Scroll to protect

CLICK2GO Privacy Policy

Privacy Statement for the Fairfirst Click2Go Platform

  1. This documents sets out the privacy statement relating to the “FAIRFIRST Click2Go PLATFORM” of Fairfirst Insurance Limited.
  2. Objective of the Privacy Statement: This Privacy Statement (read together with the User Terms and Conditions) sets-out the terms and conditions by which Personal Data is collected, processed and used on “FAIRFIRST Click2Go PLATFORM”.
  3. Purpose of the Platform: The Platform is operated for and on behalf of the Company, pursuant to a Services Contract between the Company and Operator. The Platform is a digital tool that facilitates the business processes of the Company. Access and use of the “FAIRFIRST Click2Go PLATFORM” is restricted to employees and independent sales agents (who are IRCSL registered agents) and/or any contracted third parties of the Company.
  4. Definitions: For the purpose of this Privacy Statement, unless otherwise stated the capitalized terms as used herein shall bear the following meanings –

    (a) Act/the Act means the Personal Data Protection Act No. 9 of 2022 of Sri Lanka and all regulations thereunder;
    (b) Company means Fairfirst Insurance Limited (PB5180);
    (c) Customer means only a natural person to whom Company provides or seeks to provide insurance services (and includes a legal guardian, if the Customer is less than eighteen years of age), subject to current or future contract;
    (d) Data Subject means an identified or identifiable natural person, alive or deceased, to whom the Personal Data relates, who is either an User or a Customer;
    (e) Data Protection Officer means the Data Protection Officer of the Company who is appointed by the Company in terms of the Act, who exercises all powers as designated in the Act over the collection and processing of any Personal Data within the Platform;
    (f) IRCSL means the Insurance Regulatory Commission of Sri Lanka;
    (g) Operator means Susitk Holdings (Private) Limited (PV88423);
    (h) Personal Data means, any information that can identify a Data Subject directly or indirectly, by reference to –

    • (a) an identifier such as a name, an identification number, financial data, location data or an online identifier; or
    • (b) one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that individual or natural person;

    (i) Platform means the “FAIRFIRST Click2Go PLATFORM”;
    (j) Services/the Services means those services that only a User may avail of from the Platform;
    (k) Services of the Company means those services provided by the Company to any Customer;
    (l) User means any natural person over the age of eighteen (18) who is authorized by the Company to use the Platform, for the purpose and in the manner stated in the Terms and Conditions and creates an User Account following procedures on the Platform, and for the avoidance of doubt, the Platform shall be available ONLY to permanent sales cadre of the Company, any independent sales agents of the Company (being IRCSL registered agents) and/or any contracted third parties of the Company; and
    (m) User Account means an account created on the Platform by a User, which is a pre-requisite to access the Platform for the Services and which is limited only to a User.

    Interpretations: Unless otherwise specified, (i) words importing the singular include the plural, (ii) words imputing any gender include every gender and (iii) the use of captions or headings, whether in bold and/or underline font is for convenience and shall not affect interpretation of this Privacy Statement.

  5. Legally Binding

    5.1 This Privacy Statement is legally binding document.
    5.2 The User must, prior to and as a condition of using the Platform consent to this Privacy Statement. The following terms apply for and to User’s consent –

    • (a) User Consent: The User must consent to and accept the Privacy Statement when setting up User Account. Creation of User Account signifies User’s consent. The continued use of the Platform signifies the continued consent of the User. If User is not in agreement to this Privacy Statement, he/she shall refrain from setting-up a User Account.
    • (b) Withdrawal of Consent: User may withdraw his/her consent at any time and thereupon must de-activate the User Account and must refrain from accessing the Platform, provided however any Personal Data previously collected may be retained within the Platform (and or by the Company) for such period as is lawfully necessary. Withdrawal of consent shall never be retro-active.
    • (c) Tenure of Consent: The User shall be bound by the terms of this Privacy Statement for the entire period in and for which the User Account remained active, notwithstanding a subsequent de-activation of the User Account. A de-activation of User Account or withdrawal of consent previously granted nor does terminate any undertaking which is stated to survive termination of User Account.
  6. Scope of the Privacy Statement

    The collection and processing of Personal Data on this Platform is subject to this Privacy Statement and the Act.
  7. Purpose of Collecting and Processing Personal Data of User

    7.1 Purpose for which Personal Data is Collected or Processed: The Platform collects, processes and stores Personal Data of Users for the Services and for no other reason. Platform will collect Personal Data of Users from a number of sources.
    7.2 Method by which Personal Data is Collected: Personal Data of the User shall be collected and used by the Platform in the following manner –

    • (a) Personal Data Received from the Company: The Platform will obtain Personal Data of each User from the Company. This is for the purpose of initial on-boarding of each User and verification of identity to ensure legitimate access.
    • (b) Personal Data Directly provided by the User: Each User must update the Platform with his/her accurate and updated Personal Data to complete user registration processes and thereafter each time the User logs into the Platform to avail of the Services. Personal Data collected during user registration include User’s name, mobile number, Sri Lanka national identity card (NIC), agent license number, if he/she is IRCSL Registered Agent and similar information. In the event the User does not complete the User registration process or updates incorrect information the Platform may not be available for his/her use.
    • (c) Personal Data Collected when Services are availed of by User: Personal Data may be collected by the Platform based on User behavior while availing the Services. Information collected will include device information, frequency, times and the manner in which the User avails of the Services and duration for which the Platform is used. This information is important to the Operator to understand the needs of the User and to manage User expectations as well as to enhance Services, User experience and Platform efficiency.

    7.3 Voluntary Use of Platform: User may set-up and or de-activate User Account at any time subject to User Terms and Conditions.
    7.4 Responsibility of User: It is the responsibility of the User to ensure that correct and accurate information of the User is provided and to refrain from the provision of any information that is either false and or does not relate to the User. The User may not be able to avail of the Services if complete and accurate information is not provided. Further User must ensure to maintain consistency of information provided at user registration and any subsequent use. In the event of any differences in the information provided, the User may not be able to access the Platform.

  8. Personal Data of Customers

    The Platform will process Personal Data of Customers for the facilitation of the Services of the Company. While the Operator shall at all times act under the instructions and control of the Company, the general terms for collecting and processing Personal Data of Customers is as follows –

    • (a) Access and Use of Platform by Customers: The Personal Data of a Customer is captured and processed within the Platform in the manner stated herein. Customers do not have direct access to the Platform and User must not permit any Customer (or any other person) to access, use or upload data to the Platform via his/her User Account. Any such access or use of the Platform, whether a Customer or other person shall be considered to be a material breach of this Privacy Statement.
    • (b) Consent of Customer: Every Customer must consent to the collection and use of his/her Personal Data and to the privacy policy of the Company. Customer consent shall be obtained by a link generated by the Platform to the chosen device of the Customer. The Platform will dispatch electronic notification to the Customer upon receipt of consent and or the initial upload of his/her Personal Data. It is the responsibility of the Customer to provide correct and accurate information and also to update the Company in the event of any change thereon. The Operator/Platform shall not verify any information (including Personal Data) of the Customer.
    • (c) Collection of Customer’s Personal Data: Personal Data of a Customer is collected through the Platform. It is a condition, that a Customer shall provide his/her Personal Data o voluntarily (and without compulsion) to avail of the Services of the Company. The Customer himself may directly upload his/her information (including Personal Data) to the Platform via the link generated from the Platform or where Customer does not have or have access to smartphone, the User may upload Personal Data of the Customer on behalf of the Customer. Immediately upon upload of Personal Data to the Platform, the Customer will receive electronic notification, confirming the update of his/her Personal Data. The Platform will use Personal Data of a Customer for the Services and to facilitate the Services of Company. Facilitation of the Services of the Company includes the dispatch of notifications to Customers pertaining to the Services of the Company. The Customer may opt-out of receiving any such notifications/messages, other than when notification is necessary for any contractual undertakings or due to process of law.

      Personal Data of the Customer shall be used to generate contracts of the Company, the Services of the Company and to perform any obligations thereunder.

    • (d) Transfer and Retention of Customers Personal Data: The Platform will transfer or retrieve Personal Data of a Customer from the database maintained by the Company for the purpose of the Services of the Company. The Personal Data of a Customer that is stored within the database of the Company is subject to the Data Policy of the Company.

      Link – https://www.fairfirst.lk/wp-content/uploads/2024/07/Data-Protection-And-Retention-Policy-Web-V1.pdf

    • (e) Change of Customer’s Personal Data: The Platform does not permit the Personal Data of a Customer to be changed by a User. Personal Data of a Customer can only be changed by a clear and specific request to be made by Customer to the Company. The Customer must directly contact the Data Protection Officer to effect any changes in his/her Personal Data and in accordance with the Company’s obligations to the Customer, the Company will update, revise and or delete and substitute their Personal Data in accordance with the request. Customer may also withdraw consent for the processing of their personal data by the Company by notification in the same manner as aforesaid to the Company but prior to entering into a contract with the Company.
    • (e) Customer Payments: The Platform will not process or generate any payment to or from the Customer. User shall upload Customer payment information to the Platform which will then be transmitted to the Company. Customer payments will be processed as follows –

      (i) Method of Payment: Method of payment shall be at the complete discretion of the Customer, which will include the use of electronic means (such as a credit/credit cards, electronic or fund transfer), whereupon the Platform shall generate a payment link to any device of the Customer.
      (ii) Third Party Payment Processors: The link for payment will take the Customer directly to the website of the payment processor, who will collect Personal Data and financial data of the payer. All such data is collected and processed by the payment processor subject to terms and privacy policy of the payment processor.

  9. Use of Personal Data of Users

    The Platform will use the Personal Data of Users for the following purposes –

    • (a) Verification of User: Personal Data of User to ensure and maintain security of the Platform and to prevent log-in by any un-authorized users.
    • (b) Provision of the Services: The Services are data driven by nature and cannot be provided without the use of Personal Data of User and where relevant of the Customer. In order to operate, maintain, provide the Services, information received from several sources is processed to generate the Services requested by the User and/or the Customer. A User will not see personal data of other Users. Personal Data of a Customer or any information relating to any policy issued to a Customer will not be available to a User, unless the User is responsible for managing the policy of such customer.
    • (c) Notifications and Broadcasts: Personal Data collected on the Platform may be used by the Company to generate messages and or notifications to Users, either via the User Account or by digital or electronic means and also by postal or other similar means when necessary, provided however the User may opt-out of receiving any such messages, other than when notification is necessary for contractual undertakings or due to process of law.
    • (d) Enhancement of Services: All information and generated from the Platform will be used for the purpose of enhancing the Services and capabilities of the Platform from time to time.
    • (e) Processing by the Company: The Company may process the Personal Data (of the User and the Customer) together with other information collected from Platform for the Services of the Company and any other purpose as stated in the Data Protection and Retention Policy of the Company which could be reached to via www.fairfirst.lk or as disclosed to the User/Customer at any time. All such processing shall be in terms of the Data Protection and Retention Policy of the Company.
  10. Disclosure of Personal Data

    • (a) Disclosure and Transmission of Personal Data: The Platform does not provide or release any information/data to any third party other than to the Company or as disclosed here. Personal Data shall be transmitted to and or retrieved from time to time between the Operator and the Company for the Services and facilitation of the Services of the Company. The Operator has no control over database of the Company other than to transmit or retrieve Personal Data.
    • (b) Visibility of User Account: User Account is not visible to any other User, except where for the purpose of the Services of the Company works under guidance and control another User, then Personal Data and Information of the User will be visible to that other User.
    • (c) Availability of Customer Information to User: The Operator shall as and when necessary retrieve Personal Data of a Customer from a database of the Company, which shall be provided to the User for the Services of the Company. However, this will be limited only to a User who is the insurance agent/representative of the Customer and for the purpose of the Services of the Company. User undertakes to treat the Personal Data of each and every Customer as confidential and in compliance with the Data Policy of the Company.
    • (a) Compelling Disclosures and Restrictions: The Operator may be compelled to release information (including Personal Data) in the event of an order by Court, directive by a statutory authority or government order. The extent of data released shall be as contained in such order or directive, over which the Operator has no control. The Operator is not under any obligation to notify the User and or obtain the consent of the User if and when it is directed to make a compelling disclosure. The Operator shall, where practically possible notify the Company immediately upon request for such disclosure or at the time of complying any such request. The Operator takes no liability for any information so released.
  11. User Rights and Obligations

    The Company and the Operator care about and respects the User’s privacy and rights under the Act. In addition to all rights under the Act –

    • (a) User Representation: Information provided by the User is provided voluntarily and at the time of provision is represented to be true and correct. The Platform will rely and act entirely on the information provided by the User, other than for those collected from the Company.
    • (b) View: The User may view User Account information and Personal Data contained therein at any time during which the User Account is active. User can make a request to access and view to all the Personal Data of such User that Operator holds, which will be provided by the Operator, shall respond within twenty one (21) days from the date of request in accordance with the Act. The Company may request payment of a nominal administrative charge as permitted by the Act.
    • (c) Changes to Personal Data: User must inform the Company (and or the Operator) of any changes in his/her Personal Data and thereupon the Personal Data held/used in the Platform will be updated or deleted accordingly by the administrators of Fairfirst Click2Go. The change will be reflected on the Platform only after review and acceptance by the Company/Operator.

      The User may also object to or restrict the processing of Personal Data by the Platform, by written notice to the Data Protection Officer and the following officer(s) of the Company –

      Name – Indika Fernando
      Email – indikaf@fairfirst.lk
      Contact Number – 0772260316

    • (d) Verification of Personal Data: The User acknowledges that Operator or the Company is under no obligation to verify or determine the accuracy of any information provided by the User, albeit the Operator has the discretion to verify User access or log-in data to ensure security of the Platform. The User acknowledges that Operator and the Company bear no liability to the User or any other person for information supplied by the User.
    • (e) Access to Data Protection Officer of the Company: User shall at all times have access to the Data Protection Officer of the Company.
    • (f) Complaints: The User has the right to make a complaint to the Data Protection Authority of Sri Lanka in accordance with the Act if the User, is dissatisfied with the response of the Operator or the Company on his/her request and/or complaint on Personal Data management on the Platform.
  12. Retention and Ownership of Data

    • (a) Ownership of Information: All information (including Personal Data) collected via the Platform shall be the property of the Company and is, to the extent lawfully permitted free to deal with such information, subject however to the rights of a Data Subject under the Act in so far as it relates to Personal Data.
    • (b) Retention of Data: All information (including Personal Data) shall be retained on the Platform for as long as it is considered to be necessary for the Services, future Services or any obligations of the Company under law or contract. Any information (including Personal Information) relating to Services of the Company shall be retained for such period as lawfully required under the laws of Sri Lanka for discharge of obligations by the Company. Information may also be retained for any legal purpose or under directive of a judicial, statutory or governmental order.
    • (c) Deactivated/Suspended User Accounts: The aforesaid terms relating information shall extend information (including Personal Data) pertaining to any User Account that has been de-activated (by the User or the Operator) or suspended by the Operator, relating to the period in which any such account was operational and active.
  13. Data Protection Officer

    Data Protection Officer of the Company is responsible for protection of all Personal Data collected and processed by the Company, including any or all processors of the Company. Any User and or Customer may contact the Data Protection Officer for any matter connected to this Privacy Statement and for the exercise of rights under the Act.

    Contact information of the Data Protection Officer
    Data Protection Officer, Fairfirst Insurance Limited,
    Access Tower II (14th Floor), No. 278/4, Union Place, Colombo 02;
    e-mail: dataprotection@fairfirst.lk.
    Or via Customer Hotline 0112428428 or by reaching the nearest Fairfirst Insurance Branch.

  14. Security Risks

    The Operator and the User must adopt reasonable measures of security in the deployment and use of the Platform. The User must acknowledge and must be aware of security risks that persists with any digital platform.

    • (a) On the Part of the Operator: The Platform deploys all methods reasonably available to Operator to lawfully processing and protection information collected on the Platform. Such measures will include reasonably foreseeable assessments and technical, organizational and physical measures.
    • (b) On the Part of the User: User must take all reasonably necessary action to secure and protect access to and the use of the Platform, which include adherence to security protocols for log-in/out, change of passwords, secure devices and to refrain from sharing access passwords. User must ensure that control is exercised over his/her devices to prevent and to not permit unauthorized access by persons not entitled to access and use the platform.
    • (c) Undertakings by User: The User shall undertake to adhere to all data security protocols deployed on the Platform and to adhere to Data Protection and Retention Policy and IT policy of the Company.

      Link https://www.fairfirst.lk/wp-content/uploads/2024/07/Data-Protection-And-Retention-Policy-Web-V1.pdf

  15. Other Miscellaneous Terms

    • (a) Indemnity for Breach or Negligent Use of Personal Data: User shall at all times indemnify the Company and the Operator in full against all damages, liabilities, claims, penalties and charges imposed upon or suffered by the Company or Operator due to or arising from any breach of this Privacy Statement (including Company Policies linked herewith) and or negligent, improper and or unlawful use any Personal Data of any Customer or other person by the User.
    • (b) Access to this Privacy Statement: The Privacy Statement may be accessed and read at any time by User during or after User Account creation but may not be available after the User Account is deactivated.
    • (c) Changes to Privacy Statement: The Company or Operator in consultation with the Company retains the right to change, revise, amend, delete and replace this Privacy Statement in total or part at any time in coordination with the Operator. All such changes will be disclosed on the Platform. Users with an active User Account will receive notification. Notification will also include the date on which such change, revision, amendment, deletion and replacement becomes effective. Any use of the Platform after the effective date thereof shall constitute acceptance of the changed, revised, amended and or replaced Privacy Statement. User is not permitted to modify, amend or revise any part of the Privacy Statement but may withdraw his consent if he/she is not in agreement to this Privacy Statement.
    • (d) Applicable Laws: The privacy statement is governed by the laws of Sri Lanka.
CLICK2GO

    Submit