EN - FR - DE - NL

Cigna International Health Services Data Protection Notice

As a provider of quality healthcare around the world, our customers and clients expect us to carefully handle and protect the Personal Information (as defined below) they share with us.

You are receiving this Data Protection Notice either because your employer has signed an agreement with us, as an insurance intermediary and/or claims administrator, to provide you, directly or through our partners, with international health insurance cover and other additional covers and services as it may apply (referred to in this Data Protection Notice as the “Services”), or you otherwise benefit from our Services (for example, as a dependant).

In order to provide our Services to you, we will collect and use your Personal Information. This Data Protection Notice explains how and why we do this, and outlines your rights in relation to your Personal Information.

Your Personal Information may be collected by the following entity:

This company will be the data controller of the Personal Information collected to provide the Services to you.

In addition to this Data Protection Notice, some of our products and services may have their own notices (for example, the Cigna Online and Mobile Privacy Notice, which describe in more detail how your Personal Information is used in a particular context).


Personal information

Personal Information” is the information that identifies and relates to you, or to other individuals which also benefit from our Services, such as your dependants. Your Personal Information may be provided to us by yourself or by a third party entitled to provide us with such information (e.g. your health care providers, your employer, etc.).

Due to the nature of the Services you are entitled to, your Personal Information may contain sensitive data including, but not necessarily limited to, your medical condition and health status.


The types of personal information we collect

The Personal Information we collect includes:

We collect the Personal Information outlined above from a number of different sources, including from:

As we are required to collect your Personal Information as a consequence of a contractual agreement with the employer, failure to provide this information may prevent or delay the fulfilment of these obligations. For example, if you do not provide certain Personal Information, we will not be able to provide you with the Services.


Purpose and use of personal information

Your Personal Information is collected in order to provide the Services, administer your plan and, in general, conduct insurance business in line with the Services you are entitled to.

We use your Personal Information to:

As outlined above, we may use your Personal Information for a number of different purposes that are always connected with the Services we provide. Consequently, we will rely on the following legal grounds to use your Personal Information:

Due to the nature of the Services you are entitled to, we may process sensitive data connected with the provision of such Services. In general, your consent is not required since we are permitted by applicable law to process such information as a healthcare insurance company. However we may collect your consent in specific situations where either the nature of the data to be disclosed and/or the requirements on the jurisdiction where you are on assignment or other applicable laws and regulations may require that consent. 


Disclosure of your personal information

If necessary for providing you with the Services you are entitled to, or for any of the purposes described in this Data Protection Notice, we may disclose your Personal Information with other parties. Disclosing your Personal Information means that we will provide your Personal Information to and/or that your Personal Information will be accessed by:

For any of the categories of the recipients listed above, it should be noted that some of them may be located in the European Economic Area, while others can process and access your Personal Information from outside the European Economic Area, as described in the following section of the Data Protection Notice.


International transfer of personal information outside the European Economic Area

Due to the global nature of the Services you are entitled to and the need to provide the employer with compliance solutions to meet its needs and ensure that you have access to the Services in the location of your assignment, your Personal Information can be shared with and/or accessed by parties located in other countries outside the European Economic Area that have a different data protection regime than the one found in the country where the employer, signing the contract with us, is located. The countries to which we may transfer your Personal Information may not be regarded by the European Commission as ensuring an adequate level of protection for Personal Information (for instance, the United States).

In any case, where we transfer your Personal Information to any of these countries, we will conduct the transfer in accordance with applicable data protection law. This may include ensuring that appropriate safeguards, such as contractual obligations, are put in place with respect to the protection of your Personal Information and your fundamental rights and freedoms, and your rights in relation to your Personal Information.

If you would like further information regarding the steps we take to safeguard your Personal Information, or to obtain a copy of the safeguards we put in place to protect it when it is transferred, please contact us using the details in the “Contact Us” section below.

Depending on the country of your assignment or location and the compliance requirements that may apply there you may receive additional privacy notices from us or from our partners.


Retaining your personal information

We ensure that proper procedures are in place to manage your Personal Information and to remove and/or archive it when necessary.

In general terms, we only retain your Personal Information for as long as is necessary to:

When your employer instructs us to terminate your access to the Services, we will protect your Personal information and will delete it once our retention period to comply with our legal or regulatory obligations and/or protects our rights has lapsed. Our default retention period is 10 years. However, depending on the jurisdiction that governs our contract and the type of information involved, our retention period may vary.

If you would like further information regarding the periods for which your Personal Information will be stored, please contact us using the details in the “Contact Us” section below.


Your rights

Under data protection law you have certain rights in relation to the Personal Information that we hold about you. You may exercise, as may be applicable, these rights at any time by contacting us using the details set out in the “Contact Us” section below.

Your rights include:



We will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable data protection laws to protect your Personal Information.


Changes to this Data Protection Notice

We may update this Data Protection Notice from time to time to ensure that it remains accurate. Please check back each time that you provide additional Personal Information to us. Where changes to the Notice will have a fundamental impact on the nature of our processing of your Personal Information, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights in relation to your Personal Information.

This Data Protection Notice was last updated May 2018 to comply with the European General Data Protection Regulation effective as of May 25th 2018.

Contact us

Data Protection Officer / Cigna International Health Services
Plantin en Moretuslei 299
2140 Antwerp
Email: Privacy.europe@cigna.com