Talbot Underwriting is an international insurance and reinsurance specialist, operating within the Lloyd's Insurance Market through Syndicate 1183. Talbot has a team of highly skilled and experienced underwriters and a balanced, geographically diverse portfolio of business. To enable us to provide our insurance and reinsurance services, including dealing with any claims or complaints that might arise, we need to collect and process personal data. This makes us a "data controller" which makes us responsible for complying with UK data protection laws.
If you have any comments, questions or requests regarding your personal data, please contact the Talbot Underwriting Privacy Lead via firstname.lastname@example.org. In order to assist us in dealing with your query efficiently, it would be helpful if you could please provide your full name, policy number and/or claim reference, the type of policy and its validity dates, if possible, or the dates you worked for us, if you formerly worked for us. Depending on the nature of your request, we may need to obtain some further details from you before responding.
Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice (as amended from time to time) sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice.
Our relationship with you, for example, the type of services we provide, will dictate the nature of personal data that we need to collect about you. It will also dictate the uses we make of your personal data. For example, we will collect different personal data according to whether you are a beneficiary under an insurance policy, a third party claimant bringing a claim against a party that we insure, or a vendor supplying Talbot with a service.
When we provide or receive services, we will sometimes ask for or receive "special categories of personal data” (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership). For example, we may need information about your medical history if underwriting a health policy. Additionally, we may also need details of any unspent criminal convictions you have for fraud prevention and detection purposes.
Where you provide personal data to us about other individuals (for example, if you are an employer) we will also be data controller of their personal data. You should refer any such other individuals to this notice before supplying us with their data on their behalf.
We may amend the personal data that we hold so that you cannot be identified from the data either by itself or when combined with any other data we hold. That data will then not be subject to this notice or data protection law.
Data subject types
We may collect information about you if you are a prospective insured, employee or relative of an insured, claimant, broker, beneficiary of an insurance or reinsurance policy, supplier or applicant for employment.
What personal data will we collect?
Depending on our relationship with you and the services you require or provide to us, we may collect your name, job title, job history, address, telephone number, email address, date of birth, the results of any credit check, gender, information about your relationship to a policyholder, identification information such as passport details, driving licence and national insurance number, bank and payment details and information obtained as part of checking sanctions lists. We may also collect information which is relevant to an insurance application you may make or that may be made on your behalf, such as previous insurance policies held and claims made (this will also include any information specific to the type of policy being applied for is applying for), information gathered from publically available sources such as the electoral roll, newspapers and social media sites and any other information passed on from the insurance broker or the policy applicant.
What special categories of personal data will we collect?
Depending on our relationship with you and the services you require, we may collect information which reveals or is likely to reveal race, ethnicity or political opinions, health, genetic or biometric information or data concerning sex life.
Where relevant, we will also ask for details of any unspent criminal convictions.
How will we collect your personal data?
We collect information about you from a variety of sources depending on our relationship with you and the service you require or provide to us. This includes information you, your employer or a family member may provide to us, which may be provided to us directly or via a broker or legal adviser. We also collect information from brokers or other insurance intermediaries, via fraud prevention agencies, from risk due diligence and screening providers and via publically available sources. In a recruitment context, we may collect information about you from recruitment agencies and third party recruitment websites.
What will we use your personal data for?
We may use your personal data for a number of different purposes. For example:
Quotation and inception purposes
Human Resources and Recruitment
Procurement and Supplier Management
Who do we share your personal data with?
We will keep your personal data confidential.
We may disclose it to any member of our group, which means our subsidiaries, our parent company and its subsidiaries (some of which are outside the European Economic Area in countries which do not have laws protecting the use of personal information to the same standards as in the United Kingdom).
We will only disclose your personal information to third parties (for example, insurance intermediaries, third party suppliers, claims handlers, loss adjusters, recruitment companies, legal advisers, the police, our auditors, fraud detection agencies, credit reference agencies, claims handlers, loss adjusters, regulatory bodies, our reinsurers etc.) if it is necessary for the purposes set out in section 3 and we have a legal ground to do so.
Where we transfer personal information to third parties we will ensure that it is secure and protected from unauthorised access.
Talbot Underwriting markets to brokers, coverholders, insureds, potential joint venture partners and other insurance market participants.
For example, we may identify products which may be of interest to you and provide you with information about those products, including tailored offers and enhanced services. You always have the option to opt-out of marketing communications.
We will not keep personal data for longer than necessary for the purposes for which it is processed as set out in section 3 above. It will be retained in accordance with our data retention policy. Laws or regulations may require us to keep records for specific periods of time. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise.
We will store your personal data based upon the following criteria:
The exact time period will depend on your relationship with us and the type of personal data we hold. This is usually between three and ten years after our relationship with you ends or after the last possible time when a claim can be made, but it will vary depending on what data we hold, why we hold it, whether there could be a dispute and what we’re obliged to do by the regulator or the law.
If you would like further information regarding the periods for which your personal data will be stored, please contact us using the details set out in section 9.
When necessary, sometimes we (or third parties acting on our behalf) will transfer personal data that we collect about you to countries outside of the European Economic Area ("EEA"). Where a transfer occurs we will take steps to ensure that your personal data is protected. For example, where we send your personal data to third parties, and they are or their sub-processor is located outside of the EEA and in a country where the data protection regime has not been deemed adequate by the European Commission, the transfer will be subject to the Data Processor Standard Contractual Clauses (http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087). Where the third party we send your data to is acting as a data controller in their own right, the transfer of your data overseas will be subject to the Data Controller Standard Contractual Clauses (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915) (together, the “Model Clauses”).
We share your data with Talbot Underwriting’s offices outside the UK and EU, including in Australia, Singapore, the United States of America, Bermuda, Chile and Canada. We do this to arrange (re)insurance, handle claims, instruct third parties and conduct other activities in the ordinary course of our business. To protect personal data when it moves between offices, we use encryption and secure data transfers, the Model Clauses (listed above) and there are intra-group rules on data protection, and access is limited to those that have a business need to see the personal data.
In some circumstances we may also share your personal information outside Talbot. For example, we use a third party in India to provide data processing services to support our underwriting activities. In these cases, we use a number of special measures to protect the data, such as encryption and secure data transfers, contractual protections, we conduct due diligence on third parties and we enter into the relevant Model Clauses with them.
If you would like further information regarding our data transfers and the steps we take to safeguard your personal data, please contact us using the details set out in section 9.
At Talbot Underwriting, we take the security and confidentiality of your personal data very seriously. We have implemented a combination of technical solutions, security practices and processes to maintain the confidentiality of your information. For example, we protect information systems from malicious actors using a range of measures such as:
Supporting controls that we use across our infrastructure include:
Under data protection law you have a number of rights in relation to the personal data that we hold about you. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details set out in section 9. We will not usually charge you in relation to a request.
Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request. For example, we may have legal or regulatory requirements which mean that we cannot comply with a request for erasure. Even if this is the case, we will still respond to your request and explain why we cannot comply.
In some circumstances, complying with your request may have other consequences. For example, if you withdraw your consent to processing certain data which is relevant to your cover or claim, we may no longer be able to offer you cover or process that claim. If complying with your request will have a consequence like this, we will let you know at the time you make a request.
The right to access your personal data
You are entitled to a copy of the personal data we hold about you and certain details of how we use it.
We will usually provide your personal data to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal data will be provided to you by electronic means where possible.
The right to erasure
In certain circumstances, you are entitled to request deletion of your personal data. For example, where we no longer need your personal data for the original purpose we collected it for, and if there are no legal, regulatory or policy grounds which require us to retain it.
The right to rectification
We always take care to ensure that the personal data we hold about you is accurate and where necessary up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the personal data we hold about you, you can contact us and ask us to update or amend it.
The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think it might be inaccurate or where you think that we no longer need to use it.
The right to withdraw your consent
Where we rely on your consent in order to process your personal data, (as set out in section 3 above) you have the right to withdraw such consent to further use of your personal data.
Please note that in some cases, withdrawal of your consent may have other consequences (such as a risk that we may be unable to continue your cover or your claim might not be paid). We will advise you of this at the point you seek to withdraw your consent. Please also note that certain information will be required from you in order for us to consider or proceed with an application from you to work with us.
The right to object
Regardless of your role, you have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this by contacting us using the details set out in section 9. Please note that we may still send you service related communications where necessary.
Processing based on our legitimate interests
If we process your personal data on the basis of our legitimate interests, you can object to such processing. If you do, we will consider your objection against our purpose.
The right to data portability
In certain circumstances, you can request that we transfer personal data that you have provided to us to a third party. Please contact us if you have questions about this.
Rights relating to automated decision-making
We do not carry out any automated decision making. If this changes in the future, we will update this notice.
The right to make a complaint with the Regulator
You have a right to complain to the Information Commissioner's Office (ICO) or any other local Data Protection Regulator if you believe that we have breached data protection laws when using your personal data.
You can visit the ICO's website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you may have.
If you would like further information about any of the matters in this notice or if have any other questions about how we collect, store or use your personal data, you may contact us at email@example.com or by writing to us at Privacy Leads, 60 Threadneedle Street, London EC2R 8HP.
Please note that we are not responsible for the privacy policies or content of any websites linked to this website.
From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. On request, we will email you with the most up-to-date notice or you can check our website periodically to view it.
This notice was last updated on 27 September 2018.