BRB Underwriting Agency Privacy Statement
BRB takes your privacy seriously. This Privacy Statement explains what we do with any personal information that you provide and also any personal information that we collect from other sources. It explains what our practices are and your rights in relation to your personal information. This Privacy Statement has no contractual force, nor does it offer any rights or obligations over and above those in existence with general data protection legislation.
We work with insurers, reinsurers, brokers and other participants within the insurance industry (“our partners”) in our capacity as coverholders.
We may collect personal information from you in order to deliver services to our partners, either in your capacity as a parter yourself, or a partner’s representative. If we do collect your personal information, you have certain important rights relating to the personal information which may depend on how and why we use your information.
If you have any questions or concerns about our privacy and personal information handling behaviour, or wish to discuss any related matter further please contact firstname.lastname@example.org
Whilst we will seek to answer any query about our use of your information, there are some occasions when services we provide to our partners are provided as a processor, which means that the partner remains primarily responsible for your information. In these circumstances, we may re-direct a query about our use of your information to our client partner.
How and when is your personal data collected?
- Performing services together with our partners.Our services may include risk management assessment and consulting, specialist coverholder support services and other forms of insurance or reinsurance services. In these cases, personal data will normally be provided to us by our partners, or their advisors, although sometimes our partners may ask us to contact individuals directly
- Asking for services from us.Individuals may ask for services from us in their own right or as an employee of a current or potential partner. In such cases any personal data that is requested is necessary for us to understand the requirements of the service and to make an offer.
- Employment. When we assess a potential new employee, we will request personal data from the individual in order to process the application. We may require additional personal data in the event that the candidate is successful so that we are able to manage the employment relationship.
- If you contact us with a complaint or query. In the event that a complaint is made, we will request sufficient personal data for us to investigate the complaint and contact the complainant at a later date.
What personal data is collected?
- Information collected from partners. We could collect personal information such as your name, contact details, employment details, and financial details. We may also, in strictly relevant situations, collect sensitive information about you such as gender, date of birth or health information, for example in relation to a personal accident or professional liability.
In the event that we collect such personal information directly from you, we will provide you with more information about the purpose and legal basis for collecting such information in a separate privacy notice relevant to the service to be provided.
It is understood that if you provide us with sensitive personal information, by giving it to us, you have explicitely consented that we may collect, use and share this information for the purpose stated. It is also understood that if you provide personal information about others, they have permitted you to do so.
- Information collected from you when you approach us. We only require information that is necessary for us to respond to your request and require it to be accurate. We use this information for the purpose stated when we requested it or within the context of the collection, such as an employment application.
How do we use your personal information?
The purposes for which we use personal information are summarised below.
- Providing services in conjunction with our partners. We process personal information which our partners provide to us with for the purpose of providing our service . The purpose for which the information is processed depends on the specifications of our terms of business with the partner concerned. Our partners are obliged to ensure that their clients and partners understand that your personal information will be disclosed to us.
- Managing the delivery of our services.We process personal information about our partners and their representatives in order to:
- conduct normal partner screening prior to entering into a business arrangement with them
- communicate with our partners, including invoicing and administering the service
- handle any complaints
- notify insurance/reinsurance claims
- Contacting our partners. We process personal information about our partners and their representatives in order to:
- Contact them to discuss service opportunities
- Invite them to events
- Other uses. These are as follows:
- Provide information about the services we can offer you
- Provide proper advice in the light of your particular circumstances
- Provide you with information and services on request
- Assess your on-going needs in order to offer the most appropriate services
- Develop new services
- Continue to process personal data as part of an on-going contractual committment
Lawful basis for processing your personal information
We only process your personal information if there is a legal basis for doing so. In our case, this is generally because:
- It is needed to facilitate entry into a contract or for performance under a contract to which you are a party
- It is necessary that we process this personal data in order to comply with a legal requirement
- We have commercial interests in processing this personal information, subject to your own interests and rights.
- We have your specific consent to process your personal information.
There are certain categories of sensitive personal information that we will never process without having established additional precautionary steps. These include:
- Obtaining your explicit consent
- Establishing that the personal information is already in the public domain
- The processing is in your vital interest, such as if you were incapacitated as a result of an accident
- The processing is necessary for the establishment, exercise or defense by us or third parties of a legal claims
How long do we retain your personal information?
The period of retention of your personal information depends on the purpose for which it was obtained in the first place. We will keep it for long enough to fulfil its purpose unless a longer period is permitted or required by law.
It is likely that we would store your personal information for longer than the length of the contract to which it relates so that we have access to accurate records of our relationship with you in the event of any future complaints or litigation.
Do we disclose your personal information?
Business Partners. We disclose personal information to business partners who either co-operate with us on projects, or provide certain insurance-related services. We seek assurances from these business partners that they take appropriate measures to protect your data prior to disclosing information to them. These business partners include:
- Our bankers
- Insurance companies
- Reinsurance companies
- Members Agents at Lloyds of London
- Brokers in the insurance/reinsurance sectors
- IT providers
Legal Requirements. We may disclose personal information in a number of other situations:
- Professional standards
- An official government request
- A search warrant
- To avoid harm or financial loss
- If an investigation is ongoing concerning a suspected illegal activity
- A statutory audit request
Transferring your personal information across borders
The nature of our business is global with many of our clients operating outside the EU Thus certain personal information will inevitably be transferred across borders.
As a matter of course, when we transfer your personal data outside our border, we seek to obtain contractual commitments that your personal information will be protected.
If you require further information about where your personal data is transferred, please contact us.
Security measures in place to protect your personal information
The security of your personal information is important to us and we have implemented physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. Only individuals with specific responsiblities concerning your personal data have access to it, and all our staff receive training about the importance of protecting it. All e-mail traffic to and from our website is encrypted.
Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorised purpose.
Other rights regarding your data
There are some sets of circumstances that allow for you to have certain rights in relation to your personal information. If you do contact us to obtain this information, do not be surprised if we ask you for additional information to confirm you identity for security purposes, before disclosing this information.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. There may be situations where we would not technically be able to fully address your request and we would advise you accordingly if this is the case.
- Right to Access.You have right to access personal information which we hold about you.
- Right to Rectification.You have a right to ask us to correct your personal information where it is inaccurate or out of date.
- Right to be Forgotten. You have the right to have your personal information deleted, provided it is no longer necessary for the purpose it was collected, and we have no other legal grounds for processing the data.
- Right to Restrict Processing. You have the right to restrict the processing of your personal information, but only when:
- We are given time to check its accuracy after you contest it
- the processing is unlawful, but you do not want it erased
- it is no longer needed for the purposes for which it was collected, but still may be needed for the establishment, exercise or defence of legal claims
- you have exercised the right to object, and verification of overriding grounds is pending
- Right of data portability. This right requires us to provide your personal information to you or another controller in a machine readable format, but only if the processing of the personal information is based on consent or the performance of a contract to which you are party.
- Right to Object to Processing. You can object to us processing your personal data, provided there are no legitimate bases requiring us to do so. If there are, we will explain to you why it is not currently possible to stop processing your personal data.
- Right to decline automated decision making. We do not use automated decision-making to profile and process your personal information. If we ever did, you would have the right to request that decision-making is not based exclusively on an automated process.