Privacy Policy
Privacy Policy for Āmen
Last Updated: August 13, 2025
1. Introduction
This platform is operated by Shield Insurtech Brokers WLL ("we," "us," or "our"), a company licensed and regulated by the Central Bank of Bahrain (CBB) as an Insurance Broker (Insurance Aggregator).
This Privacy Policy outlines our commitment to protecting the privacy of our users ("you," "your"). It explains how we collect, use, process, share, and protect your Personal Data when you use our website, mobile application, and related services (collectively, the "Platform").
We are committed to processing your data in accordance with the Personal Data Protection Law No. 30 of 2018 (the "PDPL") and the CBB Rulebook, ensuring your information is handled with the utmost care and confidentiality.
2. Scope and Consent
This policy applies to all visitors, users, and others who access the Platform. By accessing or using our Platform, you signify your understanding of and agreement to the terms of this Privacy Policy. Where your explicit consent is required for the processing of certain types of data (such as sensitive personal data), we will seek to obtain it separately.
Age Restriction:
If you are under the age of 18, you may only use our services with the consent and supervision of a parent or guardian.
3. The Data We Collect
We collect Personal Data to provide and continuously improve our services. The types of data we collect are:
a) Information You Provide Directly:
- Identity & Contact Data: Your full name, CPR number, passport details, date of birth, gender, nationality, postal address, email address, and telephone number.
- Financial Data: To process payments for insurance policies, we utilize several secure payment gateways. Depending on the option you choose, your payment will be processed by:
- Mastercard Payment Gateway Services (MPGS): For credit/debit card payments. Your card information is sent directly to MPGS and is not stored on our servers. We only store a secure token provided by MPGS to reference your transaction.
- Benefit Web Payment Gateway & BenefitPay: For payments using the Benefit network. Your payment details are handled directly by Benefit.
- Apple Pay: For payments made via your Apple Wallet. Your device-specific account number is processed by Apple, and we do not receive your actual card numbers. In all cases, the handling and security of your sensitive payment information are managed by these third-party payment processors. We do not store your full card or bank account numbers on our systems.
- eKYC Verification Data: For identity verification and to comply with regulatory requirements, we use third-party services, ShuftiPro and Benefit Wathiq. The data collected through these services includes facial recognition data, liveness checks, and verification of your official identification documents.
- Insurance-Specific Data: Information required by insurance providers to generate accurate quotes and issue policies. This may include:
- For Motor Insurance: Vehicle registration details, driving license information, and claims history.
- For Health Insurance: Information about your health, medical history, and lifestyle (classified as Sensitive Personal Data).
- For Travel Insurance: Travel dates, destinations, and details of fellow travelers.
- Communications: Records of your correspondence with us, including emails, chat sessions, and feedback.
b) Information We Collect Automatically:
- Technical Data: Your Internet Protocol (IP) address, browser type and version, device ID, operating system, and location data.
- Usage Data: Information about how you navigate and interact with our Platform, including pages viewed, services used, and time spent on the Platform.
4. How We Use Your Personal Data
We use your Personal Data for the following purposes, based on a lawful basis for processing under the PDPL:
| Purpose of Processing | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To Provide Our Services (e.g., generate quotes, facilitate policy purchase) | Identity, Contact, Financial, Insurance-Specific Data | Necessary for the performance of a contract with you. |
| To Verify Your Identity (eKYC) | Identity, eKYC Verification Data | Necessary for compliance with a legal obligation (CBB regulations, AML/CFT laws). |
| To Process Payments | Financial, Identity Data | Necessary for the performance of a contract with you. |
| To Communicate With You | Contact, Identity, Communications Data | Necessary for the performance of a contract and our legitimate interests (to keep you updated). |
| To Comply with Legal & Regulatory Obligations | All relevant data categories | Necessary for compliance with a legal obligation (PDPL, CBB Rulebook, etc.). |
| To Improve Our Platform & Services | Technical, Usage Data | Our legitimate interests (to enhance user experience and develop new features). |
| For Marketing & Promotions | Contact, Usage Data | Your explicit consent. You can withdraw your consent at any time. |
| To Prevent Fraud and Secure Our Platform | All relevant data categories | Our legitimate interests (to protect our business and our users). |
Processing of Sensitive Personal Data: We will only process your sensitive personal data (e.g., health information for medical insurance) after obtaining your explicit consent, or where processing is necessary for the establishment, exercise, or defense of legal claims related to an insurance policy.
5. Data Sharing and Disclosure
We do not sell your Personal Data. We may share your data with the following parties only when necessary:
- Insurance Providers: To obtain quotes and issue the insurance policy you have selected.
- Payment Gateways: With our trusted payment partners, including Mastercard Payment Gateway Services (MPGS), Benefit, and Apple Pay, to securely process your payments. We do not store your full credit/debit card details on our systems. The handling and security of your card information are managed directly by these payment providers.
- eKYC Service Providers: With ShuftiPro and Benefit (for Wathiq) to perform mandatory identity verification.
- Regulatory Authorities: With the Central Bank of Bahrain (CBB) and other law enforcement or government bodies as required by law or to respond to legal processes.
- Professional Advisors: Including lawyers, auditors, and consultants to the extent necessary for them to provide their services to us.
We ensure that all third parties with whom we share your data are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
6. International Data Transfers
Your Personal Data may be transferred to, and processed in, countries outside of the Kingdom of Bahrain. We will only transfer your data to countries that are deemed to provide an adequate level of data protection by the Bahraini authorities or where we have put in place appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is protected in accordance with the PDPL.
7. Data Security
We have implemented robust technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include data encryption, access controls, secure server environments, and regular security assessments.
8. Data Retention
We will retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected. This includes satisfying any legal, regulatory, accounting, or reporting requirements. As per CBB regulations, records related to your transactions and identity verification must be kept for a minimum of five (5) years after the termination of the business relationship.
9. Your Legal Rights
Under the PDPL, you have the following rights regarding your Personal Data:
- The Right to be Informed: To know how we are processing your data.
- The Right of Access: To request a copy of the Personal Data we hold about you.
- The Right to Rectification: To request the correction of inaccurate or incomplete data.
- The Right to Erasure: To request the deletion of your data, subject to certain conditions.
- The Right to Restrict Processing: To request a halt on the processing of your data in certain circumstances.
- The Right to Object: To object to the processing of your data, particularly for direct marketing.
- The Right to Data Portability: To request that we transfer your data to another organization in a structured, commonly used format.
- The Right to Complain: To lodge a complaint with the Bahrain Personal Data Protection Authority if you believe your rights have been infringed.
To exercise any of these rights, please contact our Data Protection Officer using the details provided below.
10. Cookies
Our Platform uses cookies to enhance user experience. A cookie is a small text file stored on your device. For more information on how we use cookies, please see our Cookie Policy.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.