The purpose of this notice is to give you more information regarding the processing, collection and sharing of your personal information. We understand the importance of maintaining your privacy, keeping your personal information secure, and complying with data protection laws. We are the data controller of any personal information that we hold about you. This means that we are responsible for complying with data protection laws while this data is under our control. You should read this notice in conjunction with the Website Terms.
For the purposes of the General Data Protection Regulation Corniche Ltd (Corniche) acts as the data controller when processing your personal information. Corniche is a general insurance intermediary who underwrites insurance policies as an agent of insurers. The insurance contracts sold cover the commercial operations of your business, however we may need contact details, staff information, and other personal details to fully perform our duties.
If you require more information, please contact:
The Data Protection Manager
Birchin Court, 20 Birchin Lane, London, EC3V 9DU
+44 (0)203 713 4632
How we use and share personal information
Information, including your personal data, must be shared between different parties, including intermediaries, insurers, reinsurers, Lloyd’s, claims handlers, and loss adjusters (‘insurance market participants’). Sharing of data is only undertaken where necessary to fulfil the requirements under the insurance contracts, or when required by law. We will never re-sell data. There is no obligation to provide us with personal information, however if you refuse to provide it, we may be unable to offer our products and services. We have a lawful basis for processing your information. We have outlined below the situations when each lawful basis is relied upon:
|Performance of a contract with you||Processing is necessary for the performance of a contract to or to take steps at your request prior to entering into a contract. This could include issuing the quotations; claims; and issuing renewals.|
|Compliance with a legal obligation||We have a legal obligation to process your data, for example in relation sanctions and anti-fraud data.|
|For our legitimate interests||For example, to aid debt recovery; assist in the claims process; to ensure policies are structured correctly; targeted industry marketing, risk modelling and aggregation data; preventing fraud; as well as the general administration of the insurance contract.|
|Explicit consent||Consent may be used when special categories of personal data and details of criminal offenses are collected. Individuals may withdraw their consent to such processing at any time using the contact details at the start of this privacy notice. By withdrawing consent, you may prevent Corniche from continuing to provide the services that are the subject of the original contract and insurers may no longer be able to offer the cover or respond in the event of a claim.|
Your personal data is required at various stages of the insurance lifecycle as detailed below:
|Stage||How the data is used|
|Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks; evaluating the risks to be covered and matching to the appropriate policy and premium.|
|Policy administration||Client care, including communicating with you and sending you updates; payment of premium; and when arranging surveys.|
|Claims handling||Managing claims; defending or prosecuting legal claims; investigation or prosecuting fraud.|
|Renewals||Contacting the insured, or their intermediary to renew the insurance policy; evaluating the risks to be covered and matching to appropriate policies; payment of premium.|
|Other||Complying with our legal or regulatory obligations; general risk modelling; transferring books of business, company sales & reorganisations.|
The above is a summary of the uses of your information. Detailed guidance can be obtained from the London Insurance Market Core Uses Information Notice accessible here which includes details on how this information is shared between market participants. We recommend you review this notice.
Timing of collection
Personal Information may be collected at the time of the initial quotation, during the administration of the policy, during site surveys, and in the event of a claim.
Personal information that we may collect
We may collect data in relation to policy holders; directors and controllers of commercial policy holders, employee data from commercial insureds, claimants, including third party claimants who are not party to the original insurance contract, and potential policyholders.
Depending on the policy provided we may require:
|Individual details||Name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.|
|Identification details||Identification numbers issued by government bodies or agencies, for example social security or national insurance number, passport number, tax identification number, and driver’s licence number.|
|Financial information||Payment card number, bank account number and account details, income and other financial information.|
|Insured risk||Information about the insured risk, which may contain Personal Data.|
|Health data||Current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history.|
|Criminal records data||Criminal convictions, including driving offences.|
|Other Special Categories of Personal Data||Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation.|
|Policy information||Information about the quotes individuals receive and the policies they obtain.|
|Credit and anti-fraud data||Credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.|
|Previous claims||Information about previous claims, which may include photographs, video, health data, criminal records data and other special categories of Personal Data.|
|Current claims||Information about current claims, which may include photographs, video, health data, criminal records data and other special categories of Personal Data.|
|Marketing data||This may be based on our legitimate interests or consent. You can object or withdraw consent by contacting us.|
|Website and communication usage||Details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.|
How we obtain your personal data
All policies sold by Corniche are administered through other regulated insurance intermediaries. Most of your personal information is provided by you to these intermediaries who pass the information on to us. We may collect your personal information from 3rd party sources, for example credit reference agencies, sanctions search tools, due diligence providers, claims handlers, publicly available information, social media, survey companies who have visited your business, law enforcement, and other insurance market participants.
It is in our legitimate interest to use information for marketing purposes which is limited to sending Corniche company information to other regulated insurance intermediaries. Corniche does not send marketing information to the insured. The information is limited in nature and is relevant to the business lines which are of interest to both Corniche and the intermediary. Each marketing communication will be sent with an option to update your marketing preferences using the www.signupto.comservice to allow the recipient to opt out at any time.
Protection of data
We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information to prevent unauthorised access or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to Personal Data. These protections will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data and may include encrypted communications, encrypted file storage, firewalls, access controls, and separation of duties. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
Retention periods for data
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected, to manage our business, or as required by law. If there is any possibility that either you or we may wish to bring a legal claim under the insurance contract, or where we are required to keep your personal data for legal or regulatory reasons, then the data will be retained to meet those needs. Generally, the limitation period for the commencement of a claim is 6 years and data will be retained to cover this period. When Personal Data is no longer needed, we will either anonymise the data or securely destroy.
Under the General Data Protection Regulation (GDPR) you have several rights in respect of your personal data. Your rights will always be balanced against our lawful basis for processing and to safeguard the public interest. If you wish to exercise any of these rights, please contact us using the contact details in the ‘About Us’ section. We will respond to requests within 30 days.
|Correction||You can request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.|
|Erasure||You can request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.|
|Objection||You can object to processing of your personal information where we are relying on a legitimate interest, unless our reasons for undertaking that processing outweigh any impact on your interests, rights and freedoms.|
|Restriction||You can request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.|
|Transfer||You can request the transfer of your personal information to another party in certain formats, if practicable.|
|Access||You can request details of information that we hold about you. Please provide any identifying information, the scope of the request, and your contact details. To protect your data, we will need to verify your identity before releasing the personal information.|
|Consent||If processing is based on consent you may be able to withdraw this consent.|
|Complaints||We suggest that in the first instance you contact us to discuss any complaints, however you have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR in respect of your personal data. More details can be found here or by calling 0303 123 1113.|