PRIVACY NOTICE - UK/EU
R&Q Insurance Holdings Ltd
UK and European Union Data Protection
R&Q complies with Data Protection legislation and regulations when processing your personal data.
Processing of Personal Data
R&Q may collect and use your personal data in its normal course of business for the following insurance purposes:
- advising on, arranging, underwriting or administering an insurance contract,
- administering a claim under an insurance contract, or
- exercising a right, or complying with an obligation, arising in connection with an insurance contract, including a right or obligation arising under an enactment or rule of law, for example the subrogation of claims to other insurers
We may share your personal data with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies to prevent fraud and money laundering.
Lawful Basis for Processing
The Lawful Basis for our processing of the personal data of UK Data Subjects is that, providing that the processing is necessary, it is in the public interest to make available insurance products through risk-based pricing, to administer and pay insurance claims, and to detect fraud in the insurance process. This is consistent with Lawful Bases for processing personal data of Contract and Legitimate Interests.
If processing of personal data takes place in the European Economic Area, this will be in accordance with any local Data Protection legislation, to the extent that this varies the requirements of the General Data Protection Regulation. If there are no material variations to the General Data Protection Regulation in the country in which the processing takes place, we will:
- Process any Special Category personal data (relating to an individual’s racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetics and health) only if the explicit consent of the individual has been confirmed in advance.
- Not process any personal data relating to criminal convictions.
The Insurance Market Process
Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Market Core Uses Information Notice sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. R&Q’s Policy is to restrict the amount of personal data requested / disclosed to the minimum required to achieve the stated purpose of the processing, as set out in the London Market Core Uses Information Notice. We recommend that you review this notice.
Personal Data Collected
Insurance underwriting and claims information is collected either directly from you or from other participants in the insurance market which are engaged in your insurance arrangements, for storage in R&Q’s systems. Your Personal Data may include your name and contact details, and other information that is pertinent to your insurance policy or claim, for example your address, information on your immediate family if they are to be included in the policy or claim, your occupation, and your insurance claims experience. This may include some “sensitive” information, for example your medical history or details of criminal convictions, which will be processed only to the extent necessary for the purpose of the insurance and to provide the service you require.
Disclosure of Information to Others
We may pass your personal data to third parties such as intermediaries, insurers, reinsurers, claims managers, loss adjusters, sub-contractors, our affiliates and to certain regulatory bodies who may require your personal data themselves and process it for the purposes described in this Privacy Notice. We will provide the names of such third parties upon request from you.
We do not disclose any of your personal data to any third parties except as set out in our Privacy Notice or as permitted by law or authorised by you.
Children - Consent
When processing personal data relating to children, we will do so on a lawful basis. In some cases, explicit consent from the child may be needed, and we will ensure that the child can understand what is being consented to and is therefore suitably informed. We will also make reasonable efforts to ensure that a person giving consent on behalf of a child holds parental responsibility for the child.
Requests to Cease Processing
If you instruct us to cease processing your personal data, this may impact upon our ability to provide insurance or to pay claims. We may contact you to advise that the cessation of processing or the deletion of your personal data is not possible because the processing of certain data is necessary and lawful as outlined above.
Profiling and Automated Decision Making
R&Q’s operations do not include automated decision making or profiling.
Data Retention Periods
We will retain your Personal Data for a minimum period of 7 years and for no longer than is necessary for the purposes of the processing.
Depending on the circumstances, the use of Personal Data described in this Notice may involve a transfer of data outside the UK and the European Economic Area to countries that have less robust data protection laws. Any such transfer will be made with appropriate safeguards in place.
Non-Core Uses of Personal Data
We will not use Personal Data for purposes beyond those set out in the London Market Core Uses Information Notice.
Your Rights under the General Data Protection Regulation
The European Union General Data Protection Regulation, effective 25 May 2018, sets out the following rights of Individuals relating to the processing of their Personal Data:
1. The Right to be Informed
Individuals have a right be provided with fair processing information to be provided, typically through a Privacy Notice.
2. The Right of Access
Individuals have a right to obtain confirmation that their data is being processed and to obtain access to their personal data.
3. The Right to Rectification
Individuals have a right to have personal data rectified if it is inaccurate or incomplete. If the personal data in question has been disclosed to third parties, they must be informed of the rectification, and the individuals must also be informed of this.
4. The Right to Erasure
Individuals have a right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
5. The Right to Restrict Processing
Individuals have a right to stop or suppress the processing of personal data.
6. The Right to Data Portability
Individuals have a right to obtain and re-use their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
7. The Right to Object
Individuals have a right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
8. Rights in relation to Automated Decision-making and Profiling
Individuals have a right of protection against the risk that a potentially damaging decision is taken without human intervention.
Access to Personal Data
It is important that the Personal Data we hold about you is accurate, complete and up-to-date. As noted above, you have the Right of Access to your personal data and to request the amendment of any element of it that may be incorrect, and to assert your other Rights as listed above.
If any of your details change you can update us through your normal contact at R&Q or by sending an e-mail to firstname.lastname@example.org.
Questions, Requests, or Complaints
If you have any questions about this Privacy Notice, you can contact:
Group Data Protection Officer
R&Q Insurance Holdings Ltd
71 Fenchurch Street
Telephone: 0207 977 0834
If you are not satisfied with our response or believe that we are not handling your personal data in accordance with the law you can complain to the Information Commissioner’s Office (https://ico.org.uk/).