Chord Reinsurance Limited is committed to protecting the privacy and security of your personal information, providing clear information about how your personal information is processed and complying with data protection laws. This Privacy Notice tells you what we do with information we collect about you.
This Privacy Notice applies to any individual whose personal information we process in the course of providing insurance or related services or operating our business, including website users; individuals enquiring about career and employment opportunities; employees of intermediaries, coverholders and third party suppliers; policyholders; prospective policyholders and beneficiaries and claimants under our insurance policies.
Insurance involves the use and disclosure of your personal information by various insurance market participants. The London Insurance Market Core Uses Information Notice, which can be found at https://www.londonmarketgroup.co.uk/gdpr describes how the insurance market participants process your personal information during the insurance lifecycle. We recommend you review this Core Uses Notice as well as this Privacy Notice.
WHO WE ARE
Chord Reinsurance Limited is the controller and responsible for your personal data (collectively referred to as “Chord Re”, “we”, “us” or “our” in this Privacy Notice). We are a reinsurance underwriting business, specialising in short-tail reinsurance and an approved Lloyd’s Coverholder. Chord Re is authorised and regulated by the Prudential Regulation Authority and regulated by the Financial Conduct Authority.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
We keep our Privacy Notice under regular review. This version was last updated on 18 February 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Individual details
Name, address (including proof of address), other contact details (for example e-mail address and telephone numbers), gender, marital status, date and place of birth, nationality, employer, leisure activities and interests, family details including the relationship of family members to you.
• Identification details
Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number.
• Data from fraud prevention, law enforcement or government agencies
Other publicly available databases and data sources used to prevent or detect fraud or provide details to us about criminal convictions or offences.
• Data in relation to regulatory issues from HM Treasury and other authorities
For example when someone is subject to a financial sanction they will appear on HM Treasury’s asset freezing list
• Information relating to underwriting insurance policies
Managing and processing insurance claims, such as previous insurance records and claims histories, and in some cases, surveillance reports.
• Employment and career information
Your employment history, job title, salary, employment benefit options, educational background and any professional qualifications and licences.
• Usage Data
Information about how you use our website, products and services.
The type of information we may collect and process about you will depend, in some circumstances, upon the type of insurance which we are offering or underwriting.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
Sensitive personal information
We may collect certain categories of personal information which are more sensitive. This information, which is known as special category personal data, has additional protection and includes: your health information (such as your medical records and history, test results, information and treatment, and reports on medical diagnoses) information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, religious beliefs, sexual orientation, sex life and genetic information your membership of a trade union We may also collect information about criminal convictions or offences where authorised by law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
Where we have collected the information directly from you it will usually be obvious what this is as you will have contacted us or given it to us. This might not be the case where we have used cookies to collect information from your computer or portable electronic devices.
Cookies and Google Analytics
When you visit our website, our web server collects some basic information such as your internet service provider’s domain name, which pages you accessed on our site, and when. We use this information only to analyse how visitors are using our website and to help guide improvement.
This information is collected and analysed using cookies and Google Analytics.
Information collected from others
We can collect information about you from others and from various sources. This includes information from:
Other insurance market participants which may include intermediaries who are involved in the arranging of insurance cover between us and policyholders (such as insurance brokers and coverholders); other insurers who are providing the insurance cover together with us; other insurers who we are providing reinsurance cover to in our capacity as a reinsurer.
In the event of a claim, third parties who are involved including claims handlers who assist us in investigating or processing claims, solicitors, loss adjustors, experts (including medical experts), witnesses, evidence providers, the other party to the claim (who may be either a claimant or a defendant).
Individuals or companies that you may be associated with (for example representatives acting on your behalf, your employer or your family members).
Anti-fraud databases, sanctions lists, court judgments and other publicly available sources and databases.
Credit reference agencies and other financial institutions.
Which of the above sources apply will depend on your particular circumstances.
HOW WE USE YOUR PERSONAL INFORMATION AND WHY WE MAY DO THIS
We use your personal information in order to meet our obligations in our contracts of insurance and to operate our business. We must have a legal basis to process your personal information. We and our other group companies use your personal information in the following ways and for the following reasons:
• To provide insurance services
We may use your personal information to issue quotes for, and administer, policies of insurance. We can use your information in this way to fulfil our contractual obligations or to take steps before entering into a contract.
• To do what we are required to do by law
We may use your personal information to comply with legal obligations and to cooperate with regulatory bodies to which we are subject. This includes the prevention and detection of fraud, money laundering, terrorism and other crimes; the carrying out of background checks where these are required and lawful; fulfilling due diligence and reporting obligations; and responding to binding requests from regulators.
We can use your information in this way because we are obliged to comply with legal and regulatory requirements including the Financial Services and Markets Act 2000 and the regulation of the Prudential Regulation Authority and the Financial Conduct Authority.
• To review, process and manage insurance claims
We may use your personal information to manage the investigation and payment of claims made under our insurance policies, including conducting fraud, anti-money laundering and sanctions checks and bringing or defending legal claims which relate to the policy of insurance.
We can use your information in this way to fulfil our contractual obligations, to comply with legal and regulatory requirements and because it is in our legitimate interests to exercise our rights and bring or defend claims made against us.
• To operate and audit our business
We may use your personal information to fulfil our contractual obligations to third parties; to perform administrative activities in connection with our services; to conduct data analysis which helps us assess risks, price our insurance appropriately and improve our services; to research and develop new insurance products.
We can use your information in this way because it is in our legitimate interests to improve our services and manage our business efficiently, to ensure we manage risk and price our insurance appropriately, and to maintain accurate records and perform audits. When we process your personal information on the basis that it is in our legitimate interests to do so we balance our interests with your rights and freedoms and keep the information used and the processing to the minimum required to meet those legitimate interests.
• To exercise our legal rights
We may use your personal information to exercise, defend and protect our legal rights or the rights of third parties where it is necessary to do so. For example we may bring or defend claims or recover debts which are due to us.
We can use your information in this way because it is in our legitimate interests to exercise our rights to collect money which is owed to us and to bring or defend claims made against us.
• For recruitment
We may use your personal information to assess your suitability for employment and make recruitment decisions.
We can use your information in this way because it is in our legitimate interests to recruit suitably qualified employees and carry out our responsibilities in relation to recruitment.
• Sensitive personal information
If it is necessary that we process your sensitive personal information (or special category personal data) for one or more of the purposes above we will only do so where one of the following lawful reasons applies:
o we have obtained your explicit consent
o we need to process your sensitive personal information to establish, exercise or defend a legal claim
o we need to process your sensitive personal information for reasons of substantial public interest, for example an insurance purpose
o we are otherwise authorised by local law to process your sensitive personal information
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We may share your personal information with third parties and other companies within our group in the following circumstances:
Beat group companies – we operate as an international business so we may share your personal information with group companies who may use this information for the purposes described in this Privacy Notice.
Insurance market participants – including other insurance and reinsurance companies, coverholders, intermediaries, retrocessionaires and business partners. We may share your personal information with these third parties should they need to use your personal information in connection with the provision of insurance and processing of claims. For example, we may share your personal information with other reinsurers for the purposes of settling claims.
Service providers – we may share your personal information with service providers that perform services and other business operations for us, for example, software and analytics providers, professional advisors and auditors.
Potential purchasers – we may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this Privacy Notice.
Companies who are our customers – we may share your personal information with your company or employer in certain circumstances, for example, if your company or employer has a corporate insurance policy with us and you make a claim under that policy.
Any law enforcement agency, court, regulator or government authority. We may share your personal information with these parties where this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
WILL WE SEND YOUR PERSONAL INFORMATION OVERSEAS?
We may need to transfer your personal information to other insurance market participants, our group companies, and service providers, contractors and agents who perform services on our behalf and are located outside of the UK.
We will put agreements in place with the people we send information to so that these transfers will be made in compliance with data protection legislation and they will be required to treat your personal information with the same degree of protection that would apply within the UK. For more information on the appropriate safeguards in place, please contact us at the details below.
In some cases we might need to share information to carry out the services we have promised to carry out, for example if you require urgent assistance abroad. In such an urgent situation we may not always have the time to put in place the type of agreement we would normally want to.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
In certain circumstances, in order to provide insurance cover and deal with claims, we may need to process your special category personal data, such as medical records and information relating to criminal convictions, for the purposes outlined above. We may need your consent to do this and if we do need your consent we will ask you for it separately.
You do not have to give your consent and you may withdraw your consent at any time. However, if you do not give your consent, or you withdraw your consent, this may affect our ability to provide the insurance cover from which you benefit or prevent us from providing cover or handling claims.
PROFILING AND AUTOMATIC DECISION MAKING
When we analyse personal information for the purposes of risk assessment or risk modelling this may involve profiling, which means that we may process your personal information using software that is able to evaluate behaviours and predict risks or outcomes.
It helps us to understand any risks associated with the insurance policy and to make decisions about how we can improve and develop our products and services, or our pricing and underwriting. It is in our legitimate interests to manage risk and ensure we are charging appropriate premiums.
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION FOR?
We will keep your personal information only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim or complaint under an insurance policy, or where we are required to keep your personal information for legal or regulatory reasons.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
• You may contact us for one or more of the following reasons:
o To ask us to correct information about you that is wrong or incomplete, or to delete personal information about you. To tell us you no longer agree to, that you object to, or that you wish to restrict us using information about you and ask us to stop.
o To exercise your right of access, which means you may ask us to provide you with a copy of all of the personal information that we have about you.
o To exercise your right to data portability, which means you may obtain and reuse the information that you have provided to us for your own purposes across different services.
You may ask for this information to be provided directly to you or directly to another organisation. We will provide the information in a machine readable format so that another organisation’s software can understand that information.
Sometimes we will not be able to stop using your personal information when you ask us to (e.g. where we need to use it because the law requires us to do so or we need to retain the information for regulatory purposes).
In other cases, if we stop using your personal information, we will not be able to provide services to you, such as administering an insurance policy or servicing a claim.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We will tell you if we are unable to comply with your request, or how your request might impact you or others, when you contact us.
HOW TO CONTACT US
Our Legal Department is responsible for responding to questions about this Privacy Notice or to your requests to exercise your rights which are set out above. You can contact our Legal Department at:
Chord Reinsurance Limited
Suite 304, 3rd Floor
70 St Mary Axe
London, EC3A 8BE
Telephone: +44 (0)20 7123 5310
If you have any concerns about the way in which we are using your personal information, please contact our Legal Department in the first instance and we will try to resolve your concern. However, you do also have the right to complain about how we treat your personal information to the Information Commissioner’s Office (“ICO”). The ICO can be contacted at: https://ico.org.uk/