Privacy Policy

CXA Privacy Policy


  1. CXA Group Pte Limited (Singapore registration no.: 201303355E and formerly known as Connexionsasia Pte Limited) (CXA) and its affiliates and group companies are committed to personal data protection and will continually strive to protect personal data in accordance with applicable laws, including the Singapore Personal Data Protection Act (PDPA), the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), the Malaysia Personal Data Protection Act 2010, and best industry standards.  By dealing with CXA in any way, whether as a supplier, user, distributor or in any other capacity, you agree to this Privacy Policy.
  2. A reference to CXA in this Privacy Policy and consent given by you in the CXA Portal includes a reference to CXA Singapore Pte. Ltd. (Singapore registration no.: 199503006R), CXA Insurance Brokers Singapore Pte. Ltd. (Singapore registration no: 198204706W), CXA Hong Kong Limited (Hong Kong registration no.: 2120109), CXA Insurance Brokers Hong Kong Limited (Hong Kong registration no.: 2185973), CXA Benefits Malaysia Sdn. Bhd., CXA Consulting (Shanghai) Co., Ltd, its other affiliates and group companies from time to time. The use of including in all its grammatical forms is construed without limitation.  Personal data includes any information that identifies or locates an individual or is capable of doing so. 


Collection and Use of Personal Data

  1. If you provide personal data of a third party (including information of your family members) to us, you represent and warrant that the consent of such third party has been obtained for the purposes stated in this Privacy Policy.
  2. The main types of personal data that CXA collects and deals with are names, email addresses, contact numbers, national ID numbers, lab results and health risk assessments information, claims and benefits information, credit card information and delivery addresses. CXA does not collect or store medical records other than as specified herein.
  3. CXA obtains and uses personal data for (a) designing, developing and offering employee benefits, employee benefits and wellness products, services and solutions (Key Businesses), (b) owning, operating and providing online services, eCommerce market places, support and other services related to the Key Businesses, (c) obtaining, analysing and dealing with data and other information (including those relating to Key Businesses), (d) distribution of its Key Businesses, insurances and related services, and (e) providing consultancy or advisory services on Key Businesses.
  4. CXA may use personal data for correspondences related to claims, underwriting, benefits administration and related transactions (Permitted Communications).
  5.  CXA may use personal data to supervise, administer, assist with or otherwise manage the transactions on CXA's online or eCommerce services.   In exceptional cases, including to prevent fraud, mitigate losses and in response to requests or complaints, CXA may use personal data to intervene in transactions on CXA's online or eCommerce services.  For example, CXA may use personal data to enforce refunds.  
  6. CXA may, either by itself or by working with or through collaborative partners, use personal data to conduct research and data analytics in order to provide targeted services and/or for research.
  7. CXA stores personal data, regardless of its form, with security appropriate to the sensitivity of the personal data.  CXA retains personal data for the duration that is set out in its prevailing record retention policy (presently 7 years), which complies and is consistent with applicable laws and CXA's reasonable business requirements.  Where CXA obtains employee personal data from an employer, CXA may continue to retain that employee's personal data for the retention period described under this clause, even if the applicable employment is terminated.



  1. CXA does not sell, rent, license or otherwise deal with personal data for cash consideration or as inventory or stock-in-trade.
  2. CXA discloses personal data to third parties where the disclosure is required for CXA's ordinary course of business or in connection with the uses set out in this Privacy Policy, mainly:

    1. CXA discloses personal data to its agents, subcontractors, service providers, suppliers, insurers, collaborative partners and professional advisors;
    2. where CXA's online services and electronic market places are used, CXA discloses personal data to credit card processors, payment gateways (presently Stripe), delivery services and other service providers that perform, facilitate or support the applicable payment, delivery or other service; and
    3. Where CXA's online services and electronic market places are used, CXA discloses supplier's or service provider's personal data to users or purchasers for purposes that are related to the relevant transactions, including delivery, consumer inquiries, payments and refunds;

and such recipients are contractually restricted from using or disclosing the personal data except as agreed with CXA or to comply with legal requirements.  Such recipients are contractually bound to maintain the confidentiality of personal data and may not use the personal data for any unauthorized purpose.

  1. CXA discloses anonymized and aggregated personal data to clients, and strategic, specialist and other partners, for analysis, processing, computation and other similar activities, for CXA's Key Businesses, product development and research.

  2. When CXA discloses personal data to third-parties, the third-party recipients (other than natural person consumers) are required to protect personal data with substantially the same or higher standards as those stated in this policy.

  3. CXA may provide personal data with or without consent in emergencies or legal processes, including:

    1. where requested by governmental agencies, subpoenas or court orders;
    2. for inquiries related to insurance or employment; and
    3. where necessary to ensure health and safety.


  1. CXA may store cookies in your browser in order to identify it and associate activity with it.  The activity data may be combined with other information, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

Third Party Sites

  1. When using CXA services you may be provided with links to third-party sites and services.  Using the links will lead you to those other sites and services with their own privacy policies or data protection practices that are different from this Privacy Policy. CXA is not responsible for the privacy or data protection practices of websites operated by third parties that are linked to our website and how it affects you.

Transfer outside Singapore

  1. Before CXA transfers personal data to a territory outside of your country of residence including for the purpose of business continuity planning and/or disaster recovery planning, CXA shall take appropriate steps to ensure that any transfers of personal data to such territory will be in accordance with the applicable data protection law so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under that data protection law.


  1. CXA may amend this Privacy Policy at any time, by publishing and posting the revised privacy policy on the CXA platform. Your continued access or use of the CXA platform and services constitutes your acceptance of the Privacy Policy posted. CXA encourages you to periodically review this Privacy Policy so that you will be aware of CXA privacy practices.

Do-Not-Call Registries

  1. The consents for CXA to collect, keep and use personal data (including for the Permitted Communications) given under this Privacy Policy apply even if the relevant mobile numbers, contact or other personal data are listed with the Singapore Do-Not-Call registry (or any other similar registries or services), and override the DNC or similar listings.  These consents apply to all dealings with CXA, including those through mobile apps, Internet portals and any other electronic systems or properties.

Contacting Us

  1. For (a) questions or feedback about how we are handling your personal data, or any complaint about such matters, (b) withdrawal of consents, or (c) accessing or correction of personal data, please contact:

With respect to CXA Hong Kong Limited & CXA Insurance Brokers Hong Kong Limited:
Chief Executive Officer
Unit 01, 29/F, 148 Electric Road, Hong Kong.

With respect to CXA Benefits Malaysia Sdn. Bhd.:
c/o CXA Data Protection Officer
401 Commonwealth Drive, #05-03/05, Haw Par Technocentre,
Singapore 149598

With respect to CXA Consulting (Shanghai) Co., Ltd & CXA companies in the PRC:
c/o Chief Executive Officer
523 Lou Shan Guan Rd (Arch Shanghai),
Building 1, Rm 1602, Shanghai
The People’s Republic of China

With respect to CXA Group Pte. Limited, CXA Singapore Pte. Ltd. & CXA Insurance Brokers Singapore Pte. Ltd.:
The Data Protection Officer at
401 Commonwealth Drive, #05-03/05 Haw Par Technocentre, Singapore 149598

  1. As CXA relies on your personal data to provide products and services to you, you shall ensure that at all times the personal data provided by you to us is correct, true, accurate and complete.  You shall update us in a timely manner of all changes to the information given to us.

  2. If CXA received personal data from a third-party (including your insurer, employer or doctor), please contact that third-party to access or correct personal data.

  3. If you withdraw your consent relating to your personal data, CXA may become unable to provide you with its products or services or otherwise deal with you.  It may also result in the termination of your agreements with CXA.


  1. CXA management is responsible for ensuring the compliance with all applicable data protection laws.  This responsibility is shared with CXA's Data Protection Officer (as may be applicable), and its Information Technology and Human Resources departments.

  2. All CXA employees are responsible for following data protection laws and complying with this Privacy Policy. CXA employees are required to report to its management breaches of applicable data protection laws, which they are aware of.