Privacy Notice

PRIVACY NOTICE

Crystal Mark 23429 Clarity approved by Plain English Campaign

Privacy notice

This privacy notice explains how we use any personal information we collect about you so that we can provide you with appropriate insurance products and services, settle any valid claims and deal with any concerns you may have. Depending on which services you use, this may involve us using your personal information (information that can identify you, such as your name, contact details, employment details and details of financial payments) and special personal information (for example, details about your health, race or ethnic background).

Topics in this document:

  1. Who we are
  2. What information we collect about you
  3. How and why we use your information
  4. How we collect your information
  5. Who we share your information with and why
  6. How long we keep your information for
  7. How we keep your information secure
  8. Your rights relating to your information
  9. How to contact us
  10. Changes to our privacy notice

We are Canopius Managing Agents Limited. We act for and on behalf of Syndicate 4444 at Lloyd’s of London. We are part of Canopius Group Limited, which has its head office in Jersey and operates in the UK, Bermuda, Australia, USA and Singapore. We are registered with the Information Commissioner’s Office, registration number Z5406784. The Canopius group is made up of a number of trading companies. For more information, please visit our website at www.canopius.com.

We act as the underwriters of your insurance policy. To find out more about how we might use your information within the London Insurance Market, please click here.

In order to deliver our insurance services to you, we may collect the following information.
• Contact details such as your name, address, date of birth, email address and phone number, and details of any other people you are including on the proposal or policy and your relationship with them
• Financial information such as your bank account details, details of the items you want to insure (including the location of those items where this applies) or the cover you want to take out
• Details of any personal injuries or medical conditions if these are relevant to the insurance product or a claim
• Details of any previous insurance cover you have had
• Details about any insurance claims you have made
• Information about any criminal convictions or offences, or county court judgments
• Details from credit, fraud, anti-money-laundering and sanctions checks
• Details of any complaints you make about your policy

We may use your information for the following purposes.
• To provide a quotation and set up your policy
• To set you up as a client, including to carry out fraud, credit, anti-money-laundering and sanctions checks
• To evaluate the risks you want to cover and match you to the appropriate policy and premium

• To manage your policy
• To collect and refund your premiums (if this is necessary)
• To provide general client care, including communicating with you about managing your policy and making any changes you ask for
• To send you your policy documents

• To process claims
• To manage insurance claims
• To defend or prosecute legal claims
• To investigate and prosecute cases of fraud

• To renew your policy
• To contact you in order to renew your insurance policy

• For general insurance purposes
• To assess general risks and provide insurance
• To meet the obligations we have by law and under any regulations that apply
• To transfer books of business if we are selling or reorganising all or part of our company

• For profiling purposes
• When calculating insurance premiums, we may compare your personal information against industry averages and use it to update the industry averages
We may process your personal information for the following reasons.
• It is necessary to meet the terms of a contract. If we have a contract with you or a third party on your behalf, we will process your information in order to fulfil that contract and provide you with our services.
• It is necessary to meet an obligation we have by law.
• It is necessary to carry out a task that is in the public interest (for example, analysing claims in order to calculate insurance risk ratings and premiums).
• It is in our or a third party’s legitimate interests, for example:
• to prevent and detect fraud;
• to analyse claims and carry out profiling to calculate insurance risk ratings and premiums (this is where our actuaries analyse the information we have available to assess how likely you are to make a claim and so decide how much your premiums should be);
• to carry out direct marketing activities with other businesses; or
• due to any sale, merger or takeover of all or part of the Canopius group.
• You have agreed to us processing your personal information. If we need you to agree before we can process your information, we will make this clear at the time we collect it.
We may process your sensitive personal information in relation to your insurance policy if this is necessary:
• to provide the insurance;
• for reasons of substantial public interest; or
• to defend a legal claim against us.

Depending on which of our services you use, we may collect information about you from various sources, including:
• you;
• your family members, employer or representative, such as an insurance broker;
• other insurance companies;
• credit-reference agencies;
• anti-fraud databases, sanctions lists, court judgments and other databases that are available to the public;
• government agencies, such as the DVLA and HMRC;
• the open electoral register; or
• if we receive a claim, third parties, including the other party to the claim (the person making or defending the claim), witnesses, experts (including medical experts), loss adjustors, solicitors and claim handlers.

• third parties who help deliver products and services on our behalf, such as payment-card providers, claims handlers and data-storage providers;
• other companies in the Canopius group to manage your policy and any related claims;
• national anti-fraud databases, including the Motoring Insurance Bureau (MIB) and Claims and Underwriting Exchange (CUE), to prevent fraud and facilitate accurate underwriting and claims management;
• auditors, regulators and the ombudsman (the Financial Services Ombudsman (FOS) in the UK) if we must do this by law or under any regulations that apply; and
• any third party that takes over all or some of our assets, in which case we may transfer your personal information to the third party.

We may transfer your information to a country outside of the UK or the European Economic Area (EEA) in order to deliver our services. We make sure your information is protected when it is transferred and processed by including restrictions in the contracts we have in place with the organisation receiving or processing it. The other organisation must also keep to data protection laws.

We will share your information if we have to share it by law. We may share your information with enforcement authorities if they ask us to, or with a third party if this is necessary because of actual or threatened legal proceedings, as long as we can do so without breaking data protection laws.

We will keep your personal information for as long as is necessary for the purposes we originally collected it for, or for as long as we are allowed to keep it under data protection laws. How long we keep your personal information for will depend on:
• your relationship with us and the types of products or services you have with us;
• how long it is reasonable to keep records to show that we have met the obligations we have to you by law;
• any time limits for making claims under your insurance;
• any retention periods set by law, regulators, professional bodies or associations; and
• whether there are any relevant proceedings.

We are committed to keeping your personal information secure. We have put in place physical, electronic and operational procedures to protect the information we collect and keep it secure. By law, all our staff must respect the confidentiality of the information we collect, and access to confidential information is restricted to only those who have a reasonable need to see it.

You have the following rights relating to the information we collect about you.
• Right of access
• You have the right to make a written request for details of the personal information we hold about you, and to receive a copy of that personal information.
• Right of rectification
• You have the right to have any inaccurate information about you corrected or removed from our records.
• Right to erasure (‘right to be forgotten’)
• You have the right to have certain personal information about you deleted from our records.
• Right to restriction of processing
• You have the right to ask us to use your personal information for restricted purposes only.
• Right to object
• You have the right to object to us processing your personal information.
• Right to data portability
• If you have given us personal information that we store electronically, you have the right to ask us to transfer that information to you or someone else in a format that can be read by computer.
These rights may not apply in all cases. We will let you know whether we think they apply to you.

If you make a request relating to the rights above, we may ask you to confirm your identity and to provide information that helps us to understand your request better. Once we have the information we need from you and have confirmed that your request is valid, we will respond to you within one month of receiving your request, unless you make several or particularly complicated requests, in which case we may extend this time by up to a further two months. We will tell you if we need this extra time and will explain why.

If you want to exercise any of your rights, please write to our Data Protection Team, whose contact details are given below in the ‘How to contact us’ section.

If you are not happy with our response to your request, or you believe the way we have processed your information is not in line with data protection law, please contact us so we can either fix the problem or explain our decision. Or, you can contact our data protection regulator, the Information Commissioner’s Office (ICO), for guidance and advice, or to make a complaint. The ICO’s contact details are as follows.

Website: www.ico.org.uk
Write to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113 (local rate)

If you have any questions, comments or complaints, or you want to exercise the rights you have relating to data protection, please contact the Group Data Protection Officer.

Write to: Group Data Protection Officer
Canopius Managing Agents Limited
Floor 29, 22 Bishopsgate
London
EC2N 4BQ

Email: privacy@canopius.com

Or, if you live in the European Union, you can also contact us through our EU Representative. Email them at Canopius.EURep@oyster-ims.com or write to Canopius Data Protection, Oyster IMS, Carrick House, 49, Fitzwilliam Square, Dublin 2, Ireland.

We keep our privacy notice under regular review, and the latest version will be available on this website. This privacy notice was last updated on 22 August 2022.