Equitas Data Privacy Notice

WHO WE ARE

Your privacy is very important to us. This privacy notice (“Privacy Notice”) is provided by Equitas Insurance Limited (“Equitas”). References to “we”, “our” and “us” in this Privacy Notice are references to Equitas . References to “you” or “your” refers to the individual whose personal data is being processed by Equitas (you may be the insured, beneficiary, claimant or other person involved in a claim or relevant to the insurance policy) .

We are a controller of your personal data under applicable data protection laws including from May 25th 2018 the General Data Protection Regulation (“GDPR”). We, as a controller determine why and how we collect your personal data.

Contact Address:

Equitas Insurance Limited
4th Floor
8 Fenchurch Place
London
EC3M 4AJ

WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE

In order to administer your insurance policy, Equitas may collect information about you which constitutes personal data under the GDPR. This Privacy Notice explains how we collect, use, share and protect your personal data. Please read this Privacy Notice carefully to understand what we do with your personal data.

We may change this Privacy Notice from time to time and if we make any material changes then we will make the updated Privacy Notice available.

PERSONAL DATA WE MAY COLLECT ABOUT YOU.

In order for us to administer your insurance policies including handling claims and dealing with any complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:

Types of Personal Data Details
Individual details: Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, academic and professional information, family details, including their relationship to you.
Identification details: Identification numbers issued by government bodies or agencies, including your national insurance number or , passport number, tax identification number and driving licence number
Financial information: Bank account or payment card details, income or other financial information
Policy information: Information about the policies you have taken out
Credit and Anti-Fraud Data: Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you
Previous and current claims: Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports
Special categories of personal data: Certain categories of personal data which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation

WHERE WE MIGHT COLLECT YOUR PERSONAL DATA FROM

We might collect your personal data from various sources, including:

Which of the above sources apply will depend on your particular circumstances.

WHO HAS ACCESS TO YOUR PERSONAL DATA?

The insurance life-cycle may involve the sharing of your personal information between insurance market participants (an intermediary, insurer, reinsurer), some of which you will not have direct contact with. In addition, your personal data may not have been collected directly by us.

You can find out the identity of the initial data controller of your personal data within the insurance market life-cycle in the following ways:

  1. Where you took out the insurance policy yourself: the insurer and, if purchased through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other insurance market participants that they have passed your personal data to.

  2. Where your employer or another organisation took out the policy for your benefit: you should contact your employer or the organisation that took out the policy who should provide you with details of the insurer or intermediary that they provided your personal data to and you should contact their data protection contact who can advise you on the identities of other insurance market participants that they have passed your personal data to

  3. Where you are not a policyholder or an insured: you should contact the organisation that collected your personal data who should provide you with details of the relevant insurance market participants data protection contact.

THE PURPOSES, CATEGORIES AND LEGAL GROUNDS OF OUR PROCESSING OF YOUR PERSONAL DATA.

Data protection law says that we are only allowed to use personal information if we have a proper reason for doing so. This includes when we share it outside Equitas. Data protection law says we must have one or more of the following reasons:

When we have a commercial or other business interest reason of our own to use your personal information this is called a "legitimate interest". We will tell you what that is if we rely on it as a means to process your data

We will not collect and use special categories personal data information without your consent unless the law allows us to do so. If we do it will only be for reasons of:

We set out below the purposes and legal basis for which we may process your personal data during the lifecycle of providing insurance products and services to you

Purpose Categories of Data Our Reasons
Policy Administration
  • Client care and including communication with you and sending updates
  • Payments to and from individuals

  • Individual details
  • Policy information
  • Risk details
  • Previous claims
  • Current claims

  • Perform contract
  • Legitimate interests
    • To correspond with clients, beneficiaries and claimants in order the handling of claims
  • Substantial Public Interest
  • Consent
Claims Processing
  • Managing insurance and reinsurance claims
  • Defending or prosecuting legal claims
  • Investigating or prosecuting fraud

  • Individual details
  • Policy information
  • Risk details
  • Previous claims
  • Current claims
  • Health data
  • Criminal records data
  • Other sensitive data

  • Perform contract
  • Legitimate interests
    • To assess the veracity and quantum of claims
    • Defend and make claims
    • To assist with the prevention and detection of fraud
  • Consent
  • Legal claims
  • Substantial public interest
Throughout the insurance lifecycle
  • Complying with our legal and regulatory obligations
  • Risk modelling
  • Handling complaints
  • Transferring books of business, company sales and reorganisations

  • Individual details
  • Policy information
  • Identification details
  • Current claims
  • Previous claims
  • Financial Information
  • Risk details

  • Legal Obligation
  • Consent
  • Substantial Public Interest
  • Legitimate Interests
    • To structure our business appropriately
    • To build risk models

WHO WE MAY SHARE YOUR PERSONAL DATA WITH

In order to undertake the activities listed above it may be necessary to share your data with third parties. Who we share this data with may depend on the insurance products and services we provide to you but may include:

CONSENT

In order to provide insurance cover and deal with insurance claims in certain circumstances we may need to process your special categories of personal data, such as medical and criminal convictions records, as set out against the relevant purpose.

Your consent to this processing may be necessary for Equitas to achieve this.

You may withdraw your consent to such processing at any time. However, if you withdraw your consent this will impact our ability to provide insurance or pay claims

RETENTION OF YOUR PERSONAL DATA

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under the insurance policy or where we are required to keep your personal data due to legal or regulatory reasons.

INTERNATIONAL TRANSFERS

We may need to transfer your data to insurance market participants or their affiliates or sub-contractors which are located outside of the European Economic Area (EEA) where data privacy laws may not be the same as they are in the EEA. Those transfers would always be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact DPO@ResoluteManagement.com

YOUR RIGHTS AND CONTACT DETAILS OF THE ICO

If you have any questions in relation to our use of your personal data, you should first contact the Data Protection Officer at Resolute Management Services Limited by post or email using the following details:

Data Protection Officer
Resolute Management Services Limited
4th Floor, 8 Fenchurch Place
London EC3M 4AJ
Email: DPO@ResoluteManagement.com

Under certain conditions, you may have the right to require us to:

In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

YOUR RIGHT TO COMPLAIN TO THE ICO

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in SECTION 9, or if you think that we have breached the GDPR, then you have the right to complain to the ICO. Please see below for contact details of the ICO.

England

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

Tel: 0303 123 1113 (local rate) or
Tel: 01625 545 745 (national rate)
Email: casework@ico.org.uk

Scotland

Scotland Information Commissioner's Office
45 Melville Street
Edinburgh
EH3 7HL

 

Tel: 0131 244 9001
Email: Scotland@ico.org.uk

 

Wales

Information Commissioner's Office
2nd floor Churchill House
Churchill way
Cardiff
CF10 2HH

 

Tel: 029 2067 8400
Email: wales@ico.org.uk

Northern Ireland

Information Commissioner's Office
3rd Floor, 14 Cromac Place
Belfast
BT7 2JB

 

Tel: 0303 123 1114 (Local rate)
Tel: 028 9027 8757 (national rate)
Email: ni@ico.org.uk

 

Equitas Limited, registered in England, registered number 3173352, registered address 33 St Mary Axe, London EC3A 8LL