The General Data Protection Regulation (GDPR) provides individuals with control over their personal information.
The Club and its managers, West of England Insurance Services (Luxembourg) S.A. are the data controllers under this policy, which summarises how they collect, use and disclose personal data and what your rights as data subjects are.
Personal information, or personal data, refers to personally identifiable information about an individual, such as their name, job description, health related data, email address or mailing address.
Collection of Personal Information
Subject to data protection laws, the Club will use the personal information you provide, or which is otherwise collected from you or third parties, whether online or offline, for various purposes depending on our relationship with you and/or the person you represent.
For example, this may include (as applicable):
- to send information you request, to handle your insurance queries, applications and any policy and related claims,
- to manage and deal with your claim against our insured customer or to deal with your appointed agent, or representatives,
- for underwriting, claims handling, fraud prevention, anti-money laundering and counter terrorism financing purposes,
- for relationship development and management,
- for compliance with our legal, regulatory and governance obligations.
This personal information will be held in the data systems of the Club or by our agents or subcontractors or by other Group companies of the Club.
Sensitive Personal Information
We may need to collect sensitive personal information such as information about physical or mental health or medical conditions.
Where sensitive personal information, is collected, it will only be used for the specific purposes for which it was provided.
Before you provide personal information, including sensitive personal information about others, you should make sure they have seen a copy of this notice and make sure they agree to you disclosing it to us.
Storing, Processing and Transferring Personal Information
Your personal information will be stored in the EEA in those countries where the Club maintains offices.
Should we need to transfer your personal information to branches of the Club outside the EEA, e.g. Singapore and Hong Kong, our insurance partners, loss adjusters and other third parties who act for us for further processing, all reasonable measures will be taken to safeguard your personal information in a manner that complies with the GDPR.
If false or inaccurate information is provided by you or on your behalf or if we suspect or identify fraud, or have reason to believe you are involved in money laundering or terrorism financing, we will record this and may pass this information to fraud prevention agencies, law enforcement agencies and other organisations involved in crime and fraud prevention, who may access and use this information to prevent and detect fraud and money laundering.
We may use this information for those purposes when checking policy application details or during the policy term or at renewal. We may make searches during the policy term or at renewal. We may make anti-money laundering and counter terrorism financing checks during the policy term or at renewal.
In accordance with legal and regulatory requirements and our compliance and risk management procedures, we undertake due diligence and screening on the business that we underwrite, any financial transactions we make and all other non-underwriting activities in which we engage. We will use the information you provide for these purposes. This will include checking your information against sanctions lists, such as those published by United Nations, European Union, UK Treasury and USA Office of Foreign Assets Control (OFAC).
If the checks reveal an actual or potential match with a sanctioned person, we may provide details of the match, together with any information that we hold about you or that is disclosed on the sanctions lists, to regulators, government and law enforcement bodies for further investigation, legal or risk management purposes.
We may also contact you to obtain further details which may help us to clear or confirm the potential match. We may retain the information that has been collected or used to carry out the checks, and records of the checks, for the period required to comply with our internal compliance and data retention policies.
Retaining your Personal Information
Retention of your personal information will depend on our obligations
- to fulfil our commitments to you
- to fulfil any statutory or regulatory requirements
- to evidence events/agreements in case of disputes
- to meet our operational needs
Controlling your Personal Information
You have the following rights in relation to the information we hold about you,
- You have the right to be informed about how we collect and use your personal data.
- You also have the right to access the information we hold about you.
- You may request the rectification of any information we hold about you if it is inaccurate or incomplete.
- You may request the erasure of your personal data if there is no compelling reason for us to continue processing it.
- You may object to the processing of your personal information if you consider it inaccurate or incomplete, that there is no legitimate reason for us to continue processing it or it’s no longer needed for the original reason it was collected.
- You can request a copy of data that you have consented to us processing or where the processing was necessary for the performance of a contract, be provided to a third party in electronic form.
- You can object to our processing under certain circumstances, e.g. with regards to direct marketing.
Please help us to ensure your personal information is accurate by telling us as soon as reasonably possible in the event of a change of address, contact details or other circumstances.
Data Integrity and Security
The security measures in place on our website and computer systems are designed to protect the loss, misuse or alteration of the information you provide to us. We keep your personal data only for as long as reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
Please note that we are not responsible for the privacy policies or content of any websites linked to the Club’s website.
If you have any questions about this policy or you wish to exercise any of your rights in relation to the personal information we hold about you, please contact us at firstname.lastname@example.org or at West of England Insurance Services (Luxembourg) S.A., Tower Bridge Court, 226 Tower Bridge Road, London SE1 2UP.