Privacy Notice

This Privacy Notice explains how we use any personal information we collect about our customers (“you” or “your”) to enable us to provide you with appropriate insurance products and services, settle any valid claims and deal with any concerns you may have. Depending on which services you use, this may involve us using your personal data (information that can identify you such as your name, contact details, employment details and or financial payments) and special personal data (information such as health details, race or ethnic origin).

Topics in this document:

Canopius Managing Agents Limited, (“we” or “us” or “our” or “Canopius”) for and on behalf of Syndicate 4444 at Lloyd’s of London, is part of Canopius AG which is domiciled in Zurich and operates in the UK, Ireland, Netherlands, Switzerland, Bermuda, USA and Singapore. Canopius is registered with the Information Commissioners Office, registration number Z5406784, the Canopius group is comprised of a number of trading companies, further information is available on our website www.canopius.com.

We act as the underwriters of your insurance policy. To find out more about how information might be used within the London Insurance Market, please visit www.londonmarketgroup.co.uk/gdpr

In order to deliver our insurance services to you, we may collect the following information:

  • contact details such as your name, address, date of birth, email and telephone contact details, details of additional people who you are including on the proposal or policy and your relationship with them
  • financial information such as bank details, details of insured items or cover required including the location of those items where applicable
  • personal injury details or medical conditions if relevant to your product or claim.
  • details of previous insurance cover
  • details about any claim submitted under your insurance
  • information about any criminal convictions or offences such as or County Court judgements
  • credit, fraud and anti-money laundering and sanctions checks
  • details of any complaints you raise

We may use your data for:

  • Quotation and inception purposes
    • to set you up as a client, including fraud, credit and anti-money laundering and sanctions checks
    • evaluating the risks to be covered and matching to appropriate policy / premium
  • Policy administration
    • collection and refund of premiums
    • general client care, including communicating with you regarding administration and requested changes to your policy
    • sending you your policy documentation
  • Claims processing
    • managing insurance claims
    • defending or prosecuting legal claims
    • investigating and prosecuting fraud
  • Renewals
    • contacting you in order to renew your insurance policy
  • Insurance lifecycle
    • general risk modelling and underwriting
    • complying with our legal or regulatory obligations
    • transferring books of business, company sales and reorganisations
  • Profiling
    • When calculating insurance premiums we may compare your personal data against industry averages and use it to create the industry averages going forwards

We may process your personal data because:

  • it is necessary for the performance of a contract: where we have a contract with you or a third party on your behalf, we will process your information in order to fulfil that contract and provide you with our services;
  • it is necessary for compliance with a legal obligation;
  • it is necessary for the performance of a task carried out in the public interest: for example claims analysis in order to calculate insurance risk ratings and premiums;
  • it is in our or a third parties’ legitimate interests: for example for the prevention and detection of fraud, claims analysis and profiling to calculate insurance risk ratings and premiums, and any sale, merger or acquisition of all or part of the Canopius group;
  • we have your consent. If we require your consent, it will be made clear at the time your information is collected.

We may process your sensitive personal data in relation to your insurance policy because:

  • it is necessary for the provision of insurance
  • it is necessary for reasons of substantial public interest
  • it is necessary for the defence of legal claims against us

Depending on which of our services you use, we may collect information about you from various sources, including:

  • directly from you;
  • your family members, employer or representative such as an insurance broker;
  • other insurance companies;
  • credit reference agencies;
  • anti-fraud databases, sanctions lists, court judgements and other publically available databases;
  • government agencies such as the DVLA and HMRC;
  • open electoral register; or
  • in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claim handlers.

We may share your information with:

  • our third parties suppliers who help deliver products and services on our behalf, such as payment card providers, claim handlers, data storage providers;
  • within our group of companies to administer your policy and any related claims;
  • national anti-fraud databases;
  • auditors, regulators and ombudsman when required by regulatory or legal obligations;
  • third parties where any or all of the Canopius group assets are acquired by a third party, in which case personal data held by us may be transferred to the new party.

Canopius may transfer your information to a country outside of the European Economic Area (“EEA”) in order to deliver our services. Canopius ensure this transfer and processing is carried out with the appropriate safeguards and in compliance with data protection law, such as being protected by the necessary contractual terms.

We will share your information if we are required to by law. We may share your information with enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so in compliance with data protection law.

Canopius retains your personal information for as long as is necessary for the purposes for which it was originally collected and allowed by data protection law. The length of time we keep your personal information is determined in accordance with the following criteria:

  • your relationship with us and the types of products of service you have with us;
  • the length of time it is reasonable to keep records to demonstrate that we have fulfilled our obligations to you under the law
  • any limitations periods within which claims might be made;
  • any retention periods prescribed by law, by regulators, professional bodies or associations;
  • the existence of any relevant proceedings.

We are committed to keeping your personal information secure. We have put in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. All Canopius staff have a legal duty to respect the confidentiality of information, and access to confidential information is restricted to only those who have a reasonable need to access it.

You have the following rights, subject to certain exceptions:

  • Right of subject access:
    • the right to make a written request for details of your personal information and receive a copy of that personal information.
  • Right of rectification:
    • the right to have inaccurate information about you corrected or removed
  • Right to erasure (‘right to be forgotten’):
    • the right to have certain personal information about you erased.
  • Right to restriction of processing:
    • the right to request that your personal information is only used for restricted purposes.
  • Right to object:
    • the right to object to processing of your personal information which we justify in our legitimate interests.
  • Right to data portability:
    • the right to ask for the personal information you have directly given to us and is stored electronically, to be transferred to you or a third party in a machine-readable format.

These rights are not absolute and we will let you know in our correspondence with you whether we think they apply to you.

We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. Once we have the necessary information from you and your request is valid, we will respond to you within one month of the receipt of a request unless the number and complexity of the requests made is deemed sufficiently high, in which case we may extend this time by a maximum of further two months. We will inform you if we need to make use of this additional time and why we need to do so.

If you wish to exercise any of your rights, please make your request in writing to our Data Protection Team whose contact details can be found below in the How to contact us section.

If you are unhappy with our response to your request, or you believe the way we have processed your information is not in keeping with data protection law, we would like to hear from you so we can either fix the problem or further explain our decision. Alternatively, you may contact our data protection regulator, the Information Commissioner’s Office (ICO) for guidance and advice, or to lodge a compliant. The ICO may be contacted at:

Online: www.ico.org.uk
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate)

If you have any questions, comments, complaints or wish to exercise your data protection rights, please contact the Group Data Protection Officer:

Email:
privacy@canopius.com

Post:
Group Data Protection Officer,
Canopius Managing Agents Limited,
Gallery 9, One Lime Street,
London
EC3M 7HA

We keep our Privacy Notice under regular review and the latest version will be available on this website. This Privacy Notice was last updated on 12th April 2018.