Privacy Policy

Qatar Insurance Company Q.S.P.C. (“QIC”) Privacy Notice

We care about your personal data:

Qatar Insurance Co. (UAE) (“we”, “us” “our”), is a leading insurance company that brings innovative and tailor-made insurance solutions coupled with world-class level of service. Protecting your privacy is a top priority for us. This privacy notice explains what type of personal data will be collected, how and why it is collected and to whom it is shared or disclosed.

Please read this notice carefully:

Who is the data controller?

A data controller is an individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. We are the data controller as defined by relevant data protection laws and regulations.

What personal data and health data will be collected?

The personal data collected will depend upon the nature of the relationship between us. In case of an insured person, this will also depend upon the type of insurance policy. We will collect and process several types of personal data about you as mentioned below:

Type of Personal Information	Details
Individual / Know Your Customer (KYC)Details	Name, address, other contact details (e.g. email and telephone numbers), date and place of birth, nationality, employer, job title
Identification Details	Identification numbers issued by government bodies or agencies, including passport number, National ID number and driving license number
Financial Information	Bank account, income, or other financial information
Risk Details	Information needed to collect in order to assess the risk to be insured and provide a quote. This may include data relating to health, or other special categories of personal data.
Policy Information	Information about the quotes received by data subjects and policies they take out
Anti-Fraud Data	Credit history, bank card/account details, sanctions, and criminal convictions, and information received from various anti-fraud databases
Previous and Current Claims	Information about previous and current claims, (including other unrelated insurances), which may include data relating to health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports.
Special Category Data	Certain categories of personal data which have additional protection under the applicable laws and regulations. The categories may include health and criminal convictions. This includes data resulting from medical reports or death certificates, your medical claims history, and details of physical and psychological health or medical conditions.
Visitor Management and Surveillance Data	Personal information such as visitor name, mobile number, national ID, CCTV surveillance
Browser Data	Information collected automatically when you communicate with us, access our websites through a browser, or application. This includes data about your visit, including the pages you view, the links you click, and other actions taken in connection with our websites and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, operating system, and access times.

Type of Health Information	Details
Medical Information	Medical history, diagnosis, treatment details, and clinical notes
Test & Diagnostic Data	Laboratory results, imaging reports (X-ray, MRI, CT scans), and test outcomes
Prescription Information	Medications prescribed and related treatment plans
Healthcare Events	Admission date, discharge date, consultation records, and procedures performed
Insurance & Claims Data	Health insurance details, claims data, and beneficiary information related to healthcare services
Health Status Information	Information relating to physical or mental health conditions, disabilities, or medical conditions
Healthcare Provider Information	Details of doctors, hospitals, and healthcare providers involved in treatment
Billing Information	Billing and payment details related to healthcare services
Medical Identifiers	Medical record numbers and other identifiers linked to healthcare services
Correspondence	Any communication or records related to diagnosis, treatment, or healthcare services

How will we obtain and use your personal data?

We will collect and use your personal data that you provide to us and that we receive about you (as explained below) for a number of purposes and with your explicit consent unless applicable laws and regulations do not require us to obtain your explicit consent, as shown below:

No.	Purpose	Explicit consent needed?
1.	Insurance contract administration (e.g., quotation, underwriting, claims handling)	Yes, where needed. However, there will be situations where consent is not required for us to process your personal data, for example in cases of medical emergency.
2.	To administer debt recoveries	No
3.	To inform you or permit QIC and selected third parties to inform you, about products and services we feel may interest you in accordance with your marketing preferences. You may withdraw this consent through the consent withdrawal option	Yes
4.	To personalize your experience on our website or mobile application by presenting products, services, marketing messages, offers and content tailored to you and to make other decisions about you using computerized technology such as assessing which products might be most suitable for you.	Where needed
5.	When processing claims we may use automated decisionmaking technology to process your personal data.	Where needed
6.	Fraud, Money Laundering, and Terrorist Financing prevention and detection	No
7.	Meet any legal obligations (e.g., tax, accounting and administrative obligations)	No
8.	To redistribute risk by means of reinsurance and coinsurance	No

As mentioned, for the purposes indicated above, we will process personal data we receive about you from you, your employer, your sponsor, third parties such as brokers and business partners, other insurers, medical providers, fraud prevention agencies and investigators, search information providers, loss adjustors, surveyors, intermediaries, delegated authorities, and lawyers.

For those purposes indicated above where we have indicated that we do not require your explicit consent, we will process your personal data based on our legitimate interests and/or to comply with our legal obligations. Legitimate interests which we use include ensuring the network and information security of our Page | 3 systems. We will not use our legitimate interest to process your personal data when your interests, rights and freedoms take priority.

Without your explicit consent, we may also use one of the following lawful bases:

For the protection of your vital interests or the vital interests of another natural person
Processing is necessary for the performance of a contract
Processing is necessary for compliance with a legal obligation to which the controller is subject
Processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity
Where the processing of your personal data is necessary for the legitimate interests of QIC or third party (unless overridden by your interests, rights, or freedoms).

In order to purchase a policy with us, we will need your personal data. Any personal data requested will be adequate, relevant, and limited to meet the necessary purposes as defined above. If you do not wish to provide this to us, we will not be able to provide the products and services you request, that you may be interested in, or to tailor our offerings to your particular requirements.

Who will have access to your personal data?

We may share your data with the institutions set out below for them to use to the same extent, and for the same purposes as us.

Third parties like third party administrators (who process claims on our behalf), surveyors, loss adjustors, other service providers who may provide one or more services (forming part of the policy that you have purchased).
With other insurers/re-insurers that may be covering the same insurance risk at the same time – multiple insurance/reinsurance – to distribute the payment of any compensation that may be owed to you, or to collaborate in the detection or prevention of fraud and financial crime.
With regulatory body or law enforcement agency (mostly in case of a legal dispute).
QIC may also share information with carefully selected strategic partners who provide services. These companies are obligated to protect your information and use it in accordance with their own privacy policies and practices.

Where will my personal data be processed?

Your personal data may be processed both inside and outside of Qatar by the parties specified in section 4 above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.
Whenever we transfer your personal data outside of UAE, We will ensure the transfer is protected by appropriate safeguards, primarily in accordance with applicable UAE laws and regulations, including the requirements of the Central Bank of the UAE (CBUAE), Dubai Health Authority (DHA) and Department of Health Abu Dhabi (DOH), in conjunction with the in-house QIC Group policies and procedures, including Standard Contractual Clauses (SCCs) for international data and fund transfers.

What are your rights in respect of your personal data?

Subject to the applicable laws, you may exercise the following rights: –

Access to your information – you have the right to request a copy of the personal information that we hold about you.
The right to be informed – of the nature of the personal data we process, why we process it, and with whom that information may be shared.
The right of access to your personal data.
The right to rectification of errors in your personal data.
The right to erasure of your personal data.
The right to restrict our processing of your personal data.
The right to portability of your personal data.
The right to object.
Rights related to automated decision making and profiling – we do not utilize automated decision making or profiling in our provision of our websites or our products and services.
You may exercise these rights by contacting us as detailed below providing your name, email address, account identification, and purpose of your request.
However, QIC reserves the right to deny or cancel its products and services in case it does not have the necessary rights to access data to conduct the KYC (Know-Your-Customer) and apply its underwriting, claim and other rules and processes.
The right to lodge a complaint with a supervisory authority – Data Subjects have the right to contact a supervisory authority directly if you believe your rights under data protection laws have been infringed.

Breach Notification Procedure

In the unlikely event of a data breach, we have a dedicated Breach Notification Procedure to ensure timely identification, assessment, and notification as necessary under GDPR. This includes notifying affected data subjects and, where required, reporting to relevant supervisory authorities.

To view our full Breach Notification Procedure, including steps on how you can report data breaches, please click here: [Data Breach Notification Procedure]

How Long We Retain Your Personal and Medical Data?

Personal Data
Personal data collected as described in Section 3 of this Privacy Notice will be retained for the duration of your policy (including any renewals) and for ten (10) years thereafter, in accordance with UAE laws and regulations. Personal data may be retained for longer where required for claims handling, dispute resolution, regulatory or judicial requests, or other legal obligations.
Medical and Health-Related Data
Medical and health-related data collected in connection with your policy will be retained for the duration of your policy (including any renewals) and for twenty-five (25) years thereafter, in compliance with Department of Health Abu Dhabi (DOH), UAE Central Bank regulations (where applicable), and other relevant UAE laws and regulations. Medical data may be retained for longer where required for claims, medical assessments, legal or regulatory proceedings, or mandatory retention requirements.Once the retention period is over the data will be deleted or anonymized. You can contact us if you require further details about our retention periods. We will not hold or process excessive personal data.

You may exercise these rights by contacting us as detailed below providing your name, email address, account identification, and purpose of your request. However, QIC reserves the right to deny or cancel its products and services in case it does not have the necessary rights to access data to conduct the KYC (Know-Your-Customer) and apply its underwriting, claim and other rules and processes.

How can you contact us?

If you have any queries about how we use your personal data, you can contact us by email or post as follows:

Saleh K. Al Mohannadi – Data Protection Officer, QIC Group

Email Address: saleh.muhannadi@qicgroup.com.qa
Phone: +974 4496 2297
Fax: +974 4483 1569

Postal Address:
Qatar Insurance Company Q.S.P.C.
P.O Box: 666,
Tamin Street, West Bay, Doha, Qatar
qic.online

Niroshan Gunawardana – Information Security Officer, QIC UAE

Email Address: niroshan.gunawardana@qicuae.com
Phone: +971 50 410 1420

Postal Address:
UAE – Qatar Insurance Co.
P.O Box: 4066,
Level 5, Business Park Building 4, Dubai Hills Estate,
Dubai, UAE

www.qicuae.com

How often do we update this data protection notice?

We regularly review this data protection notice. We will ensure the most recent version is updated in all the data collection forms.

This privacy notice was last updated on 13.04.2026