We are committed to protecting and respecting your privacy.
This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. When you are visiting our website, we process your personal data according to the practices described in this policy to offer you our services. We also need to process your personal data according to the practices described in this policy to perform our services when you enquire about or purchase our services.
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), the data controller is Shanghai Asian Insurance Brokers(UK) Limited of Holland House, 1-4 Bury Street, London, EC3A 5AW (“we”, “us”, “our”).
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
• Information you give us. You may give us information about you when you obtain a quote or by completing and sending proposal and claim forms to us or by corresponding with us online, by post, telephone, email or otherwise including information you provide when you use the “Contact Us” facility on our website or when you report a problem with our website. The information you give us using any one of the methods of communication above may include your name, address, email address and telephone number, financial and credit card information, personal description, details of bankruptcy, criminal convictions (including motoring offences), details of occupation, including directorships and other relevant information.
• Information we collect about you. Each time you visit our website we may automatically collect the following information from you:
- technical information, including the Internet protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
• Information we receive from other sources. We may receive information about you if you use any of the other services we provide. We also work closely with third parties (including, for example, insurers, reinsurers, intermediaries, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them.
• Types/classes of information processed. When you apply for a quotation or policy online or write to or email us or when you complete a proposal form or a claim form we process personal information about you that includes some or all of the following: personal details, family details, lifestyle and social circumstances, financial details, employment and education details and information on goods and services provided.
• Sensitive Information. We may also process sensitive classes of information. This may include physical or mental health details, offences and alleged offences.
HOW WILL WE USE YOUR INFORMATION?
The information you supply or we collect from you may be used for the purposes of insurance administration by us, our associated companies. We also use information held about you in the following ways:
• Information you give to us. We will use this information:
- to provide you with the information, products and services that you request from us and to carry out our obligations arising from any contracts entered into between you and us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by letter, e-mail, telephone or SMS with information about services similar to those which were the subject of a previous sale or negotiations for a sale to you. If you are a new customer, we will contact you only if you have consented to this. If you do not want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data (the proposal form);
- to notify you about changes to our service;
- to ensure that content from our website is presented in the most effective manner for you and for your device;
o to maintain our accounts and records;
- to enable insurers and the other third parties identified in the section headed “Disclosure of your Information” below to provide services to you, and/or to carry out their work, including the investigation of any claims made by you;
- if you give us information about another person, in doing so you confirm that they have given you permission to provide it to us to be able to process their personal data (including any sensitive personal data) and also that you have told them who we are and what we will use their data for, as set out in this notice.
• Information we collect about you. We will use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our website to ensure that content is presented in the most effective manner for you and for your device;
- as part of our efforts to keep our website safe and secure.
• Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with any member of the Shanghai Asian Insurance Brokers Group of Companies.
We may share your information with selected third parties including:
• other insurance companies, reinsurers
• professional advisers, suppliers, service providers and sub-contractors (including payment processors, surveyors, auditors, claims handlers, investigators and loss adjusters) to perform any contract we enter into with them or you
• regulatory bodies for the purposes of monitoring and/or enforcing our compliance with any regulatory rules/codes
• analytics and search engine providers that assist us in the improvement and optimisation of our website
• if we are under a duty to disclose or share your personal data in order to comply with or enforce any legal obligation, or our Terms of Business Agreement, or to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and detection protection.
We will disclose information about you to regulatory authorities in response to formal requests.
TRANSFER OF INFORMATION OVERSEAS
We, and certain Recipients (our third party service providers) who process your Personal Data on our behalf may transfer your Personal Data outside the European Economic Area (“EEA”). When such transfer occurs, we will ensure a similar degree of data protection by ensuring at least one of the following safeguards is implemented:
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
· we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
· where we use certain service providers, we may use specific contracts approved by the European
Commission which gives personal data the same protection it has within the EEA; and
· where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and
maintain a similar level of protection to the personal data as if it was processed within the EEA.”
We will only retain personal data for as long as necessary to fulfil the purposes we collected it for. These include legal, regulatory, accounting, reporting requirements. The appropriate retention period for personal data is determined by the amount, nature, sensitivity of the data, the potential risks from unauthorised use or disclosure of personal data, and the applicable legal requirements.
Further information can be found by contacting our Compliance office.
THIRD PARTY WEBSITES
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates.
If you follow a link to any of these websites, please note that these websites have their own cookie and privacy policies and that we do not accept any responsibility or liability for these policies. Please check the cookie and privacy policies of third party websites before you submit any personal data to them.
EXERCISE YOUR RIGHTS
To exercise this right, you may write to us with details of your request, to: Compliance, Shanghai Asian Insurance Brokers(UK) Limited, Holland House, 1-4 Bury Street, London, EC3A 5AW or by email at email@example.com
• Right to Object to Processing. In certain circumstances, you have a right to object to our processing of your Personal Data where we process it on the legal basis of: a) our legitimate business interest, including profiling based on our legitimate business interests; or b) your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms or where the processing of your Personal Data is required for compliance with a legal obligation or in connection with legal proceedings.
• Right to Withdraw Consent. You have a right to withdraw your consent, at any time, to our processing of your Personal Data which is based on your consent. Where you exercise this right, our processing of your Personal Data prior to your withdrawal of consent will remain valid.
• Right of Access. You have the right to access and obtain a copy of the Personal Data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
• Right to Rectification. You have the right to request that we correct any inaccuracies in the Personal Data stored about you.
• Right to Erasure. In certain circumstances, you have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:
- your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- where you withdraw consent and no other legal ground permits the processing;
o where you object to the processing and there are no overriding legitimate grounds for the
- your Personal Data have been unlawfully processed; or
o your Personal Data must be erased for compliance with a legal obligation.
Where we store your Personal Data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your Personal Data for compliance with a legal obligation or in connection with legal proceedings.
• Right to Restriction. You have the right to restrict our processing of your Personal Data where any of the following circumstances apply:
- where you feel that the Personal Data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your Personal
o where the processing is unlawful and you do not want your Personal Data be erased and
request the restriction of its use instead;
- where we no longer need to process your Personal Data (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
- where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms. Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
• Right to Data Portability. You have a right to receive and transfer the Personal Data that you provide to us in a structured, commonly used and machine readable format where we process your Personal Data on the legal basis of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your Personal Data on your behalf to another controller of your choice (where it is feasible for us to do so).
• Right to Object to Automated Decision-Making, including profiling. You have a right not to be subjected to decisions based solely on automated decision- making, including profiling, which produce legal effects concerning you or similarly significantly affects you. We may not be able to comply with such a request where we rely on the legal basis of: a) your explicit consent; or b) where it is necessary to enter and perform our contract with you (as detailed in section 2 above). You will however be entitled to have a person from our team review the decision so that you can query it and set out your point of view and circumstances to us.
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to notice will be effective immediately upon notification either by e-mail or on our website.
If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you either by e-mail or on our website, and you will have a choice as to whether or not we use your information in the new manner.