HDFC Life Privacy Policy

I. Introduction

This privacy policy explains how HDFC Life Insurance Company Limited and https://www.hdfclife.com ("HDFC Life", "We", "Us" or "Our") collects, processes, shares and protects Personal data that you ("You" or "Your") provide to us or we obtain about you when you use our services and how you can exercise your rights under the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

At HDFC Life, we are committed to ensuring that your Personal Data is processed in accordance with the DPDP Act and other applicable laws. 

Please read this Privacy Policy carefully. By accessing or using the Website or any of our Services, you acknowledge that you have read and understood this Privacy Policy and the applicable terms and conditions of use and you agree to accept them.

II. Contents

This Privacy Policy contains the following: 

I. Introduction

II. Contents

III. Definitions

IV. Information Collection

V. Use of Information

VI. Sharing of Information

VII. Cross-Border Data Transfers

VIII. Third party offers

IX. Children’s Data

X. Your Rights as Data Principal

XI. How to Exercise your Rights as a Data Principal

XII. Data Security

XIII. Data Retention

XIV. Breach Notification

XV. Contact Details of the Data Protection Officer (DPO) / How to contact us

III. Definitions

1. “HDFC Life” or “Us” or “We” or “The Company”- refers to HDFC Life Insurance Company Limited;

2. “Policy” or” Insurance Policy”- refers to life insurance contract issued/ that may be issued by HDFC Life;

3. “Privacy Policy”- refers to this Policy (Notice);

4. “You” or “Your” or “User(s)”- You” or “Your” or “User(s)” refers to any natural person who accesses the Website or uses or interacts with any products, services, platforms or facilities of HDFC Life in any capacity, including policyholders, prospects, nominees, website or app visitors, employees (where applicable), shareholders, distributors, intermediaries, vendors and other business counterparties;

5. “Website”- refers to https://www.hdfclife.com and any subsequent pages under its sitemap;

6. “Services” - all services made available by HDFC Life;

Unless the context otherwise requires, terms such as ‘personal data’, ‘data principal’, ‘data fiduciary’, ‘processing’ and other expressions used in this privacy policy shall have the meaning assigned to them under the Digital Personal Data Protection Act, 2023 and the rules and regulations framed thereunder, as amended from time to time.

IV. Information Collection

HDFC Life collects and processes Personal Data in order to provide and improve its products and services, administer relationships and interactions with all types of Users, process applications and claims, prevent and detect fraud and comply with legal and regulatory obligations. The categories below set out the types of information we may collect and the manner in which it is obtained.

A. Information you provide to us

When you interact with HDFC Life in any capacity — for example, when you visit or use our Website or digital platforms, register for an online account, submit an application or other request, make or intimate a claim, complete a form, contact customer support, participate in a survey, engage with us as a shareholder, distributor, vendor or in any other business relationship, or otherwise communicate with us — you may provide Personal Data including, but not limited to:

• Identifiers and contact information: name (first/middle/last), email address, telephone/mobile numbers, postal address (temporary/permanent), policy number, date of birth, gender, nationality, marital status.

• Government and identity numbers: PAN, CKYC ID, TIN, Aadhaar, passport number, voter ID, driving license number, OCI/NRI details and other government-issued identifiers (to the extent permitted by law).

• Financial and account information: bank account details (account number, account type, IFSC), NEFT/beneficiary details, card details (credit/debit), transaction history/IDs, loan numbers, income, assets, credit score and other financial information relevant to underwriting and servicing.

• Employment and education: employer, designation, employment history, salary/benefits, educational qualifications, professional licences and affiliations.

• Health and other categories (where relevant and permitted by law and, where required, based on your consent): medical records, health status, medical procedures, prescription information, disability and injury information, claims history, biometric data (where required for identity verification or claims), photographs and video recordings created in connection with insurance activities and children’s data (where applicable for dependent coverage).

• Other personal details: visa details, property/vehicle registration details, criminal record information (where lawfully collected for fraud prevention or regulatory checks) and political opinions or religious/philosophical beliefs (only where voluntarily provided or necessary for the product or as permitted by law).

• Authentication and security data: passwords, security questions and answers, one-time passwords and other credentials you provide to access online services.

• Preferences and feedback: marketing preferences, survey responses, contest or promotion entries, complaints and other feedback and preferences you voluntarily provide.

B. Information collected automatically when you use our services 

When you visit and use our website, mobile applications or other digital services, we and our service providers may automatically collect technical, usage and device information, including but not limited to:

• Device and connection information: IP address, device identifiers (including MAC address where available), operating system and version, browser type and version, screen resolution, device model and mobile network information.

• Usage and performance data: date and time of visit, pages viewed, links clicked, referrer URL (the site from which you arrived), session duration, number of visits, error logs and other diagnostic data and default language settings.

• Location and geolocation data: approximate or precise geolocation information, where you permit location access on a device.

• Cookies and similar technologies: cookies, pixel tags, local storage and other identifiers used to recognise your device, store preferences, enable functionality, measure usage and support advertising and analytics. Please refer to our Cookie Policy for details on the types of cookies we use and how to manage them.

C. Information from third parties and public sources

We may supplement the information we collect from you with information obtained from third parties and public or commercially available sources, including but not limited to:

• Affiliates and group companies.

• Service providers, agents, brokers and partners who assist with policy administration, underwriting, claims processing, fraud prevention and customer support.

• Public databases, credit bureaus, background check providers, government registries, regulators (IRDAI & its approved entities such as IIB) and other publicly available sources.

• Social media platforms and any other third-party services you connect to or permit to share data with us.

• Data aggregators and marketing/data enrichment providers.

D. Information created or derived in the course of providing services

We may create or derive additional information about you in the course of providing services, such as:

• Risk assessments and underwriting outcomes.

• Policy-related and transaction records.

• Aggregated or anonymised analytics prepared for statistical, reporting or product development purposes.

• Records of your interactions with us, including video and/or telephone recordings of calls with customer service (where permitted by law and notified to you), emails, messages and other correspondence.

E. Consequences of non-provision or withdrawal of information

The information described above is important for assessing your application, issuing and servicing policies, processing claims, managing risks and complying with legal and regulatory requirements. Where information is identified as necessary, or where consent is required as the lawful basis for processing, not providing such information, withdrawing consent for its use, or providing information that is inaccurate or not kept up to date may affect our ability to offer, maintain or adequately service the relevant insurance policy or related services. In some situations, this may result in our being unable to proceed with, or having to limit, suspend or discontinue, the policy or service in accordance with applicable law and the terms of the policy, without prejudice to your rights and remedies available under law and the policy contract.

V. Use of Information

The Personal Data and other information collected from You may be processed for one or more of the following lawful purposes, in accordance with the provisions of the applicable laws:

• To provide, process and facilitate insurance-related products or services availed or purchased by You from HDFC Life.

• To administer, operate, and improve Our Website, mobile applications and related digital interfaces.

• To personalise Your user experience and enhance customer interactions.

• To address Your enquiries, grievances, or complaints and to carry out customer support and service functions.

• To process policy servicing requests, transactions, underwriting and claims-related requirements.

• To facilitate the completion of sales transactions and for post-sale information gathering and analysis.

• To communicate with You regarding policy renewals, updates, regulatory communications, or other service obligations.

• To share information with reinsurers or other authorised entities for the purpose of risk evaluation, claim settlement, or compliance obligations.

• To conduct statistical and market analysis, service-quality assessments and business intelligence processing.

• To improve Our products, solutions and services, including through the use of emerging technologies such as artificial intelligence, machine learning and behavioural analytics, in a manner consistent with applicable law.

• To complete mandatory Know Your Customer (KYC) checks required for issuance, renewal, claim process and servicing of insurance policies, including establishing and verifying Your identity and eligibility in accordance with applicable insurance and KYC regulations.

• To conduct lawful Aadhaar authentication or verification processes, wherever required, and to store or process such identifiers strictly in compliance with the prevailing legal framework.

• To comply with KYC-linked Anti-Money Laundering (AML) requirements, including screening, monitoring and reporting obligations, for the prevention and detection of fraud, money laundering and other financial crimes, as mandated under applicable laws and IRDAI guidelines.

• To collect or verify information from authorised credit rating agencies, claim investigators, or other approved agencies for risk assessment or claims servicing.

• For marketing, promotional and outreach purposes, including contacting You via registered contact information (such as WhatsApp, email, or phone) for offers or information relating to Our products or services, in accordance with Your consent preferences.

• For participation in contests, surveys, or promotional initiatives conducted by HDFC Life.

• For any other purpose explicitly communicated to You at the time of collection, or which is reasonably incidental or ancillary to the purposes set out above.

By voluntarily providing Your Personal Data and contact details, You expressly consent to HDFC Life contacting You on such channels, even where the contact number is registered on the National Customer Preference Register (NCPR), subject to applicable marketing and telecom regulations.

VI. Sharing of Information

HDFC Life respects Your privacy and ensures that Your Personal Data is collected, used, and shared only in accordance with applicable data protection laws and the consent provided by You. HDFC Life does not rent, sell, or otherwise monetise Your Personal Data.

Your Personal Data may be disclosed or shared with third parties under the following circumstances:

• To comply with any applicable law, regulation, legal obligation or enforceable governmental or regulatory request.

• To affiliated entities, banks, financial institutions, reinsurers, credit bureaus or agencies for the purpose of providing or servicing insurance products or fulfilling contractual obligations.

• To authorised vendors, intermediaries and service providers engaged by HDFC Life to perform operational, administrative, technological or analytical functions on Our behalf.

• To detect, prevent or address fraud, security breaches or other technical or operational issues.

• To enforce or protect the legal rights, property, or safety of HDFC Life, its policyholders, users, or the public, as required or permitted by law.

• To provide You information on products and services offered by our subsidiary companies on pension products or pension schemes administered under PFRDA.

• To enable data sharing that is necessary for integration with communication networks, payment systems and other electronic processing platforms used in the course of our operations.

• To comply with applicable regulatory frameworks such as the IRDAI Regulations, including the outsourcing of non-core functions.

• For statistical, research, analytical purposes, verification or risk management, including sharing with reinsurers who are involved in covering the risk under your policy.

• To provide You with services or for any purposes which are incidental or necessary thereto.

   

VII. Cross-Border Data Transfers

Personal data may be processed and/or transferred to service providers, reinsurers located outside India where such transfer is necessary for the purposes of reinsurance or for the performance of services in connection with your policy, in accordance with applicable law. In all such cases, HDFC Life ensures that any cross-border transfer of personal data is affected subject to appropriate contractual safeguards and protection standards that are consistent with this Privacy Policy and the requirements of applicable data protection laws.

HDFC Life implements reasonable and appropriate technical and organisational security measures designed to ensure the confidentiality, integrity and availability of your personal data and to protect it against unauthorised or unlawful access, disclosure, alteration, loss or destruction.

VIII. Third party offers 

Third party offers in this Policy are addressed in two ways: (A) where third-party offerings are merely displayed or accessed through HDFC Life’s channels, and (B) where third parties process personal data on behalf of HDFC Life in connection with its business and regulatory obligations.

A. Third-party offers displayed on HDFC Life channels 

The website, mobile applications and other digital platforms of HDFC Life may host, display or provide links to offers, subscriptions or registration-based services of third-party entities (including, without limitation, direct messaging platforms, online marketplaces, policy aggregators, social media platforms and other external websites or applications). HDFC Life does not control and is not responsible for the data processing practices, privacy policies, cookies or terms of use of such third-party service providers. You are strongly advised to review the applicable privacy policies and terms of such third parties before providing any personal data or using their services. HDFC Life disclaims any liability for (a) the accuracy, completeness, availability or effectiveness of any such third-party products, services or content; and (b) any loss, damage or claims arising out of or in connection with your access to, use of, or reliance upon any such third-party offers.

B. Third parties engaged by HDFC Life

HDFC Life may share limited personal data with carefully selected third parties or affiliates who act on its behalf for one or more of the following purposes, subject to appropriate contractual and confidentiality safeguards and in accordance with applicable law and this Privacy Policy:

• Conducting marketing and promotional campaigns and related lead management activities.

• Document management, printing, logistics and courier services.

• Cloud storage and technology infrastructure support.

• Cross-selling or up-selling of HDFC Life or affiliate products and services.

• Medical underwriting, Third-party administrator (TPA) services in relation to health claims processing and network hospital management.

• Customer support operations handled through authorised call centres and contact centres (including inbound and outbound calls, chat and email support).

• Product enhancement, analytics, management information reporting and process optimisation.

• Claims processing support, including handling claim documentation, verification and settlement workflows.

• Digital onboarding and KYC services, including identity verification, e-KYC and document validation.

• Payment gateway and allied services for premium collection, refunds and payment reconciliation.

• Analytics and fraud detection solutions, including fraud monitoring, predictive modelling and customer segmentation.

• Financial Due Diligence.

• Cybersecurity, Legal, regulatory and compliance advisory and related services.

• Distribution channel support, including tools and platforms for agents, intermediaries, brokers and other partners.

Each third-party (as mentioned in clause B) engagement is governed by contractual terms ensuring compliance with the DPDP Act and other applicable laws / regulations. 

IX. Children’s Data

HDFC Life may collect and process personal data relating to children below 18 years of age only where such collection is necessary for lawful and legitimate purposes, including issuing and administering insurance policies, servicing accounts, processing claims, and complying with legal and regulatory obligations. Where required under applicable law, such data is collected only with the consent of a parent or lawful guardian and by providing a child’s information, the parent or guardian confirms that they are authorised to do so. Children’s personal data is used strictly for purposes connected with the insurance relationship and is not used for independent marketing or profiling of children. 

X. Your Rights as Data Principal

You, as Data Principal have the following rights with respect to your Digital Personal Data, subject to certain conditions as laid down under the DPDP Act and Rules thereunder:

• Right to Access: You can request details about Your Personal data processed by us, including how it’s used and shared;

• Right to Correction and Erasure: You may ask us to correct, update, complete, or erase Your Personal data. Erasure is allowed where data is no longer necessary for the purpose collected, unless we are required to retain it for legal or regulatory reasons such as IRDAI compliance among other regulatory and legal requirements;

• Right to Grievance Redressal: You can contact our Data Protection Officer (DPO) at dpo@hdfclife.com for any privacy-related grievance which is not solved or if you are not happy with the response. We aim to respond within a reasonable time;

• Right to Nominate: You may appoint someone to exercise your rights in the event of your death or unsoundness of mind;

• Right to Withdraw Consent: You can withdraw your consent at any time Processing will stop unless required under applicable law. Withdrawal does not affect past processing done before consent was withdrawn Withdrawal of consent may also impact certain Products or services being provided to You at the time.

   

XI. How to Exercise your Rights as a Data Principal  

You can exercise your rights under the DPDP Act 2023 such as accessing, correcting, erasing your data, withdrawing of consent or nominating a representative by submitting a clear request through: 

HDFC Life Customer Service | Phone Number and Support Options

In order to process your request as a Data Principal, you will be required to complete identity verification. This step is mandatory to protect your personal data and to ensure compliance with the DPDP Act, 2023 and the rules made thereunder. We aim to respond to such requests within a reasonable period. Please note that your request may be declined where required under applicable law, or if your identity cannot be successfully verified.”

XII. Data Security 

We take reasonable precautions to protect Your Personal data, information on the Website and our customers’ information from unauthorized access/ alteration, disclosure or destruction of information we hold. In particular:

• We encrypt many of our Services using SSL certificates.

• We provide role-based access to employees/partners who need to login to our systems/ applications.

• We provide password-based authentication to users who login to our website.

• Two-factor authentication is in place (wherever feasible) for employees and third parties who access our systems and applications.

• We review our information collection, storage and processing practices, to guard against unauthorized access to systems.

• We permit access to Personal data to our employees, contractors and agents who are subject to strict contractual confidentiality obligations for data processing purposes.

XIII. Data Retention

With respect to retention, HDFC Life retains Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including providing products and services, complying with legal and regulatory obligations, enforcing agreements, and meeting audit and record-keeping requirements. Where Personal Data is no longer required for these purposes, it is securely deleted or archived in accordance with our internal retention policies and applicable law. In certain circumstances, limited information may be retained for a longer period where required by law, regulatory authorities, or for the establishment, exercise or defence of legal claims.

XIV. Breach Notification

If you become aware of, or reasonably suspect, any unauthorised access, disclosure, loss or misuse of your Personal Data in connection with HDFC Life’s services, you are encouraged to notify us immediately using the contact details provided in this Policy so that we can promptly investigate and take appropriate action. In the event of a personal data breach that may pose a risk to your rights or interests, HDFC Life will take reasonable steps to contain and mitigate the incident and where required under applicable law, will notify affected individuals and relevant authorities within the prescribed timelines, along with information on the nature of the breach and the measures you may take to protect yourself.

XV. Contact Details of the Data Protection Officer (DPO) / How to contact us

In compliance with the DPDP Act, HDFC Life provides the following contact details for addressing queries/grievances related to the processing of Personal data and regarding the exercise of your rights under the DPDP Act. 

Corporate Office Address: 

HDFC Life Insurance Company Limited

12th Floor, Lodha Excelus, Apollo Mills Compound, 

N.M. Joshi Road, Mahalaxmi, Maharashtra, Mumbai - 400011.

Telephone: (022) 67516666

022-68446530 (Call Charges Apply)

Email us - service@hdfclife.com  | DPO@hdfclife.com

Note: We recommend users to review this policy periodically, as we may update it. We will post any changes on this page and the "Last Updated" date indicates when the latest revision was made.

Last Updated Date: 28th January, 2026