Get Bupa now

Mon-Fri 9am-9pm (except public holidays)
2517 5860

Customer Services

24 hours, 7 days a week

Bupa (Asia) Limited Privacy Notice relating to the Personal Data (Privacy) Ordinance (the "Ordinance")

  1. Introduction
    1. Bupa (Asia) Limited (“Company”, “we” or “us”) is committed to protecting your privacy and security of your personal information. This Notice is provided to you in connection with your dealings and provision of data or information to the Company. This Notice is prepared in accordance with the Ordinance and also operates as the Personal Information Collection Statement which we will provide, or make available, to you on or before the collection of your personal information by the Company.
    2. This Notice is intended to ensure that you can make informed decisions about providing your personal information to Company in accordance with this Notice. Please be aware that this Notice replaces any notice or statement of similar nature that may have been provided to you previously. When you click on “I Agree” or select any options with similar content, or log in, confirm, agree to, use or accept this Notice we provide via registration procedure or any other way, you consent to your personal information being collected, stored, used, processed, transferred, disclosed or shared in accordance with this Notice.
    3. For the purposes of this Notice, “Group Company” means the Company and its holding companies, branches, subsidiaries, representative offices and affiliates, wherever situated, and any one of them. Affiliates include branches, subsidiaries, representative offices and affiliates of the Company’s holding companies, wherever situated (collectively, the “Group”).
    4. If you provide us with the personal information about other individuals, you must tell those individuals that you have provided us with their details and let them know where they can find a copy of this Notice.

  2. Personal Information We Collect
    1. From time to time, it is necessary for you, or other members/ insured persons covered under your policy (each a “Member”), to supply the Company with certain personal information (including where relevant, credit information and claims history) when you interact with us, apply for and use our products and services.
    2. During the course of your relationship with the Company, further personal information relating to you, or the Member, may also be collected in the ordinary course of our business, for example, when you lodge insurance claims with the Company in relation to yourself or the Member.
    3. Failure to supply personal information requested by the Company may result in the Company being unable to process your application, request for information or services, enquiries and/or provide services or products to you, or the Member.
    4. The personal information we collect and/or hold from time to time may include your personal identification information, contact information, transaction records, financial background, medical and health records, biometric data and your location and activities when you access or browse our website(s) or use our mobile application(s) or portal(s) (including any diagnostic or health-monitoring tools thereon and the Bluetooth and/or wearable device that are used to collect data for the purposes of such tools).
    5. We will always try to collect your personal information from you through the course of your relationship with us and in a range of ways. However, there may be instances where we will need to collect your personal information from third parties or sources in certain circumstances, such as a family member or someone else acting on your behalf, your employers, medical personnel, business/asset acquisition transactions of the Company, business partners, or public databases.
    6. If you are under the age of 18, you should obtain consent from your parent or guardian before you provide the Company with your personal information.
    7. Storage of personal information may be in various forms including, physical (paper) form, digital customer systems or applications, data management software or systems in the usual course of business practices, depending on your engagement with the Company.
    8. Separate privacy notices apply for recruitment or employment purposes.

  3. Purposes of Collection
    1. Your personal information collected may be used, stored, processed, transferred, disclosed or shared by the Company for the following purposes from time to time:
      1. processing, assessing and determining any applications for insurance products and services;
      2. offering and providing products and services to you, or the Member, and processing requests made by you, or the Member, from time to time, including but not limited to requests for addition, alteration, deletion, maintenance, management and operation of insurance benefits or insured Members;
      3. registering you, or the Member, as a user or a member of services or information provided or to be provided by us on the website(s), mobile application(s) or portal(s) managed and/or operated by us;
      4. coordinating your care, or the Members’, within Group Companies to achieve better health management outcomes;
      5. any purposes in connection with any claims made by or against or otherwise involving you, or the Member, in respect of any products and/or services provided by the Company including, without limitation, making, defending, analysing, investigating, detecting and preventing fraud (whether or not relating to the policy issued in respect of any application or claim) processing, assessing, determining, settling or responding to such claims; ;
      6. performing any functions and activities related to the products and/or services provided by the Company including, without limitation, audit, reporting, market research, general servicing, maintenance of online and other services, identity verification, data matching, research, data analytics, statistical analysis, and reinsurance arrangements;
      7. providing you with personalised health information and information about our services or products, and personalised website, mobile application or portal interface;
      8. providing you with appropriate health, insurance administration, wellness or other related services (including, without limitation, e-ticketing, appointment booking and clinic / medical professional search and service and product redemption functions on the website(s), mobile application(s) or portal(s)) managed and/or operated by us) or products;
      9. communicating with you regarding the administration, features and renewal of the insurance policy that you subscribe to;
      10. operating, maintaining, evaluating, improving, troubleshooting problems, and understanding your preference(s) with our website(s), mobile application(s) or portal(s);
      11. provision and design of products and services of the Company;
      12. exercising the Company’s rights in connection with provision of any products and services to you, or the Member, from time to time, for example, to determine any amount of indebtedness from you, and collecting and recovering owing from you or any person who has provided any security or undertaking for your liabilities;
      13. communication with you or the Member (or with you on behalf of the Member) in relation to any of the purposes set out in this Notice;
      14. with your consent, marketing services, products and other subjects by us, any member and/or brand of the Group Companies (such as Horizon Health and Care Limited and/or Quality HealthCare Group, our affiliates) and/or other third parties (please see further details in paragraph 5 below);
      15. managing our relationship with you, our business and organisations who work with us in relation to providing our products or services to you, or the Member (including, with limitation, futures changes to this Notice);
      16. enabling an actual or proposed assignee, transferee, participant or sub-participant of all or a substantial part of the Company’s rights or business to evaluate the transaction intended to be the subject of the assignment, transfer, participation or sub-participation;
      17. making disclosure to satisfy the requirements of any laws, rules and regulations, codes of practice, guidance notes or guidelines binding on the Company; and
      18. fulfilling any other purposes directly related to (a) to (q) above.

  4. Transfer of Personal Information
    1. Personal information collected or held by the Company relating to you, or the Member, will be kept confidential but the Company may transfer such personal information inside or outside the Hong Kong Special Administrative Region of the People’s Republic of China, for the purposes specified in paragraph 3 to the following classes of transferees:
      1. any member and/or brand of the Group Companies;
      2. any insurance adjusters, agents and brokers;
      3. any re-insurance companies authorised by the Company;
      4. employers (for members of corporate policy only);
      5. healthcare professionals and hospitals;
      6. any third parties engaged in connection with a member of the Group Company’s business who provides medical, health, insurance, wellness or other related services or products;
      7. any agent, contractor or third party service providers who provide administrative, telecommunications, computer, payment, data processing, storage of analytics, cloud, printing, research, advertising, distribution or other services to the Company in connection with the operation of business, (including without limitation insurers; banks; lawyers; accountants; claims investigators; fraud prevention organisations; other insurance companies (whether directly or through fraud prevention organisations or other persons named in this paragraph); organisations that consolidate claims and underwriting information for the insurance industry; the police and databases or registers (and their operators) used by the insurance industry to analyse and check information provided against existing information; debt collection agencies; data processing companies; research agencies and professional advisors);
      8. with your consent, third parties (within or outside the Group Companies) in relation to direct marketing (please see further details in paragraph 5 below);
      9. third party reward, loyalty, co-branding and privileges programme providers and co-branding partners of a member of the Group Companies;
      10. financial institutions engaged by the Company or you for billing and payment purposes
      11. any actual or proposed assignee, transferee, participant or sub-participant of all or a substantial part of the Company’s rights or business; and
      12. any person to whom the Company is under an obligation to make disclosure under the requirements of any law, rules, regulations, codes of practice or guidelines binding on the Company including, without limitation, any applicable regulators, governmental bodies, industry recognised bodies, credit reference agencies, the Courts, and where otherwise required by law.
    2. We will only disclose personal information limited to that which is necessary to the above parties for the relevant purposes, who may process (including, without limitation, by recording, organising, structuring, storing, adapting, altering, retrieving, using, aligning, combining or erasing) your personal information for the relevant purposes set out in paragraph 3 above.
    3. In the event that we complete the acquisition of a new business or brand, we shall communicate with you through the communication channels you provided to us, and any personal information shall be treated in accordance with this Notice if it is practicable and permissible to do so.

  5. Use of Personal Information in Direct Marketing
    1. Only with your consent (which includes an indication of no objection), the Company, any member and/or brand of the Group Companies and/or the third parties stated under paragraphs 3.1 (n) and 5.2 (b) to (e) may use your personal information (including your name, contact details, products and services portfolio, transaction pattern and behaviour) collected collected from time to time to provide you with marketing communications (including by email, SMS, mobile application, social media, instant messenger or other means that become available from time to time) relating to the following products and services:
      1. insurance, medical, dental, healthcare, wellness, personal development, beauty, sporting activities and membership, lifestyle, entertainment, financial, and related services and products;
      2. rewards, benefits, discounts, member activities, loyalty or privileges programmes and related services and products;
      3. services and products offered by the Company’s co-branding partners; and
      4. donations and contributions for charitable and/or non-profit making purposes.
    2. The above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Company and/or:
      1. any member and/or brand of the Group Companies;
      2. third party service providers;
      3. third party reward, loyalty, co-branding or privileges programme providers;
      4. co-branding partners of a member of the Group Companies; and
      5. charitable or non-profit making organisations.
    3. We will not use your personal information for direct marketing purposes unless we have received your consent. For the avoidance of doubt, the latest instruction (for example, consent or indication of no objection, or request for opt-out) received from you shall override any previous instruction given to the Company in this regard in relation to all of your personal information collected or held by the Company from time to time.
    4. If you choose to personalise your services where such options are available, we will use personal information that we collect so that we can offer you those personalised services or communications. If you do not wish to accept those personalised services or communications, you can unsubscribe from those services at any time and we will cease to offer such services to you.
    5. For the avoidance of doubt, whether or not you consent to receive marketing communications of the type described in this paragraph 5, the Company may still communicate with you regarding the administration, features and renewal of your insurance policy.
  6. Security and Retention
    1. The Company retains your personal information for as long as necessary for the purposes set out in this Notice, or otherwise agreed between you and us, unless otherwise required or permitted under applicable law.
    2. Where the Company no longer requires your personal information for the purposes under this Notice, or otherwise required under law, we will take appropriate steps to securely delete or destroy your personal information.
    3. We will take all practicable steps to protect your personal information against unauthorised or accidental access, processing, erasure, loss or use. This includes implementing a range of digital and physical security measures. In addition, we will restrict access to your personal information to those properly authorised to have access.
    4. When you use our sites, we and third-party companies collect information by using cookies and other technologies such as pixel tags (for simplicity we refer to all such technologies as “cookies”). The updated version of the Cookies Policy is available for download from our website: www.bupa.com.hk and is available upon request.
    5. Our websites, mobile applications or portals may provide the links to other external websites over which we do not have control. You are advised to refer to the privacy policies of these websites for more information.

  7. Data Access and Correction
    1. Under and in accordance with the terms of the Ordinance, you have the following rights to:
      1. check whether the Company holds personal information relating to you or the Member and to access such personal information;
      2. require the Company to correct any personal information relating to you or the Member which is inaccurate;
      3. ascertain our policies and practices in relation to personal data and to be informed of the kind of personal data held by the Company;
      4. request the Company to cease using your personal information for direct marketing purposes; and
      5. change your preference in respect of our use of your personal information.
    2. Requests can be made in writing to the Company’s Data Protection Officer at the following address:
      1. Data Privacy Officer/ Customer Service Manager
      2. 6/F, Tower 2, The Quayside, 77 Hoi Bun Road, Kwun Tong, Kowloon, Hong Kong
      3. Or, by email:
      4. customercare@bupa.com.hk

  8. In accordance with the terms of the Ordinance, the Company has the right to charge a reasonable fee for the processing of any personal information access or correction request.
  9. For any enquiries about this Notice, please do not hesitate to contact our Customer Care helpdesk at 2517 5333.
  10. Nothing in this Notice shall limit the rights of customers under the Ordinance.
  11. In case of discrepancies between the English and Chinese versions of this Notice, the English version shall prevail. This Notice maybe amended by the Company from time to time. You may access and obtain a copy of this Notice, as amended from time to time, at www.bupa.com.hk.

Issued by Bupa (Asia) Limited
1 September 2024