below. An administrative fee may be charged for access requests where permitted by law. 

16. Withdrawing Your Consent 

You may withdraw consent in writing. We may require reasonable time to process the request and will inform you of any consequences. 

Withdrawal does not affect our right to continue processing personal data where permitted or required by law, including under Clause 6 (Legitimate Interests Exception). 

17. Data Portability 

Where applicable and when the data portability obligation comes into effect under applicable laws, MS First Capital will handle data portability requests in accordance with such laws and any applicable industry codes or guidelines. 

18. Data Protection Officer 

You may contact our Data Protection Officer if you have any enquiries, feedback, or complaints regarding our personal data protection policies and procedures, or if you wish to make any request under this Policy, in the following manner: 

Data Protection Officer 

MS First Capital Insurance Ltd 

6 Raffles Quay, #21‑00, Singapore 048580 

Email: dpo@msfirstcapital.com.sg 

19. Changes to This Policy 

This Privacy & Cookies Policy may be amended from time to time. The latest version will be made available on our website and will supersede previous versions. 

Effective Date: ………………….. 

Last Updated: ……………………