PICS - Dubai

IPG Howden Personal Information Collection Statement (PICS)

IPG Financial Services Pte. Ltd., a company incorporated in the Dubai International Financial Centre (“DIFC”) with registered number 3484, trading as IPG Howden (DIFC Branch) (“IPG”) (referred to hereinafter as the “Company”) recognises its responsibilities in relation to the collection, holding, processing, use and/or transfer of personal data under the DIFC Data Protection Law, DIFC Law No. 5 of 2020 as amended from time to time (“Law”) and including any regulations made under it.  Personal data will be collected and used only for lawful and relevant purposes and all practical steps will be taken to ensure that personal data held by the Company is accurate.  The Company will take appropriate technical and organisational steps aimed at ensuring the security of the personal data and to avoid unauthorised or accidental access, disclosure, loss or damage, erasure or other unauthorised or unlawful use.

In order to provide you with our insurance brokerage services described in our Client Engagement Letter and other services set out in the "Purpose" section below, we may collect personal data directly from you or from other third parties.  Please note that if you do not provide us with your personal data, we may not be able to provide the information, products or services you need or process your requests.

Lawful basis: We must ensure that our use of your personal data is in accordance with a lawful basis. The permitted bases under the Law that we rely on are:

  • processing is necessary for the performance of a contract to which you are party, in order to take steps at your request before entering into such a contract (“CONTRACT”);
  • processing is necessary for us to comply with law applicable to us (“LAW”);
  • processing is necessary for the purpose of our legitimate interests or those of a third party to whom your data has been made available (“INTERESTS”)
  • if we have asked for your consent for a specific purpose, we may rely on your consent for such specific purpose (“CONSENT”).

Categories of Personal Data: we will collect and process the following categories of personal data:

  • personal identification details, including name, date of birth, nationality
  • copies of identification documents, such as passports, national identity cards and/or visa documents
  • contact details such as email address, telephone number, residential address
  • copies of documents required to verify information, such as a utility bill required to verify your address 
  • financial identifiers and other information such as tax identification number, bank account statements, bank account details or other payment details
  • details collected from your use of our information technology systems, including our website, such as your IP address and data collected from cookies on our website.
  • identification and contact details of beneficiaries or dependents and etc.

Special Categories of Personal Data: We do not normally ask you to specifically provide us with “Special Categories” of personal data but in some cases, special categories of personal data may be contained on other documentation you provide us for purposes of identity verification, such as passport or identity card copies. “Special Categories” of personal data are personal data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

Basis for processing Special Categories of Personal Data: to the extent we do process such data it will be on the following lawful bases:

  • where we have your explicit consent for specified purposes:
  • if necessary for us to comply with the law applicable to us;
  • on grounds of substantial public interest; and
  • if necessary and proportionate to protect you from potential bias or inaccuracy in decision making.

We are also permitted to process your special categories of personal data if necessary for the establishment, exercise or defence of legal claims by us.

Purpose:  From time to time it is necessary for the Company to collect your personal data which may be used, stored, processed, transferred, disclosed or shared by us for purposes (“Purposes”), including those set out below. We have indicated the lawful basis for processing that applies to each purpose.

  1. providing insurance brokerage services to you, including assessing and evaluating your needs on insurance, wealth management, estate planning, business planning or other financial matters; (CONTRACT)
  2. advising or acting for you on matters relating to insurance, wealth management, estate planning, business or financial planning, or arranging insurance contracts on your behalf; (CONTRACT)
  3. offering, providing and marketing to you insurance products/services of local or offshore insurance companies or other insurance service providers; we believe it is in our interests, and yours, to provide you with details of relevant products and services based on our knowledge of you, however you can ask us to stop doing so (see “Use and provision of personal data in direct marketing” below);  (CONTRACT)(INTERESTS) 
  4. preparing for you any applications for insurance products/services.  This will entail providing your personal data to insurance carriers for the purpose of obtaining life cover; (CONTRACT)
  5. providing subsequent services to you, including but not limited to conducting face-to-face meetings or phone discussions for the purposes of reviewing and administering any products/services you have purchased; any purposes in connection with any claims made by or against or otherwise involving you in respect of any products/services you have purchased, including investigation of claims; (CONTRACT)(LAW)
  6. any other reasonable purposes in connection with the provision of our brokerage services; we will always consider whether your interests as a data subject override our legitimate interests and will always act transparently and fairly when making such determination; (INTERESTS)
  7. designing and improving our products/services for customers; we believe it is in your best interests and ours for us to fairly and transparently use relevant personal data to offer a better product or service to you; where such data can be anonymised and aggregated for such purposes without losing the benefit, then we will ensure this occurs; (INTERESTS)
  8. conducting market research for statistical or other purposes; if we already hold the required data then it is in our legitimate interests to conduct research involving such data but where such data can be anonymised and aggregated for such purposes without losing the benefit, then we will ensure this occurs; if we do not already hold data required and we ask you if you are willing to provide such data then we will be relying on your consent to process such data; (CONSENT)(INTERESTS)
  9. matching any data held which relates to you from time to time for any of the purposes listed herein; we may have a legitimate interest in cross-checking your personal data for accuracy or verification purposes; (CONTRACT)(INTERESTS)(CONSENT)
  10. making disclosures as required by any applicable law, rules, regulations, codes of practice or guidelines or to assist in law enforcement purposes, investigations by police or other government, regulatory or tax authorities in UAE or elsewhere;(LAW)
  11. conducting identity checks in accordance with ‘know your client’ and anti-money laundering requirements and so that we know who we are doing business with and provide appropriate products and services;(LAW)(CONTRACT)
  12. complying with the laws of any applicable jurisdiction;(LAW)
  13. other incidental purposes directly relating to any of the above, provided such processing is fair and transparent.

Transfer of Personal Data:  Personal data will be kept confidential but subject to the provisions of any applicable law your personal data may be provided to the following recipients for the Purposes listed above:

  1. any of our affiliates, any person associated with the Company, insurance or any reinsurance company, claims investigation company, industry association or federation, or financial institution in United Arab Emirates (UAE) or elsewhere;
  2. any agent, contractor or third party who provides administrative, technology or other services (including direct marketing services – please “Use and provision of personal data in direct marketing”, below) to the Company and/or our affiliates in UAE or elsewhere and who has a duty of confidentiality to the same;
  3. any business involved in the evaluation, sale or administration of products you obtain via our services;
  4. any actual or proposed assignee, transferee, participant or sub-participant of our rights or business; and
  5. any government department or other appropriate governmental or regulatory authority in UAE or elsewhere, in accordance with an official request or legal requirement.

The transfers mentioned above may involve the transfer of your personal data to jurisdictions outside the DIFC, including the United Arab Emirates mainland legal jurisdiction, (“Overseas”) for processing.

In particular, we will transfer personal data to our affiliate branch in Singapore, which carries out services on our behalf which enable us to perform our contract with you.

Overseas jurisdictions may not have laws which require the same protection of personal data as the DIFC.  We will ensure that any such transfers only take place under adequate safeguards, as required by the Law, or otherwise in accordance with the Law.  In particular, where the destination jurisdiction is not deemed adequate by the DIFC Commissioner of Data Protection, where no other adequate safeguard is in place and there is no permitted derogation or other special circumstance enabling the transfer under the Law, we will ensure that we only transfer personal data Overseas to recipients with whom we have a binding written agreement incorporating standard data protection clauses adopted by the DIFC Commissioner of Data Protection.

Use and provision of personal data in direct marketing: The Company and/or its affiliates intends to:

  1. use your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by the Company from time to time for the purpose of providing products and services and additional insurance advisory activities to you.
  2. provide your personal data to insurance carriers and/or re-insurers for the purpose of obtaining life cover. 
  3. provide information regarding your insurance policy and/or application to a financial institution for the purpose of obtaining financing, but only where you have requested financing.
  4. provide your personal data to insurance carriers and/or reinsurers for the purpose of obtaining additional life cover as well as health, wellness, annuity and other insurance products.
  5. provide information regarding your insurance policy to the policy’s owner which may be you or an affiliated entity as instructed by you.
  6. use your data to provide “after-sales” services including face-to-face meetings and phone discussions for the purpose of advising, reviewing and administering your policy(ies).

If you do not wish to receive direct marketing from us you can opt out at any time. To opt out please inform us in writing at the address in the section on “Access and correction of personal data”.   The Company shall, without charge to you, ensure that you do not receive future direct marketing, however it may take us a reasonable amount of time to process your request and you may receive some further marketing communications that have already been processed for dispatch in the interim period.

Your rights

  • Access and correction of personal data:  Under the Law, you have the right to ascertain whether the Company holds your personal data, to obtain a copy of the data, and to require us to correct, if technically feasible, any data that is inaccurate.  You may also request the Company to inform you of any changes to the information provided in this PICS since it was provided to you.
  • Erasure of personal data: You can require us to erase your personal data but only if the legitimate purpose for processing the data has ended, if our processing is unlawful or if you object to our processing and there is overriding legitimate grounds for our continued processing.
  • Object to processing: in certain circumstances set out in Article 34 of the Law you may be able to object to our processing of your personal data.
  • Restrict processing: in certain circumstances set out in Article 35 of the Law you may be able to restrict our processing of your personal data.
  • Portability: if we process your personal data by automated means for the performance of a contract or with your consent then you can request that we provide such data to you or a third party that you request in a commonly-used and machine readable format.
  • Lodge a complaint: if you believe we are not acting properly with respect to your personal data you may lodge a complaint with the Commissioner of Data Protection in the DIFC.

Please see the “Contact” section below for details as to how to exercise your rights.


Requests to access your rights, requests for further information and any other questions or comments relating to the Company’s use of your personal data or this PICS should be addressed in writing to:

Data Privacy Officer
IPG Howden (DIFC Branch)
Al Fattan Currency House, Office 108, Tower 1, DIFC, UAE

or via our website at:

A reasonable fee may be charged to offset the Company’s administrative costs incurred in complying with your requests to access your personal data if the requests are manifestly unfounded or excessive, including where they are repetitive.  In such circumstances, instead of acting on the request, we may instead write to you with reasons for our refusal, in accordance with the Law.