CHUBB TRAVEL SMART

This Privacy Policy is split into four parts – Parts A, B, C and D.

Each Part’s relevance to you (an End User) is summarized below:

Part	Relevant to
A	All End Users
B	End Users resident in: the EU; the EEA; the United Kingdom; and the United States of America
C	End Users resident in California, U.S.
D	End Users resident in countries or locations other than those specified in Parts B and C

Part A

This Part A is relevant to you.

1. General

1.1 Chubb is committed to protecting your privacy and to complying with applicable data protection and privacy laws. Throughout this Privacy Policy, unless otherwise specified, the term “Personal Data” means information relating to an identified or identifiable individual (i.e. a natural person).

1.2 This Privacy Policy applies to the processing of Personal Data collected or submitted by you in connection with the use of the Services. Please read this Privacy Policy carefully to understand how we collect, use, transfer, and store your data as you make full use of the Services. If you do not agree with this Privacy Policy, please do not use the Services or provide us with your Personal Data.

1.3 We recognize our responsibility to protect the Personal Data and other information you have provide us with. We take appropriate technical and organizational information security measures to safeguard your Personal Data against loss and misuse, as well as unauthorized access.

1.4 In this Privacy Policy, we explain which types of Personal Data we may process about you and for what purpose we process them. We also detail our processing of Personal Data as well as what choices and rights you have in relation to such processing and your Personal Data. We kindly ask you to carefully review our Privacy Policy and acquaint yourself with its content.

1.5 Please note that this Privacy Policy relates to processing of Personal Data when you use the Service as a consumer. This means that we are responsible for the processing of your Personal Data when you as a consumer are using the Service. It also means that you should turn to us with questions or remarks, or if you wish to enforce any of your rights in relation to our processing of your Personal Data.

1.6 Chubb has contracted with Safeture to process Personal Data in connection with the fulfilment of the Services to End Users and to Clients on Chubb’s behalf. Accordingly, although Chubb will be the controller of your Personal Data, when we refer to the collection, processing, transfer and storage of your Personal Data in this Privacy Policy this may mean the collection, processing, transfer and storage by Chubb or Safeture, unless either is expressly indicated.

2. The Data We Collect

2.1 We may process the following Personal Data attributable to you as a user of the Services:

(a) Name;

(b) E-mail address;

(d) Gender;

(e) Passport number;

(f) Job title;

(g) Manager;

(h) Department/group;

(i) Geolocation;

(j) IMSI (international mobile subscriber identity);

(k) Base station information;

(l) IP address;

(m) Home country;

(n) Home address;

(o) Work address; and

(p) Mobile phone device information.

3. The Purposes for which We Process Your Personal Data

3.1 We process your Personal Data for the purpose of providing you with the Services, including tracking your geographical location (where End Users have provided their consent to this). The processing is conducted on the basis that it is necessary for the performance of our contract with you regarding the provision of the Service. Please note that End Users need to enable and provide explicit consent to the real time geolocation feature of the App in order to use this functionality.

3.2 We may also process your data as set out in the various parts of this Privacy Policy and other privacy policies referenced herein, including, without limitation, for the purpose of investigating and responding to regulatory inquiries, conducting internal investigations, conducting further analysis, statistical information and optimizing the user experience. Prior to processing for analysis, statistical and experience optimization purposes, your Personal Data will be anonymized, meaning that the data will no longer be attributable to you and thus not considered Personal Data. The anonymization is conducted on the basis of our legitimate interest to be able to improve the Services and carry out statistical analysis regarding the usage of the Services for future optimization.

4. Sharing Your Personal Data

4.1 We may transfer or disclose your Personal Data to our data processors, for example companies providing the Service, including Safeture (who are based in Sweden), or other hosting and cloud services companies. In such cases, a data processing agreement between us and our processors will ensure that your Personal Data is processed in accordance with this Privacy Policy.

4.2 We will also share Personal Data relating to End Users gathered through the App with the Client for the purpose of providing the Platform functionalities, including the real time geolocation data (if the End User has given consent to such processing). The Client will process such Personal Data on its own behalf and in accordance with its own privacy policy(ies).

4.3 We may be obligated by law to disclose your Personal Data to certain authorities, such as law enforcement agencies, or in connection with legal proceedings and regulatory inquiries.

4.4 We may also transfer your Personal Data and/or assign the processing and sub-processing of it to an acquiring or controlling third-party entity of Chubb and/or Safeture.

5. The Controller of Your Personal Data

5.1 Chubb is the controller of your Personal Data. The Chubb Associated Company acting as the controller may be specified in the insurance policy issued to the Client (your employer). Any Associated Company’s master or online privacy policy included in these Parts is provided to you by Chubb on behalf of that Associated Company. Chubb engages Safeture to provide various data processing services on its behalf in connection with the Services.

If you have any additional questions or concerns about this Privacy Policy or our information practices, please feel free to contact us at any time at travelsmart@chubb.com.

6. Storage of Personal Data

6.1 We store your Personal Data as long as necessary for us to fulfil the purposes of the processing. This means that we will process your Personal Data as long as you are an active user of the Services. Specific data retention periods are:

· 3 months: Alerts sent

· 6 months: Logs, access logs, etc.

· 12 months: SMS data

· 18 months: Geolocation data, all other Personal Data

6.2 When your Personal Data is no longer necessary for the purposes of the processing, it will be deleted or anonymized. We will, however, continue to store your Personal Data if and to the extent we are required to do so according to law, and we will store anonymized data (that is not Personal Data) indefinitely.

7. Changes to this Privacy Policy

We may revise this Privacy Policy from time to time. The most current version of the Privacy Policy will govern our use of your information and will always be available through the App. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Part B

This Part B is relevant to you, in addition to Part A, if you are a resident of the EU, the EEA, the United Kingdom or the United States of America.

1. Master Privacy Policy/Online Privacy Policy

Unless otherwise provided in Part A of this Privacy Policy, Chubb will use your Personal Data in accordance with our Master Privacy Policy/Online Privacy Policy, available to you at www.chubb.com when accessed from your country of residence.

Part C

This Part C is relevant to you, in addition to Parts A and B, if you are a resident of California, U.S.

1. General

1.1 This Part C provides specific information for residents of California and is intended to satisfy the California Consumer Privacy Act (“CCPA”) requirement to notify you, at or before the point of collection, about the categories of personal information we collect about you and how we use that information, whether online or offline. This notice is supplemented by the ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS section of our Online Privacy Policy, which contains more detailed information, including information about your rights. You can access this section of our Online Privacy Policy by selecting the California Resident Privacy Policy located at www.chubb.com. Chubb provides separate CCPA privacy notices to residents of California who are employees, job applicants or contractors of Chubb.

1.2 Under the CCPA, and for the purposes of this Part C, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including, but not limited to, the categories identified in the table below to the extent they identify, relate to, describe, are reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household. Not all personal information of California residents is covered by the CCPA. For example, it does not include information that is lawfully made available from government records, protected health information, consumer reports and background checks, or information we collect in connection with the issuance of products or services to you that are to be used primarily for your personal, family, or household purposes. Please refer to the ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS section of our Online Privacy Policy for additional information about the scope of the CCPA.

2. Categories of Personal Information We Collect

2.1 The table below lists the categories of personal information that we collect about residents of California who are not employees, job applicants or contractors of Chubb. Some personal information included in the categories below may overlap with other categories:

Category	Examples	Collected
Name, Contact Information and other Identifiers	A real name, alias, job title, job department, address, country of residency, nationality, gender, unique personal identifier, online identifier, mobile phone device IDs, Internet Protocol address, email address, mobile phone number, policy number, passport number, postal address, international mobile subscriber identity, base station information, account name and other government identifiers.	YES
Customer Records	A paper and electronic customer or claimant record containing personal information, as well as information provided by a reinsurance or insurance broker/agent for underwriting purposes and information included in a list of claims.	YES
Characteristics of Protected Classifications under California Law	Age (40 years or older), race, ancestry, nationality, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, and veteran or military status.	YES
Usage Data	Internet, e-mail or other electronic network activity information including regarding a California resident's interaction with our portals, internet websites, applications, or advertisements, including, but not limited to, browsing history, clickstream data, and search history.	YES
Biometric Information	Individual biological or behavioral characteristics including measurements of physical characteristics such as height, weight and blood pressure, sleep, health, or exercise data that contain identifying information.	NO
Non-Public Educational Information	Education records directly related to a student maintained by an educational or institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes and student disciplinary records.	NO
Geolocation Data	Physical location or movements (where End Users have provided their consent).	YES
Audio, Video and Other Electronic Data	Audio information including call recordings and photographs.	NO
Professional or Employment-Related Information	Employment history, qualifications, licensing, and disciplinary record.	NO
Inferences drawn from other personal information	Inferences drawn from any of the information described in this section about a resident including inferences reflecting the resident’s preferences, characteristics, behavior and abilities.	NO

3. Purposes for Which Personal Information is Used

3.1 The categories of personal information described above in this Part C are collected and may be used for the following business or commercial purposes:

to provide you with the Services, including tracking your geographical location (where End Users have provided their consent);
to provide you with, renew or modify products and services;
to provide you with the information and documents you request and for other customer service purposes;
to carry out our obligations and enforce our rights arising from any contracts entered into between Chubb and the Client;
to process claims and other legal actions;
to respond to law enforcement requests, court orders or regulations, subpoenas, search warrants, or other legal processes and actions, as required by applicable law;
to provide you with information about other websites or online services that link to our Online Privacy Policy or required notices;
to deliver marketing communications or promotional materials that may be of interest to you and to assist us in determining relevant advertising;
to improve the services we provide and the usefulness of the online services;
to customize your experience when using our online services; to perform testing, product development and research, and to analyze use of our websites and online applications;
to prevent and detect fraud, infringements of our policies and contracts and other potential misuse of our products, services and assets;
to assist our affiliates in their everyday business purposes;
to provide training or organize events;
to investigate privacy, security or employment related incidents;
to refer you to our third party partners as part of a referral program;
to plan, engage in due diligence for, and implement commercial transactions.

Part D

This Part D is relevant to you, in addition to Part A, if you are a resident outside of the EU, the EEA, the United Kingdom or the United States of America.

1. Third Country Transfers

To be able to provide the Services to you, your Personal Data may be transferred across international borders and processed and stored outside of the country where you use the Services, including to countries that have different data protection laws. In such cases, we take steps to ensure that there is a legal basis for such a transfer and that adequate protection for your Personal Data is provided as required by applicable law, for example, by requiring the use of other appropriate technical and organizational information security measures. You hereby give your consent to the transfer, processing and storage of your Personal Data in accordance with the above. If you do not agree, please do not use the Service or provide us with your Personal Data.

2. Your Rights

2.1 You may have the right to request a copy of the Personal Data relating to you that we process. Where prescribed by local laws, you may have the right request to have inaccurate or incomplete data corrected or deleted. Please note that we may not be able to continue to provide the Services to you if you ask us to delete or cease the processing of your Personal Data.

2.2 If you would like to make a request in relation to the Personal Data that we hold about you, please contact travelsmart@chubb.com. Please note that Chubb may need to identify you and to ask for additional information in order to be able to fulfil your request. Please also note that applicable law may contain restrictions and other provisions that relate to your above rights.

____________________