HDI Global Specialty SE is an insurance company whose UK address is 10 Fenchurch Street, London, EC3M 3BE. It is a Data Controller and Data Processor as defined under the EU General Data Protection Regulation (‘GDPR’) and is registered with the Information Commissioner’s Office (‘ICO’) under number Z5380754. Further details on the GDPR can be found at the ICO website (www.ico.org.uk).
To administer our services, we will share information with others. We do this to process your claim or administer your insurance policy more cost effectively, help improve our products and services for the future; and understand better how our customers make decisions.
This notice explains how your data will be collected and dealt with, and your rights concerning that data.
In this notice, ‘we’, ‘us’ or ‘our’ refers to HDI Global Specialty SE and its agents, co-insurers and reinsurers including Integra Insurance Solutions Limited, whose ICO registration number is Z2107186. ‘You’ or ‘your’ refers to the individual whose personal data we are processing.
1. Personal data we may collect about you
1.1. Individual details such as name, address, proof of address, contact details (including emails and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title, employment history and family details (including their relationship to you).
1.2. Identification numbers issued by government bodies, agencies or similar such as national insurance, passport, tax identification or driving licence numbers.
1.3. Financial information such as bank account or payment card details, income or transaction histories.
1.4. Insurance policy information including information about quotes you receive and policies you take out.
1.5. Credit and anti-fraud data including credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
1.6. Information about previous and current claims (including in connection with other related or unrelated insurance) which may include data about your health, criminal convictions, or special categories of personal data and, in some cases, surveillance reports.
1.7. Technical information including your computer’s IP address.
1.8. Special categories of personal data which have additional protection under the GDPR, namely health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.
2. Where we may collect your personal data from
We may collect your personal data from various sources:
2.1. You (including, from time to time, recordings of your telephone calls with us)
2.2. Your family members, employer or agent/representative
2.3. Our agents, other insurers, insurance brokers, or reinsurers
2.4. Credit reference agencies
2.5. Websites or software applications for use on computers or mobile devices and/or social media content, tools and applications
2.6. Anti-fraud databases, sanctions lists, court judgments and other databases
2.7. Government agencies such as the DVLA and HMRC
2.8. Any open electoral register; or
2.9. In the event of a claim, third parties including the other party or parties to the claim, witnesses, experts, loss adjusters, solicitors, claims handlers, translators, surveillance agents, engineers and others.
3. Identities of Data Controllers and Data Protection Contacts
The operation of the insurance market means that personal data may be shared between insurance brokers, insurers, reinsurers and other market participants. You can find out the identity of the controller or controllers of your personal data in the following ways:
3.1 If you took out the insurance yourself, get in touch with the data protection contact at your insurance broker or the entity you dealt with in taking out the insurance.
3.2 If your employer or another organisation took out the insurance for your benefit, you should get in touch with the data protection contact at your employer or the organisation that took out the insurance.
3.3 If you are not a policyholder or an insured under the insurance, you should get in touch with the organisation that collected your personal data.
4. The purposes, categories, legal grounds and recipients of our processing your personal data
4.1. Your personal data may be processed for the following purposes:
Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
Evaluating the risks and matching them to appropriate policy terms/premium
- Payment of premium where the insured is an individual
4.1.2 Policy administration
Client care, including communicating with you and sending you updates
Payments to and from individuals
4.1.3 Claims processing:
Managing insurance and reinsurance claims
Defending or prosecuting legal claims or regulatory proceedings
Investigating or prosecuting fraud
Contacting you/the insured to renew the insurance
Evaluating the risks and matching them to appropriate policy terms/premium
Payment of premium where the insured is an individual
4.1.5 Other purposes including:
Complying with our regulatory or legal obligations
Collecting customer feedback
Effecting reinsurance contracts
Transferring books of business, company sales, restructuring and reorganisation.
4.2. We may also disclose personal data to insurers, reinsurers, financial institutions, service providers, contractors, agents, HMRC, law enforcement and other regulators and group companies in connection with the above purposes.
4.3. We process your data on one of the following legal grounds:
4.3.1 in order to place and operate the contract(s) of insurance;
4.3.2 where a legitimate interest to do so has been identified for which processing of your data is necessary and which balances your interest, rights and freedoms e.g. protecting you from fraud, personalising the insurance product to you, or collecting feedback to improve our services;
4.3.3 where we have a legal obligation to do so e.g. to prevent money laundering; or
4.3.4 where it is deemed to be in the substantial public interest, as set out in the enacting UK Data Protection Act e.g. The processing of special categories of your personal data for insurance purposes (see 1.8 above), such as medical or criminal records.
When calculating insurance premiums, we may compare your personal data against other data such as industry averages or fraud patterns. Your personal data may also be used to create such other data to ensure, among other things, that premiums align to risk.
We may make decisions based on profiling and without staff intervention (known as automatic decision making). For instance, we may do this to: decide whether to offer you an insurance product, determine the price we will offer the product at and what terms and conditions to apply for that product.
As part of the automated process we may use your personal data to conduct a credit reference check at one or more of the UK’s credit reference agencies. These checks would be carried out to prevent fraud and calculate insurance premiums. This is a soft search which means it is only visible to you (if you request a copy of your credit file at the credit reference agencies) and is not visible to other organisations. The search will be visible on your credit report but it won’t affect your credit rating as it’s not an application for credit.
The legal basis we use to carry out automated processing is that it is necessary for the purposes of entering into, or performance of your insurance policy.
If you believe the automated process has resulted in an outcome that you did not expect please explain to a member of staff who will review the circumstances. You can contact us via email at firstname.lastname@example.org to explain the circumstances.
6. Storage and retention of your personal data
Data is held by us on servers and in printed form, as well as on our behalf in off-site storage facilities. We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, so long as there is any possibility that either you or we may bring or face legal claims in connection with the insurance contract(s), or if there are legal or regulatory reasons to retain your data, we must do so.
7. International transfer of data
We may need to transfer your data to third parties outside the European Economic Area. These transfers will be made in compliance with the GDPR.
If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact email@example.com
We may amend this Privacy Notice from time to time. We will let you know if we make any significant changes.
9. Your rights
If you have any questions about our use of your personal data, please contact the relevant data protection contact as explained above. In certain circumstances you may have the right to require us to:
9.1. Provide you with further details about the use we make of your personal data
9.2. Provide you with a copy of the personal data we hold
9.3. Correct any inaccuracies in the personal data we hold
9.4. Delete any personal data we no longer have any lawful ground to use
9.5. Where the processing requires your consent, to withdraw that consent so we stop the processing in question
9.6. Transfer your personal data to another organisation
9.7. Object to any processing based on the legitimate interests ground at 4.3.2 above unless our reasons for that processing outweigh any prejudice to your data protection rights
9.8. Object to automated processing, including profiling
9.9. Restrict how we process or use your personal data in certain circumstances e.g. whilst a complaint is being investigated.
In certain circumstances we may need to restrict the above rights to safeguard the public interest (e.g. prevention or detection of crime) or our interests (e.g. legal or litigation privilege).
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think we have breached the GDPR, you have the right to complain to the ICO, details below.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Information Commissioner’s Office, 45 Melville Street, Edinburgh EH3 7HL
Tel: 0131 244 9001
Information Commissioner’s Office, 2nd Floor Churchill House, Churchill Way, Cardiff CF10 2HH
Tel: 029 2067 8400
Information Commissioner’s Office, 3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Tel: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)
10. Contact Us
Data Protection Officer
HDI Global Specialty SE UK Branch
10 Fenchurch Street