Privacy Notice

What is the purpose of this document?

United Insurance Brokers Ltd. (UIBL, we, our or us) is committed to protecting the privacy and security of the personal information that we process in connection with the services we provide to our clients. This privacy notice describes how we may collect and use personal information about you.

Data protection principles

We will comply with all applicable data protection law, under which personal information we hold about you must be:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about, and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only as long as necessary for the purposes we have told you about; and
  6. kept securely.

To arrange insurance cover and handle insurance claims, UIBL and other participants in the insurance industry are required to use and share ‘personal data’. For an overview of how and why the insurance industry is required to use and share ‘personal data’, please refer to the Insurance Market Core Uses Information Notice hosted on the website of a UK insurance industry association, the Lloyd’s Market Association (the LMA Notice). UIBL’s use of ‘personal data’ is consistent with the LMA Notice:

LMA Data Protection – Insurance market core uses information notice

The kind of information we hold about you

Personal data, or personal information, means any information about you from which you can be identified. It does not include data where your identity has been removed.

There are certain special categories of more sensitive personal data which require a higher level of protection (see below).

We may collect, store, and use the following categories of personal information about you:

  • individual details: name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant;
  • identification details: identification numbers issued by government bodies or agencies depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s license number;
  • financial information: bank account number and account details, income and other financial information.

We may also collect, store and use the following categories of sensitive personal information about you:

  • information about the insured risk, which contains personal data and may include health data, only to the extent relevant to the risk being insured, including but not limited to current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol, prescription information, medical history);
  • criminal convictions, including driving offences;
  • information about the quotes individuals receive and the policies they obtain;
  • credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies;
  • information about current claims, which may include health data, criminal records data and other ‘special categories’ of ‘personal data’ (as described above).
  • marketing data; and
  • details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

How is your personal information collected?

We typically collect personal information from various sources, including (depending on the service provided and country you are in):

  • Individuals and their family members, online or by telephone, or in written correspondence;
  • Individuals’ employers or trade or professional associations of which they are a member;
  • In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
  • Other insurance market participants, such as insurers, reinsurers and other intermediaries;
  • Credit reference agencies (to the extent UIBL is taking any credit risk);
  • Anti-fraud databases and other third party databases, including sanctions lists;
  • Government agencies, such as vehicle registration authorities and tax authorities;
  • Claim forms;
  • Business information and research tools; and
  • Third parties who introduce business to us.

How we will use information about you

We will only use your personal information as the law allows. Most commonly, we will use your personal information in the following circumstances:

  1. where we need to perform the contract we have with you;
  2. where we need to comply with a legal obligation;
  3. where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

  1. where we need to protect your interests (or someone else’s interests);
  2. where it is needed in the public interest, to comply with a legal obligation, or for official purposes.

Situations in which we will use your personal information

We need the information in the lists above (see The kind of information we hold about you) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of others, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information, how we share the information, and identify the ‘legal grounds’ on which we rely to process the information is set out in the table below.

 

Purpose Category of Data Legal Grounds for Processing Disclosures
QUOTATION/INCEPTION
Setting you up as a client/business partner, including fraud, credit and anti-money laundering and sanctions checks

Personal data:

  • Individual details
  • Identification details
  • Financial information

Special categories of personal data:

  • Credit and anti-fraud data

Personal data:

  • Performance of our contract
    with you
  • Compliance with a legal obligation
  • Legitimate interests
    (to ensure that the client is
    within our acceptable risk profile)
  • To assist with the prevention
    of crime and fraud

Special categories of personal data:

  • In the substantial public interest
  • Consent
  • Credit reference agencies
  • Anti-fraud databases

QUOTATION/INCEPTION

Evaluating the risks to be covered & matching to appropriate insurer, policy and premium

Personal data:

  • Individual details
  • Identification details
  • Policy information

Special categories of personal data:

  • Risk Details
  • Previous claims
  • Credit and anti-fraud data

Personal data:

  • Perform contract
  • Legitimate interests
    (to determine the likely risk profile and appropriate insurer and insurance product

Special categories of personal data:

  • Consent
  • Insurers
  • Insurance intermediaries

QUOTATION/INCEPTION

and

POLICY ADMINISTRATION

Collection or refunding of Premium

Personal data:

  • Individual details
  • Financial information

Personal data

  • Perform contract
  • Legitimate interests
    (to recover debts)
  • Banks

POLICY ADMINISTRATION

General client care, including communicating with you regarding administration and requested changes to the insurance policy. Sending you updates regarding your insurance policy.

Personal data:

  • Individual details
  • Policy information

Special categories of personal data:

  • Risk Details
  • Previous claims
  • Current claim

 Personal data:

  • Perform contract
  • Legitimate interests
    (to correspond with clients, beneficiaries and claimants in order to facilitate the placing
    of and claims under insurance policies)
  • Consent

Special categories of personal data:

  • Consent
  • Insurers
  • Insurance intermediaries
CLAIMS PROCESSING
Managing insurance claims including fraud, credit and anti-money laundering and sanctions checks

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information

Special categories of personal data:

  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Perform contract
  • Legitimate interests
    (to assist our clients in assessing and making claims

Special categories of personal data:

  • Consent
  • Legal Claims

Personal data:

  • Claims handlers
  • Solicitors
  • Loss adjustors
  • Experts
  • Third Parties involved in the claim
CLAIMS PROCESSING
Defending or prosecuting legal claims

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information

Special categories of personal data:

  • Health data
  • Criminal records data
  • Other sensitive data
  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Perform contract
  • Legitimate interests
    (to assist with the prevention
    and detection of fraud)

Special categories of personal data:

  • Consent
  • Legal claims
  • Substantial Public Interest
  • Claims handlers
  • Solicitors
  • Loss adjustors
  • Experts
  • Third parties involved in the claim
CLAIMS PROCESSING
Investigating & prosecuting fraud

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information

Special categories of personal data:

  • Health data
  • Criminal records data
  • Other sensitive data
  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Perform contract
  • Legitimate interests
    (to assist with the prevention
    and detection of fraud)

Special categories of personal data:

  • Consent
  • Legal claims
  • Substantial Public Interest
  • Solicitors
  • Private Investigators
  • Police
  • Experts
  • Third parties involved in the investigation or prosecution
  • Other insurers
  • Anti-fraud databases
RENEWALS
Contacting you in order to renew the insurance policy

Personal data:

  • Individual details
  • Policy information

Special categories of personal data:

  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Perform contract
  • Legitimate interests
    (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies)
  • Consent

Special categories of personal data:

  • Consent
  • Insurers
  • Insurance intermediaries

THROUGHOUT THE INSURANCE LIFECYCLE

Transferring books of business, company sales and reorganisations

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information
  • Marketing data

Special categories of personal data:

  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Legitimate interests
    (to structure our business appropriately)
  • Legal obligation

Special categories of personal data:

  • Consent
  • Substantial Public Interest
  • Group companies
  • Courts
  • Purchaser (potential and actual)
THROUGHOUT THE INSURANCE LIFECYCLE
General risk modelling underwriting

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information

Special categories of personal data:

  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Legitimate interests
    (to build risk models that allow placing of risk with appropriate insurers)

Special categories of personal data:

  • Consent
 
THROUGHOUT THE INSURANCE LIFECYCLE
Complying with our legal or regulatory obligations 

Personal data:

  • Individual details
  • Identification details
  • Financial information
  • Policy information
  • Marketing data

Special categories of personal data:

  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims

Personal data:

  • Legal obligation

Special categories of personal data:

  • Consent
  • Substantial Public Interest
  • PRA, FCA, ICO and other regulators
  • Police
  • Other insurers (under court order)
  • Insurance Fraud database

 

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Change of purpose

We will only use your personal information for the purposes for which we collected it as described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will set out the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we use particularly sensitive personal information

In order to facilitate the provision of insurance cover and administer insurance claims, unless another legal ground applies, we rely on the data subject’s consent to process special categories of personal data allows us to share the information with other Insurers, Intermediaries and Reinsurers that need to process the information in order to undertake their role in the insurance market (which in turn allows for the pooling and pricing of risk in a sustainable manner).

Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their personal data and to obtain such consent for us.

Individuals may withdraw their consent to such processing at any time by contacting the UIBL Data Protection Representative using the contact details at the Queries and Complaints section below. However, doing so may prevent UIBL from continuing to provide the services to the relevant client. In addition, if an individual withdraws consent to an Insurer’s or Reinsurer’s processing of their Special Categories of Personal Data and Criminal Records Data, it may not be possible for the insurance cover to continue.

Do we need your consent to use your sensitive personal information?

We do not need your consent if we use your sensitive personal information to carry out our legal obligations, or in exercise of specific legal rights.

In limited circumstances, we may approach you for your written consent to allow us to process your sensitive personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You are not obliged to give your consent and we cannot make you consent, or penalise if you refuse to consent.

Right to withdraw consent

As described above, in some cases we only collect, process or transfer your personal information if you consent to the specific processing in question, and then you have the right to withdraw that consent at any time.

To exercise that right in any case you should contact our Data Protection Representative whose details are set out below. Once we learn from you that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless the law allows to do so for another reason.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

  1. where we have notified you of the decision and given you 21 days to request us to reconsider it;
  2. where it is necessary to perform our contract with you and appropriate measures are in place to safeguard your rights;
  3. in limited circumstances with your explicit written consent, and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any sensitive personal information, either we must have your explicit written consent, or taking the decision automatically must be in the public interest, and we must also put in place appropriate measures to safeguard your rights.

We do not make decisions in this way. If this changes we will let you know.

Data sharing

We may need to share your data with others, including external service providers and other companies in the UIB group.

We require everyone to whom we give your data to keep it securely and to treat it as the law requires.

We may transfer your personal information outside the European Union.

If we do, you can expect a similar degree of protection in respect of your personal information as you have from us.

Why might you share my personal information with others?

We may share your personal information with others where required by law, where it is necessary to administer the business relationship we have with you, or where we have another legitimate interest in doing s How secure is my information in the hands of others?

How secure is my information in the hands of others?

All our external service providers and other UIB group companies are required to take appropriate security measures to protect your personal information. We do not allow our external service providers or other UIB group companies to use your personal data for their own purposes. We only let them process your personal data for specified purposes, and as we tell them.

Do you share my personal information with anyone else?

We may share your personal information with other people. We may also need to share your personal information with the FCA, other regulators, or to comply with the law.

Transferring information outside the EU

We will only ever transfer your personal information outside the European Union under limited prescribed circumstances in compliance with our Data Protection Policy, for example,to an international organisation, or to a country, territory, or one or more specific sectors in that country, that the European Commission has ruled ensures an adequate level of protection for personal data.

Data security

We have put in place measures to protect the security of your information. These are set out in our Data Protection Policy.

Others will only process your personal information for specified purposes and as we tell them, and where they have agreed to treat the information confidentially and keep it secure.

We have put in place security measures to prevent your personal information from being:

  • accidentally lost;
  • used or accessed in an unauthorised way;
  • altered; or
  • disclosed.

Keeping us informed

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us via our Data Protection Representative whose contact details are set out below.

Your rights in connection with personal information

In certain circumstances, by law you have the right to:

  • be informed about the collection of your personal data and why;
  • request access to your personal information. In that way you can get a copy of the personal information we hold about you and check that we are lawfully processing it;
  • ask us to correct any inaccurate or incomplete personal information that we hold about you;
  • ask us to delete or remove personal information where there is no good reason for us to keep it;
  • ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • request details of any automated decision-making or profiling that will take place using your personal information, including information on how decisions will be made, the significance of those decisions, and any consequences;
  • object to us processing your personal information where our basis for the processing is that we (or someone else) have a legitimate interest to do so, and there is something about your particular situation which makes you want to object to the processing taking place on this basis;
  • object to us processing your personal information for direct marketing purposes;
  • ask us to suspend processing your personal information, for example if you want us to show you that the information is accurate, or why we are processing it;
  • ask us to transfer your personal information to someone else.

If you want to:

  • review, verify, correct, or ask us to delete your personal information; or
  • object to us processing your personal information; or
  • ask us to transfer your personal information to someone else.

you may do so by sending what is called a Subject Access Request to our Data Protection Representative whose contact details are set out below.

What we may need from you when you send us a Subject Access Request

If you send us a Subject Access Request we will usually respond within a month.  Before we respond, we need to ask you for information to help us confirm your identity and make sure that the right to access your information (or to exercise any of your other rights) is a proper request being made by you and not by anyone else (so that no one gets to see personal data that does not belong to them).  This process could lead to a delay before we can reply fully to you.

No fee usually required

In most cases there is no fee for you to pay to access your personal information (or to exercise any of your other rights described in this notice). But if your request for access is clearly unfounded or excessive we may then choose either to charge you a reasonable fee, or refuse to comply with your request.

Right to withdraw consent

As described above, in some cases we only collect, process or transfer your personal information if you consent to the specific processing in question, and then you have the right to withdraw that consent at any time.

To exercise that right in any case you should contact our Data Protection Representative whose contact details are set out below. Once we learn from you that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless the law allows to do so for another reason.

Contact Details

We have appointed a Data Protection Representative to help us comply with our data protection obligations, including those set out in this privacy notice.

If you have any questions about this privacy notice, or about how we handle your personal information, please contact the Data Protection Representative, on +44 (0)20 7488 0551 or at UIBLDPR@uib.co.uk.

You may also at any time complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues on+44 (0)1625 545 700

Changes to this privacy notice

We will update this privacy notice when necessary. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact the Data Protection Representative.