The Privacy and Security of your information is very important to Senior Wright Ltd. This Privacy Notice explains who we are, the types of information that we collect, how we use it, who we share it with, how we protect it and how long we keep it. It also advises you of certain rights that you have under current data protection law. If you would like more detail about data protection, the Information Commissioner’s Office (ICO) provides a considerable amount of helpful detail on their website which is at: https://ico.org.uk/.
Who We Are Senior Wright Ltd is a Lloyd’s insurance broker and is authorised and regulated by the Financial Conduct Authority. Our business is to arrange and administer insurance contracts on behalf of our clients.
What Personal Information Do We Collect? The kind of personal data that we collect and hold relates to our business as an insurance broker and is the information that we need to arrange contracts. Most of this is provided by our clients who ask us to obtain insurance quotations for them and arrange contracts on their behalf. In addition, we very often obtain additional information from public sources in order to carry out due diligence and regulatory checks that we are required to undertake. This might involve information held by Credit Rating agencies, Companies House, Sanctions Lists or information available from the internet. We only collate information that we need to service our clients and to satisfy our legal and regulatory obligations.
We sometimes collect data that the ICO describe as Special Category Data in order to arrange an insurance policy, such as health details (for example for a travel policy). Sometimes we may need to obtain relevant criminal records (such as driving offences in order to arrange motor insurance).
The Legal Basis on Which We Hold Personal Data The ICO identifies six different legal bases on which personal data can be held by a firm or entity. The legal bases on which we hold our client’s data will usually be Contract (this will cover much of our work in arranging insurance cover) and Legal Obligation (this will cover most of our interaction with regulators). From time to time we may need to use another legal basis. You can find out more about the different legal bases for holding data on the ICO website at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
How We Use Personal Data That We Collect We are registered by the ICO as a Data Controller which means that we are responsible for how our clients’ data is processed.
Arranging insurance cover will usually include obtaining a quotation, issuing a policy and possibly negotiating and settling claims. We will put the data our clients send to us in a format that will enable us to get the best result for them in negotiating with insurers, loss adjustors and other participants in the insurance market.
In order to undertake due diligence on clients we carry out checks on data that we have been given and may add it to sanctions checking or other facilities in order to provide ongoing checks. We are confident that these facilities will keep your data secure.
The various parties that may see clients’ data during these processes are set out in the next section.
Who We Share Personal Data With To carry out the processes referred to in the section above, we may need to share data with various parties including, underwriters, other brokers, Managing General Agents, loss adjusters, lawyers and surveyors. We are an intermediary which operates in the London Insurance Market, which may involve the existence of a chain of different entities involved in the arranging and administering of insurance. At times this can be quite complex. Details of how insurance in the London Market works and which parties may be involved have been set out by various trade bodies based in London with the help of lawyers. You can review this at the following address: https://www.londonmarketgroup.co.uk/gdpr (you will need to click the “click to download” link).
We may occasionally transfer personal information outside the European Economic Area where it is necessary to do this in order to fulfil our responsibilities to arrange insurance cover for our clients. In these instances we will make sure that your data continues to be protected.
How Do We Protect Personal Data We use standard industry technology in order to protect data in a way which is proportionate to the risks that we face as an insurance broker. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How Long Do We Hold Data? The ICO requirement is that an entity does not hold personal data any longer than required in order to fulfil the purpose for which that data was supplied. We aim to follow this requirement but would also point out that in the context of administering insurance contracts, this can provide particular challenges. Clients would want us to keep their data so that if they experience a loss we are in a position to negotiate a claim for them as quickly as possible. With some kinds of insurance (for example liability) the period during which a claim may transpire is indeterminate. We aim to adhere to the ICO’s requirements without prejudicing our clients’ needs.
Your Rights Under the latest data protection legislation you have various rights with respect to your personal data. In summary these are:
The right to:
- Request access to your personal information
- Request correction of your personal information
- Request erasure of your personal information
- Object to processing of your personal information
- Request the restriction of processing of your personal information
- Request the transfer of your personal information
We may have legal or regulatory obligations which prevent us from complying with some of the above requests. As we take everyone’s data security very seriously, we would need very clear proof of identity before we could carry out some of these procedures. It is important to recognise that complying with some of the above requests might mean that we could not fulfil your insurance policy.
This list is just a summary. If you would like more detail about these rights, this can be found on the ICO website at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Contact Details and Complaints If you wish to discuss anything to do with your personal data that we hold, including making a complaint about how we have handled it, please get in touch with our Data Protection Administrator, Jonathan Avery, at firstname.lastname@example.org. You also have the right to complain to the ICO if you wish.
July 2018 v1