Personal Data Protection Policy and Practices

ING Life Insurance Company (Bermuda) Limited
ING Pension Trust Limited
ING General Insurance Company Limited
ING Life Insurance Company (Macau) Limited
ING Financial Planning

ING Hong Kong & Macau ("ING") is committed to implementation and compliance with the provisions of the Personal Data (Privacy) Ordinance ("Ordinance"). In this context the Corporate Data Protection Officer is responsible for coordinating and overseeing compliance with the Ordinance and the upholding of the Data Protection Principles set out in the Ordinance.

ING provides its customers with insurance and financial services. In the operation of its business, ING collects personal data from individuals in connection with the provision of insurance policies, the establishment of financial and other services, and in the ordinary course of the administration of policies, including third party administration, and undertaking other business relationships. Failure by individuals to supply such data may result in ING being unable to write new policies or establish or continue insurance facilities, or provide financial services.

It is the policy of ING that only such personal data as is required for the purposes directly related to the provision of insurance policies and financial services will be collected from individuals. It is the practice of ING to explicitly notify individuals at the time of collection of personal data of the purposes, in general or specific terms, for which the data collected will be used.

Furthermore, it is the practice of ING at the time of collection of personal data to explicitly inform individuals of the classes of person to whom data collected from them may be transferred and to notify them explicitly of their rights to request access to and correction of personal data kept by ING, and to provide the address of the Corporate Data Protection Officer to whom personal data access and correction requests may be made.

It is the practice of ING to inform individuals of these matters either verbally or by providing a written statement. Individuals may then be asked to sign a declaration confirming his or her understanding of these rights under the Ordinance. In addition individuals can consent to personal data being used for other purposes, such as for the purpose of marketing ING's services and products. In addition, prominent notices containing the relevant information are on display in ING's office premises to which customers have accesses.

Without the express consent of the individual concerned, personal data will not be used by ING for any purposes other than those for which it was to be used at the time of collection, or transferred to any third party outside the classes notified at the time of collection.

It is the policy of ING to ensure accuracy of all personal data collected and processed by ING. Appropriate procedures are implemented so that all personal data is regularly checked and updated to ensure that it is reasonably accurate having regard to the purposes for which that data is used. In so far as personal data held by ING consists of statements of opinion, all reasonably practicable steps are taken to ensure that any facts cited in support of such statements of opinion are correct.

ING will at all times endeavour to ensure the accuracy of personal data held by ING, and if such personal data is transferred to third parties, it will notify that third party of any correction to be made.

No personal data is kept for longer than is necessary for the purposes for which it was collected. Procedures are in place to dispose of obsolete records through implementation of appropriate review and retention periods for different types of personal data.

It is the policy of ING to ensure an appropriate level of protection for personal data in order to prevent unauthorized access, processing or other use of that data, commensurate with the sensitivity of the data and the harm that would be caused by unauthorized access to that data. It is the practice of ING to achieve appropriate levels of security by restricting physical access to data, providing secure storage facilities and incorporating security measures into equipment in which data is held. Measures are taken to ensure the integrity, prudence, and competence of persons having access to personal data and personal data is only transmitted by secure means.

It is the policy of ING to ensure that all staff are familiar with the requirements of ING Personal Data Policy in order to assist individuals in making requests for data access or data correction and that all such requests are dealt with in accordance with the provisions of the Ordinance.

ING has implemented administrative arrangements for handling data access and correction requests. The Corporate Data Protection Officer has the necessary authority to seek information from those responsible within ING for the personal data and a system has been implemented for checking progress in responding to requests to ensure that the time limits prescribed by the Ordinance are complied with.

It is the policy of ING to charge a nominal fee in respect of a data access request. If a person making a data access request requires an additional copy of the personal data, ING may charge a fee to cover the full administrative and other costs incurred in supplying that additional copy.

Further enquiries regarding ING's Personal Data Protection Policy and Practices may be directed to: -

The Corporate Data Protection Officer

1st Floor, ING Tower,
308 Des Voeux Road Central, Hong Kong

Telephone : (852) 2850 3830

Fax : (852) 2850 3838