Marketing Privacy Notice

RGA is a group of companies focusing primarily on life- and health-related reinsurance solutions.  Our core products and services include life reinsurance, living benefits reinsurance, group reinsurance, health reinsurance, financial solutions, facultative underwriting and financial product development.

The headquarters of Reinsurance Group of America, Inc. are located in St. Louis, Missouri, United States of America. 

RGA International Reinsurance Company dac located in Dublin, Ireland is our representative in the European Economic Area (‘EEA’). 

Other RGA group entities operate and provide products and services all over the world. A full list of all RGA entities is available at http://www.rgare.com/global-directory.

RGA is the controller responsible for the Personal Information we collect and process within the scope of this Privacy Notice. 

This Privacy Notice is designed to provide compliance with relevant laws in countries where RGA entities operate. Some RGA entities have adopted local Privacy Notices available on their websites.

RGA will handle Personal Information in accordance with multiple local privacy laws at the place where the Personal Information is collected and processed.  If an applicable law provides for a lower level of protection of Personal Information than that established by this Privacy Notice, then this Privacy Notice shall prevail. 

Personal Information means information, or a combination of pieces of information, that could reasonably allow an individual to be identified.

As a business, we run a range of marketing, knowledge sharing, and business development campaigns. We also manage relationship with our business clients, partners and vendors. Your Personal Information is used to perform these activities and assess the effectiveness thereof.

The type of information we collect and process about you will depend upon specific circumstances relating to your engagement with us and local practices within our offices. 

If we process your Personal Information in the course of marketing and business development, we will collect:

• Your name 
• Business contact information: work postal address, telephone numbers and email address
• Company name, department
• Your occupation/title 
• Your communication and opt-in/opt-out preferences
• Information about your interaction with our marketing campaigns
• Your birthday, age, gender, celebration event (anniversary, etc.)
• Your photo

If you attend an RGA event, we will collect:

• Your name 
• Business contact information: work postal address, telephone numbers and email address
• Company name, department  
• Your occupation/title 
• Your communication preferences
• Your opt-in/opt-out preference
• Your image (for example, photographs, video recordings if relevant)

If you are RGA’s client, partner or vendor, we will collect:

• Your name 
• Business contact information: work postal address, telephone numbers, email address
• Company name, department
• Your occupation/title 
  

RGA does not intentionally collect or process any special category or sensitive Personal Information under this Privacy Notice. Such Information may be captured incidentally in photos or other images. If this occurs, any further processing will be carried out under Your consent for a specified purpose.

RGA does not sell your Personal Information collected under this Privacy Notice.

RGA does not engage in profiling or automated decision making for the processing activities covered by this Privacy Notice.

We use Personal Information we collect from you for diverse purposes depending on the type of your engagement with us.

If we process your Personal Information in the course of marketing and business development, we will use your Personal Information for the following purposes:

• To provide you with relevant information about our products and services, and advertise them;
• To respond to your enquiries;
• To invite you to take part in our surveys;
• To determine your interest in our new products, services and marketing campaigns;
• To offer you with our products and services;
  
• To perform administrative activities in connection to your opt-out.

If we process your Personal Information for RGA events, we will use your Personal Information for the folowing purposes:

• To invite you to attend our events;
• To admit and accommodate you in our events;
• To monitor attendance of our events;
• To provide you and other participants with any follow up information concerning an event you subscribed to attend;
• To evaluate our events for future improvement and advertise them;
• To perform administrative activities in connection to your opt-out.

If we process your Personal Information in the course of relationship management with you, we will use your Personal Information for the following purposes:

• To communicate and manage relationship with you whilst providing our products and services or engaging with you;
• To respond to your enquiries about our products and services and provide any related support;
• To carry out any due diligence or other checks on the entity you are representing necessary for our internal compliance.

Whenever we process your Personal Information we must have a legal basis. In most cases, our ability to obtain and process your Personal Information for the aforementioned purposes is based on one of the following legal bases:

1. Where required by law, we will collect Personal Information only where we have your consent to do so via an opt-in selection, a consent form provided to you or an implicit consent in the course of marketing, business development or events activities. 
2. Processing your Personal Information is necessary to meet our legitimate interests, when we perform our marketing, business development, events and relationship management activities.
3. Processing is necessary to comply with a legal obligation requiring us to respect your opt-out from our marketing communications.

We will collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Our legitimate interests typically include improving, maintaining, providing, and enhancing our products and services, growing our business, assessing your interest in our products and services, and complying with regulatory requirements for running our business.

EU and UK data subjects may find more detailed information about applicable purposes and legal grounds for processing in the table below:

Admitting you to our events

Monitoring attendance

Providing you with follow up information

• Name
• Business Contact Information: work postal address, telephone numbers, email address
• Company Name, Department
• Occupation/Title

We will provide you with regular opportunities to tell us your marketing preferences in our communications to you.  We will rely on consent via opt-in or our legitimate interests for our marketing communications (depending on local legal requirements). 

If you no longer want to receive marketing-related emails from RGA on a going-forward basis, you may opt-out of receiving these emails by clicking on the link to “unsubscribe” provided in each email or by contacting us at the contact information under the “Contact Us” section of this notice. 

Depending on the circumstances relevant to the processing of your Personal Information, we may share your Personal Information with the following parties, unless it is not permitted by local applicable laws:

• RGA group companies. We operate as a global business, so we may share your Personal Information with group companies who may use this information for the purposes described in this Privacy Notice.
• Service providers. We may share your Personal Information with service providers that perform certain services and business operations for us, for example, data storage providers, event planners, online event or display platforms, digital publishing tools.
• Any law enforcement agency, court, regulator, or government authority. We may share your Personal Information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
  

If you require further information on who your personal information is shared with, please contact us at the details contained in the "Contact us" section below.

You have certain rights regarding your Personal Information, subject to local laws and circumstances relating to the processing of your personal information.

Your rights include the right to:

• access your Personal Information and details relating to the processing of your Personal Information;
• rectify the information we hold about you;
• erase your Personal Information;
• restrict our use of your Personal Information;
• object to our use of your Personal Information;
• receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability); and
• lodge a complaint with your local data protection authority.

Please note that we may require additional information from you in order to confirm your identity and honor your requests.

To exercise your rights, you may use our online contact form, or contact us directly using the contact details provided in section ‘Contact Us’ below.

We are committed to working with you to obtain a fair resolution of any request, complaint or concern about privacy. If, however, you believe that we have not been able to assist with your request, complaint or concern, you have the right to make a complaint to your local supervisory authority (i.e. the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred. Contact details of supervisory authorities are available at the following link: https://www.rgare.com/privacy/web-privacy-policy/web-contacts  

We implement technical and organizational measures to ensure a level of security appropriate to the risk to the Personal Information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will normally retain your Personal Information for as long as we need it to handle our marketing, business development, and events campaigns, and relationship management. 

More specifically, in line with our data retention schedule, we keep your personal information until you may have an interest in our products, services or events. We will keep your Personal Information for one year after you have opted-out from receiving our marketing materials.  

If you would like to know more about the retention of your personal information, please contact us at the details contained in the "Contact us" section below.

We securely destroy Personal Information when its retention period has expired. However, we may retain anonymized data (which is not treated as Personal Information under this Privacy Notice) for longer.

Because we operate as a global business, your Personal Information may be transferred to, stored, and processed by RGA entities in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for Personal Information under the European Union law or your local law. Therefore, RGA has adopted Binding Corporate Rules (‘BCRs’) to enable us to make international transfers of your personal information within our group of companies in compliance with data protection laws of the European Union and other relevant countries. Our BCRs are available at https://www.rgare.com/about-rga/binding-corporate-rules/

In other jurisdictions, where BCRs are not applicable, we perform cross-border transfers of Personal Information to RGA entities overseas under other transfer mechanisms permissible by applicable local laws.

If we need to transfer your personal information to service providers located outside the EEA or other relevant countries, we will make sure that adequate safeguards are in place with those parties under applicable local laws. We typically put in place contractual commitments in accordance with applicable legal requirements to ensure that your Personal Information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.

We implement technical and organizational measures to ensure a level of security appropriate to the risk to the Personal Information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will normally retain your Personal Information for as long as we need it to manage our marketing, business development, and knowledge sharing campaigns and online analytics for the purposes described above.  

More specifically, in line with our data retention schedule, we keep your personal information until you may have an interest in our products, services or events. We will keep your Personal Information for one year after you have opted-out from receiving our marketing materials. 

If you would like to know more about the retention of your personal information, please contact us at the details contained in the "Contact us" section below.

We securely destroy Personal Information when its retention period has expired. However, we may retain aggregated or anonymised data (which is not treated as Personal Information under this Privacy Notice) for longer.

Because we operate as a global business, your Personal Information may be transferred to, stored, and processed by RGA entities in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for Personal Information under the European Union law or your local law. Therefore, RGA has adopted Binding Corporate Rules (‘BCRs’) to enable us to make international transfers of your personal information within our group of companies in compliance with data protection laws of the European Union and other relevant countries. Summaries of our BCRs are available at Binding Corporate Rules. 

If we need to transfer your personal information to service providers located outside the EEA or other relevant countries, we will make sure that adequate safeguards are in place with those parties. We typically put in place contractual commitments in accordance with applicable legal requirements to ensure that your Personal Information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.

If you have questions or concerns regarding the way in which your Personal Information has been used, please e-mail us at privacy@rgare.com or call or write to us.

For all other RGA entities postal addresses, please see http://www.rgare.com/global-directory 

If you would like to exercise a data subject right, you may use our online contact form.

RGA’s Data Protection Officer for the EMEA region is Dean Scotson.  

Should you have any questions or concerns for our DPO regarding the way in which your Personal Information has been used, please contact him via email at dpo@rgare.com 

You may request a copy of this Privacy Notice from us using the contact details set out above. We may modify or update this Privacy Notice from time to time. If we make a significant change to this Privacy Notice, we will post a notice about this on our website, and we may provide the notice directly to you.