RGA is a global reinsurance company focusing primarily on life- and health-related reinsurance solutions.  Our core products and services include life reinsurance, living benefits reinsurance, group reinsurance, health reinsurance, financial solutions, facultative underwriting and product development.

Reinsurance is a business relationship whereby multiple insurance companies share risk by purchasing insurance policies from other insurers to limit the total loss the original insurer would experience in case of disaster.  By spreading the risk, an individual insurance company can take on clients whose coverage would be too great of a burden for the single insurance company to handle alone.  When a reinsurer purchases insurance from a further reinsurer, this is called retrocession and the further reinsurer is referred to as the retrocessionaire.

• What personal information we may collect and hold;
• The purposes for which your personal information may be collected, held, used and disclosed;
• How we collect and hold your personal information;
• How we protect your personal information;
• Who we may share your personal information to (including overseas recipients);
• How you may access and correct your personal information; and
• How you can contact us.

This privacy notice is designed to provide compliance with all relevant applicable laws in the European Economic Area (EEA) and in particular those transposing the General Data Protection Regulation.  RGA recognizes that certain laws might be modified to require stricter standards than those described in this privacy notice, in which case we will ensure compliance with those stricter standards. 

RGA will handle personal information in accordance with local law at the place where the personal information is collected.  If applicable law provides for a lower level of protection of personal information than that established by this privacy notice, then this privacy notice shall prevail. Links to additional country specific privacy policies can be located in the Privacy Center at rgare.com 

Personal information means information, or a combination of pieces of information, that could reasonably allow an individual to be identified.

As a reinsurance business, we need to obtain information about the policies held by customers of the insurance companies or pension funds we work with to properly assess the risk associated with reinsuring a particular block of insurance policies. This means we may process information about individuals named in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This privacy notice applies to any individual whose personal information we process in the course of providing the services (each a "data subject" or "you").

We collect your personal information from a variety of sources:

• From the insurance companies we work with. When an insurance company provides us with your personal information, we ask that they provide you with a copy of this privacy notice before doing so.
• From other reinsurers and retrocessionaries.
• From people who are involved in a claim or assist us in investigating or processing claims, including witnesses and external claims data collectors and verifiers.
• From public sources, such as public databases (where permitted by law).
• From insurance brokers or other intermediaries.
• From third party evidence providers.
• From healthcare service providers.
• From financial institutions.
• From pension processing platforms.
• Directly from an individual.

Occasionally we may collect your personal information from a third party, in particular from authorized, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records.  This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes.  If appropriate, in these circumstances we will either notify you of our sources or seek your consent to their use.

We do not normally collect personal information from you directly.  There are instances where we provide certain tools to insurers that allow for information supplied by you directly to the insurer is automatically provided to us. We may also collect personal information if you voluntarily supply it to us, for example by sending us an email.

The type of information we may collect and process from insurers and/or other reinsurers will depend upon the type of insurance policy we are underwriting.  It may include any of the below (where permitted by law):

• Personal details: Your name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
• Identification information and criminal data: Your government-issued ID, driving licence, social security number (or local equivalent), driving record and criminal record (but only where it is lawful to collect this data).
• Contact Information: Your address, telephone numbers and email address.
• Information about your family and home: Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics.
• Employment and experience information: Your employment history, job role, salary, employment benefit options, educational background and any professional licenses and qualifications.
• Financial information: Details pertaining to your bank account, annual income, investment/savings, tax payer ID, credit history and transaction history.
• Information to conduct our business:  Information relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims histories, services relating to our businesses and your business dealings or relationship with us.

From the information we collect about you, we may also derive or generate further information such as risk ratings. Some of this information is generated through profiling (see the section below on "Do we use personal information for profiling and automated decision making?").

Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information”). These include:

• your health records (such as your medical history, genetic test results and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment).
• biometric information (fingerprint and voiceprint).
• your family medical history.
• information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, sexual orientation, sex life, mental and physical health and genetic information.
• your membership of a professional association or trade union.

We use your personal information:

(a) to provide our services and fulfil our contractual obligations to clients and other third parties;

(b) to review, process and manage claims;

(c) to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services;

(d) to help us prevent and detect fraud, money laundering, terrorism and other crimes;

(e) to help develop new and improve existing services;

(f) to operate and expand our business activities;

(g) to carry out background checks, where lawful;

(h) to perform administrative activities in connection with our services;

(i) to exercise, defend and protect our legal rights or the rights of our clients or third parties;

(j) to comply with legal obligations and to cooperate with regulatory bodies to which we are subject;

(k) for research and development of new insurance products;

(l) to audit our business; and

(m) for marketing purposes.

The way we analyse personal information for the purposes of risk assessment, fraud prevention and detection, and to report to our clients as part of providing the services may involve profiling, which means that we may process your personal information using software that is able to evaluate certain personal aspects about you and predict risks or outcomes. For example, we may analyse personal information about your lifestyle to predict the likelihood of a claim being made on your insurance policy.

As we are a reinsurance business, we do not make any decisions about your ability to obtain insurance or the cost of insurance. However, the personal information we process (including by profiling) may be shared with your insurance provider and may impact the decisions made by your insurance provider. If you have questions about automated decision making by your insurance provider, you should contact your insurance provider.

We are committed to processing your personal information fairly and lawfully and only to the extent necessary to achieve the purposes listed above.

We must have a legal basis to process your personal information. In most cases, our ability to obtain and process your personal information is based on one of the following legal bases:

(a) Processing your personal information is necessary to comply with our legal obligations, such as due diligence and reporting obligations, and responding to requests from our regulators; and

(b) Processing your personal information is necessary to meet our legitimate interests and the legitimate interests of our clients, for example to provide our services to clients, to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records.

If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

(c) Your explicit consent has been obtained. Where consent is legally required to process your sensitive personal information, your insurance provider (or the insurance company that collected your personal information) will obtain consent from you. You may withdraw your consent at any time by contacting the insurance company that collected your personal information;

(d) We need to process your sensitive personal information to establish, exercise or defend a legal claim; or

(e) We are otherwise authorized by local law to process your sensitive personal information.

We may share your personal information with third parties under the following circumstances:

• RGA group companies. We operate as a global business, so we may share your personal information with group companies who may use this information for the purposes described in this privacy notice.
• Insurance companies, intermediaries, financial institutions and retrocessionaires. We may share your personal information with insurance companies, intermediaries, financial institutions, retrocessionaires and business partners that use your personal information in connection with the provision of insurance and processing of claims. For example, we may share your personal information with other reinsurance businesses for the purposes of settling claims.
• Service providers. We may share your person information with service providers that perform services and other business operations for us, for example, IT and analytics providers, actuarial service entities, auditors and advisers.
• Any law enforcement agency, court, regulator, government authority or professional body. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
• Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.

You have certain rights regarding your personal information, subject to local law. These include the right to:

• access your personal information;
• rectify the information we hold about you;
• erase your personal information;
• restrict our use of your personal information;
• object to our use of your personal information;
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
• lodge a complaint with your local data protection authority.

Since, in many cases, we receive your personal information directly from your insurance provider you should contact your insurance provider first if you would like to exercise your rights. We would encourage you to inform your insurance provider if your personal information needs to be corrected or updated (and you may be under a legal duty to do so).

Please note that your insurance provider will likely require additional information from you in order to honour your requests.

If your insurance provider has not resolved your request or concern, or if you would like to contact us directly to discuss or exercise your rights, you may contact us via our online contact form, or using the contact details provided below.

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will normally keep your personal information for as long as you have an interest in, or claim against, a policy we are underwriting.  Beyond that, we retain personal information for a period of time that reasonably allows us to investigate, commence or defend legal claims brought by or against us or our clients, comply with our regulatory obligations and conduct analysis. We securely destroy personal information when its retention period has expired.

We may retain aggregated or anonymised data (which is not treated as personal information under this privacy notice) for longer.

Because we operate as a global business, your personal information may be transferred to, stored, and processed in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for personal information under European Union law.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.

Reinsurance Group of America, Inc. is the controller responsible for the personal information we collect and process. Other RGA entities may also be controllers in respect of your personal information, depending on the nature of the services they provide.

If you have questions or concerns regarding the way in which your personal information has been used, please e-mail us at privacy@rgare.com or call or write to us. Our address is:

Our United States postal address is: 
Reinsurance Group of America, Inc. 
Attn.: Global Privacy Office
16600 Swingley Ridge Road
Chesterfield, Missouri 63017-1706

Our Ireland postal address is:

3rd Floor, Block C
Central Park
Leopardstown, Dublin 18, D18 X5T1 

For all other postal addresses, please see rgare.com

Our telephone number is:    

+1 (636) 736-7000 (United States)
+353 1.290.2900 (Ireland)

RGA has appointed the law firm Shoosmiths as its external Data Protection Officer under the GDPR and should you have any questions or concerns regarding the way in which your personal information has been used for our DPO, please contact them at dpo@rgare.com.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to your local supervisory authority (i.e. the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred.  Each supervisory authority may have a difference process for lodging complaints so we encourage you to contact the relevant supervisory authority first to check this.

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. If we make a significant change to this privacy notice, we will post a notice about this on our website, and we may ask the insurance companies we work with to notify customers on our behalf.

You will be able to see when we last updated the privacy notice because we will include a revision date, shown below.