This Privacy Statement explains what we do with any personal information that you provide and also any personal information that we collect from other sources. It explains what our practices are and your rights in relation to your personal information. This Privacy Statement has no contractual force, nor does it offer any rights or obligations over and above those in existence with general data protection legislation.
We work with insurers, reinsurers, brokers and other participants within the insurance industry (“our partners”) in our capacity as treaty and facultative reinsurance broker.
We may collect personal information from you to deliver services to our partners, either in your capacity as a partner yourself, or a partner’s representative. If we do collect your personal information, you have certain important rights relating to the personal information which may depend on how and why we use your information.
If you have any questions or concerns about our privacy and personal information handling behaviour, or wish to discuss any related matter further please contact firstname.lastname@example.org
Whilst we will seek to answer any query about our use of your information, there are some occasions when services we provide to our partners are provided as a processor, which means that the partner remains primarily responsible for your information. In these circumstances, we may re-direct a query about our use of your information to our client partner.
Oryx Re Limited is a Data Controller in certain circumstances. We are registered in England and Wales, company number 14629366 and with the Information Commissioners Office (“ICO”) under registration number ZB606161. The ICO is the UK’s independent authority set up to uphold information rights in the public interest. Their website can be found at https://ico.org.uk/
The Personal Data we hold, the purposes for which we hold it, and what we do with it will be different for different parties.
If we hold your personal data you are a Data Subject and have a number of rights UK data protection legislation including:
The right to be informed that your data is being collected. We do this by making this notice available to you and in limited circumstances where we ask for your written consent;
The right to access your personal data and know what data we hold. You should use the contact information below in the first instance and we will ask you for proof of identity as part of the process;
The right to rectification. If you believe that your personal data held by us is inaccurate you can ask us to correct the data;
The right to portability. You can ask us to provide your personal data in a format that can be transmitted to another data controller;
The right to erasure. You can ask us to erase your personal data but please understand that there are circumstances where we will continue to be entitled to process your data and we will explain any relevant reasons at that time;
The right to restrict processing. You can ask us to restrict how we use your data;
The right to object. You can object to a data controller processing your data, typically where it is used for marketing purposes.
How and when is your personal data collected?
Working together with our partners, who may include treaty and facultative reinsurance underwriters and/ or brokers, claims management companies, risk management assessment and consulting services, specialist coverholder support services and other forms of insurance or reinsurance services, your personal data will normally be provided to us. Although sometimes our partners may ask us to contact individuals directly.
Individuals may ask for services from us or as an employee of a current or potential partner. In such cases any personal data that is requested is necessary for us to understand the requirements of the service and to make an offer.
When we assess a potential new employee, we will request personal data from the individual to process the application. We may require additional personal data if the candidate is successful so that we are able to manage the employment relationship.
If you contact us with a complaint or query. If a complaint is made, we will request sufficient personal data for us to investigate the complaint and contact the complainant at a later date.
What personal data is collected?
Information collected from partners. We could collect personal information such as your name, contact details and employment details. We may also, in strictly relevant situations, collect sensitive information about you such as gender or date of birth.
It is understood that if you provide us with sensitive personal information, we will ask your specific consent when information collected from you. We only require information that is necessary for us to respond to your request and require it to be accurate. We use this information for the purpose stated when we requested it or within the context of the collection, such as an employment application.
How do we use your personal information?
The purposes for which we use personal information are summarised below.
Providing services in conjunction with our partners. We process personal information which our partners provide to us with for the purpose of providing our service. The purpose for which the information is processed depends on the specifications of our terms of business with the partner concerned. Our partners are obliged to ensure that their clients and partners understand that your personal information will be disclosed to us.
Managing the delivery of our services. We process personal information about our partners and their representatives in order to:
conduct normal partner screening prior to entering into a business arrangement with them
communicate with our partners, including invoicing and administering the service
handle any complaints
administer insurance/reinsurance claims
Comply with our legal and regulatory responsibilities
PEOPLE WHO SEND EMAILS TO US
You should be aware that unless we have established Transport Layer Security (TLS) or other technical means, email traffic between us may be vulnerable to interception.
If an email you sent to us was intended for our sole use and that was made clear to us we will not share it with other parties or provide your contact details.
If an email was sent to us in connection with an insurance policy or claim where we are acting on behalf of you or your client we may share such emails with (re)insurers, or their agents, in connection with the relevant insurance policy or claim.
They will be Data Controllers with their own obligations and responsibilities in connection with processing your data and you should contact them directly. We will only share this information where it is necessary for dealing with a claim or fulfilling an insurance policy. We can provide you with details of firms with which we have shared your personal data if you request this from us.
PEOPLE EMPLOYED BY US
We need to hold a range of personal data related to employees, provided by employees, and also gathered in the course of employment.
We will have informed you in detail about the personal data we hold or expect to hold, the purposes for which it is processed, and asked you to consent in writing to your personal data being held and processed in this way. We will also have told you about your various rights under the legislation.
We hold your data on the basis of consent unless that consent has been withdrawn by you and when we obtained your consent, we will have explained how long we will normally hold the data. If you have not retained a copy of the Consent Notice you can obtain a copy by contacting HR.
PEOPLE IN CONTACT WITH US ABOUT EMPLOYMENT
If you, or your agent; e.g. a recruitment firm have been in contact with us in relation to a possible position that did not result in you taking up a position with us, certain personal data will have been shared with you.
If you sent the personal data directly to us we will have acted on the basis that you consented to us holding and processing the data for the purpose of a potential job role. If the personal data was sent to us by an organisation to whom you provided the personal data in relation to employment we will similarly have acted on the basis that you consented to the data being provided.
Our policy is to destroy all such personal data within two months of receipt unless we are at that time actively in discussions about a possible specific employment role.
PEOPLE WHO COMPLAIN TO US
Our Terms of Business Agreements set out the process and contact points for dealing with complaints. Where we receive a complaint in relation to our services we will file that information together with other complaint details gathered by us in the course of investigating and resolving the complaint. This information and any Personal Data will not be shared with any other organisation.
Where we receive complaints about the services of another party; for example an insurer, we will pass details of the complaint, including any personal data provided to us, to the party responsible for the provision of the services. We will advise you where we do this. We will retain a summary of the complaint details for use in analysing the overall service experience of our clients and policyholders.
Whilst our activities are primarily concerned with placing insurance covers for commercial policyholders, in the course of quoting and placing insurance policies we may have been provided with personal data; for example, details of the owners or directors of the firm.
We will only ever use this information in the course of activities necessary to enter into or fulfil an insurance contract and where required as part of the claims process. We will supply this information to insurers or their agents for these purposes but will otherwise not provide personal data to other parties.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
In the course of collecting information to provide (re)insurers, or their agents or administrators, with the information needed to enable them to administer or agree to pay a claim, we may be provided with additional personal data where the claim is on behalf of the persons that purchased or are named in the policy.
We may also be provided with personal data, including sensitive or medical data, by third parties alleging that they have suffered an injury or other loss caused by the policyholder.
We will only ever use personal data obtained and processed as part of the claims process for the purpose of recording, communicating with (re)insurers or their agents or administrators, or, with respect to our own administration activities, to resolve the claim.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
TRANSFERRING YOUR PERSONAL INFORMATION ACROSS BORDERS
The nature of our business is global with many of our clients operating outside the UK thus certain personal information will inevitably be transferred across borders.
As a matter of course, when we transfer your personal data outside our border, we ensure by way of contractual commitments that your personal information will be protected.
If you require further information about where your personal data is transferred, please contact us.
Security measures in place to protect your personal information.
The security of your personal information is important to us and we have implemented physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. Only individuals with specific responsibilities concerning your personal data have access to it, and all our staff receive training about the importance of protecting it. All e-mail traffic to and from our website is encrypted.
Our service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorised purpose.
Other rights regarding your data
There are some sets of circumstances that allow for you to have certain rights in relation to your personal information. If you do contact us to obtain this information, do not be surprised if we ask you for additional information to confirm you identity for security purposes, before disclosing this information.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. There may be situations where we would not technically be able to fully address your request and we would advise you accordingly if this is the case.
Right to Access. You have right to access personal information which we hold about you.
Right to Rectification. You have a right to ask us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten. You have the right to have your personal information deleted, provided it is no longer necessary for the purpose it was collected, and we have no other legal grounds for processing the data.
Right to Restrict Processing. You have the right to restrict the processing of your personal information, but only when:
We are given time to check its accuracy after you contest it
The processing is unlawful, but you do not want it erased
It is no longer needed for the purposes for which it was collected, but still may be needed for the establishment, exercise or defence of legal claims
You have exercised the right to object, and verification of overriding grounds is pending.
Right of data portability. This right requires us to provide your personal information to you or another controller in a machine-readable format, but only if the processing of the personal information is based on consent or the performance of a contract to which you are party.
Right to Object to Processing. You can object to us processing your personal data, provided there are no legitimate bases requiring us to do so. If there are, we will explain to you why it is not currently possible to stop processing your personal data.
Right to decline automated decision making. We do not use automated decision-making to profile and process your personal information. If we ever did, you would have the right to request that decision-making is not based exclusively on an automated process.
HOW TO RAISE A CONCERN
If you wish to raise a concern or make a complaint, in the first instance please contact the person you normally deal with at Oryx Re, by either email or telephone. Alternatively, you can contact us for more information at email@example.com or raise any further issue with the ICO through their portal https://ico.org.uk/global/contact-us/.
This privacy notice does not extend to other sites accessible via links on this website. Where you access other websites via these links you should read the privacy notices contained on those sites and we can take no responsibility for personal data held or processed by the organisations concerned.
The information contained with this document describes the purposes and means by which we process personal data and the scope of use and sharing with other parties. The limitations on scope in relation to sharing with other parties do not apply where we are obliged by law or regulation to a party entitled to receive the personal data.
If you have further questions, wish to access your data, or wish to make a complaint you should contact firstname.lastname@example.org