Privacy Policy

Privacy Notice

This document outlines how InsuranceMarket.ae collects, uses, and protects your personal data.

Controller: AFIA Insurance Brokerage Services LLC (trading as "InsuranceMarket.ae™", "800 ALFRED", and "Alfred")

Last updated: 12 May 2026

1. About this notice

AFIA Insurance Brokerage Services LLC ("AFIA", "we", "us", "our") is an insurance broker licensed and regulated in the United Arab Emirates. We operate the consumer brand InsuranceMarket.ae™ and the Alfred / 800 ALFRED customer contact channels. We are part of the Alfred Holdings group.

This Privacy Notice explains how we collect, use, share, and protect your personal data when you interact with us — whether you visit our website, use our mobile applications, contact our advisors, request a quote, take out a policy, or make a claim. It is issued in accordance with Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (the "UAE PDPL") and its implementing regulations.

If anything in this notice is unclear, please contact our Data Protection Officer using the details below.

2. Who we are and how to contact us

Legal entityAFIA Insurance Brokerage Services LLC
Head office27th Floor, Control Tower, Motor City, Dubai, UAE, PO Box 26423
Branch officeAmal Mohammed Sharif Mohammed Saleh Hamza Building, Al Dana, East 1, Abu Dhabi, UAE
Toll-free800 ALFRED (800-253-733)
General emailaskalfred@insurancemarket.ae
CBUAE registrationNo. 85
Dubai trade licenceNo. 238534 (Department of Economy & Tourism)
Abu Dhabi trade licenceNo. CN-5385024 (Abu Dhabi Department of Economic Development)
Health insurance intermediaryDHA Permit BRK-00003 / DoH Abu Dhabi B092

For the purposes of the UAE PDPL, AFIA Insurance Brokerage Services LLC is the data controller for the personal data described in this notice.

3. Scope of this notice

This notice applies to personal data we process about:

  • Customers and prospects — individuals who request a quote, hold a policy, or interact with our services;
  • Policy beneficiaries and dependants — for example, family members covered under a health or motor policy;
  • Third parties to a claim — for example, other drivers, vehicle owners, or witnesses involved in an accident;
  • Representatives of corporate customers — directors, signatories, authorised persons, and ultimate beneficial owners (UBOs);
  • Website and app users — visitors to insurancemarket.ae and users of the Insurance Wallet within the myAlfred mobile application.

It covers our website (https://insurancemarket.ae), our advisor and contact-centre channels, our broker operations, and the Insurance Wallet feature in the myAlfred mobile application. The myAlfred rewards platform itself is operated by a separate group entity, myAlfred LLC, under its own privacy notice.

This notice does not apply to:

  • Insurance carriers, reinsurers, or other third-party service providers, who act as separate controllers for their own purposes — please refer to their own privacy notices;
  • Third-party websites linked from our services.

4. The personal data we collect

We collect personal data that is necessary to provide brokerage services, place insurance cover, handle claims, comply with our legal obligations, and operate our business. The specific data we collect depends on the products and services you use.

4.1 Identification and contact data

  • Full name (as per Emirates ID or passport)
  • Date of birth and age
  • Nationality
  • Gender
  • Emirates ID number and a copy of the front and back of the card
  • Passport copy (for non-residents or where applicable)
  • Residential address
  • Mobile number
  • Email address
  • Occupation and employer

4.2 Driving profile (motor insurance)

  • UAE driving licence number, issue date, expiry date, place of issue and traffic code number
  • Copy of the UAE driving licence
  • Home-country driving licence details (where relevant for new UAE residents, to evidence driving experience or no-claims history)
  • Driving and claims history

4.3 Vehicle data (motor insurance)

  • Make, model and trim
  • Model year / year of manufacture
  • Vehicle type and origin (GCC / Non-GCC specification)
  • Cylinder, engine number and chassis number
  • Vehicle colour
  • Seat capacity
  • First registration date and Emirate of registration
  • Vehicle registration type (private / commercial)
  • Whether the vehicle is bank-financed (and the lender's name, where applicable)
  • Whether the vehicle has been modified (and details of modifications)
  • A copy of the Mulkiya (vehicle registration card)

4.4 Claims and incident data

  • Claim notification details and circumstances of loss
  • Police reports and accident reports
  • Photographs and videos of damage
  • Repair estimates, workshop details and invoices
  • Third-party details where another party is involved in the incident — name, contact details, vehicle information, and any documentation they provide
  • For health insurance claims: medical records, diagnoses, treatment information, medical invoices, and other clinical information necessary to assess the claim (see Section 5 — Sensitive personal data)

4.5 Financial and payment data

  • Payment method (card, bank transfer, cheque)
  • Name on the payment method
  • Tokenised card reference (we do not store full primary account numbers)
  • Bank account name, bank name and IBAN (for refunds and, where applicable, payouts)

4.6 Corporate-customer data and KYC/AML information

For policies issued to companies or where a corporate party is involved, we also collect:

  • Company name and registered address
  • Trade licence, Memorandum of Association and VAT registration certificate
  • Authorised person(s) — name, designation, contact details, and Emirates ID or passport copy
  • Ultimate beneficial owner(s) (UBOs) — full name, nationality, date of birth, ownership percentage, and Emirates ID or passport copy
  • Company bank account and payment-method details
  • Source of funds and a description of the business activity
  • Other documentation required under UAE anti-money-laundering and counter-terrorism-financing rules

4.7 Digital and online interaction data

When you visit our website or use our mobile application we automatically collect:

  • IP address, approximate location derived from your IP address, and time-zone settings
  • Device information (device type, model, operating system, screen size)
  • Browser type and version and language settings
  • Pages viewed, links clicked, time spent and other usage statistics
  • Referral URLs (the page that brought you to our services)
  • Server logs (request times, HTTP status codes, error events)
  • Cookies and similar technologies

4.8 Communications and recordings

  • Records of calls to our advisors and contact centre (calls are recorded for quality, training, compliance and dispute-handling purposes — you are informed before the recording starts)
  • Emails, SMS, in-app messages, web-chat transcripts and other written correspondence
  • Feedback, complaints, survey responses and reviews you submit to us

5. Sensitive personal data

Under the UAE PDPL, certain categories of data are treated as "sensitive personal data", including data revealing a person's health, biometric characteristics, ethnic or racial origin, political opinions, religious beliefs, or criminal record.

We process sensitive personal data only where necessary, and only in the following circumstances:

  • Health data, where you apply for, hold, or claim under a health insurance policy, or where health information is relevant to a motor or other policy (for example, injuries arising from a motor accident). We process this data on the basis that it is necessary for the conclusion or performance of your insurance contract and for the establishment, exercise or defence of legal claims. Where required, we will obtain your explicit consent.
  • Biometric data (such as a facial image used for identity verification), only where you have given explicit consent or where it is required by law.

Sensitive personal data is subject to additional access controls within our systems and is shared only with parties that have a clear need to receive it (such as your insurer or a medical provider).

6. Sources of the personal data we hold

We obtain personal data from the following sources:

  • Directly from you — when you submit a quote request, complete a form, speak to an advisor, register an account, file a claim, or make a payment;
  • From your representative — for example, an authorised person of your company, a family member completing an application on your behalf, or your insurance advisor at your previous broker;
  • From insurers and reinsurers — for example, policy documentation, no-claims discount records, or claim outcomes;
  • From service providers acting on our behalf — KYC and screening providers, payment processors, telematics or vehicle-data providers;
  • From public and regulatory sources — UAE government databases (where we are authorised to query them), sanctions and politically-exposed-person lists, the Roads & Transport Authority, the AECB (Al Etihad Credit Bureau), and similar bodies;
  • From third parties in connection with a claim — police reports, accident reports, witness statements, and other parties' insurers.

7. Why we use your personal data and our legal basis

We process your personal data only where we have a lawful basis to do so under the UAE PDPL. The table below summarises our main purposes and the corresponding legal basis.

PurposeLegal basis under the UAE PDPL
Responding to quote requests, including comparing offers across insurersNecessary for steps prior to entering into a contract; legitimate interests
Placing, issuing, renewing and administering insurance policiesNecessary for the performance of a contract with you
Handling claims — assessment, investigation, settlement and recoveryNecessary for the performance of a contract; legitimate interests (including fraud prevention); legal obligation
Verifying your identity, screening against sanctions and politically-exposed-person lists, and meeting KYC, UBO and anti-money-laundering obligationsLegal obligation under UAE AML/CFT law and CBUAE regulations
Complying with our regulatory obligations as a licensed broker (CBUAE, DHA, DoH Abu Dhabi, DET Dubai, ADED, UAE Data Office)Legal obligation
Collecting payments, issuing refunds, and maintaining financial recordsNecessary for the performance of a contract; legal obligation (tax, accounting)
Detecting and preventing fraud, including insurance-application fraud and payment fraudLegitimate interests; legal obligation
Operating our website and mobile application, including security, availability and incident responseLegitimate interests
Improving our products, services and customer experience, including analytics and aggregated reportingLegitimate interests
Recording calls and chats for quality assurance, training, complaints handling and dispute resolutionLegitimate interests; legal obligation
Sending marketing communications about our products and servicesYour consent (which you can withdraw at any time)
Defending or pursuing legal claims, responding to regulators and law-enforcement requests, and exercising or protecting our legal rightsLegitimate interests; legal obligation
Sharing limited data with other Alfred Holdings group companies (including myAlfred LLC) to deliver linked services such as the Insurance Wallet and rewards programmesLegitimate interests; your consent where required

For sensitive personal data, we rely on the additional legal bases provided under the UAE PDPL — in particular, the necessity of processing for the performance of the insurance contract, for the establishment, exercise or defence of legal claims, or, where required, your explicit consent.

8. Automated decision-making and profiling

Some of our underwriting, pricing, fraud-screening and quote-comparison processes use automated tools that analyse the data you provide (for example, vehicle and driver profile data) to generate premium indications, eligibility outcomes, or risk scores.

Under the UAE PDPL, you have the right to object to decisions made solely on the basis of automated processing where those decisions produce legal effects or similarly significantly affect you. In practice, a human advisor reviews material decisions (such as declinature of a policy or claim) before they are communicated to you. If you would like a human review of any automated outcome, please contact us.

9. Who we share your personal data with

We share your personal data with the categories of recipient listed below, where it is necessary for the purposes described in this notice and subject to appropriate safeguards.

9.1 Insurance carriers, reinsurers and intermediaries

We share the personal data necessary to obtain quotes, place cover and process claims with the insurance companies whose products we present to you, and through them with their reinsurers, loss adjusters, surveyors, and recovery agents. The insurer named on your policy is a separate data controller and will process your data under its own privacy notice.

9.2 Claims-related providers

Where you make a claim we may share your data with:

  • Approved garages, workshops and repairers
  • Medical providers, clinics and hospitals (for health-related claims)
  • Loss adjusters, surveyors and investigators
  • Other parties' insurers, brokers and legal representatives
  • Police and other authorities involved in the incident

9.3 Service providers acting on our behalf (processors)

We engage third parties to provide IT, cloud-hosting, communications, customer-service, payment-processing, KYC and screening, document-storage, marketing-technology, and analytics services. These providers act on our instructions under contractual data-protection terms and are not permitted to use your data for their own purposes.

9.4 Alfred Holdings group companies

We share limited personal data with other companies in the Alfred Holdings group — in particular myAlfred LLC — to enable linked services such as the Insurance Wallet feature, single sign-on, and the Alfred rewards programme. Each group company processes data under its own privacy notice and under intra-group data-protection arrangements.

9.5 Regulators, authorities and law-enforcement

We disclose personal data where required by law or in response to a lawful request, including to:

  • The Central Bank of the UAE (CBUAE)
  • The Dubai Health Authority (DHA) and the Department of Health — Abu Dhabi (DoH)
  • The Department of Economy & Tourism Dubai (DET) and the Abu Dhabi Department of Economic Development (ADED)
  • The UAE Data Office and other UAE federal and local data-protection authorities
  • The UAE Financial Intelligence Unit, in connection with anti-money-laundering and counter-terrorism-financing reporting
  • Courts, public prosecutors, police and other law-enforcement bodies
  • Tax authorities

9.6 Professional advisers

We share personal data, where necessary, with our auditors, lawyers, accountants and other professional advisers, who are bound by duties of confidentiality.

9.7 Industry bodies and credit-reference agencies

Where relevant, we share data with:

  • The Emirates Insurance Federation and the Gulf Insurance Federation
  • The DIFC Insurance Association
  • The AECB (Al Etihad Credit Bureau) and similar credit-reference agencies, in connection with credit checks for selected products

9.8 In the context of a corporate transaction

If we sell, restructure, merge, demerge, or transfer all or part of our business, we may share personal data with the counterparty and its advisers, subject to appropriate confidentiality and data-protection safeguards.

We do not sell your personal data.

10. International transfers

Some of the recipients listed above are located outside the UAE — for example, international insurers and reinsurers, global cloud providers, and group companies.

Under the UAE PDPL, we transfer personal data outside the UAE only where one of the following applies:

  • The destination country has been recognised by the UAE Data Office as providing an adequate level of protection;
  • The transfer is covered by an appropriate contractual mechanism (such as standard contractual clauses or binding corporate rules) that imposes equivalent data-protection obligations on the recipient;
  • The transfer is necessary for the performance of your insurance contract or for the conclusion or performance of a contract in your interest;
  • The transfer is necessary to comply with a legal obligation, to defend legal claims, to protect the vital interests of a data subject, or for another lawful purpose recognised under the PDPL;
  • You have given your explicit consent to the transfer, having been informed of the risks involved.

You can request information about the safeguards in place for a specific transfer by contacting our DPO.

Health data of individuals in the UAE is stored and processed within the UAE in accordance with Federal Law No. 2 of 2019. Where a cross-border transfer of health data is necessary (for example, to an international reinsurer), it is carried out only within the limited circumstances permitted by that law and with the regulatory approvals required by the DHA or the DoH Abu Dhabi.

11. Payment-card data

Where you pay by card, the card data is captured by our payment-services provider, which is PCI DSS compliant. We do not store the full primary account number (PAN), CVV or full card data on our systems. We may store a payment token (a non-sensitive reference issued by the payment provider) so that you can renew or make further payments without re-entering your card details. The token cannot be used to make a payment outside our authorised payment channels.

12. How long we keep your personal data

We keep personal data only for as long as we need it for the purposes set out in this notice, or for as long as we are required to keep it by law.

The period for which we retain any particular category of personal data is determined by reference to:

  • the nature and purpose of the processing, and whether an ongoing relationship or service is in place;
  • our legal and regulatory obligations — in particular CBUAE record-keeping rules, UAE anti-money-laundering and counter-terrorism-financing requirements (which require records to be retained for at least five years from the end of the business relationship), UAE tax and accounting law, and applicable health-data record-keeping requirements;
  • the statutory limitation periods applicable to potential legal claims under UAE law, which may extend retention of claims-related records for several years after a claim is settled;
  • the need to handle complaints, disputes and regulatory investigations; and
  • legitimate business needs, such as fraud prevention and information security.

Our internal Records Retention Schedule sets out the specific periods that apply to each category of data, and you may request a summary by contacting our Data Protection Officer.

After the applicable retention period, we securely delete the data or anonymise it so that it can no longer be associated with you. We may retain anonymised or aggregated data indefinitely for analytical and statistical purposes.

13. Cookies and similar technologies

Our website uses cookies and similar technologies for the following purposes:

  • Strictly necessary — to enable core site functionality, security, and fraud prevention (cannot be disabled);
  • Functional — to remember your preferences and settings;
  • Analytics — to understand how our site is used and to improve it;
  • Marketing — to deliver and measure the effectiveness of advertising.

You can manage non-essential cookies through the cookie banner on our website and through your browser settings. Disabling cookies may affect some site functionality.

14. Children's data

Our services are intended for adults — individuals aged 18 or over. We do not knowingly market to or knowingly collect personal data directly from minors. We do, however, process personal data about minors as named beneficiaries or dependants under policies taken out by their parents or legal guardians (for example, dependants under a family health policy). In such cases, the policyholder is responsible for providing the minor's data and for informing the minor in an age-appropriate manner.

If you believe a minor has provided personal data to us directly, please contact our DPO so we can delete it.

15. Security of your personal data

We apply technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, loss or destruction. These measures include encryption in transit and at rest for sensitive data, access controls based on the principle of least privilege, network segmentation, logging and monitoring, regular vulnerability and penetration testing, employee training, vendor due diligence, and incident-response procedures. For our health-insurance activities, our information-security controls are aligned with the DHA Health Data Standards (Dubai) and the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) (Abu Dhabi).

No system can be guaranteed to be entirely secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Office and affected individuals in accordance with our legal obligations.

You can help us protect your data by using a strong, unique password for your account, by not sharing your credentials, and by reporting any suspicious activity to us promptly.

16. Your rights under the UAE PDPL

Subject to the conditions and limits set out in the UAE PDPL, you have the following rights in relation to your personal data:

  • Right to information — to be informed about how we process your personal data (this notice is the principal way in which we provide that information);
  • Right of access — to request a copy of the personal data we hold about you and certain information about how we process it;
  • Right to rectification — to ask us to correct personal data that is inaccurate or incomplete;
  • Right to erasure — to ask us to delete personal data, where we no longer have a lawful basis to keep it (this right is subject to legal and regulatory retention obligations, which mean we may not always be able to delete data on request);
  • Right to restriction of processing — to ask us to limit how we use your personal data in specified circumstances;
  • Right to data portability — to receive certain personal data you have provided to us in a structured, commonly used, machine-readable format, or to have it transmitted to another controller, where technically feasible;
  • Right to stop processing — to object to processing carried out for our legitimate interests or for direct marketing, and to withdraw consent at any time where we rely on consent (without affecting the lawfulness of prior processing);
  • Rights in relation to automated decision-making and profiling — see Section 8;
  • Right to contact the DPO — to raise any concern about how we process your personal data;
  • Right to lodge a complaint with the UAE Data Office.

To exercise any of these rights, contact our Data Protection Officer using the details below. We may need to verify your identity before responding. We will respond within the period required by the UAE PDPL and its implementing regulations. There is normally no charge, but we may charge a reasonable fee or refuse to act where a request is manifestly unfounded or excessive, as permitted by law.

17. Contacting the Data Protection Officer and lodging a complaint

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with the UAE PDPL and addressing data-protection enquiries and complaints.

Data Protection Officer
Email: denis.yakimov@alfred.holdings
Postal address: Data Protection Officer, AFIA Insurance Brokerage Services LLC, 27th Floor, Control Tower, Motor City, PO Box 26423, Dubai, UAE

If you are not satisfied with how we have handled your personal data or your request, you have the right to lodge a complaint with the federal data-protection regulator:

For complaints specifically relating to health data, you may also contact the Dubai Health Authority (DHA) or the Department of Health — Abu Dhabi (DoH), depending on the Emirate in which the relevant health-insurance activity took place.

We would, however, appreciate the opportunity to address your concerns directly before you escalate to the regulator.

18. Changes to this notice

We may update this notice from time to time — for example, to reflect changes in our services, in the law, or in regulatory guidance. When we make material changes, we will post the updated notice on our website, update the "Last updated" date at the top, and, where appropriate, notify you directly. Please review this notice periodically.

19. Governing law

This Privacy Notice and any matter arising from or in connection with it is governed by the laws of the United Arab Emirates, including the UAE PDPL and its implementing regulations.

InsuranceMarket.ae™ is the registered trademark of AFIA Insurance Brokerage Services LLC, an Alfred Holdings company.