Last Updated October 2025
1. Scope
Hartford Singapore Pte Ltd (“we, us, our or Hartford Sg”) values your trust and is committed to the responsible management, use and protection of personal data. This Privacy Notice will explain how we collect and use Personal Data (as defined below) about you when you use our services, in accordance with Singapore’s Personal Data Protection Act (“PDPA”).
This customer and third party privacy notice (“Privacy Notice”) is applicable to the information collected from or about you, whether through your interactions with us or otherwise. We do not handle or process any consumer personal data. We collect and process our staff’s personal data and limited personal data of individuals who are representatives of corporations with whom we interact with.
This Privacy Notice supplements, but does not replace other applicable policies, practices and privacy notices that may relate to specific business relationships you have with Hartford Sg or with any member of the Hartford Group (“Hartford Group” refers to Hartford Sg and its related corporations around the world) with respect to certain products or services, as described in the applicable privacy notice. In the event of a conflict between this Privacy Notice and a privacy notice for a specific product or service, the specific product or service privacy notice shall govern.
We may update this Privacy Notice at any time and any revisions will be posted on the company website, here: The Hartford Privacy Policies.
Index
- Scope
- Personal Data We Collect
- How We Collect Your Data
- Purpose and Legal Basis For Processing your Personal Data
4.1 Processing
4.2 Marketing - How We Secure Your Personal Data
- How Long We Retain Your Personal Data
- Data Accuracy and Your Duty to Inform Us of Changes
- Your Data Protection Rights
- Changes to Our Privacy Notice
- How to Contact Us
2. Personal Data We Collect
We collect and process human resource personal data and limited personal data of individuals who are representatives of corporations with whom we interact with (collectively “Personal Data”).
3. How We Collect Your Data
You either directly provide Hartford Sg with most of the Personal Data we collect or your Personal Data is provided to us by your agents or other third parties. We collect and process Personal Data when you or the company which you are employed by or whom you represent, interact with us or provide your Personal Data to us including but not limited to when you contact us.
4. Purpose and Legal Basis For Processing your Personal Data
4.1 Processing
Our processing activities vary depending on the context. In a human resource context, we administer a separate privacy notice or employee consent to our staff. In other contexts, such as mainly when we deal with representatives of corporations, we collect, use, disclose and/or process their Personal Data for the following purposes:
(a) administering, facilitating, managing, processing and/or dealing with your relationship or your Company’s relationship, with us (“Company” refers to the company that is your employer or which you represent);
(b) administering, facilitating, processing and/or dealing in any transactions or activities carried out by you or the Company;
(c) carrying out and/or facilitating your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
(d) contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for one or more of the Purposes stated herein.
(e) carrying out due diligence or other screening activities (including background checks, anti-money laundering checks, know your client checks) in accordance with legal or regulatory obligations (whether of Singapore or other countries) applicable to us or any Hartford Group entity, the requirements or guidelines of governmental authorities (whether of Singapore or other countries) which we determine are applicable to us or any Hartford Group entity, and/or our or any Hartford Group entities’ risk management procedures that may be required by law (whether of Singapore or other countries) or that may have been put in place by us or any Hartford Group entities;
(f) to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned, regardless that such prevention or investigation involves us and/or is done by us or any Hartford Group entities; dealing with conflict of interests; or dealing with and/or investigating complaints; carrying out fraud detection and/or credit risk control in relation to your transactions or attempted transactions with us;
(g) complying with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or any Hartford Group entity, including meeting the requirements to make disclosure under the requirements of any law binding on us or any Hartford Group entity, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Singapore or other countries), with which we or any Hartford Group entity is/are expected to comply;
(h) complying with or as required by any request or direction of any governmental authority (whether of Singapore or other countries) which we or any Hartford Group entity is/are expected to comply with; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities (whether of Singapore or other countries). For the avoidance of doubt, this means that we may/will disclose your personal data to the aforementioned parties upon their request or direction;
(i) storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
(j) facilitating, dealing with and/or administering external audit(s) or internal audit(s) of the business of Hartford Sg and/or of any Hartford Group entities, and/or our or a Hartford Group entity’s transactions with our/its customers;
(k) dealing with and/or facilitating a business asset transaction or a potential business asset transaction, where such transaction involves Hartford Sg as a participant or involves only a Hartford Group entity as a participant or involves Hartford Sg and/or any Hartford Group entities as participant(s), and there may be other third party organisations who are participants in such transaction. “business asset transaction” is defined in the PDPA and includes the purchase, sale, lease, merger or amalgamation or any other acquisition, disposal or financing of an organisation or a portion of an organisation or of any of the business or assets of an organisation;
(l) record-keeping purposes and producing statistics and research for internal and/or statutory reporting and/or record-keeping requirements, of Hartford Sg or of any Hartford Group entities; and
(m) Hartford Sg, Hartford Group’s or a Hartford Group entity’s reporting purposes including but not limited to reporting on Hartford Sg’s business performance.
(the purposes set out in this paragraph 4.1 above shall be collectively referred to as the “Purposes”)
4.1.2 Hartford Sg may/will need to disclose your personal data to third parties, whether located within or outside Singapore, for one or more of the above Purposes, as such third parties, would be processing your personal data for one or more of the above Purposes. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to disclose your personal data to such third parties (whether located within or outside Singapore) for one or more of the above Purposes and for the said third parties to subsequently collect, use, disclose and/or process your personal data for one or more of the above Purposes. Without limiting the generality of the foregoing or of paragraph 4.1, such third parties include:
(a) any Hartford Group entities;
(b) any of our agents, contractors or third party service providers that process or will be processing your Personal Data, whether on our behalf or otherwise, including but not limited to those which provide administrative or other services to us, mailing houses, telecommunication companies, information technology companies and data centres. Additionally, any party to whom Hartford Sg outsources the performance of certain functions or activities of Hartford Sg;
(c) third parties with whom we enter into or may enter into any contractual or other arrangement in relation to the products or services to be provided to you or your Company; and
4.2 Marketing
We may use your Personal Data to send you marketing communications about our insurance products or our related services. This may be in the form of email, printed material sent by post, text/SMS, or telephone. We will only ever do this in accordance with law, such as with your consent.
5. How We Secure Your Personal Data
The protection and security of your Personal Data is important to us. We employ reasonable physical, administrative, and technical safeguards to protect the Personal Data you provide to us and which is stored in our systems. We require service providers to take appropriate security measures to protect your Personal Data in line with our policies. We only permit service providers to process your Personal Data for specified purposes and in accordance with our instructions.
We have in place security measures to protect the security of your information and to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, service providers, agents, contractors and other third parties who have a business need to access your data. They will only process your Personal Data on our instructions or as required under applicable law, and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to respond to any suspected data security breach and will notify you and any applicable regulator of a breach of your Personal Data where we are legally required to do so.
6. How Long We Retain Your Personal Data
We retain your Personal Data pursuant to our records management policy. Our records management policy has been designed to ensure that we maintain Personal Data for that period of time necessary for the purposes for which we collected the data, and also to ensure that we comply with all applicable statutory and regulatory requirements for retaining records, including Personal Data.
7. Data Accuracy and Your Duty to Inform Us of Changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed of any changes to your Personal Data during your relationship with us.
8.6 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact consumerprivacyinquiriesmailbox@thehartford.com. Unless we have another lawful basis or exception for continuing to process your Personal Data, once we have received notification that you have withdrawn your consent, and verified your identity we will no longer process your Personal Data for the purpose or purposes you originally agreed to; further, unless we have another lawful basis for continuing to process your Personal Data, we will dispose of it securely.
8. Your Data Protection Rights
8.1 You have the right to access and/or correct any personal data that we hold about you, subject to exceptions under the law. This right can be exercised at any time by emailing us at consumerprivacyinquiriesmailbox@thehartford.com. We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. With respect to your access request, we may charge a fee in order to process it.
8.2 For a request to access personal data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant personal data within 30 days. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested. Note that the PDPA exempts certain types of personal data from being subject to your access request.
8.3 For a request to correct personal data, once we have sufficient information from you to deal with the request, we will correct your personal data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. Note that the PDPA exempts certain types of personal data from being subject to your correction request as well as provides for situation(s) when correction need not be made by us despite your request.
8.4 Further rights may arise in future under amendments to the PDPA and in such a case, we will accord you such rights as provided for by the PDPA.
8.5 We may need to request specific information from you to help us confirm your identity in connection with any of the above rights. This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Back to Index
9. Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at any time in order to address future developments of Hartford Sg, our services, or changes in law or industry practices.
10. How to Contact Us
We have appointed a data protection officer ("DPO") to oversee compliance with this Privacy Notice. Our DPO is Rajah and Tann Singapore Limited, #6-7, Marina One West Tower, Singapore. If you want to contact the DPO, or if you have any questions about this Privacy Notice or how we handle your Personal Data, please contact us at consumerprivacyinquiriesmailbox@thehartford.com.