Beaufort Underwriting Agency Limited (“BUAL”) strives to protect the privacy and the confidentiality of Personal Data that the company processes in connection with the services it provides to commercial clients its employees and individual policyholders. BUAL’s services consist primarily of insurance underwriting and claims handling.
To underwrite insurance cover and handle insurance claims, BUAL and other participants in the insurance industry are required to use and share Personal Data. An overview of how and why the insurance industry is required to use and share Personal Data is provided in Insurance Market Core Uses Information Notice that is available on the website of a UK insurance industry association, the Lloyd’s Market Association (the LMA Notice). BUAL’s use of Personal Data is consistent with the LMA Notice.
During the insurance lifecycle BUAL will receive Personal Data relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. Therefore references to “individuals” in this notice include any living person from the preceding list, whose Personal Data BUAL receives in connection with the services it provides under its engagements with its clients. This notice sets out BUAL’s uses of this Personal Data and the disclosures it makes to other insurance market participants and other third parties.
This notice explains what we do in relation to collecting, storing, and processing Personal Data. If you believe that we may hold Personal Data and you are the Data Subject you have various rights under relevant legislation including rights of access.
The Personal Data we hold, the purposes for which we hold it, and what we do with it will be different for different parties.
This privacy notice does not extend to other sites accessible via links on this website. Where you access other websites via these links you should read the privacy notices contained on those sites and we can take no responsibility for Personal Data held or processed by the organisations concerned.
The information below describes the purposes and means by which we process Personal Data and the scope of use and sharing with other parties. The limitations on scope in relation to sharing with other parties do not apply where we are obliged by law or regulation to a party entitled to receive the Personal Data.
People who visit our website
We do not hold any Personal Data about visitors to our website and our contract with Google Analytics does not permit them to do so either.
People who send emails to us
You should be aware that unless we have established Transport Layer Security (TLS) or other technical means, email traffic between us may be vulnerable to interception.
If an email you sent to us was intended for our sole use and that was made clear to us we will not share it with other parties or provide your contact details.
If an email was sent to us in connection with an insurance policy or claim where we are acting on behalf of you or your client we may share such emails with (re)insurers, or their agents, in connection with the relevant insurance policy or claim.
People who complain to us
The insurance policies you have bought from us set out the process and contact points for dealing with complaints. Where we receive a complaint in relation to our services we will file that information together with other complaint details gathered by us in the course of investigating and resolving the complaint. This information and any Personal Data will not be shared with any other organisation.
Where we receive complaints about the services of another party; for example an insurance broker or claims administrator, we will pass details of the complaint, including any Personal Data provided to us, to the party responsible for the provision of the services. We will advise you where we do this. We will retain a summary of the details for use in analysing the overall service experience of our clients and policyholders.
Whilst our activities are primarily concerned with providing insurance cover to commercial policyholders, in the course of quoting and insuring these insurance policies we may have been provided with Personal Data; for example details of the owners or directors of the firm.
We will only ever use this information in the course of activities necessary to enter into or fulfil an insurance contract and where required as part of the claims process. We will supply this information to our agents for these purposes but will otherwise not provide Personal Data to other parties.
In the course of collecting the information we or our agents need to enable us or them to agree to pay a claim, we may be provided with additional Personal Data where the claim is on behalf of the persons that purchased or are named in the policy.
We may also be provided with Personal Data, including sensitive or medical data, by third parties alleging that they have suffered an injury or other loss caused by the policyholder.
We will only ever use Personal Data obtained and processed as part of the claims process for the purpose of recording, communicating with our agents or administrators, or, with respect to our own administration activities, to resolve the claim.
Agents, Producing Brokers, and (Re)insurers
In the course of our dealings we may be provided with Personal Data relating to the owners, directors, managers, and other individuals in your organisation including email addresses and telephone numbers.
This information will only be held and processed in connection with efficiently managing our business relationship and in that respect will be shared with those of our employees involved in the business between us.
People employed by us
We need to hold a range of Personal Data related to employees, provided by employees, and also gathered in the course of employment.
We will have informed you in detail about the Personal Data we hold or expect to hold, the purposes for which it is processed, and asked you to consent in writing to your Personal Data being held and processed in this way. We will also have told you about your various rights under the legislation.
People in contact with us about employment
If you, or your agent; e.g. a recruitment firm have been in contact with us in relation to a possible position that did not result in you taking up a position with us, certain Personal Data will have been shared with you.
If you sent the Personal Data directly to us we will have acted on the basis that you consented to us holding and processing the data for the purpose of a potential job role. If the Personal Data was sent to us by an organisation to whom you provided it in relation to employment we will similarly have acted on the basis that you consented to the data being provided.
Our policy is to destroy all such Personal Data within twelve months of receipt unless we are at that time actively in discussions about a possible specific employment role.
Limiting Collection and Retention of Personal Information
We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Privacy Notice or as permitted by law. If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on BUAL’s behalf to process Personal Data for the new purposes.
Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised information) or securely destroy the data.
Individuals may request additional information about the specific safeguards applied to the export of their Personal Data
We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via Secure Sockets Layer, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
Cross–Border Transfer of Personal Information
BUAL transfers Personal Data to, or permits access to Personal Data from, countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for Personal Data as offered in the EEA. We will, in all circumstances, safeguard Personal Data as set out in this Privacy Notice.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow BUAL to freely transfer Personal Data to such countries.
If we transfer Personal Data to other countries outside the EEA, we will establish legal grounds justifying such transfer, such as individuals’ consent, or other legal grounds permitted by applicable legal requirements.
Individuals can request additional information about the specific safeguards applied to the export of their Personal Data.
Accuracy, Accountability, Openness and Your Rights
We strive to maintain Personal Data that is accurate, complete and current. Individuals should contact us at firstname.lastname@example.org to update their information.
Questions regarding BUAL’s privacy practices should be directed to BUAL’s Data Protection Officer using the contact details in the Questions, Requests or Complaints section below.
Under certain conditions, individuals have the right to request BUAL to*:
- provide further details on how we use and process their Personal Data;
- provide a copy of the Personal Data we maintain about the individual;
- update any inaccuracies in the Personal Data we hold;
- delete Personal Data that we no longer have a legal ground to process; and
- restrict how we process the Personal Data while we consider the individual’s enquiry.
In addition, under certain conditions, individuals have the right to:
- where processing is based on consent, withdraw the consent;
- object to any processing of Personal Data that BUAL justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
- object to direct marketing (including any profiling for such purposes) at any time.
These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days.
If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.
*Some of the rights in this “accuracy, accountability, openness and your rights”section only apply under European data protection law from 25 May 2018. Prior to this date, BUAL will only handle requests to exercise those rights that are available under data protection law applicable at that time, including the right to access Personal Data, the right to have inaccuracies in Personal Data rectified and certain rights to object to the processing of Personal Data.
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Notice or BUAL’s privacy practices, please write to the Data Protection Officer at the following address:
The Data Protection Officer
Beaufort Underwriting Agency Limited
Third Floor, One Minster Court
London EC3R 7AA
Phone: 0207 220 8264