Privacy Policy

1. PERSONAL INFORMATION WE USE
    1.1 Information we collect directly from you and other sources
    1.2 Special categories of personal data
2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
4. AUTOMATED DECISIONS ABOUT YOU
5. INFORMATION SHARING
6. INFORMATION SECURITY AND STORAGE
7. INTERNATIONAL DATA TRANSFER
8. CONTACT US
9. CHANGES TO THE POLICY

This privacy notice describes how Starr Managing Agents Limited, Starr International (Europe) Limited and Starr Underwriting Agents Limited (collectively "Starr" "we" or "us") collects and processes personal information about policyholders, beneficiaries or claimants and their agents and relatives ("you"), how we use and protect this information, and your rights in relation to this information.

This privacy notice applies to all personal information we collect or process about you in relation to the administration of insurance policies, our products and services. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

1. PERSONAL INFORMATION WE USE
We collect personal information from you directly and also from other sources described below (depending on the products and services you use):

  1. Broker;
  2. Coverholder;
  3. Third Party Administrator;
  4. Appointed Representative;
  5. Loss Adjuster;
  6. Master Policyholder;
  7. from an organisation we insure;
  8. from third parties such as law enforcement, anti-fraud agencies, other insurers, your solicitor or a credit reference agency;
  9. from publicly available information;
  10. as part of the purchase, sale or merger, or proposed purchase, sale or merger of new business;
  11. Information we collect automatically from you, including data collected using cookies and other device identifying technologies ('Cookies and Tracking Technologies'). Further information about our use of Cookies and Tracking Technologies is available here 
  12. your employer.

We may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

1.1 Information we collect directly from you and other sources
The categories of information that we collect directly from you and other sources (depending on the products and services you use) are:

  1. Personal details (e.g. name, date of birth, gender, marital status, national insurance number, employer's information, business information);
  2. Contact details (e.g. phone number, email address, postal address or mobile number);
  3. Proof of identity (e.g. passport, utility bill, birth certificate or marriage certificate);
  4. Family details (e.g. spouse, partner, joint applicant, next of kin, dependents, designated beneficiary or trustee);
  5. Financial information (e.g. income, expenditure, credit and bank details);
  6. Professional advisers' details (e.g. financial advisers, solicitors, estate agents);
  7. Employment details (e.g. length of service, salary, tax details, places and types of work carried out);
  8. Health (e.g. physical, mental, family, medical history, GP details, medical reports, other medical practitioner details);
  9. Claim (e.g. details of the claim and why you are making it);
  10. Transactional information (e.g. information about your services, information relating to any of your requests, queries or complaints); or
  11. Criminal conviction details.

1.2 Special categories of personal data
Some of the categories of information that we collect are special categories of personal data (also known as sensitive personal information). In particular, we may process data concerning health in connection with the administration of insurance policies and any claims.

2. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT
We use your personal information to:

  1. administer your policy:
    1. identify you, assess and process applications to use our insurance products or services;
    2. communicate to manage and administer insurance with respect to the services that we provide;
    3. handle claims;
    4. provide, improve and personalise our products and services;
    5. deal with enquiries, complaints and requests;
  2. comply with the legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;
  3. maintain service quality (for example: calls may be monitored and/or recorded for authentication, security, compliance, quality and training purposes);
  4. exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, money laundering, sanctions or other violations of law; and
  5. corporate reporting.

We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

  1. to fulfil our contractual obligations, for example to provide the product and services requested and to administer the insurance policy. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations;
  2. to comply with our legal obligations, for example to obtain proof of your identity to enable us to meet our fraud prevention and anti-money laundering obligations;
  3. to meet our legitimate interests in order to protect our business, for example to maintain service quality in respect of underwriting insurance policies and administering claims. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.

3. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You have certain rights regarding your personal information, subject to local law. These include the following rights to:

  • access your personal information;
  • rectify the information we hold about you;
  • erase your personal information;
  • restrict our use of your personal information;
  • object to our use of your personal information;
  • receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
  • lodge a complaint with your local data protection authority.

If you would like to discuss or exercise such rights, please contact us at the details below.

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests.

4. AUTOMATED DECISIONS ABOUT YOU
We may make automated decisions about you where such decisions are required or authorised by law, for example for sanctions, fraud prevention and money laundering purposes.

Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.

5. INFORMATION SHARING
We may share your personal information with third parties under the following circumstances:
  • Service providers and business partners. We may share your personal information with our service providers and business partners that perform policy administration services and other business operations for us. For example, we may partner with other companies to provide customer service administration, IT systems and software, process secure payments, optimise our products and services, support email and messaging services and analyse information.
  • Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
  • Other insurers. We and other organisations may also access and use this information to prevent fraud and other crime. For example when reviewing applications for products and services, claims payments and recoveries. We may also share your personal information with other insurers, co-insurers or Lloyd's syndicates.
  • Reinsurers. We may share your personal information with reinsurers who help us manage our risk.
  • Professional Advisers. For example, legal advisers, accountants and consultants.
  • Others. We may share your personal information with anyone you ask us to share your information with e.g. your solicitor, claims management provider or complaints handler.
  • Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.

We work closely with other entities with which we are affiliated. We may share certain information with other Starr group companies for various reasons including administration, marketing purposes, internal reporting, customer insights, service optimisation, and legal and regulatory requirements. Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfer" below for more information.

6. INFORMATION SECURITY AND STORAGE
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Comply with record retention requirements under the law;
  • Defend or bring any existing or potential legal claims;
  • Deal with any complaints regarding the services; and
  • any other purposes for which personal information will be retained.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

7. INTERNATIONAL DATA TRANSFER
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

8. CONTACT US
We can be contacted via our Data Protection Officer at:

Data Protection Officer
4th Floor, 30 Fenchurch Avenue
London, EC3M 5AD
ukgdpr@starrcompanies.com
+(0044) 207-337-3594

If you have questions or concerns regarding the way in which your personal information has been used, please contact the Data Protection Officer using the details above.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a data protection authority.

9. CHANGES TO THE POLICY
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. If we change this privacy notice, we will update the privacy notice on our website and, where necessary, notify you of the changes.

21 MAY 2018