Privacy Policy

Data Protection & Privacy Policy

Icen Risk Limited (Icen Risk) is an insurance intermediary and we routinely collect and use personal data about individuals including data about prospective customers, insured persons, claimants, beneficiaries, other persons involved in an insurance claim or business partners (“you”). We are committed to protecting your personal data and we fully understand our obligations under data protection legislation.

This privacy policy is designed to help you understand how and why we use your personal data. This policy sets out the following:
Section 1 – Who collects your data and who is responsible for it?
Section 2 – What types of data we collect about you
Section 3 – Where we might collect your personal data
Section 4 – The purposes, legal grounds and recipients of our processing of your personal data
Section 5 – Consent
Section 6 – Retention of your personal data
Section 7 – International Transfers of Personal Data
Section 8 – Your Rights and Contact Details
Section 9 – Glossary

Section 1 - Who collects your data and who is responsible for it?

In this policy we, us and our refers to Icen Risk which comprises certain companies based in Europe which are part of the Icen Risk group of companies. These companies include Nexit 2018 Limited and Innoma Capital Limited.In order to provide our services, we will collect and use data about individuals.

This means we area data controller and are responsible for complying with data protection laws. The personal data that we collect and process will be shared with other participants in the insurance market, some of which you will not have direct contact with. You can find out the identity of who else might be processing your data in the following ways:

  • Where you took out the insurance policy yourself, intermediaries such as Icen Risk willbe the initial data controller. The insurer will also be a data controller. Icen Risk has twoData Protection Officers, Robert Brown and Dawn Bhoma who can advise you of the identities of other insurance market participants that have been provided with your personal data.
  • Where a third-party purchased insurance for your benefit, that third-party may also bea data controller. You should contact the third-party who should provide you with details of intermediaries such as Icen Risk that they provided your personal data to. Icen Risk’s Data Protection Officer can advise you of the identities of other insurance market participants that have been provided with your personal data.
  • Where you are not a policyholder or an insured, you should contact the organisation that collected your personal data who should provide you with details of the relevant data protection contact.

If you have any questions then please contact either robert.brown@icenrisk.com or dawn.bhoma@icenrisk.com.

Section 2 - What types of data we collect about you

To provide insurance quotes for the placing of insurance policies, administer insurance policies, deal with claims under a policy we have placed, and deal with complaints, we need to collect and process personal data about you. We collect a variety of information depending on the nature of the risk we have been asked to place and the claim.

If you are one of our business partners then we will collect your contact details and we may collect information on your expertise.

We also collect and process your personal information when you visit our locations, speak to us on the phone, when you email us and visit our website which may include filling in forms, searching fora product, completing surveys, reporting problems with our website or using any of our other websites or services. We will automatically collect personal data via cookies each time you visit our website.

The types of personal data that we may collect and process include:

Insureds and Prospective Insureds
Contact Details
Name, address, telephone number and email address
Identification Details
Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number
Risk Details
Information about you which we need to collect to evaluate your insurance needs and risk appetite and obtain quotes for you
Policy Information
Information about the quotes we obtain and insurance policies we have arranged for you
Financial Information
Bank account or payment card details (where you are paying usfor the insurance), income or other financial information
Credit and Anti-Fraud Data
Credit history, credit score, sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you
Previous and Current Claims
Credit history, credit score, sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you
Credit and Anti-Fraud Data
Information about previous and current claims, (including other unrelated insurances)
Marketing Information
Name, email address, telephone number, interests, record of marketing permission or objections, website data (including online account details, IP address and browser generated information)
Claimants
Contact Details
We will need to collect your name, address, telephone numberand email address
Policy Information
Policy number, and if you are not the policyholder details of your relationship to the policy holder, details of the policy including amount insured, exceptions and previous claims
Claims Details
Details of the incident giving rise to the claim
Financial Information
Bank account details used for payment of a claim (if applicable)
Anti-Fraud Data
Sanctions matches and criminal offences, and informationreceived from various anti-fraud databases relating to you
Other Data
Information collected to validate a claim (for example, from social media, public registers, online databases, credit references agencies)
Business Partners, Visitors and Marketing
Business Partners
Name, work address, work email, work telephone numbers andjob title
Visitors to our office
Name, employer, job title, email address, telephone number, CCTV images, dietary requirements and any disability data
Marketing
Name, email address, telephone number, interests, record ofmarketing permission or objections, website data (including onlineaccount details, IP address and browser generated information)

Section 3 - Where We Might Collect Your Personal Data

We might collect your personal data from various sources, including:

  • You;
  • Your employer or representative;
  • Other insurers, brokers and reinsurers;
  • Credit reference agencies;
  • Your advisors and other persons acting on your behalf;
  • Anti-fraud databases, sanctions lists, court judgments and other databases;
  • Government agencies such as the DVLA and HMRC;
  • Open electoral register;
  • In the event of a claim, third-parties including experts, loss adjustors, solicitors, and claims handlers;
  • Third-party service providers;
  • Social media such as LinkedIn, Facebook and Twitter;
  • Third-party marketing databases;
  • Analytics providers; and
  • Search information providers.


Cookies

Cookies are small text files placed on your computer or other device when you visit a website. Cookies are used to make websites work more efficiently, to identify you or your device and to collect information on visitor behaviour.

By visiting our website and confirming your consent via the pop-up notice, you accept our use of cookies on your device in accordance with this Privacy Notice. If you choose not to accept cookies for our website, we will not place any cookies on your device, unless they are strictly necessary for the website to function, as explained below. If you choose not to accept the use of cookies, you may experience a lack of functionality on some areas of our site. You can also choose to disable cookies on your browser following the instructions below.

How We Use Cookies
We may use the following types of cookies on our website:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. This type of cookie cannot be disabled but does not gather information about you for marketing or other purposes and is deleted once you close your browser.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. Thisenables us to personalise our content for you, greet you by name and remember your preferences(for example, your choice of language or region).

Targeting cookies.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. We and our service providers may also use cookies in online advertising to track responses to our advertisements, and to track your use of other websites.

Changing Your Cookie Settings
We will ask for your consent before setting cookies on your device, but you can review what you have agreed to and change your mind about what you consent to by accessing the cookie settings in your browser and accepting, rejecting or deleting cookies. If you choose to change your cookie settings for our website, you may find that certain features will not function as intended. All browser settings are slightly different, but please see the links below for details on how to disable and delete cookies in the most commonly used browsers:

  • Microsoft Internet Explorer
  • Apple Safari
  • Google Chrome
  • Mozilla Firefox

To find out more about cookies, visit www.aboutcookies.org or www.allaboutcookies.org.

Section 4 - The purposes, legal grounds and recipients of ourprocessing of your personal data

We set out below the purposes for which we use your personal data. Within the relevant sections of this Policy we will explain the legal grounds for processing your data. We will also explain who we share your data with.

We will only use your personal data when the law allows us to. We may use your personal data in the following circumstances:

  • Where we need to perform the contract we have entered into with you i.e. the insurance policy;
  • Where we need to comply with a legal obligation;
  • Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests i.e. we have a justifiable purpose;
  • With your explicit consent;
  • Where we need to protect your interest (or someone else’s interests);
  • Where it is needed in the public interest (or for an official purpose).

PURPOSES

SETTING YOU UP AS A CUSTOMER

When setting you up as a customer we will need to collect your personal data such as your contact details. We may also need your personal data to carry out certain checks including possible fraud, sanctions, credit and anti-money laundering checks.

Legal Basis
We need this data to perform our contract we have with you. For example, in order to fulfil our obligations under our contract and place appropriate insurance cover, we need to use your persona data provide you with appropriate insurance cover according to your needs.

We have a genuine business need to use your personal data such as maintaining our business record and keeping records of insurance policies we place and analysing and improving our business model and services. When using your personal data for these purpose, we have considered your rights and ensures that our business needs does not cause you harm.

We also need to comply with our legal obligations in relation to the prevention of financial crime.

We will process special categories of data without your consent only where it is necessary for an insurance purpose and it is in the substantial public interest. This will apply where we are advising or arranging an insurance policy, assisting with any claims under a policy, and undertaking any activities to prevent and detect fraud.

Disclosure
We may pass/disclose your identification details and financial data on to credit reference agencies and anti-fraud databases.

QUOTATION

At the quotation stage we evaluate the risk(s) to be covered and match this to the appropriate policy and premium. To do this we collect your personal data such as your contact and identification details and underwriting information including details of the risk. We also collect other personal data including information relating to previous claims and credit and anti-fraud data.

If you telephone us for a quotation then we may record the telephone call. We will warn you that the call is being recorded at the time of the call.

Legal Basis
We need this data in order to enter into and perform our contract. We have a genuine business need to determine if market placement and place insurance cover for you that is in line with your insurance needs.

Disclosure
If we are unable to provide you with an insurance policy, we may partner with an appropriate regulated entity who may be able to assist. We will always ask your permission to introduce you to them and if you agree, we may pass certain information that you have given us about you to the min order for them to assist.

Where we introduce you to a partner, any relationship that you then commence or information which you pass to them will be in accordance with their terms and conditions together with their privacy policy. We are not liable for any relationship you have with them or anything arising from that relationship (whether it is formal or not).

PURCHASE OF INSURANCE

Where we take payment of underwriting fee or premium we will need to collect your individual details and financial information.

Legal Basis
We need this data to perform our contract and there is a genuine business need for us to take payment.

Disclosure
We may share your personal data with credit reference agencies or other entities if we need to check your credit score or to run compliance checks.

We will pass your individual details and financial information to banks.

If you complete a transaction with us, we may ask a third-party to assist with obtaining feed back from you on the service and product you have received. This will involve us passing your contact details to them.

If you agree to provide feedback, you agree to any applicable terms and conditions at that time.

POLICY ADMINISTRATION AND RISK SERVICES

We may need to communicate with you regarding policy administration and requested changes to your insurance policy. We may need to collect or refund premium payments and we may also need to send you updates regarding the insurance. To perform these tasks we will need to process your personal data such as your contact details and financial information.

Legal Basis
We need to process this data to perform our contract and because we have a genuine business need to correspond with customers, insureds, beneficiaries and claimants.

CLAIMS PROCESSING

Information about claims (whether made by our customers or third-parties) made under policies that we arrange is collected by us when a claim is made.

If you have a claim or are involved with a claim under an insurance policy which we have arranged, then we may need to collect and process your personal data in order to assist with the claim.

As part of the claim we may need to investigate the claim, and carry out fraud, credit and anti-money laundering checks. We will need to collect and process your personal data such as your individual details, identification details, financial information and policy information (if applicable).

Legal Basis
We need to process this data to perform our obligations under our contract and we have a genuine business need to assist customer in any claims they have and because it is necessary for us to assess or assist any insurer in the veracity and quantum of claim, to defend or make claims (or assist any insurer in doing so) and to assist with the prevention and detection of fraud (or assist any insurer in doing so). We also need to comply with our obligations in relation to the prevention of financial crime.

We may also need to collect special categories of data. We will process special categories of data without your consent only where:

  • It is necessary for an insurance purpose; or
  • Where the processing is necessary for the establishment, exercise or defence of a legal claim; or
  • Where the processing is necessary to protect your vital interests or of another person where you are physically or legally incapable of giving consent.


Disclosure
To manage the claim effectively we may pass your personal data to Travelers Syndicate 5000 at Lloyd’s and/or members of the Travelers 2020 M&A Consortium registered at Lloyd’s of London and any other form of delegated authority, claims handlers, loss adjusters, accountants, solicitors, experts, parties involved in the investigation or prosecution of the claim, other insurers, reinsurers, regulators and anti-fraud databases. We may also pass your personal data to any agent authorised by you to act on your behalf and regulatory authorities.

OTHER PROCESSING

We may also need to process your personal data for other purposes not connected to our contract, but which are necessary for the provision of our services, for example:

  • Complying with our legal or regulatory obligations;
  • General risk modelling;
  • Transferring books of business, company sales and group company reorganisations

To comply with our legal or regulatory obligations, we may need to process your individual details, identification details, financial information and policy information. We may also need to disclose your personal data to regulators including the the Financial Conduct Authority, the Information Commissioner, the Financial Ombudsman Services and other third-parties from whom we receive requests for personal data such as other insurers (under court order).

We conduct risk modelling. We do this as it is within our legitimate interests to identity the probability of risks arising. We may need to process your individual details, identification details, financial information and policy information to build risk models. We may also need to process your special categories of data but would do this only with your consent unless the processing is necessary for an insurance purpose.

From time to time we may sell our business assets, sell companies or engage in company reorganisations. We may need to do this to structure our business appropriately or to comply with regulatory or legal obligations. In doing so we may need to process your individual details, identification details, financial information and information relating to our contract. We may also need to process your special categories of data but will only do this if the processing is necessary or for reasons of substantial public interest. We may need to disclose your personal data, including special categories of data, to a potential or actual transferee, purchaser, independent expert, regulators and the courts.

Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our professional advisers, insurance companies and syndicates, service providers, contractors, agents and group companies that perform activities on our behalf.

BUSINESS PARTNERS

If you are a business partner or a supplier we will collect your business contact details to manage our relationship with you and to administer our contract with you or your employer. We may also collect your information if you attend meetings, attend events that we organise, sign up to our bulletins or newsletters or contact us through our website. We may also collect information about you from public sources (for example LinkedIn or your employer’s website) where we believe this is necessary to help manage our relationships with our business partners.

VISITORS

If you are a visitor (such as visiting our website or our offices) we will use your personal data, for example, to register for use of our website, enquire for further information, distribute requested reference materials or invite you to one of our events.

DATA ANALYTICS

We may use your personal data to send you marketing communications about our services. This may be in the form of email, printed material sent by post, online posts, SMS, telephone or targeted online advertising. We will only ever do this with your consent or if you are in a business relationship with us. You have the right to stop us marketing to you by opting out of such marketing when you receive electronic communications from us or by contacting our data protection officer.

We may also use your personal data to contact you in response to your social media posts.

We may also share your information with selected third-parties, including:

  • Advertisers and advertising networks that need the information to help them choose and show adverts to you and others;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our website; and
  • Professional advisers and service providers involved in our marketing activities.

Section 5 – Consent

Where you have given us your consent to process your personal data you may withdraw your consent to such processing at any time. If you withdraw your consent this may impact our ability to provide services to you.

If you wish to withdraw your consent to our processing of your personal data please contact either robert.brown@icenrisk.com or dawn.bhoma@icenrisk.com.

Section 6 - Retention of your personal data

We will keep your personal data only for so long as is reasonably necessary, for the purpose for which it was originally collected and to comply with our legal or regulatory obligations.

All information you give us is stored on our secure servers. Some techniques we use to protect information include locked files, user authentication, encryption, firewall technology and the use of detection software.

Once we have collected your information, we use strict procedures and security features to prevent unauthorised access.

Section 7 - International Transfers of Personal Data

We may need to transfer your data to jurisdictions located outside of the European Economic Area(EEA).

Your data may be processed by employees working for the Icen Risk group of companies, some of whom may be based outside the EEA. Your data may also be processed by our service providers or assistance providers who may be located outside of the EEA. We may disclose your personal data outside of the EEA if we receive a request from a foreign law enforcement or regulatory agency.

Transfers of your personal data outside of the EEA will be carried out:

  • To countries recognised as providing an adequate level of protection or where we aresatisfied that there is adequate safeguard in place to protect your rights as the data subject,such as EU Model Contract Clauses;
  • Transfers made within the Icen Risk group of companies are carried out under contracts which incorporate the EU Model Contract Clauses;
  • Transfers to service providers and other third-parties will be protected by contractual commitments such as the EU Model Contract Clauses;

If you would like further information on the safeguards we have in place, please contact our Data Protection Officer.

Section 8 - Your Rights and Contact Details

If you have any questions in relation to our use of your personal data, please contact our us for further information. Under certain conditions, you may have the right to require us to:

  • Provide you with further details on the use we make of your personal data/special category of data;
  • Provide you with a copy of the personal data that you have provided to us;
  • Update any inaccuracies in the personal data we hold;
  • Delete any special category of data/personal data that we no longer have a lawful ground to use;
  • Stop processing your personal data, where such processing is based on your consent;
  • Restrict how we use your personal data whilst a complaint is being investigated; and
  • Stop processing your personal data where such processing is based on the legitimate interests ground, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.


In certain circumstances, we may need to restrict the above rights to safeguard the public interest(e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

You may contact us with questions, comments, or complaints about this Policy or our privacy practices, or to request access to, or correction of your information. Our contact information is as follows:

Icen Risk Limited
C/O Callidus Secretaries Limited
54 Fenchurch Street,
London,
England,
EC3M 3JY

Email: robert.brown@icenrisk.com or dawn.bhoma@icenrisk.com (both, the Managing Principals of Icen Risk Limited)

YOUR RIGHT TO COMPLAIN

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your legal rights, or if you think that we have breached data protection legislation(including the GDPR) then you have the right to complain to the data protection supervisory authority which is the Information Commissioner’s Office in the UK. Please see below for contact details:

England:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
CheshireS
K9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Scotland:
Information Commissioner's Office
45 Melville Street
Edinburgh
EH3 7HL

Tel: 0131 244 9001

Wales:
Information Commissioner's Office
2nd floor
Churchill House
Churchill way
Cardiff
CF10 2HH

Tel: 029 2067 8400

Northern Ireland:
Information Commissioner's Office
3rd Floor14
Cromac Place
Belfast
BT7 2JB

Tel: 0303 123 1114 (local rate) or 028 9027 757 (national rate)

Section 9 – Glossary

Beneficiary(ies) is an individual or a company entitled to receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policy holder and there may be more than one beneficiary under an insurance policy.

Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a policyholder where that claim is covered by the insurance policy.

Claims
processing is the process of handling a claim that is made under an insurance policy.EU Model Contract Clauses are the standard contractual clauses (known as model contract clauses)recognised by the European Commission as offering adequate safeguards for the transfer of data outside of the European Economic Area.

GDPR is the EU General Data Protection Regulation as implemented by the UK Data Protection Act 2018 which replaces the UK Data Protection Act 1998 from 25 May 2018.

Insurance policy is a contract of insurance between the insurer and the insured/policyholder.

Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly.

Insurer(s) (sometimes also called underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.

Intermediaries help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries such as brokers.

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic mental, economic, cultural or social identify of that natural person.

Policy administration is the process of administering and managing an insurance policy following its inception.

Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy.

Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.

Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.